[policycoreutils] Update to upstream * policycoreutils * setfiles: Fix process_glob to handle error situations * san
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Aug 30 20:32:48 UTC 2011
commit 42466e2b7e18542fad693397b65569ab1e665622
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 30 16:32:33 2011 -0400
Update to upstream
* policycoreutils
* setfiles: Fix process_glob to handle error situations
* sandbox: Allow seunshare to run as root
* sandbox: trap sigterm to make sure sandbox
* sandbox: pass DPI from the desktop
* sandbox: seunshare: introduce helper spawn_command
* sandbox: seunshare: introduce new filesystem helpers
* sandbox: add -C option to not drop
* sandbox: split seunshare caps dropping
* sandbox: use dbus-launch
* sandbox: numerous simple updates to sandbox
* sandbox: do not require selinux context
* sandbox: Makefile: new man pages
* sandbox: rename dir to srcdir
* sandbox: allow users specify sandbox window size
* sandbox: check for paths up front
* sandbox: use defined values for paths rather
* sandbox: move seunshare globals to the top
* sandbox: whitespace fix
* semodule_package: Add semodule_unpackage executable
* setfiles: get rid of some stupid globals
* setfiles: move exclude_non_seclabel_mounts to a generic location
* sepolgen
* refparser: include open among valid permissions
* refparser: add support for filename_trans rules
.gitignore | 2 +
policycoreutils-rhat.patch | 1440 ++++++++++------------------------------
policycoreutils-sepolgen.patch | 99 ++--
policycoreutils.spec | 44 +-
sources | 4 +-
5 files changed, 436 insertions(+), 1153 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5fae7f7..fd5b9e3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -225,3 +225,5 @@ policycoreutils-2.0.83.tgz
/policycoreutils-2.0.85.tgz
/policycoreutils-2.0.86.tgz
/policycoreutils-2.1.4.tgz
+/policycoreutils-2.1.5.tgz
+/sepolgen-1.1.1.tgz
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 52f6755..4fbb0d2 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -9,7 +9,7 @@ index 86ed03f..3e95698 100644
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
-index 5435e9d..c60490b 100644
+index 5435e9d..e9d5882 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -1,4 +1,4 @@
@@ -34,6 +34,15 @@ index 5435e9d..c60490b 100644
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
help="read input from dmesg - conflicts with --all and --input")
parser.add_option("-i", "--input", dest="input",
+@@ -102,7 +104,7 @@ class AuditToPolicy:
+ if name:
+ options.requires = True
+ if not module.is_valid_name(name):
+- sys.stderr.write("only letters and numbers allowed in module names\n")
++ sys.stderr.write('error: module names must begin with a letter, optionally followed by letters, numbers, "-", "_", "."\n')
+ sys.exit(2)
+
+ # Make -M and -o conflict
@@ -231,29 +233,12 @@ class AuditToPolicy:
def __output_audit2why(self):
@@ -1486,10 +1495,10 @@ index 9db766c..068e24c 100644
} /* main() */
diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile
-index ff0ee7c..924999d 100644
+index 21df0c4..924999d 100644
--- a/policycoreutils/sandbox/Makefile
+++ b/policycoreutils/sandbox/Makefile
-@@ -7,10 +7,10 @@ SBINDIR ?= $(PREFIX)/sbin
+@@ -7,8 +7,8 @@ SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
SHAREDIR ?= $(PREFIX)/share/sandbox
@@ -1498,209 +1507,42 @@ index ff0ee7c..924999d 100644
+override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
+LDLIBS += -lcgroup -lselinux -lcap-ng
--all: sandbox seunshare sandboxX.sh
