diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 4c868d6..4fe274f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.83/audit2allow/audit2allow +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.84/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/audit2allow/audit2allow 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/audit2allow/audit2allow 2010-11-29 10:07:47.000000000 -0500 @@ -1,4 +1,4 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -119,9 +119,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if __name__ == "__main__": app = AuditToPolicy() -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.83/audit2allow/audit2allow.1 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.84/audit2allow/audit2allow.1 --- nsapolicycoreutils/audit2allow/audit2allow.1 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/audit2allow/audit2allow.1 2010-11-29 10:07:47.000000000 -0500 @@ -1,5 +1,6 @@ .\" Hey, Emacs! This is an -*- nroff -*- source file. .\" Copyright (c) 2005 Manoj Srivastava @@ -223,9 +223,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po .fi .PP .SH AUTHOR -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.83/audit2allow/sepolgen-ifgen +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.84/audit2allow/sepolgen-ifgen --- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/audit2allow/sepolgen-ifgen 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/audit2allow/sepolgen-ifgen 2010-11-29 10:07:47.000000000 -0500 @@ -1,4 +1,4 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -319,22 +319,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if_set.to_file(f) f.close() -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-2.0.83/load_policy/load_policy.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-2.0.84/load_policy/load_policy.c --- nsapolicycoreutils/load_policy/load_policy.c 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/load_policy/load_policy.c 2010-10-29 09:54:43.000000000 -0400 -@@ -1,3 +1,4 @@ -+#define _GNU_SOURCE - #include - #include - #include -@@ -17,12 +18,21 @@ - #define PACKAGE "policycoreutils" /* the name of this package lang translation */ - #endif - -+ - void usage(char *progname) - { - fprintf(stderr, _("usage: %s [-qi]\n"), progname); ++++ policycoreutils-2.0.84/load_policy/load_policy.c 2010-11-29 10:13:07.000000000 -0500 +@@ -23,6 +23,14 @@ exit(1); } @@ -349,8 +337,24 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po int main(int argc, char **argv) { int ret, opt, quiet = 0, nargs, init=0, enforce=0; -@@ -76,9 +86,11 @@ - if (ret != 0 ) { +@@ -64,6 +72,7 @@ + "%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n", + argv[0], argv[optind++]); + } ++ errno = 0; + if (init) { + if (is_selinux_enabled() == 1) { + /* SELinux is already enabled, we should not do an initial load again */ +@@ -73,12 +82,18 @@ + exit(2); + } + ret = selinux_init_load_policy(&enforce); +- if (ret != 0 ) { ++ /* selinux_init_load_policy returns -1 if it did not load_policy ++ * On SELinux disabled system it will always return -1 ++ * So check errno to see if anything went wrong ++ */ ++ if (ret < 0 && errno != 0) { if (enforce > 0) { /* SELinux in enforcing mode but load_policy failed */ + char *path=policy_path(); @@ -363,50 +367,312 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po exit(3); } } -@@ -87,8 +99,10 @@ - ret = selinux_mkload_policy(1); - } - if (ret < 0) { -- fprintf(stderr, _("%s: Can't load policy: %s\n"), -- argv[0], strerror(errno)); -+ char *path=policy_path(); -+ fprintf(stderr, _("%s: Can't load policy file %s: %s\n"), -+ argv[0], path, strerror(errno)); -+ free(path); - exit(2); - } - exit(0); -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.83/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/load_policy.c.disable policycoreutils-2.0.84/load_policy/load_policy.c.disable +--- nsapolicycoreutils/load_policy/load_policy.c.disable 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.84/load_policy/load_policy.c.disable 2010-11-29 10:07:47.000000000 -0500 +@@ -0,0 +1,106 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#ifdef USE_NLS ++#include /* for setlocale() */ ++#include /* for gettext() */ ++#define _(msgid) gettext (msgid) ++#else ++#define _(msgid) (msgid) ++#endif ++#ifndef PACKAGE ++#define PACKAGE "policycoreutils" /* the name of this package lang translation */ ++#endif ++ ++ ++void usage(char *progname) ++{ ++ fprintf(stderr, _("usage: %s [-qi]\n"), progname); ++ exit(1); ++} ++ ++char *policy_path(void) { ++ char *path=NULL; ++ if (asprintf(&path, "%s.%d", selinux_binary_policy_path(), security_policyvers()) < 0) { ++ return NULL; ++ } ++ return path; ++} ++ ++int main(int argc, char **argv) ++{ ++ int ret, opt, quiet = 0, nargs, init=0, enforce=0; ++ ++#ifdef USE_NLS ++ setlocale(LC_ALL, ""); ++ bindtextdomain(PACKAGE, LOCALEDIR); ++ textdomain(PACKAGE); ++#endif ++ ++ while ((opt = getopt(argc, argv, "bqi")) > 0) { ++ switch (opt) { ++ case 'b': ++ fprintf(stderr, "%s: Warning! The -b option is no longer supported, booleans are always preserved across reloads. Continuing...\n", ++ argv[0]); ++ break; ++ case 'q': ++ quiet = 1; ++ sepol_debug(0); ++ break; ++ case 'i': ++ init = 1; ++ break; ++ default: ++ usage(argv[0]); ++ } ++ } ++ ++ nargs = argc - optind; ++ if (nargs > 2) ++ usage(argv[0]); ++ if (nargs >= 1 && !quiet) { ++ fprintf(stderr, ++ "%s: Warning! Policy file argument (%s) is no longer supported, installed policy is always loaded. Continuing...