Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-10-05 17:49:16
|
Revision: 2644
http://selinux.svn.sourceforge.net/selinux/?rev=2644&view=rev
Author: ssmalley
Date: 2007-10-05 10:49:15 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.29
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-10-05 17:48:23 UTC (rev 2643)
+++ trunk/policycoreutils/ChangeLog 2007-10-05 17:49:15 UTC (rev 2644)
@@ -1,3 +1,6 @@
+2.0.29 2007-10-05
+ * Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
+
2.0.28 2007-10-05
* Update semodule man page for -D from Dan Walsh.
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-10-05 17:48:23 UTC (rev 2643)
+++ trunk/policycoreutils/VERSION 2007-10-05 17:49:15 UTC (rev 2644)
@@ -1 +1 @@
-2.0.28
+2.0.29
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:28:53
|
Revision: 2651
http://selinux.svn.sourceforge.net/selinux/?rev=2651&view=rev
Author: ssmalley
Date: 2007-10-11 13:28:52 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.30
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-10-11 20:26:57 UTC (rev 2650)
+++ trunk/policycoreutils/ChangeLog 2007-10-11 20:28:52 UTC (rev 2651)
@@ -1,3 +1,6 @@
+2.0.30 2007-10-11
+ * Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
+
2.0.29 2007-10-05
* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-10-11 20:26:57 UTC (rev 2650)
+++ trunk/policycoreutils/VERSION 2007-10-11 20:28:52 UTC (rev 2651)
@@ -1 +1 @@
-2.0.29
+2.0.30
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-15 14:53:28
|
Revision: 2656
http://selinux.svn.sourceforge.net/selinux/?rev=2656&view=rev
Author: ssmalley
Date: 2007-10-15 07:53:16 -0700 (Mon, 15 Oct 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.31
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-10-15 14:51:54 UTC (rev 2655)
+++ trunk/policycoreutils/ChangeLog 2007-10-15 14:53:16 UTC (rev 2656)
@@ -1,3 +1,6 @@
+2.0.31 2007-10-15
+ * Fix semodule option handling from Dan Walsh.
+
2.0.30 2007-10-11
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-10-15 14:51:54 UTC (rev 2655)
+++ trunk/policycoreutils/VERSION 2007-10-15 14:53:16 UTC (rev 2656)
@@ -1 +1 @@
-2.0.30
+2.0.31
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-11-29 16:15:30
|
Revision: 2692
http://selinux.svn.sourceforge.net/selinux/?rev=2692&view=rev
Author: madmethod
Date: 2007-11-29 08:15:26 -0800 (Thu, 29 Nov 2007)
Log Message:
-----------
Author: Chad Sellers
Email: cse...@tr...
Subject: Initial policy load from load_policy
Date: Tue, 13 Nov 2007 14:24:49 -0500
Updated to include error message on loading failure in enforcing mode.
The below patch adds a -i option to load_policy to perform the initial
policy load. The inital policy load is currently done in systems using
sysvinit by init itself, which then re-exec's itself. Ubuntu uses
upstart instead of sysvinit. In talks with the Ubuntu folks, they'd
prefer to load policy from initramfs before upstart starts rather than
patching upstart.
Signed-off-by: Chad Sellers <cse...@tr...>
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
trunk/policycoreutils/load_policy/load_policy.8
trunk/policycoreutils/load_policy/load_policy.c
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-11-29 15:46:57 UTC (rev 2691)
+++ trunk/policycoreutils/ChangeLog 2007-11-29 16:15:26 UTC (rev 2692)
@@ -1,3 +1,6 @@
+2.0.32 2007-10-16
+ * load_policy initial load option from Chad Sellers.
+
2.0.31 2007-10-15
* Fix semodule option handling from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-11-29 15:46:57 UTC (rev 2691)
+++ trunk/policycoreutils/VERSION 2007-11-29 16:15:26 UTC (rev 2692)
@@ -1 +1 @@
-2.0.31
+2.0.32
Modified: trunk/policycoreutils/load_policy/load_policy.8
===================================================================
--- trunk/policycoreutils/load_policy/load_policy.8 2007-11-29 15:46:57 UTC (rev 2691)
+++ trunk/policycoreutils/load_policy/load_policy.8 2007-11-29 16:15:26 UTC (rev 2692)
@@ -4,7 +4,7 @@
.SH SYNOPSIS
.B load_policy
-[-q]
+[-qi]
.br
.SH DESCRIPTION
.PP
@@ -17,7 +17,23 @@
.TP
.B \-q
suppress warning messages.