-+all: sandbox seunshare sandboxX.sh start
+ all: sandbox seunshare sandboxX.sh start
- seunshare: seunshare.o $(EXTRA_OBJS)
- $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
-@@ -20,14 +20,18 @@ install: all
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
+@@ -22,7 +22,7 @@ install: all
install -m 644 sandbox.8 $(MANDIR)/man8/
-+ install -m 644 seunshare.8 $(MANDIR)/man8/
-+ -mkdir -p $(MANDIR)/man5
+ install -m 644 seunshare.8 $(MANDIR)/man8/
+ -mkdir -p $(MANDIR)/man5
+- install -m 644 sandbox.conf.5 $(MANDIR)/man5/
+ install -m 644 sandbox.conf.5 $(MANDIR)/man5/sandbox.5
-mkdir -p $(SBINDIR)
install -m 4755 seunshare $(SBINDIR)/
-mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
-+ install -m 755 start $(SHAREDIR)
- -mkdir -p $(INITDIR)
- install -m 755 sandbox.init $(INITDIR)/sandbox
- -mkdir -p $(SYSCONFDIR)
-- install -m 644 sandbox.config $(SYSCONFDIR)/sandbox
-+ install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
-
- test:
- @python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 0b89e9a..481034c 100644
+index edae667..486cd4e 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
-@@ -1,5 +1,6 @@
- #! /usr/bin/python -Es
- # Authors: Dan Walsh <dwalsh at redhat.com>
-+# Authors: Thomas Liu <tliu at fedoraproject.org>
- # Authors: Josh Cogliati
- #
- # Copyright (C) 2009,2010 Red Hat
-@@ -19,15 +20,17 @@
- # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- #
-
--import os, sys, socket, random, fcntl, shutil, re, subprocess
-+import os, stat, sys, socket, random, fcntl, shutil, re, subprocess
- import selinux
- import signal
- from tempfile import mkdtemp
- import pwd
-+import commands
-+import setools
+@@ -29,7 +29,6 @@ import commands
+ import setools
PROGNAME = "policycoreutils"
-HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
--
-+SEUNSHARE = "/usr/sbin/seunshare"
-+SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
+ SEUNSHARE = "/usr/sbin/seunshare"
+ SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
import gettext
- gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
- gettext.textdomain(PROGNAME)
-@@ -41,6 +44,7 @@ except IOError:
- import __builtin__
- __builtin__.__dict__['_'] = unicode
-
-+DEFAULT_WINDOWSIZE = "1000x700"
- DEFAULT_TYPE = "sandbox_t"
- DEFAULT_X_TYPE = "sandbox_x_t"
- SAVE_FILES = {}
-@@ -63,15 +67,15 @@ def error_exit(msg):
- sys.stderr.flush()
- sys.exit(1)
-
--def copyfile(file, dir, dest):
-+def copyfile(file, srcdir, dest):
- import re
-- if file.startswith(dir):
-+ if file.startswith(srcdir):
- dname = os.path.dirname(file)
- bname = os.path.basename(file)
-- if dname == dir:
-+ if dname == srcdir:
- dest = dest + "/" + bname
- else:
-- newdir = re.sub(dir, dest, dname)
-+ newdir = re.sub(srcdir, dest, dname)
- if not os.path.exists(newdir):
- os.makedirs(newdir)
- dest = newdir + "/" + bname
-@@ -81,9 +85,10 @@ def copyfile(file, dir, dest):
- shutil.copytree(file, dest)
- else:
- shutil.copy2(file, dest)
-+
- except shutil.Error, elist:
-- for e in elist:
-- sys.stderr.write(e[1])
-+ for e in elist.message:
-+ sys.stderr.write(e[2])
-
- SAVE_FILES[file] = (dest, os.path.getmtime(dest))
-
-@@ -161,10 +166,10 @@ class Sandbox:
- if not self.__options.homedir or not self.__options.tmpdir:
- self.usage(_("Homedir and tempdir required for level mounts"))
-
-- if not os.path.exists("/usr/sbin/seunshare"):
-+ if not os.path.exists(SEUNSHARE):
- raise ValueError(_("""
--/usr/sbin/seunshare is required for the action you want to perform.
--"""))
-+%s is required for the action you want to perform.