\n", ++ argv[0], argv[optind++]); ++ } ++ if (nargs == 2 && ! quiet) { ++ fprintf(stderr, ++ "%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n", ++ argv[0], argv[optind++]); ++ } ++ if (init) { ++ if (is_selinux_enabled() == 1) { ++ /* SELinux is already enabled, we should not do an initial load again */ ++ fprintf(stderr, ++ _("%s: Policy is already loaded and initial load requested\n"), ++ argv[0]); ++ exit(2); ++ } ++ ret = selinux_init_load_policy(&enforce); ++ if (ret != 0 ) { ++ if (enforce > 0) { ++ /* SELinux in enforcing mode but load_policy failed */ ++ char *path=policy_path(); ++ fprintf(stderr, ++ _("%s: Can't load policy file %s and enforcing mode requested: %s\n"), ++ argv[0], path, strerror(errno)); ++ free(path); ++ exit(3); ++ } ++ } ++ } ++ else { ++ ret = selinux_mkload_policy(1); ++ } ++ if (ret < 0) { ++ fprintf(stderr, _("%s: Can't load policy: %s\n"), ++ argv[0], strerror(errno)); ++ exit(2); ++ } ++ exit(0); ++} +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.84/Makefile --- nsapolicycoreutils/Makefile 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/Makefile 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/Makefile 2010-11-29 10:07:47.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.83/newrole/newrole.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/Makefile policycoreutils-2.0.84/newrole/Makefile +--- nsapolicycoreutils/newrole/Makefile 2010-05-19 14:45:51.000000000 -0400 ++++ policycoreutils-2.0.84/newrole/Makefile 2010-11-29 10:07:47.000000000 -0500 +@@ -50,7 +50,7 @@ + endif + ifeq (${IS_SUID},y) + MODE := 4555 +- LDLIBS += -lcap ++ LDLIBS += -lcap-ng + else + MODE := 0555 + endif +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.84/newrole/newrole.c --- nsapolicycoreutils/newrole/newrole.c 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/newrole/newrole.c 2010-10-29 09:54:43.000000000 -0400 -@@ -537,7 +537,7 @@ - * ++++ policycoreutils-2.0.84/newrole/newrole.c 2010-11-29 10:07:47.000000000 -0500 +@@ -77,7 +77,7 @@ + #endif + #if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV) + #include +-#include ++#include + #endif + #ifdef USE_NLS + #include /* for setlocale() */ +@@ -90,6 +90,9 @@ + #define PACKAGE "policycoreutils" /* the name of this package lang translation */ + #endif + ++# define TRUE 1 ++# define FALSE 0 ++ + /* USAGE_STRING describes the command-line args of this program. */ + #define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]" + +@@ -538,69 +541,23 @@ * Returns zero on success, non-zero otherwise */ --#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV) -+#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV) && !defined(USE_FILECAP) - static int drop_capabilities(void) + #if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV) +-static int drop_capabilities(void) ++static int drop_capabilities(int full) { - int rc = 0; -@@ -602,7 +602,7 @@ - fprintf(stderr, _("Error freeing caps\n")); - return rc; +- int rc = 0; +- cap_t new_caps, tmp_caps; +- cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; +- cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID }; +- uid_t uid = getuid(); +- +- if (!uid) +- return 0; +- +- /* Non-root caller, suid root path */ +- new_caps = cap_init(); +- tmp_caps = cap_init(); +- if (!new_caps || !tmp_caps) { +- fprintf(stderr, _("Error initializing capabilities, aborting.\n")); ++ capng_clear(CAPNG_SELECT_BOTH); ++ if (capng_lock() < 0) + return -1; +- } +- rc |= cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET); +- rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET); +- rc |= cap_set_flag(tmp_caps, CAP_PERMITTED, 2, tmp_cap_list, CAP_SET); +- rc |= cap_set_flag(tmp_caps, CAP_EFFECTIVE, 2, tmp_cap_list, CAP_SET); +- if (rc) { +- fprintf(stderr, _("Error setting capabilities, aborting\n")); +- goto out; +- } +- +- /* Keep capabilities across uid change */ +- if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { +- fprintf(stderr, _("Error setting KEEPCAPS, aborting\n")); +- rc = -1; +- goto out; +- } + +- /* Does this temporary change really buy us much? */ +- /* We should still have root's caps, so drop most capabilities now */ +- if ((rc = cap_set_proc(tmp_caps))) { +- fprintf(stderr, _("Error dropping capabilities, aborting\n")); +- goto out; +- } ++ uid_t uid = getuid(); ++ if (!uid) return 0; + + /* Change uid */ +- if ((rc = setresuid(uid, uid, uid))) { ++ if (setresuid(uid, uid, uid)) { + fprintf(stderr, _("Error changing uid, aborting.\n")); +- goto out; +- } +- +- /* Now get rid of this ability */ +- if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) { +- fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n")); +- goto out; +- } +- +- /* Finish dropping capabilities. */ +- if ((rc = cap_set_proc(new_caps))) { +- fprintf(stderr, +- _("Error dropping SETUID capability, aborting\n")); +- goto out; ++ return -1; + } +- out: +- if (cap_free(tmp_caps) || cap_free(new_caps)) +- fprintf(stderr, _("Error freeing caps\n")); +- return rc; ++ if (! full) ++ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE); ++ return capng_apply(CAPNG_SELECT_BOTH); } --#elif defined(NAMESPACE_PRIV) -+#elif defined(NAMESPACE_PRIV) && !defined(USE_FILECAP) + #elif defined(NAMESPACE_PRIV) /** - * This function will drop the capabilities so that we are left - * only with access to the audit system and the ability to raise -@@ -1334,6 +1334,9 @@ +@@ -616,50 +573,25 @@ + * + * Returns zero on success, non-zero otherwise + */ +-static int drop_capabilities(void) ++static int drop_capabilities(int full) + { +- int rc = 0; +- cap_t new_caps; +- cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, +- CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN, +- CAP_DAC_OVERRIDE +- }; +- +- if (!getuid()) +- return 0; +- +- /* Non-root caller, suid root path */ +- new_caps = cap_init(); +- if (!new_caps) { +- fprintf(stderr, _("Error initializing capabilities, aborting.