+.TP
+.B \-i
+inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
+.SH "EXIT STATUS"
+.TP
+.B 0
+Success
+.TP
+.B 1
+Invalid option
+.TP
+.B 2
+Policy load failed
+.TP
+.B 3
+Initial policy load failed and enforcing mode requested
.SH SEE ALSO
.B booleans
(8),
Modified: trunk/policycoreutils/load_policy/load_policy.c
===================================================================
--- trunk/policycoreutils/load_policy/load_policy.c 2007-11-29 15:46:57 UTC (rev 2691)
+++ trunk/policycoreutils/load_policy/load_policy.c 2007-11-29 16:15:26 UTC (rev 2692)
@@ -19,13 +19,13 @@
void usage(char *progname)
{
- fprintf(stderr, _("usage: %s [-q]\n"), progname);
+ fprintf(stderr, _("usage: %s [-qi]\n"), progname);
exit(1);
}
int main(int argc, char **argv)
{
- int ret, opt, quiet = 0, nargs;
+ int ret, opt, quiet = 0, nargs, init=0, enforce=0;
#ifdef USE_NLS
setlocale(LC_ALL, "");
@@ -33,7 +33,7 @@
textdomain(PACKAGE);
#endif
- while ((opt = getopt(argc, argv, "bq")) > 0) {
+ while ((opt = getopt(argc, argv, "bqi")) > 0) {
switch (opt) {
case 'b':
fprintf(stderr, "%s: Warning! The -b option is no longer supported, booleans are always preserved across reloads. Continuing...\n",
@@ -43,6 +43,9 @@
quiet = 1;
sepol_debug(0);
break;
+ case 'i':
+ init = 1;
+ break;
default:
usage(argv[0]);
}
@@ -61,8 +64,28 @@
"%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n",
argv[0], argv[optind++]);
}
-
- ret = selinux_mkload_policy(1);
+ if (init) {
+ if (is_selinux_enabled() == 1) {
+ /* SELinux is already enabled, we should not do an initial load again */
+ fprintf(stderr,
+ _("%s: Policy is already loaded and initial load requested\n"),
+ argv[0]);
+ exit(2);
+ }
+ ret = selinux_init_load_policy(&enforce);
+ if (ret != 0 ) {
+ if (enforce > 0) {
+ /* SELinux in enforcing mode but load_policy failed */
+ fprintf(stderr,
+ _("%s: Can't load policy and enforcing mode requested: %s\n"),
+ argv[0], strerror(errno));
+ exit(3);
+ }
+ }
+ }
+ else {
+ ret = selinux_mkload_policy(1);
+ }
if (ret < 0) {
fprintf(stderr, _("%s: Can't load policy: %s\n"),
argv[0], strerror(errno));
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-12-07 20:00:31
|
Revision: 2701
http://selinux.svn.sourceforge.net/selinux/?rev=2701&view=rev
Author: ssmalley
Date: 2007-12-07 12:00:29 -0800 (Fri, 07 Dec 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.33
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-12-07 19:59:00 UTC (rev 2700)
+++ trunk/policycoreutils/ChangeLog 2007-12-07 20:00:29 UTC (rev 2701)
@@ -1,3 +1,8 @@
+2.0.33 2007-12-07
+ * Drop verbose output on fixfiles -C from Dan Walsh.
+ * Fix argument handling in fixfiles from Dan Walsh.
+ * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
+
2.0.32 2007-10-16
* load_policy initial load option from Chad Sellers.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-12-07 19:59:00 UTC (rev 2700)
+++ trunk/policycoreutils/VERSION 2007-12-07 20:00:29 UTC (rev 2701)
@@ -1 +1 @@
-2.0.32
+2.0.33
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-12-14 15:38:08
|
Revision: 2708
http://selinux.svn.sourceforge.net/selinux/?rev=2708&view=rev
Author: madmethod
Date: 2007-12-14 07:38:00 -0800 (Fri, 14 Dec 2007)
Log Message:
-----------
update version to 2.0.34
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-12-14 15:36:55 UTC (rev 2707)
+++ trunk/policycoreutils/ChangeLog 2007-12-14 15:38:00 UTC (rev 2708)
@@ -1,3 +1,7 @@
+2.0.34 2007-12-14
+ * Update Makefile to not build restorecond if
+ /usr/include/sys/inotify.h is not present
+
2.0.33 2007-12-07
* Drop verbose output on fixfiles -C from Dan Walsh.
* Fix argument handling in fixfiles from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-12-14 15:36:55 UTC (rev 2707)
+++ trunk/policycoreutils/VERSION 2007-12-14 15:38:00 UTC (rev 2708)
@@ -1 +1 @@
-2.0.33
+2.0.34
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-12-21 16:51:55
|
Revision: 2710
http://selinux.svn.sourceforge.net/selinux/?rev=2710&view=rev
Author: ssmalley
Date: 2007-12-21 08:51:07 -0800 (Fri, 21 Dec 2007)
Log Message:
-----------
updated policycoreutils to version 2.0.35
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-12-21 16:47:34 UTC (rev 2709)
+++ trunk/policycoreutils/ChangeLog 2007-12-21 16:51:07 UTC (rev 2710)
@@ -1,3 +1,6 @@
+2.0.35 2007-12-21
+ * Merged support for non-interactive newrole command invocation from Tim Reed.
+
2.0.34 2007-12-14
* Update Makefile to not build restorecond if
/usr/include/sys/inotify.h is not present
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-12-21 16:47:34 UTC (rev 2709)
+++ trunk/policycoreutils/VERSION 2007-12-21 16:51:07 UTC (rev 2710)
@@ -1 +1 @@
-2.0.34
+2.0.35
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-08 16:16:42
|
Revision: 2724
http://selinux.svn.sourceforge.net/selinux/?rev=2724&view=rev
Author: millertc
Date: 2008-01-08 08:16:39 -0800 (Tue, 08 Jan 2008)
Log Message:
-----------
Subject: quiet policycoreutils warnings
Avoid using "log" as a variable name, it conflicts with the gcc
log() builtin.