-+""") % SEUNSHARE)
-
- def __mount_callback(self, option, opt, value, parser):
- self.__mount = True
-@@ -172,6 +177,15 @@ class Sandbox:
- def __x_callback(self, option, opt, value, parser):
- self.__mount = True
- setattr(parser.values, option.dest, True)
-+ if not os.path.exists(SEUNSHARE):
-+ raise ValueError(_("""
-+%s is required for the action you want to perform.
-+""") % SEUNSHARE)
-+
-+ if not os.path.exists(SANDBOXSH):
-+ raise ValueError(_("""
-+%s is required for the action you want to perform.
-+""") % SANDBOXSH)
-
- def __validdir(self, option, opt, value, parser):
- if not os.path.isdir(value):
-@@ -194,6 +208,8 @@ class Sandbox:
- self.__include(option, opt, i[:-1], parser)
- except IOError, e:
- sys.stderr.write(str(e))
-+ except TypeError, e:
-+ sys.stderr.write(str(e))
- fd.close()
-
- def __copyfiles(self):
-@@ -212,13 +228,15 @@ class Sandbox:
- /etc/gdm/Xsession
- """)
- else:
-- command = " ".join(self.__paths)
-+ command = self.__paths[0] + " "
-+ for p in self.__paths[1:]:
-+ command += "'%s' " % p
- fd.write("""#! /bin/sh
- #TITLE: %s
- /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
- %s &
- WM_PID=$!
--%s
-+dbus-launch --exit-with-session %s
- kill -TERM $WM_PID 2> /dev/null
- """ % (command, wm, command))
- fd.close()
-@@ -229,11 +247,22 @@ kill -TERM $WM_PID 2> /dev/null
-
- def __parse_options(self):
- from optparse import OptionParser
-+ types = ""
-+ try:
-+ types = _("""
-+Policy defines the following types for use with the -t:
-+\t%s
-+""") % "\n\t".join(setools.seinfo(setools.ATTRIBUTE, "sandbox_type")[0]['types'])
-+ except RuntimeError:
-+ pass
-+
+@@ -258,9 +257,9 @@ Policy defines the following types for use with the -t:
+ pass
+
usage = _("""
--sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
+-sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
-+
+
+-sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
-+%s
-+""") % types
-
--sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
--""")
-
- parser = OptionParser(version=self.VERSION, usage=usage)
- parser.disable_interspersed_args()
-@@ -260,14 +289,18 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
- parser.add_option("-H", "--homedir",
- action="callback", callback=self.__validdir,
- type="string",
-- dest="homedir",
-+ dest="homedir",
- help=_("alternate home directory to use for mounting"))
-
-- parser.add_option("-T", "--tmpdir", dest="tmpdir",
-+ parser.add_option("-T", "--tmpdir", dest="tmpdir",
- type="string",
- action="callback", callback=self.__validdir,
- help=_("alternate /tmp directory to use for mounting"))
-
-+ parser.add_option("-w", "--windowsize", dest="windowsize",
-+ type="string", default=DEFAULT_WINDOWSIZE,
-+ help="size of the sandbox window")
-+
- parser.add_option("-W", "--windowmanager", dest="wm",
- type="string",
- default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +309,21 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ %s
+ """) % types
+
+@@ -309,6 +308,10 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -1708,41 +1550,10 @@ index 0b89e9a..481034c 100644
+ action="store_true", dest="usecgroup", default=False,
+ help=_("Use cgroups to limit this sandbox."))
+
-+ parser.add_option("-C", "--capabilities",
-+ action="store_true", dest="usecaps", default=False,
-+ help="Allow apps requiring capabilities to run within the sandbox.")