\n")); ++ capng_clear(CAPNG_SELECT_BOTH); ++ if (capng_lock() < 0) + return -1; +- } +- rc |= cap_set_flag(new_caps, CAP_PERMITTED, 6, cap_list, CAP_SET); +- rc |= cap_set_flag(new_caps, CAP_EFFECTIVE, 6, cap_list, CAP_SET); +- if (rc) { +- fprintf(stderr, _("Error setting capabilities, aborting\n")); +- goto out; +- } + +- /* Ensure that caps are dropped after setuid call */ +- if ((rc = prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)) { +- fprintf(stderr, _("Error resetting KEEPCAPS, aborting\n")); +- goto out; +- } +- +- /* We should still have root's caps, so drop most capabilities now */ +- if ((rc = cap_set_proc(new_caps))) { +- fprintf(stderr, _("Error dropping capabilities, aborting\n")); +- goto out; ++ uid_t uid = getuid(); ++ /* Change uid */ ++ if (setresuid(uid, uid, uid)) { ++ fprintf(stderr, _("Error changing uid, aborting.\n")); ++ return -1; + } +- out: +- if (cap_free(new_caps)) +- fprintf(stderr, _("Error freeing caps\n")); +- return rc; ++ if (! full) ++ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN | CAP_FOWNER | CAP_CHOWN | CAP_DAC_OVERRIDE); ++ return capng_apply(CAPNG_SELECT_BOTH); + } + + #else +-static inline int drop_capabilities(void) ++static inline int drop_capabilities(__attribute__ ((__unused__)) int full) + { + return 0; + } +@@ -1098,7 +1030,7 @@ + * if it makes sense to continue to run newrole, and setting up + * a scrubbed environment. + */ +- if (drop_capabilities()) ++ if (drop_capabilities(FALSE)) + return -1; + if (set_signal_handles()) + return -1; +@@ -1334,11 +1266,15 @@ if (send_audit_message(1, old_context, new_context, ttyn)) goto err_close_pam_session; @@ -416,9 +682,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po #ifdef NAMESPACE_PRIV if (transition_to_caller_uid()) goto err_close_pam_session; -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.83/restorecond/Makefile + #endif + ++ drop_capabilities(TRUE); + /* Handle environment changes */ + if (restore_environment(preserve_environment, old_environ, &pw)) { + fprintf(stderr, _("Unable to restore the environment, " +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.84/restorecond/Makefile --- nsapolicycoreutils/restorecond/Makefile 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/Makefile 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/Makefile 2010-11-29 10:07:47.000000000 -0500 @@ -1,17 +1,28 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr @@ -465,16 +737,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po relabel: install /sbin/restorecon $(SBINDIR)/restorecond -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.84/restorecond/org.selinux.Restorecond.service --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/org.selinux.Restorecond.service 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,3 @@ +[D-BUS Service] +Name=org.selinux.Restorecond +Exec=/usr/sbin/restorecond -u -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.83/restorecond/restorecond.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.84/restorecond/restorecond.8 --- nsapolicycoreutils/restorecond/restorecond.8 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/restorecond.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond.8 2010-11-29 10:07:47.000000000 -0500 @@ -3,7 +3,7 @@ restorecond \- daemon that watches for file creation and then sets the default SELinux file context @@ -509,9 +781,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po .SH "SEE ALSO" .BR restorecon (8), -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.83/restorecond/restorecond.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.84/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/restorecond.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond.c 2010-11-29 10:07:47.000000000 -0500 @@ -30,9 +30,11 @@ * and makes sure that there security context matches the systems defaults * @@ -1014,9 +1286,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if (pidfile) unlink(pidfile); -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.83/restorecond/restorecond.conf +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.84/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/restorecond.conf 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond.conf 2010-11-29 10:07:47.000000000 -0500 @@ -4,8 +4,5 @@ /etc/mtab /var/run/utmp @@ -1027,9 +1299,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po /root/.ssh/* - - -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.83/restorecond/restorecond.desktop +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.84/restorecond/restorecond.desktop --- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/restorecond/restorecond.desktop 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond.desktop 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=File Context maintainer @@ -1038,9 +1310,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +Encoding=UTF-8 +Type=Application +StartupNotify=false -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.83/restorecond/restorecond.h +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.84/restorecond/restorecond.h --- nsapolicycoreutils/restorecond/restorecond.h 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/restorecond.h 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond.h 2010-11-29 10:07:47.000000000 -0500 @@ -24,7 +24,22 @@ #ifndef RESTORED_CONFIG_H #define RESTORED_CONFIG_H @@ -1066,9 +1338,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +extern int watch_list_isempty(); #endif -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.83/restorecond/restorecond.init +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.84/restorecond/restorecond.init --- nsapolicycoreutils/restorecond/restorecond.init 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/restorecond.init 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond.init 2010-11-29 10:07:47.000000000 -0500 @@ -26,7 +26,7 @@ # Source function library. . /etc/rc.d/init.d/functions @@ -1097,15 +1369,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po exit $RETVAL - -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.83/restorecond/restorecond_user.conf +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.84/restorecond/restorecond_user.conf --- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/restorecond/restorecond_user.conf 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/restorecond_user.conf 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,2 @@ +~/* +~/public_html/* -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.83/restorecond/user.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.84/restorecond/user.c --- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/restorecond/user.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/user.c 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,239 @@ +/* + * restorecond @@ -1346,9 +1618,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + return 0; +} + -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.83/restorecond/utmpwatcher.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.84/restorecond/utmpwatcher.c --- nsapolicycoreutils/restorecond/utmpwatcher.c 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/restorecond/utmpwatcher.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/utmpwatcher.c 2010-11-29 10:07:47.000000000 -0500 @@ -72,8 +72,8 @@ if (utmp_wd == -1) exitApp("Error watching utmp file."); @@ -1359,9 +1631,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po strings_list_free(prev_utmp_ptr); } return changed; -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.83/restorecond/watch.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.84/restorecond/watch.c --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/restorecond/watch.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/restorecond/watch.c 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,260 @@ +#define _GNU_SOURCE +#include @@ -1623,17 +1895,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + if (master_wd == -1) + exitApp("Error watching config file."); +} -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.83/sandbox/deliverables/basicwrapper +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.84/sandbox/deliverables/basicwrapper --- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sandbox/deliverables/basicwrapper 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/deliverables/basicwrapper 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,4 @@ +import os, sys +SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']] +SANDBOX_ARGS.extend(sys.argv[1::]) +os.execv('/usr/bin/sandbox',SANDBOX_ARGS) -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.83/sandbox/deliverables/README +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.84/sandbox/deliverables/README --- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sandbox/deliverables/README 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/deliverables/README 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,32 @@ +Files: +run-in-sandbox.py: @@ -1667,9 +1939,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + +Thanks for a great summer. +Chris Pardy -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.84/sandbox/deliverables/run-in-sandbox.py --- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/deliverables/run-in-sandbox.py 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,49 @@ +import os +import os.path @@ -1720,9 +1992,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + def get_background_items(self, window, file): + return + -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.83/sandbox/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.84/sandbox/Makefile --- nsapolicycoreutils/sandbox/Makefile 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/Makefile 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/Makefile 2010-11-29 10:07:47.000000000 -0500 @@ -7,8 +7,8 @@ MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -1753,9 +2025,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po test: @python test_sandbox.py -v -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.84/sandbox/sandbox --- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/sandbox 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/sandbox 2010-11-29 10:07:47.000000000 -0500 @@ -1,5 +1,6 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -1764,7 +2036,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po # Authors: Josh Cogliati # # Copyright (C) 2009,2010 Red Hat -@@ -19,15 +20,17 @@ +@@ -19,15 +20,18 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # @@ -1775,6 +2047,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po from tempfile import mkdtemp import pwd +import commands ++import setools PROGNAME = "policycoreutils" HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir @@ -1784,7 +2057,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) -@@ -41,6 +44,7 @@ +@@ -41,6 +45,7 @@ import __builtin__ __builtin__.