Fix gcc uninitialized variable warning false positives.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/policycoreutils/audit2why/audit2why.c
trunk/policycoreutils/semodule/semodule.c
trunk/policycoreutils/semodule_deps/semodule_deps.c
trunk/policycoreutils/setfiles/setfiles.c
Modified: trunk/policycoreutils/audit2why/audit2why.c
===================================================================
--- trunk/policycoreutils/audit2why/audit2why.c 2008-01-08 16:15:19 UTC (rev 2723)
+++ trunk/policycoreutils/audit2why/audit2why.c 2008-01-08 16:16:39 UTC (rev 2724)
@@ -28,7 +28,7 @@
char *buffer = NULL, *bufcopy = NULL;
unsigned int lineno = 0;
size_t len = 0, bufcopy_len = 0;
- FILE *fp;
+ FILE *fp = NULL;
int opt, rc, set_path = 0;
char *p, *scon, *tcon, *tclassstr, *permstr;
sepol_security_id_t ssid, tsid;
Modified: trunk/policycoreutils/semodule/semodule.c
===================================================================
--- trunk/policycoreutils/semodule/semodule.c 2008-01-08 16:15:19 UTC (rev 2723)
+++ trunk/policycoreutils/semodule/semodule.c 2008-01-08 16:16:39 UTC (rev 2724)
@@ -339,8 +339,8 @@
for (i = 0; i < num_commands; i++) {
enum client_modes mode = commands[i].mode;
char *mode_arg = commands[i].arg;
- char *data;
- size_t data_len;
+ char *data = NULL;
+ size_t data_len = 0;
if (mode == INSTALL_M || mode == UPGRADE_M || mode == BASE_M) {
if ((data_len = map_file(mode_arg, &data)) == 0) {
fprintf(stderr,
Modified: trunk/policycoreutils/semodule_deps/semodule_deps.c
===================================================================
--- trunk/policycoreutils/semodule_deps/semodule_deps.c 2008-01-08 16:15:19 UTC (rev 2723)
+++ trunk/policycoreutils/semodule_deps/semodule_deps.c 2008-01-08 16:16:39 UTC (rev 2724)
@@ -139,7 +139,7 @@
* of the policy.
* - levels / cats: can't be required or used in modules.
*/
-static int generate_requires(policydb_t * p, hashtab_t * r)
+static hashtab_t generate_requires(policydb_t * p)
{
avrule_block_t *block;
avrule_decl_t *decl;
@@ -154,7 +154,7 @@
mods = hashtab_create(reqsymhash, reqsymcmp, 64);
if (mods == NULL)
- return -1;
+ return NULL;
for (block = p->global; block != NULL; block = block->next) {
if (block->flags & AVRULE_OPTIONAL)
@@ -196,14 +196,14 @@
reqsymcmp,
64);
if (reqs == NULL) {
- return -1;
+ return NULL;
}
ret =
hashtab_insert(mods,
mod_name,
reqs);
if (ret != SEPOL_OK)
- return ret;
+ return NULL;
}
ret =
hashtab_insert(reqs, req_name,
@@ -211,16 +211,14 @@
if (!
(ret == SEPOL_EEXIST
|| ret == SEPOL_OK))
- return -1;
+ return NULL;
}
}
}
}
- *r = mods;
-
- return 0;
+ return mods;
}
static void free_requires(hashtab_t req)
@@ -323,6 +321,7 @@
int verbose = 0, exclude_base = 1, command = SHOW_DEPS;
char *basename;
sepol_module_package_t *base, **mods;
+ policydb_t *p;
hashtab_t req;
while ((ch = getopt(argc, argv, "vgb")) != EOF) {
@@ -383,10 +382,14 @@
exit(1);
}
- if (generate_requires
- ((policydb_t *) sepol_module_package_get_policy(base), &req) < 0)
+ p = (policydb_t *) sepol_module_package_get_policy(base);
+ if (p == NULL)
exit(1);
+ req = generate_requires(p);
+ if (req == NULL)
+ exit(1);
+
if (command == SHOW_DEPS)
output_requirements(req, exclude_base, stdout);
else
Modified: trunk/policycoreutils/setfiles/setfiles.c
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.c 2008-01-08 16:15:19 UTC (rev 2723)
+++ trunk/policycoreutils/setfiles/setfiles.c 2008-01-08 16:16:39 UTC (rev 2724)
@@ -53,7 +53,7 @@
static int quiet = 0;
static int ignore_enoent;
static int verbose = 0;
-static int log = 0;
+static int logging = 0;
static int warn_no_match = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
@@ -519,7 +519,7 @@
}
}
- if (log && !user_only_changed) {
+ if (logging && !user_only_changed) {
if (context)
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
my_file, context, newcon);
@@ -858,7 +858,7 @@
ignore_enoent = 1;
break;
case 'l':
- log = 1;
+ logging = 1;
break;
case 'F':
force = 1;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:19:51
|
Revision: 2736
http://selinux.svn.sourceforge.net/selinux/?rev=2736&view=rev
Author: ssmalley
Date: 2008-01-23 06:19:47 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Fixes for policycoreutils scripts
Date: Fri, 11 Jan 2008 16:20:14 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Remove python hack to handle lanquage translations on errors. Python
works properly now.
Fix fixfiles to handle multiple inputs on the command line correctly
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeH3Y0ACgkQrlYvE4MpobO5HwCg6xLhCuOPYY0NBIVa8XCa/rYN
+t8An3eqHjDNSsGhN9hAEoULsyiWkAqo
=Oasn
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/scripts/chcat
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/semanage/semanage
Modified: trunk/policycoreutils/scripts/chcat
===================================================================
--- trunk/policycoreutils/scripts/chcat 2008-01-23 14:18:22 UTC (rev 2735)
+++ trunk/policycoreutils/scripts/chcat 2008-01-23 14:19:47 UTC (rev 2736)
@@ -25,10 +25,6 @@
import commands, sys, os, pwd, string, getopt, selinux
import seobject
import gettext
-import codecs
-import locale
-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
gettext.install('policycoreutils')
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-01-23 14:18:22 UTC (rev 2735)
+++ trunk/policycoreutils/scripts/fixfiles 2008-01-23 14:19:47 UTC (rev 2736)
@@ -126,17 +126,15 @@
done
exit $?
fi
-if [ ! -z "$DIRS" ]; then
+if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
- for d in ${DIRS} ; do find $d \
+ /usr/bin/find "$FILEPATH" \
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
- done
else
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
fi
-
- exit $?