-+
- self.__parser=parser
-
- self.__options, cmds = parser.parse_args()
-
- if self.__options.X_ind:
- self.setype = DEFAULT_X_TYPE
--
-+ self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2")
- if self.__options.setype:
- self.setype = self.__options.setype
-
-@@ -300,6 +341,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
- self.__homedir = self.__options.homedir
- self.__tmpdir = self.__options.tmpdir
- else:
-+ if self.__options.level:
-+ self.__homedir = self.__options.homedir
-+ self.__tmpdir = self.__options.tmpdir
-+
- if len(cmds) == 0:
- self.usage(_("Command required"))
- cmds[0] = fullpath(cmds[0])
-@@ -323,50 +368,51 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
-
- con = selinux.getcon()[1].split(":")
- self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level)
-- self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r",
-- "%s_file_t" % self.setype[:-2],
-+ self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r",
-+ "%s_file_t" % self.setype[:-2],
- level)
+ parser.add_option("-C", "--capabilities",
+ action="store_true", dest="usecaps", default=False,
+ help="Allow apps requiring capabilities to run within the sandbox.")
+@@ -370,30 +373,29 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
def __setup_dir(self):
if self.__options.level or self.__options.session:
return
@@ -1770,97 +1581,41 @@ index 0b89e9a..481034c 100644
def __execute(self):
try:
-- if self.__options.X_ind:
-- xmodmapfile = self.__homedir + "/.xmodmap"
-- xd = open(xmodmapfile,"w")
-- subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
-- xd.close()
--
-- self.__setup_sandboxrc(self.__options.wm)
--
-- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sandbox/sandboxX.sh" ]
-- rc = subprocess.Popen(cmds).wait()
-- return rc
--
-+ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
+ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
+- if self.__options.usecaps == True:
+ if self.__options.usecgroup:
+ cmds.append('-c')
+ if self.__options.usecaps:
-+ cmds.append('-C')
+ cmds.append('-C')
if self.__mount:
-- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths
-- rc = subprocess.Popen(cmds).wait()
-- return rc
-+ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
-+
-+ if self.__options.X_ind:
-+ xmodmapfile = self.__homedir + "/.xmodmap"
-+ xd = open(xmodmapfile,"w")
-+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
-+ xd.close()
-+
-+ self.__setup_sandboxrc(self.__options.wm)
-+
-+ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
-+ else:
-+ cmds += [ "--" ] + self.__paths
-+ return subprocess.Popen(cmds).wait()
-
- selinux.setexeccon(self.__execcon)
- rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +450,7 @@ if __name__ == '__main__':
- sandbox = Sandbox()
- rc = sandbox.main()
- except OSError, error:
-- error_exit(error.args[1])
-+ error_exit(error)
- except ValueError, error:
- error_exit(error.args[0])
- except KeyError, error:
+ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
-index 1479364..2b37e63 100644
+index e3b7ea7..2b37e63 100644
--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
-@@ -1,10 +1,13 @@
--.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
-+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
- .SH NAME
+@@ -3,11 +3,11 @@
sandbox \- Run cmd under an SELinux sandbox
.SH SYNOPSIS
.B sandbox
--[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
--[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
+-[-C] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
-+
-+.br
-+.B sandbox
+
+ .br
+ .B sandbox
+-[-C] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
+[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
.br
.SH DESCRIPTION
.PP
-@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
- \fB\-T\ tmpdir
- Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
- .TP
-+\fB\-S
-+Run a full desktop session, Requires level, and home and tmpdir.
-+.TP
-+\fB\-w windowsize\fR
-+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.
-+.TP
- \fB\-W windowmanager\fR
- Select alternative window manager to run within
- .B sandbox -X.
-@@ -50,8 +59,20 @@ Default to /usr/bin/matchbox-window-manager.
- \fB\-X\fR
+@@ -60,10 +60,19 @@ Default to /usr/bin/matchbox-window-manager.
Create an X based Sandbox for gui apps, temporary files for
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
-+.TP
+ .TP
+\fB\-c\fR
+Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
+.TP
-+\fB\-C\fR
-+Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities.
+ \fB\-C\fR
+ Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities.