__dict__['_'] = unicode @@ -1792,7 +2065,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po DEFAULT_TYPE = "sandbox_t" DEFAULT_X_TYPE = "sandbox_x_t" SAVE_FILES = {} -@@ -63,15 +67,15 @@ +@@ -63,15 +68,15 @@ sys.stderr.flush() sys.exit(1) @@ -1812,7 +2085,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if not os.path.exists(newdir): os.makedirs(newdir) dest = newdir + "/" + bname -@@ -81,9 +85,10 @@ +@@ -81,9 +86,10 @@ shutil.copytree(file, dest) else: shutil.copy2(file, dest) @@ -1825,7 +2098,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po SAVE_FILES[file] = (dest, os.path.getmtime(dest)) -@@ -161,10 +166,10 @@ +@@ -161,10 +167,10 @@ if not self.__options.homedir or not self.__options.tmpdir: self.usage(_("Homedir and tempdir required for level mounts")) @@ -1839,7 +2112,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def __mount_callback(self, option, opt, value, parser): self.__mount = True -@@ -172,6 +177,15 @@ +@@ -172,6 +178,15 @@ def __x_callback(self, option, opt, value, parser): self.__mount = True setattr(parser.values, option.dest, True) @@ -1855,7 +2128,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def __validdir(self, option, opt, value, parser): if not os.path.isdir(value): -@@ -194,6 +208,8 @@ +@@ -194,6 +209,8 @@ self.__include(option, opt, i[:-1], parser) except IOError, e: sys.stderr.write(str(e)) @@ -1864,7 +2137,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po fd.close() def __copyfiles(self): -@@ -212,13 +228,15 @@ +@@ -212,13 +229,15 @@ /etc/gdm/Xsession """) else: @@ -1882,19 +2155,32 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po kill -TERM $WM_PID 2> /dev/null """ % (command, wm, command)) fd.close() -@@ -230,9 +248,9 @@ +@@ -226,14 +245,20 @@ + + def usage(self, message = ""): + error_exit("%s\n%s" % (self.__parser.usage, message)) +- ++ def __parse_options(self): from optparse import OptionParser ++ types = "\t" + "\n\t".join(setools.seinfo(setools.ATTRIBUTE, "sandbox_type")[0]['types']) usage = _(""" -sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command +sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command ++ ++sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S ++ ++Policy defines the following types for use with the -t: ++%s ++ ++""") % types -sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S -+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S - """) +-""") parser = OptionParser(version=self.VERSION, usage=usage) -@@ -268,6 +286,10 @@ + parser.disable_interspersed_args() +@@ -268,6 +293,10 @@ action="callback", callback=self.__validdir, help=_("alternate /tmp directory to use for mounting")) @@ -1905,7 +2191,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po parser.add_option("-W", "--windowmanager", dest="wm", type="string", default="/usr/bin/matchbox-window-manager -use_titlebar no", -@@ -276,13 +298,17 @@ +@@ -276,13 +305,17 @@ parser.add_option("-l", "--level", dest="level", help=_("MCS/MLS level for the sandbox")) @@ -1924,7 +2210,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po if self.__options.setype: self.setype = self.__options.setype -@@ -299,6 +325,9 @@ +@@ -299,6 +332,9 @@ self.__options.X_ind = True self.__homedir = self.__options.homedir self.__tmpdir = self.__options.tmpdir @@ -1934,7 +2220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po else: if len(cmds) == 0: self.usage(_("Command required")) -@@ -351,22 +380,24 @@ +@@ -351,22 +387,24 @@ def __execute(self): try: @@ -1974,9 +2260,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po selinux.setexeccon(self.__execcon) rc = subprocess.Popen(self.__cmds).wait() -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.83/sandbox/sandbox.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.84/sandbox/sandbox.8 --- nsapolicycoreutils/sandbox/sandbox.8 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/sandbox.8 2010-11-29 10:07:47.000000000 -0500 @@ -1,10 +1,13 @@ -.TH SANDBOX "8" "May 2009" "chcat" "User Commands" +.TH SANDBOX "8" "May 2010" "sandbox" "User Commands" @@ -2026,9 +2312,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +.I Dan Walsh +and +.I Thomas Liu -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf policycoreutils-2.0.83/sandbox/sandbox.conf +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf policycoreutils-2.0.84/sandbox/sandbox.conf --- nsapolicycoreutils/sandbox/sandbox.conf 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sandbox/sandbox.conf 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/sandbox.conf 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,7 @@ +# Space separate list of homedirs +HOMEDIRS="/home" @@ -2037,9 +2323,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +CPUAFFINITY=ALL +MEMUSAGE=80% +CPUUSAGE=80% -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf.5 policycoreutils-2.0.83/sandbox/sandbox.conf.5 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf.5 policycoreutils-2.0.84/sandbox/sandbox.conf.5 --- nsapolicycoreutils/sandbox/sandbox.conf.5 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sandbox/sandbox.conf.5 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/sandbox.conf.5 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,40 @@ +.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration" +.SH NAME @@ -2081,15 +2367,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +.SH AUTHOR +This manual page was written by +.I Thomas Liu -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.83/sandbox/sandbox.config +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.84/sandbox/sandbox.config --- nsapolicycoreutils/sandbox/sandbox.config 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.84/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500 @@ -1,2 +0,0 @@ -# Space separate list of homedirs -HOMEDIRS="/home" -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.83/sandbox/sandbox.init +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.84/sandbox/sandbox.init --- nsapolicycoreutils/sandbox/sandbox.init 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/sandbox.init 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/sandbox.init 2010-11-29 10:07:47.000000000 -0500 @@ -10,17 +10,12 @@ # # chkconfig: 345 1 99 @@ -2114,9 +2400,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po # # Source function library. -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.83/sandbox/sandboxX.sh +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.84/sandbox/sandboxX.sh --- nsapolicycoreutils/sandbox/sandboxX.sh 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/sandboxX.sh 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/sandboxX.sh 2010-11-29 10:07:47.000000000 -0500 @@ -1,13 +1,26 @@ #!/bin/bash context=`id -Z | secon -t -l -P` @@ -2147,9 +2433,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po export EXITCODE=$? kill -HUP 0 break -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.8 policycoreutils-2.0.83/sandbox/seunshare.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.8 policycoreutils-2.0.84/sandbox/seunshare.8 --- nsapolicycoreutils/sandbox/seunshare.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sandbox/seunshare.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/seunshare.8 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,37 @@ +.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands" +.SH NAME @@ -2188,9 +2474,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +.I Dan Walsh +and +.I Thomas Liu -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.84/sandbox/seunshare.c --- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sandbox/seunshare.c 2010-11-29 10:07:47.000000000 -0500 @@ -1,13 +1,21 @@ +/* + * Authors: Dan Walsh @@ -2243,6 +2529,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po /** * This function will drop all capabilities * Returns zero on success, non-zero otherwise +@@ -46,9 +57,9 @@ + static int drop_capabilities(uid_t uid) + { + capng_clear(CAPNG_SELECT_BOTH); +- + if (capng_lock() < 0) + return -1; ++ + /* Change uid */ + if (setresuid(uid, uid, uid)) { + fprintf(stderr, _("Error changing uid, aborting.\n")); @@ -134,42 +145,98 @@ static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) { if (verbose) @@ -2302,9 +2599,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + syslog(LOG_AUTHPRIV | LOG_ALERT, string); + exit(-1); + - } - --#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ") ++} ++ + +int match(const char *string, char *pattern) { + int status; @@ -2318,8 +2614,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + return 0; + } + return 1; -+} -+ + } + +-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ") +void config_error() { + fprintf(stderr, "Error parsing config file."); + exit(-1); @@ -2624,19 +2921,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - return status; } -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.83/scripts/chcat +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.84/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/scripts/chcat 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/scripts/chcat 2010-11-29 10:07:47.000000000 -0500 @@ -1,4 +1,4 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.83/scripts/fixfiles +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.84/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/scripts/fixfiles 2010-10-29 09:54:43.000000000 -0400 -@@ -21,6 +21,17 @@ ++++ policycoreutils-2.0.84/scripts/fixfiles 2010-11-29 10:07:47.000000000 -0500 +@@ -21,6 +21,25 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # @@ -2650,11 +2947,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +done +} + ++exclude_dirs() { ++ exclude= ++ for i in /var/lib/BackupPC /home /tmp /dev; do ++ [ -e $i ] && exclude="$exclude -e $i"; ++ done ++ echo "$exclude" ++} ++ +# # Set global Variables # fullFlag=0 -@@ -35,9 +46,7 @@ +@@ -35,9 +54,7 @@ LOGGER=/usr/sbin/logger SETFILES=/sbin/setfiles RESTORECON=/sbin/restorecon @@ -2665,7 +2970,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po SELINUXTYPE="targeted" if [ -e /etc/selinux/config ]; then . /etc/selinux/config -@@ -87,23 +96,10 @@ +@@ -87,23 +104,10 @@ esac; \ fi; \ done | \ @@ -2674,7 +2979,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po - \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \ - done 2> /dev/null | \ - ${RESTORECON} $* -0 -f - -+ ${RESTORECON} -f - -R -p -e /var/lib/BackupPC -e /home -e /tmp -r /dev; \ ++ ${RESTORECON} -f - -R -p `exclude_dirs`; \ rm -f ${TEMPFILE} ${PREFCTEMPFILE} fi } @@ -2690,7 +2995,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po rpmlist() { rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' -@@ -121,23 +117,16 @@ +@@ -121,23 +125,16 @@ fi if [ ! -z "$RPMFILES" ]; then for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do @@ -2717,7 +3022,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; -@@ -146,8 +135,7 @@ +@@ -146,8 +143,7 @@ fullrelabel() { logit "Cleaning out /tmp" @@ -2727,9 +3032,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po restore } -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.83/scripts/genhomedircon.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.84/scripts/genhomedircon.8 --- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/scripts/genhomedircon.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/scripts/genhomedircon.8 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,37 @@ +.\" Hey, Emacs! This is an -*- nroff -*- source file. +.\" Copyright (c) 2010 Dan Walsh @@ -2768,9 +3073,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +.SH AUTHOR +This manual page was written by +.I Dan Walsh -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.83/scripts/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.84/scripts/Makefile --- nsapolicycoreutils/scripts/Makefile 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/scripts/Makefile 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/scripts/Makefile 2010-11-29 10:07:47.000000000 -0500 @@ -14,6 +14,7 @@ install -m 755 genhomedircon $(SBINDIR) -mkdir -p $(MANDIR)/man8 @@ -2779,9 +3084,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po install -m 644 chcat.8 $(MANDIR)/man8/ clean: -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/severify.py policycoreutils-2.0.83/scripts/severify.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/severify.py policycoreutils-2.0.84/scripts/severify.py --- nsapolicycoreutils/scripts/severify.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/scripts/severify.py 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/scripts/severify.py 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,21 @@ +#! /usr/bin/python -Es +import seobject @@ -2804,9 +3109,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +#setools.sesearch([ setools.ALLOW ], { setools.SCONTEXT:"rwho_t", setools.TCONTEXT:"rwho_spool_t" } ) +#mod.enable("zebra") + -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.84/semanage/default_encoding/default_encoding.c --- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/default_encoding/default_encoding.c 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,59 @@ +/* + * Authors: @@ -2867,9 +3172,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + PyUnicode_SetDefaultEncoding("utf-8"); + m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8"); +} -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.83/semanage/default_encoding/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.84/semanage/default_encoding/Makefile --- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/semanage/default_encoding/Makefile 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/default_encoding/Makefile 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,8 @@ +all: + LDFLAGS="" python setup.py build @@ -2879,9 +3184,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + +clean: + rm -rf build *~ -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.84/semanage/default_encoding/policycoreutils/__init__.py --- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/default_encoding/policycoreutils/__init__.py 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,17 @@ +# +# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc. @@ -2900,9 +3205,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.83/semanage/default_encoding/setup.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.84/semanage/default_encoding/setup.py --- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/semanage/default_encoding/setup.py 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/default_encoding/setup.py 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,38 @@ +# Authors: +# John Dennis @@ -2942,9 +3247,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + ext_modules = [default_encoding_utf8], + packages=["policycoreutils"], +) -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.83/semanage/semanage +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.84/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/semanage/semanage 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/semanage 2010-11-29 10:07:47.000000000 -0500 @@ -1,4 +1,4 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -3355,9 +3660,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po errorExit(error.args[1]) + except OSError, error: + errorExit(error.args[1]) -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.83/semanage/semanage.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.84/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/semanage/semanage.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/semanage.8 2010-11-29 10:07:47.000000000 -0500 @@ -1,29 +1,69 @@ -.TH "semanage" "8" "2005111103" "" "" +.TH "semanage" "8" "20100223" "" "" @@ -3564,9 +3869,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +and Russell Coker . +.br Examples by Thomas Bleher . -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.83/semanage/seobject.