+ return
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
@@ -173,6 +171,20 @@
fi
}
+process() {
+#
+# Make sure they specified one of the three valid commands
+#
+case "$1" in
+ restore) restore -p ;;
+ check) restore -n -v;;
+ verify) restore -n -o -;;
+ relabel) relabel;;
+ *)
+ usage
+ exit 1
+esac
+}
usage() {
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
@@ -229,22 +241,19 @@
shift 1
if [ ! -z "$RPMFILES" ]; then
+ process $command
if [ $# -gt 0 ]; then
usage
fi
else
- DIRS=$*
+ if [ -z "$1" ]; then
+ process $command
+ else
+ while [ -n "$1" ]; do
+ FILEPATH=$1
+ process $command
+ shift
+ done
+ fi
fi
-
-#
-# Make sure they specified one of the three valid commands
-#
-case "$command" in
- restore) restore -p ;;
- check) restore -n -v ;;
- verify) restore -n -o -;;
- relabel) relabel;;
- *)
- usage
- exit 1
-esac
+exit $?
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2008-01-23 14:18:22 UTC (rev 2735)
+++ trunk/policycoreutils/semanage/semanage 2008-01-23 14:19:47 UTC (rev 2736)
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005 Red Hat
+# Copyright (C) 2005, 2006, 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
@@ -28,10 +28,6 @@
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
-import codecs
-import locale
-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
try:
gettext.install(PROGNAME,
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 14:26:15
|
Revision: 2739
http://selinux.svn.sourceforge.net/selinux/?rev=2739&view=rev
Author: ssmalley
Date: 2008-01-23 06:26:14 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.36
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-23 14:25:22 UTC (rev 2738)
+++ trunk/policycoreutils/ChangeLog 2008-01-23 14:26:14 UTC (rev 2739)
@@ -1,3 +1,6 @@
+2.0.36 2008-01-23
+ * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
+
2.0.35 2007-12-21
* Merged support for non-interactive newrole command invocation from Tim Reed.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-23 14:25:22 UTC (rev 2738)
+++ trunk/policycoreutils/VERSION 2008-01-23 14:26:14 UTC (rev 2739)
@@ -1 +1 @@
-2.0.35
+2.0.36
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:24:18
|
Revision: 2741
http://selinux.svn.sourceforge.net/selinux/?rev=2741&view=rev
Author: ssmalley
Date: 2008-01-23 12:24:15 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Patch to use new audit2why interface in via audit2allow
Date: Fri, 11 Jan 2008 16:11:30 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Added a --why qualifier to audit2allow, which gives the same output as
audit2why.
Removed audit2why.c and replaced it with a script
#!/bin/sh
/usr/bin/audit2allow -w $*
This way audit2why can take advantage of the parsing available in
audit2allow.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeH24EACgkQrlYvE4MpobMSagCgmK5S8TGx8485X1769oqrzLF6
iuwAoKUWB6tGrrTHFkDJqz41xTSv1Tvy
=M+CO
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/audit2allow/audit2allow.1
trunk/policycoreutils/audit2why/Makefile
Added Paths:
-----------
trunk/policycoreutils/audit2why/audit2why
trunk/policycoreutils/audit2why/audit2why.1
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 20:22:37 UTC (rev 2740)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 20:24:15 UTC (rev 2741)
@@ -60,7 +60,10 @@
parser.add_option("-o", "--output", dest="output",
help="append output to <filename>, conflicts with -M")
parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
- default=False, help="generate refpolicy style output")
+ default=True, help="generate refpolicy style output")
+
+ parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
+ default=False, help="do not generate refpolicy style output")
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
default=False, help="explain generated output")
parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
@@ -72,6 +75,9 @@
parser.add_option("--debug", dest="debug", action="store_true", default=False,
help="leave generated modules for -M")
+ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
+ help="Translates SELinux audit messages into a description of why the access was denied")
+
options, args = parser.parse_args()
# Make -d, -a, and -i conflict
@@ -149,8 +155,10 @@
if self.__options.type:
filter = audit.TypeFilter(self.__options.type)
self.__avs = self.__parser.to_access(filter)
+ self.__selinux_errs = self.__parser.to_role(filter)
else:
self.__avs = self.__parser.to_access()
+ self.__selinux_errs = self.__parser.to_role()
def __load_interface_info(self):
# Load interface info file
@@ -210,7 +218,71 @@
sys.stdout.write((_("To make this policy package active, execute:" +\
"\n\nsemodule -i %s\n\n") % packagename))
+ def __output_audit2why(self):
+ import selinux
+ import selinux.audit2why as audit2why
+ audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
+ for i in self.__parser.avc_msgs:
+ rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
+ if rc >= 0:
+ print "%s\n\tWas caused by:" % i.message
+ if rc == audit2why.NOPOLICY:
+ raise "Must call policy_init first"
+ if rc == audit2why.BADTCON:
+ print "Invalid Target Context %s\n" % i.tcontext
+ continue
+ if rc == audit2why.BADSCON:
+ print "Invalid Source Context %s\n" % i.scontext
+ continue
+ if rc == audit2why.BADSCON:
+ print "Invalid Type Class %s\n" % i.tclass
+ continue
+ if rc == audit2why.BADPERM:
+ print "Invalid permission %s\n" % i.accesses
+ continue
+ if rc == audit2why. BADCOMPUTE:
+ raise "Error during access vector computation"
+ if rc == audit2why.ALLOW:
+ print "\t\tUnknown - would be allowed by active policy\n",
+ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+ continue
+ if rc == audit2why.BOOLEAN:
+ if len(bools) > 1:
+ print "\tOne of the following booleans being set incorrectly."
+ for b in bools:
+ print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
+ print "\t# setsebool -P %s %d" % (b[0], b[1])
+ else:
+ print "\tThe boolean %s set incorrectly. Allow access by executing:" % bools[0][0]
+ print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
+
+ continue
+
+ if rc == audit2why.TERULE:
+ print "\t\tMissing or disabled type enforcingment (TE) allow rule.\n"
+ print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
+ continue
+
+ if rc == audit2why.CONSTRAINT:
+ print "\t\tConstraint violation.\n"
+ print "\t\tCheck policy/constraints.\n"
+ print "\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n"
+ continue
+
+ if rc == audit2why.RBAC:
+ print "\t\tMissing role allow rule.\n"
+ print "\t\tAdd allow rule for the role pair.\n"
+ continue
+
+ audit2why.finish()
+ return
+
def __output(self):
+
+ if self.__options.audit2why:
+ return self.__output_audit2why()
+
g = policygen.PolicyGenerator()
if self.__options.module:
@@ -251,6 +323,12 @@
fd = sys.stdout
writer.write(g.get_module(), fd)
+ if len(self.__selinux_errs) > 0:
+ fd.write("\n=========== ROLES ===============\n")
+
+ for role in self.__selinux_errs:
+ fd.write(role.output())
+
def main(self):
try:
self.__parse_options()
Modified: trunk/policycoreutils/audit2allow/audit2allow.1
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow.1 2008-01-23 20:22:37 UTC (rev 2740)
+++ trunk/policycoreutils/audit2allow/audit2allow.1 2008-01-23 20:24:15 UTC (rev 2741)
@@ -24,7 +24,12 @@
.\"
.TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
.SH NAME
-audit2allow \- generate SELinux policy allow rules from logs of denied operations
+.BR audit2allow
+ \- generate SELinux policy allow rules from logs of denied operations
+
+.BR audit2why
+ \- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
+
.SH SYNOPSIS
.B audit2allow
.RI [ options "] "
@@ -65,12 +70,19 @@
.B "\-r" | "\-\-requires"
Generate require output syntax for loadable modules.
.TP
+.B "\-N" | "\-\-noreference"
+Do not generate reference policy, traditional style allow rules.
+.TP
.B "\-R" | "\-\-reference"
-Generate reference policy using installed macros. Requires the selinux-policy-devel package.
+Generate reference policy using installed macros.Default
.TP
.B "\-t " | "\-\-tefile"
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
.TP
+.B "\-w" | "\-\-why"
+Translates SELinux audit messages into a description of why the access wasn denied
+
+.TP
.B "\-v" | "\-\-verbose"
Turn on verbose output
Modified: trunk/policycoreutils/audit2why/Makefile
===================================================================
--- trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:22:37 UTC (rev 2740)
+++ trunk/policycoreutils/audit2why/Makefile 2008-01-23 20:24:15 UTC (rev 2741)
@@ -1,16 +1,8 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= ${PREFIX}/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
-INCLUDEDIR ?= ${PREFIX}/include
-
-CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -I$(INCLUDEDIR)
-LDLIBS = ${LIBDIR}/libsepol.a -lselinux -L$(LIBDIR)
-
TARGETS=audit2why
all: $(TARGETS)
@@ -18,13 +10,5 @@
install: all
-mkdir -p $(BINDIR)
install -m 755 $(TARGETS) $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 audit2why.8 $(MANDIR)/man8/
-
-clean:
- -rm -f $(TARGETS) *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
-relabel:
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2why.1 $(MANDIR)/man1/
Added: trunk/policycoreutils/audit2why/audit2why
===================================================================
--- trunk/policycoreutils/audit2why/audit2why (rev 0)
+++ trunk/policycoreutils/audit2why/audit2why 2008-01-23 20:24:15 UTC (rev 2741)
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/audit2allow -w $*
Added: trunk/policycoreutils/audit2why/audit2why.1
===================================================================
--- trunk/policycoreutils/audit2why/audit2why.1 (rev 0)
+++ trunk/policycoreutils/audit2why/audit2why.1 2008-01-23 20:24:15 UTC (rev 2741)
@@ -0,0 +1 @@
+.so man1/audit2allow.1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-23 20:58:19
|
Revision: 2747
http://selinux.svn.sourceforge.net/selinux/?rev=2747&view=rev
Author: ssmalley
Date: 2008-01-23 12:58:18 -0800 (Wed, 23 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.37
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-23 20:57:24 UTC (rev 2746)
+++ trunk/policycoreutils/ChangeLog 2008-01-23 20:58:18 UTC (rev 2747)
@@ -1,3 +1,6 @@
+2.0.37 2008-01-23
+ * Merged replacement for audit2why from Dan Walsh.
+
2.0.36 2008-01-23
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-23 20:57:24 UTC (rev 2746)
+++ trunk/policycoreutils/VERSION 2008-01-23 20:58:18 UTC (rev 2747)
@@ -1 +1 @@
-2.0.36
+2.0.37
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 19:24:37
|
Revision: 2750
http://selinux.svn.sourceforge.net/selinux/?rev=2750&view=rev
Author: ssmalley
Date: 2008-01-24 11:24:32 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: patch to setfiles/fixfiles to handle file names with special characters in them.
Date: Wed, 23 Jan 2008 17:40:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Benny Amorsen Provided the patch added -0 option.
Also added support to fixfiles for ext4 ext4dev and gfs2
Fixes quoting in fixfiles also.
Cleaned up description in man page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeXwm8ACgkQrlYvE4MpobPTHgCfXoMY6qmBuOSBPXcCszFpkRfA
WuoAn1Dw9NWg1gUJmZbyPF1IoXdyuL7D
=pglo
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/fixfiles.8
trunk/policycoreutils/setfiles/setfiles.8
trunk/policycoreutils/setfiles/setfiles.c
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/scripts/fixfiles 2008-01-24 19:24:32 UTC (rev 2750)
@@ -36,8 +36,8 @@
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
@@ -88,11 +88,11 @@
esac; \
fi; \
done | \
- while read pattern ; do sh -c "find $pattern" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
+ while read pattern ; do sh -c "find $pattern \
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
+ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
done 2> /dev/null | \
- ${RESTORECON} $2 -f -
+ ${RESTORECON} $2 -0 -f -
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
@@ -129,8 +129,8 @@
if [ ! -z "$FILEPATH" ]; then
if [ -x /usr/bin/find ]; then
/usr/bin/find "$FILEPATH" \
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
else
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
fi
Modified: trunk/policycoreutils/scripts/fixfiles.8
===================================================================
--- trunk/policycoreutils/scripts/fixfiles.8 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/scripts/fixfiles.8 2008-01-24 19:24:32 UTC (rev 2750)
@@ -35,7 +35,7 @@
.TP
.B -f
-Don't prompt for removal of /tmp directory.
+Clear /tmp directory with out prompt for removal.
.TP
.B -R rpmpackagename[,rpmpackagename...]
Modified: trunk/policycoreutils/setfiles/setfiles.8
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.8 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/setfiles/setfiles.8 2008-01-24 19:24:32 UTC (rev 2750)
@@ -59,6 +59,9 @@
.TP
.B \-W
display warnings about entries that had no matching files.
+.TP
+.B \-0
+Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
.SH "ARGUMENTS"
.B spec_file
Modified: trunk/policycoreutils/setfiles/setfiles.c
===================================================================
--- trunk/policycoreutils/setfiles/setfiles.c 2008-01-24 19:20:15 UTC (rev 2749)
+++ trunk/policycoreutils/setfiles/setfiles.c 2008-01-24 19:24:32 UTC (rev 2750)
@@ -55,6 +55,7 @@
static int verbose = 0;
static int logging = 0;
static int warn_no_match = 0;
+static int null_terminated = 0;
static char *rootpath = NULL;
static int rootpathlen = 0;
static int recurse; /* Recursive descent. */
@@ -384,7 +385,7 @@
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
name);
} else {
fprintf(stderr,
@@ -805,7 +806,7 @@
}
/* Process any options. */
- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW")) > 0) {
+ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
switch (opt) {
case 'c':
{
@@ -927,6 +928,9 @@
case 'W':
warn_no_match = 1;
break;
+ case '0':
+ null_terminated = 1;
+ break;
case '?':
usage(argv[0]);
}
@@ -983,6 +987,7 @@
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
+ int delim;
if (strcmp(input_filename, "-") != 0)
f = fopen(input_filename, "r");
if (f == NULL) {
@@ -991,7 +996,9 @@
usage(argv[0]);
}
__fsetlocking(f, FSETLOCKING_BYCALLER);
- while ((len = getline(&buf, &buf_len, f)) > 0) {
+
+ delim = (null_terminated != 0) ? '\0' : '\n';
+ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
errors |= process_one(buf);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 19:27:51
|
Revision: 2751
http://selinux.svn.sourceforge.net/selinux/?rev=2751&view=rev
Author: ssmalley
Date: 2008-01-24 11:27:50 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.38
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-24 19:24:32 UTC (rev 2750)
+++ trunk/policycoreutils/ChangeLog 2008-01-24 19:27:50 UTC (rev 2751)
@@ -1,3 +1,8 @@
+2.0.38 2008-01-24
+ * Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
+ * Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
+ * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
+
2.0.37 2008-01-23
* Merged replacement for audit2why from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-24 19:24:32 UTC (rev 2750)
+++ trunk/policycoreutils/VERSION 2008-01-24 19:27:50 UTC (rev 2751)
@@ -1 +1 @@
-2.0.37
+2.0.38
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:20:14
|
Revision: 2749
http://selinux.svn.sourceforge.net/selinux/?rev=2749&view=rev
Author: ssmalley
Date: 2008-01-24 11:20:15 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: audit2allow patch
Date: Wed, 23 Jan 2008 17:22:43 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ran through pychecker and cleaned up some bugs.
Also added booleans description from policy.xml file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
=mNcO
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 21:15:12 UTC (rev 2748)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-24 19:20:15 UTC (rev 2749)
@@ -19,7 +19,6 @@
#
import sys
-import tempfile
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -153,9 +152,9 @@
def __process_input(self):
if self.__options.type:
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
- self.__selinux_errs = self.__parser.to_role(filter)
+ avcfilter = audit.TypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ self.__selinux_errs = self.__parser.to_role(avcfilter)
else:
self.__avs = self.__parser.to_access()
self.__selinux_errs = self.__parser.to_role()
@@ -221,13 +220,14 @@
def __output_audit2why(self):
import selinux
import selinux.audit2why as audit2why
+ import seobject
audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
if rc == audit2why.NOPOLICY:
- raise "Must call policy_init first"
+ raise RuntimeError("Must call policy_init first")
if rc == audit2why.BADTCON:
print "Invalid Target Context %s\n" % i.tcontext
continue
@@ -241,7 +241,7 @@
print "Invalid permission %s\n" % i.accesses
continue
if rc == audit2why. BADCOMPUTE:
- raise "Error during access vector computation"
+ raise RuntimeError("Error during access vector computation")
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -251,28 +251,28 @@
if len(bools) > 1:
print "\tOne of the following booleans was set incorrectly."
for b in bools:
- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
- print "\t# setsebool -P %s %d" % (b[0], b[1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-
+ print "\tThe boolean %s was set incorrectly. " % (bools[0][0])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
continue
if rc == audit2why.TERULE:
- print "\t\tMissing or disabled type enforcing (TE) allow rule.\n"
- print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
+ print "\t\tMissing type enforcement (TE) allow rule.\n"
+ print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n"
continue
if rc == audit2why.CONSTRAINT:
- print "\t\tConstraint violation.\n"
- print "\t\tCheck policy/constraints.\n"
- print "\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n"
+ print "\t\tPolicy constraint violation.\n"
+ print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
+ print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
continue
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
- print "\t\tAdd allow rule for the role pair.\n"
+ print "\t\tAdd an allow rule for the role pair.\n"
continue
audit2why.finish()
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-01-23 21:15:12 UTC (rev 2748)
+++ trunk/policycoreutils/semanage/seobject.py 2008-01-24 19:20:15 UTC (rev 2749)
@@ -117,6 +117,12 @@
#print _("Failed to translate booleans.\n%s") % e
pass
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1456,10 +1462,7 @@
return ddict
def get_desc(self, boolean):
- if boolean in booleans_dict:
- return _(booleans_dict[boolean][2])
- else:
- return boolean
+ return boolean_desc(boolean)
def get_category(self, boolean):
if boolean in booleans_dict:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:39:22
|
Revision: 2755
http://selinux.svn.sourceforge.net/selinux/?rev=2755&view=rev
Author: ssmalley
Date: 2008-01-24 12:38:56 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.39
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-24 20:37:02 UTC (rev 2754)
+++ trunk/policycoreutils/ChangeLog 2008-01-24 20:38:56 UTC (rev 2755)
@@ -1,3 +1,6 @@
+2.0.39 2008-01-24
+ * Merged fixfiles -C fix from Marshall Miller.
+
2.0.38 2008-01-24
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-24 20:37:02 UTC (rev 2754)
+++ trunk/policycoreutils/VERSION 2008-01-24 20:38:56 UTC (rev 2755)
@@ -1 +1 @@
-2.0.38
+2.0.39
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-25 19:06:57
|
Revision: 2761
http://selinux.svn.sourceforge.net/selinux/?rev=2761&view=rev
Author: ssmalley
Date: 2008-01-25 11:06:56 -0800 (Fri, 25 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.40
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-25 19:00:51 UTC (rev 2760)
+++ trunk/policycoreutils/ChangeLog 2008-01-25 19:06:56 UTC (rev 2761)
@@ -1,3 +1,6 @@
+2.0.40 2008-01-25
+ * Merged a second fixfiles -C fix from Marshall Miller.
+
2.0.39 2008-01-24
* Merged fixfiles -C fix from Marshall Miller.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-25 19:00:51 UTC (rev 2760)
+++ trunk/policycoreutils/VERSION 2008-01-25 19:06:56 UTC (rev 2761)
@@ -1 +1 @@
-2.0.39
+2.0.40
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:12:10
|
Revision: 2764
http://selinux.svn.sourceforge.net/selinux/?rev=2764&view=rev
Author: ssmalley
Date: 2008-01-28 05:12:08 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
Author: Dan Walsh
Email: dw...@re...
Subject: Fix audit2why and semanage boolean
Date: Fri, 25 Jan 11:12:17 -0500
Remove path argument from audit2why.init call.
Add support for --on, --off, -1, and -0 to semanage boolean.
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/semanage/semanage
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-28 13:06:00 UTC (rev 2763)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-28 13:12:08 UTC (rev 2764)
@@ -221,7 +221,7 @@
import selinux
import selinux.audit2why as audit2why
import seobject
- audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
+ audit2why.init()
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2008-01-28 13:06:00 UTC (rev 2763)
+++ trunk/policycoreutils/semanage/semanage 2008-01-28 13:12:08 UTC (rev 2764)
@@ -111,7 +111,7 @@
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
return valid_option
#
@@ -131,7 +131,7 @@
seuser = ""
prefix = ""
heading=1
-
+ value=0
add = 0
modify = 0
delete = 0
@@ -150,7 +150,7 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
['add',
'delete',
'deleteall',
@@ -160,6 +160,8 @@
'modify',
'noheading',
'localist',
+ 'off',
+ 'on',
'proto=',
'seuser=',
'store=',
@@ -238,6 +240,11 @@
if o == "-T" or o == "--trans":
setrans = a
+ if o == "--on" or o == "-1":
+ value = 1
+ if o == "-off" or o == "-0":
+ value = 0
+
if object == "login":
OBJECT = seobject.loginRecords(store)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-28 13:13:38
|
Revision: 2765
http://selinux.svn.sourceforge.net/selinux/?rev=2765&view=rev
Author: ssmalley
Date: 2008-01-28 05:13:32 -0800 (Mon, 28 Jan 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.41
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-01-28 13:12:08 UTC (rev 2764)
+++ trunk/policycoreutils/ChangeLog 2008-01-28 13:13:32 UTC (rev 2765)
@@ -1,3 +1,6 @@
+2.0.41 2008-01-28
+ * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
+
2.0.40 2008-01-25
* Merged a second fixfiles -C fix from Marshall Miller.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-01-28 13:12:08 UTC (rev 2764)
+++ trunk/policycoreutils/VERSION 2008-01-28 13:13:32 UTC (rev 2765)
@@ -1 +1 @@
-2.0.40
+2.0.41
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-02-08 16:18:56
|
Revision: 2799
http://selinux.svn.sourceforge.net/selinux/?rev=2799&view=rev
Author: ssmalley
Date: 2008-02-08 08:18:54 -0800 (Fri, 08 Feb 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.43
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-02-08 16:14:55 UTC (rev 2798)
+++ trunk/policycoreutils/ChangeLog 2008-02-08 16:18:54 UTC (rev 2799)
@@ -1,3 +1,6 @@
+2.0.43 2008-02-08
+ * Merged fix fixfiles option processing from Vaclav Ovsik.