.PP
.SH "SEE ALSO"
.TP
@@ -1873,65 +1628,6 @@ index 1479364..2b37e63 100644
+.I Dan Walsh <dwalsh at redhat.com>
+and
+.I Thomas Liu <tliu at fedoraproject.org>
-diff --git a/policycoreutils/sandbox/sandbox.conf b/policycoreutils/sandbox/sandbox.conf
-new file mode 100644
-index 0000000..7c35808
---- /dev/null
-+++ b/policycoreutils/sandbox/sandbox.conf
-@@ -0,0 +1,7 @@
-+# Space separate list of homedirs
-+HOMEDIRS="/home"
-+# Control group configuration
-+NAME=sandbox
-+CPUAFFINITY=ALL
-+MEMUSAGE=80%
-+CPUUSAGE=80%
-diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5
-new file mode 100644
-index 0000000..b3ee67d
---- /dev/null
-+++ b/policycoreutils/sandbox/sandbox.conf.5
-@@ -0,0 +1,40 @@
-+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
-+.SH NAME
-+sandbox.conf \- user config file for the SELinux sandbox
-+.SH DESCRIPTION
-+.PP
-+When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.
-+
-+.PP
-+Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("=").
-+
-+.PP
-+These keywords are allowed.
-+
-+.RS
-+.TP
-+.B NAME
-+The name of the sandbox control group. Default is "sandbox".
-+
-+.TP
-+.B CPUAFFINITY
-+Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5
-+
-+.TP
-+.B MEMUSAGE
-+How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M
-+
-+.TP
-+.B CPUUSAGE
-+Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50%
-+
-+
-+
-+.SH "SEE ALSO"
-+.TP
-+sandbox(8)
-+.PP
-+
-+.SH AUTHOR
-+This manual page was written by
-+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
index ff8b3ef..66aadfd 100644
--- a/policycoreutils/sandbox/sandbox.init
@@ -1976,89 +1672,40 @@ index ff8b3ef..66aadfd 100644
return 0
}
-diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
-index 8338203..88ebfee 100644
---- a/policycoreutils/sandbox/sandboxX.sh
-+++ b/policycoreutils/sandbox/sandboxX.sh
-@@ -1,15 +1,21 @@
--#!/bin/bash
-+#!/bin/bash
-+trap "" TERM
- context=`id -Z | secon -t -l -P`
- export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
--export SCREENSIZE="1000x700"
--#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
-+[ -z $1 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$1"
-+[ -z $2 ] && export DPI="96" || export DPI="$2"
- trap "exit 0" HUP
-
--(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
-+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -displayfd 5 5>&1 2>/dev/null) | while read D; do
- export DISPLAY=:$D
-- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
-+ cat > ~/seremote << __EOF
-+#!/bin/sh
-+DISPLAY=$DISPLAY "\$@"
-+__EOF
-+ chmod +x ~/seremote
-+ /usr/share/sandbox/start $HOME/.sandboxrc
- export EXITCODE=$?
-- kill -HUP 0
-+ kill -TERM 0
- break
- done
- exit 0
diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8
-new file mode 100644
-index 0000000..06610c0
---- /dev/null
+index a9b846b..06610c0 100644
+--- a/policycoreutils/sandbox/seunshare.8
+++ b/policycoreutils/sandbox/seunshare.8
-@@ -0,0 +1,43 @@
-+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
-+.SH NAME
-+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
-+.SH SYNOPSIS
-+.B seunshare
+@@ -3,7 +3,7 @@
+ seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
+ .SH SYNOPSIS
+ .B seunshare
+-[ -v ] [ -c ] [ -C ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
+[ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
-+.br
-+.SH DESCRIPTION
-+.PP
-+Run the
-+.I executable
-+within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context.
-+
-+.TP
-+\fB\-h homedir\fR
-+Alternate homedir to be used by the application. Homedir must be owned by the user.
-+.TP
-+\fB\-t\ tmpdir
+ .br
+ .SH DESCRIPTION
+ .PP
+@@ -16,7 +16,7 @@ within the specified context, using the alternate home directory and /tmp direct
+ Alternate homedir to be used by the application. Homedir must be owned by the user.
+ .TP
+ \fB\-t\ tmpdir
+-Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user.
+Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user.
-+.TP
-+\fB\-c --cgroups\fR
-+Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
-+.TP
-+\fB\-C --capabilities\fR
-+Allow apps executed within the namespace to use capabilities. Default is no capabilities.
-+.TP
+ .TP
+ \fB\-c --cgroups\fR
+ Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
+@@ -24,6 +24,9 @@ Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysco
+ \fB\-C --capabilities\fR
+ Allow apps executed within the namespace to use capabilities. Default is no capabilities.
+ .TP
+\fB\-k --kill\fR
+Kill all processes with matching MCS level.
+.TP
-+\fB\-Z\ context
-+Use alternate SELinux context while runing the executable.
-+.TP
-+\fB\-v\fR
-+Verbose output
-+.SH "SEE ALSO"
-+.TP
-+runcon(1), sandbox(8), selinux(8)
-+.PP
-+.SH AUTHOR
-+This manual page was written by
-+.I Dan Walsh <dwalsh at redhat.com>
-+and
-+.I Thomas Liu <tliu at fedoraproject.org>
+ \fB\-Z\ context
+ Use alternate SELinux context while runing the executable.
+ .TP
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index e713b74..1a0a488 100644
+index f9bf12c..671d97c 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,27 +1,35 @@
@@ -2101,7 +1748,7 @@ index e713b74..1a0a488 100644
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
-@@ -39,29 +47,55 @@
+@@ -39,10 +47,16 @@
#define MS_PRIVATE 1<<18
#endif
@@ -2110,67 +1757,30 @@ index e713b74..1a0a488 100644
+#endif
+
+#define BUF_SIZE 1024
-+#define DEFAULT_PATH "/usr/bin:/bin"
-+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] [ -k ] [ -C ] [ -t tmpdir] [ -h homedir ] [ -Z context ] -- executable [args]")
-+
-+static int verbose = 0;
+ #define DEFAULT_PATH "/usr/bin:/bin"
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [-t tmpdir] [-h homedir] [-Z context] -- executable [args]")
++#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -c ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ")
+
+ static int verbose = 0;
+static int child = 0;
-+
-+static capng_select_t cap_set = CAPNG_SELECT_BOTH;
-+
- /**
-- * This function will drop all capabilities
-- * Returns zero on success, non-zero otherwise
-+ * This function will drop all capabilities.
- */
--static int drop_capabilities(uid_t uid)
-+static int drop_caps()
- {
-- capng_clear(CAPNG_SELECT_BOTH);
--
-- if (capng_lock() < 0)
-+ if (capng_have_capabilities(cap_set) == CAPNG_NONE)
-+ return 0;
-+ capng_clear(cap_set);
-+ if (capng_lock() == -1 || capng_apply(cap_set) == -1) {
-+ fprintf(stderr, _("Failed to drop all capabilities\n"));
- return -1;
-- /* Change uid */
-- if (setresuid(uid, uid, uid)) {
-- fprintf(stderr, _("Error changing uid, aborting.\n"));
-+ }
-+ return 0;
-+}
-+
-+/**
-+ * This function will drop all privileges.
-+ */
-+static int drop_privs(uid_t uid)
-+{
-+ if (drop_caps() == -1 || setresuid(uid, uid, uid) == -1) {
-+ fprintf(stderr, _("Failed to drop privileges\n"));
- return -1;
- }
-- return capng_apply(CAPNG_SELECT_BOTH);
-+ return 0;
+
+ static capng_select_t cap_set = CAPNG_SELECT_BOTH;
+
+@@ -74,6 +88,13 @@ static int drop_privs(uid_t uid)
}
--#define DEFAULT_PATH "/usr/bin:/bin"
--static int verbose = 0;
-+/**
+ /**
+ * If the user sends a siginto to seunshare, kill the child's session
+ */
+void handler(int sig) {
+ if (child > 0) kill(-child,sig);
+}
-
- /**
-- * Take care of any signal setup
-+ * Take care of any signal setup.
++
++/**
+ * