From 35b57c944285fe50f2e501d03c4a7792093ca191 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 06 2005 21:19:01 +0000 Subject: * Tue Sep 6 2005 Dan Walsh 1.25.9-2 - Add prereq for mount command --- diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index c22dd6b..6de48fa 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.25.7/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2005-08-25 16:18:08.000000000 -0400 -+++ policycoreutils-1.25.7/scripts/fixfiles 2005-08-26 16:05:39.000000000 -0400 ++++ policycoreutils-1.25.7/scripts/fixfiles 2005-09-01 11:48:00.000000000 -0400 @@ -61,7 +61,11 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` @@ -23,127 +23,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc fi } # ---- nsapolicycoreutils/semodule_package/Makefile 2005-07-28 09:46:02.000000000 -0400 -+++ policycoreutils-1.25.7/semodule_package/Makefile 2005-08-30 10:31:41.000000000 -0400 -@@ -3,6 +3,7 @@ - INCLUDEDIR ?= $(PREFIX)/include - BINDIR ?= $(PREFIX)/bin - LIBDIR ?= ${PREFIX}/lib -+SELINUXDIR ?= ${DESTDIR}/usr/share/semod - - CFLAGS ?= -Werror -Wall -W - override CFLAGS += -I$(INCLUDEDIR) -@@ -14,7 +15,9 @@ - - install: all - -mkdir -p $(BINDIR) -+ -mkdir -p $(SELINUXDIR) - install -m 755 semodule_package $(BINDIR) -+ install -m 640 semod.conf $(SELINUXDIR)/semod.conf - - relabel: - ---- nsapolicycoreutils/semodule_package/semod.conf 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.25.7/semodule_package/semod.conf 2005-08-30 10:24:54.000000000 -0400 -@@ -0,0 +1,96 @@ -+# Authors: Jason Tang -+# -+# Copyright (C) 2004-2005 Tresys Technology, LLC -+# -+# This library is free software; you can redistribute it and/or -+# modify it under the terms of the GNU Lesser General Public -+# License as published by the Free Software Foundation; either -+# version 2.1 of the License, or (at your option) any later version. -+# -+# This library is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# Lesser General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public -+# License along with this library; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ -+# Specify how libsemanage will interact with the module store. The three -+# options are: -+# -+# "direct" - libsemanage will write directly to the store. -+# /foo/bar - Write by way of a policy server, whose named socket -+# is at /foo/bar. The path must begin with a '/'. -+# foo.com:4242 - Establish a TCP connection to a remote policy server -+# at foo.com. If there is a colon then the remainder -+# is interpreted as a port number; otherwise default -+# to port 4242. -+module-store = direct -+ -+# When generating the final linked and expanded policy, by default -+# semodule will set the policy version to POLICYDB_VERSION_MAX, as -+# given in . Change this setting if a different -+# version is necessary. -+#policy-version = 19 -+ -+# After a policy has been created this library will attempt to load it -+# by calling the load_policy utility. If there are special -+# requirements (e.g., read booleans from a certain file) then add them -+# here. Below are the default values. Within 'args', the special -+# sequence "$@" will be replaced with the policy filename. -+#[load_policy] -+#path = /usr/sbin/load_policy -+#args = -b $@ -+#[end] -+ -+# In addition to loading a policy libsemanage will validate file contexts -+# by calling the setfiles utility. As above, "$@" will be replaced -+# with the policy filename. In addition "$<" will be replaced with -+# the file contexts filename. -+#[setfiles] -+#path = /usr/sbin/setfiles -+#args = -q -c $@ $< -+#[end] -+ -+# Each program specified within a [verify] block is run during -+# committing. There are three types of verifies allowed: module, -+# linked, and kernel. Multiple verifies may exist for a stage; place -+# each program within its own [verify] block. For each stage the -+# programs are executed in the order given below. If a program ever -+# returns a non-zero value then the entire commit is aborted. -+# -+# Module verifies are executed for each source module prior to -+# linking. After they have been linked each link verifier is run -+# against the linked base module. Finally, each kernel verifier is -+# run against the final expanded kernel policy. If these verifiers -+# all exit with a return value of 0 then that kernel policy will be -+# loaded. -+# -+# 'path' gives a path the verificaton program. 'args' is any -+# free-form string that supplies command line arguments to the -+# verifier. Within args single quotes, double quotes, and backslashes -+# are metacharacters handled similarly to bash. Within 'args', the -+# special sequence "$@" will be replaced with a filename to the entity -+# being checked: source module for module verifiers, linked module for -+# linked, kernel policy for kernel. The sequence "$<" will be -+# replaced with the previous filename, if applicable. If an older -+# version does not exist "$<" expands to an empty string. -+#[verify module] -+#path = /usr/bin/some_module_verifier -+#args = -Wall -ansi -pedantic $@ $< -+#[end] -+ -+#[verify module] -+#path = /another/module/verify/program -+#args = -With -some_more arguments -+#[end] -+ -+#[verify linked] -+#path = /usr/local/bin/some_link_verifier -+#[end] -+ -+#[verify kernel] -+#path = /usr/sbin/kernel_verifier -+#args = "some argument" "some other parameter" -k $@ -+#[end] +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-1.25.7/setfiles/setfiles.8 --- nsapolicycoreutils/setfiles/setfiles.8 2005-03-17 10:29:50.000000000 -0500 -+++ policycoreutils-1.25.7/setfiles/setfiles.8 2005-08-29 12:52:49.000000000 -0400 ++++ policycoreutils-1.25.7/setfiles/setfiles.8 2005-09-01 11:48:00.000000000 -0400 @@ -35,6 +35,9 @@ .B \-q suppress non-error output. @@ -154,8 +36,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policyc .B \-e directory directory to exclude (repeat option for more than one directory.) .TP ---- nsapolicycoreutils/setfiles/setfiles.c 2005-04-11 16:00:46.000000000 -0400 -+++ policycoreutils-1.25.7/setfiles/setfiles.c 2005-08-29 12:50:56.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-1.25.7/setfiles/setfiles.c +--- nsapolicycoreutils/setfiles/setfiles.c 2005-09-01 11:26:48.000000000 -0400 ++++ policycoreutils-1.25.7/setfiles/setfiles.c 2005-09-01 11:48:00.000000000 -0400 @@ -198,8 +198,8 @@ void usage(const char * const name) { diff --git a/policycoreutils.spec b/policycoreutils.spec index bc97797..ff9c620 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,10 +1,10 @@ %define libselinuxver 1.25.6-1 %define libsepolver 1.7.24-1 -%define libsemanagever 1.1.4-1 +%define libsemanagever 1.1.6-1 Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.25.9 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -12,8 +12,8 @@ Patch: policycoreutils-rhat.patch BuildRequires: libselinux-devel >= %{libselinuxver} pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} -Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} - +PreReq: /bin/mount +Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} libsemanage BuildRoot: %{_tmppath}/%{name}-buildroot %description @@ -32,7 +32,7 @@ for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context. - +p %prep %setup -q %patch -p1 -b .rhat @@ -84,11 +84,13 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man1/audit2allow.1.gz %{_mandir}/man1/newrole.1.gz %config %{_sysconfdir}/pam.d/newrole -%config %{_sysconfdir}/selinux/semod.conf %config %{_sysconfdir}/pam.d/run_init %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog +* Tue Sep 6 2005 Dan Walsh 1.25.9-2 +- Add prereq for mount command + * Thu Sep 1 2005 Dan Walsh 1.25.9-1 - Update to match NSA * Changed setfiles -c to translate the context to raw format