+
2.0.42 2008-02-02
* Make semodule_expand use sepol_set_expand_consume_base to reduce
peak memory usage.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-02-08 16:14:55 UTC (rev 2798)
+++ trunk/policycoreutils/VERSION 2008-02-08 16:18:54 UTC (rev 2799)
@@ -1 +1 @@
-2.0.42
+2.0.43
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-02-22 19:07:18
|
Revision: 2810
http://selinux.svn.sourceforge.net/selinux/?rev=2810&view=rev
Author: madmethod
Date: 2008-02-22 11:07:13 -0800 (Fri, 22 Feb 2008)
Log Message:
-----------
bump policycoreutils to 2.0.44
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-02-22 19:06:24 UTC (rev 2809)
+++ trunk/policycoreutils/ChangeLog 2008-02-22 19:07:13 UTC (rev 2810)
@@ -1,3 +1,6 @@
+2.0.44 2008-02-22
+ * Fix for segfault when conf file parse error occurs.
+
2.0.43 2008-02-08
* Merged fix fixfiles option processing from Vaclav Ovsik.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-02-22 19:06:24 UTC (rev 2809)
+++ trunk/policycoreutils/VERSION 2008-02-22 19:07:13 UTC (rev 2810)
@@ -1 +1 @@
-2.0.43
+2.0.44
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-18 20:28:52
|
Revision: 2850
http://selinux.svn.sourceforge.net/selinux/?rev=2850&view=rev
Author: ssmalley
Date: 2008-03-18 13:28:49 -0700 (Tue, 18 Mar 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.45
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-03-18 20:25:27 UTC (rev 2849)
+++ trunk/policycoreutils/ChangeLog 2008-03-18 20:28:49 UTC (rev 2850)
@@ -1,3 +1,6 @@
+2.0.45 2008-03-18
+ * Fix semanage port to use --proto from Caleb Case.
+
2.0.44 2008-02-22
* Fixed semodule to correctly handle error when unable to create a handle.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-03-18 20:25:27 UTC (rev 2849)
+++ trunk/policycoreutils/VERSION 2008-03-18 20:28:49 UTC (rev 2850)
@@ -1 +1 @@
-2.0.44
+2.0.45
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-18 20:36:22
|
Revision: 2852
http://selinux.svn.sourceforge.net/selinux/?rev=2852&view=rev
Author: ssmalley
Date: 2008-03-18 13:36:20 -0700 (Tue, 18 Mar 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.46
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-03-18 20:35:33 UTC (rev 2851)
+++ trunk/policycoreutils/ChangeLog 2008-03-18 20:36:20 UTC (rev 2852)
@@ -1,3 +1,6 @@
+2.0.46 2008-03-18
+ * Update audit2allow to report dontaudit cases from Dan Walsh.
+
2.0.45 2008-03-18
* Fix semanage port to use --proto from Caleb Case.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-03-18 20:35:33 UTC (rev 2851)
+++ trunk/policycoreutils/VERSION 2008-03-18 20:36:20 UTC (rev 2852)
@@ -1 +1 @@
-2.0.45
+2.0.46
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 14:13:56
|
Revision: 2869
http://selinux.svn.sourceforge.net/selinux/?rev=2869&view=rev
Author: ssmalley
Date: 2008-04-18 07:13:44 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
updated policycoreutils/ to version 2.0.47
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-04-18 14:12:40 UTC (rev 2868)
+++ trunk/policycoreutils/ChangeLog 2008-04-18 14:13:44 UTC (rev 2869)
@@ -1,3 +1,7 @@
+2.0.47 2008-04-18
+ * Update semanage man page for booleans from Dan Walsh.
+ * Add further error checking to seobject.py for setting booleans.
+
2.0.46 2008-03-18
* Update audit2allow to report dontaudit cases from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-04-18 14:12:40 UTC (rev 2868)
+++ trunk/policycoreutils/VERSION 2008-04-18 14:13:44 UTC (rev 2869)
@@ -1 +1 @@
-2.0.46
+2.0.47
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-05-16 13:08:08
|
Revision: 2881
http://selinux.svn.sourceforge.net/selinux/?rev=2881&view=rev
Author: ssmalley
Date: 2008-05-16 06:07:58 -0700 (Fri, 16 May 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.48
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-05-16 13:06:26 UTC (rev 2880)
+++ trunk/policycoreutils/ChangeLog 2008-05-16 13:07:58 UTC (rev 2881)
@@ -1,3 +1,6 @@
+2.0.48 2008-05-16
+ * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
+
2.0.47 2008-04-18
* Update semanage man page for booleans from Dan Walsh.
* Add further error checking to seobject.py for setting booleans.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-05-16 13:06:26 UTC (rev 2880)
+++ trunk/policycoreutils/VERSION 2008-05-16 13:07:58 UTC (rev 2881)
@@ -1 +1 @@
-2.0.47
+2.0.48
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X