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.84/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/semanage/seobject.py 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/semanage/seobject.py 2010-11-29 10:07:47.000000000 -0500 @@ -29,47 +29,12 @@ import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") @@ -4320,9 +4625,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po def list(self, heading = True, locallist = False, use_file = False): on_off = (_("off"), _("on")) if use_file: -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.83/sepolgen-ifgen/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.84/sepolgen-ifgen/Makefile --- nsapolicycoreutils/sepolgen-ifgen/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sepolgen-ifgen/Makefile 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sepolgen-ifgen/Makefile 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,25 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -4349,9 +4654,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + ../../scripts/Lindent $(wildcard *.[ch]) + +relabel: ; -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.84/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c --- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-11-29 10:07:47.000000000 -0500 @@ -0,0 +1,230 @@ +/* Authors: Frank Mayer + * and Karl MacMillan @@ -4583,9 +4888,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + + return 0; +} -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.83/setfiles/restore.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.84/setfiles/restore.c --- nsapolicycoreutils/setfiles/restore.c 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/setfiles/restore.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/setfiles/restore.c 2010-11-29 10:07:47.000000000 -0500 @@ -1,4 +1,5 @@ #include "restore.h" +#include @@ -4767,9 +5072,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po + free(buf); +} -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.83/setfiles/restorecon.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.84/setfiles/restorecon.8 --- nsapolicycoreutils/setfiles/restorecon.8 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/setfiles/restorecon.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/setfiles/restorecon.8 2010-11-29 10:07:47.000000000 -0500 @@ -4,10 +4,10 @@ .SH "SYNOPSIS" @@ -4793,9 +5098,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po .TP .B \-v show changes in file labels. -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.83/setfiles/restore.h +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.84/setfiles/restore.h --- nsapolicycoreutils/setfiles/restore.h 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/setfiles/restore.h 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/setfiles/restore.h 2010-11-29 10:07:47.000000000 -0500 @@ -27,6 +27,7 @@ int hard_links; int verbose; @@ -4815,9 +5120,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po +void exclude_non_seclabel_mounts(); #endif -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.83/setfiles/setfiles.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.84/setfiles/setfiles.8 --- nsapolicycoreutils/setfiles/setfiles.8 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/setfiles/setfiles.8 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/setfiles/setfiles.8 2010-11-29 10:07:47.000000000 -0500 @@ -31,6 +31,9 @@ .TP .B \-n @@ -4828,9 +5133,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po .TP .B \-q suppress non-error output. -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.83/setfiles/setfiles.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.84/setfiles/setfiles.c --- nsapolicycoreutils/setfiles/setfiles.c 2010-05-19 14:45:51.000000000 -0400 -+++ policycoreutils-2.0.83/setfiles/setfiles.c 2010-10-29 09:54:43.000000000 -0400 ++++ policycoreutils-2.0.84/setfiles/setfiles.c 2010-11-29 10:07:47.000000000 -0500 @@ -5,7 +5,6 @@ #include #include @@ -4970,9 +5275,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po } } -diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.83/VERSION ---- nsapolicycoreutils/VERSION 2010-06-16 08:03:38.000000000 -0400 -+++ policycoreutils-2.0.83/VERSION 2010-10-29 09:54:43.000000000 -0400 -@@ -1 +1 @@ --2.0.83 -+2.0.82 diff --git a/policycoreutils.spec b/policycoreutils.spec index bd094b2..ef6caa7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.83 -Release: 33.2%{?dist} +Release: 33.3%{?dist} License: GPLv2 Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -24,7 +24,6 @@ Patch: policycoreutils-rhat.patch Patch1: policycoreutils-po.patch Patch3: policycoreutils-gui.patch Patch4: policycoreutils-sepolgen.patch -Patch5: policycoreutils-2.0.83-disable.patch Obsoletes: policycoreutils < 2.0.61-2 %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)") @@ -63,7 +62,6 @@ context. %patch1 -p1 -b .rhatpo %patch3 -p1 -b .gui %patch4 -p1 -b .sepolgen -%patch5 -p1 -b .disable %build make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all @@ -317,6 +315,9 @@ fi exit 0 %changelog +* Mon Nov 22 2010 Dan Walsh 2.0.83-33.3 +- Fix fixfiles to not complain on missing directories. + * Mon Nov 22 2010 Dan Walsh 2.0.83-33.2 - Don't report error on load_policy when system is disabled.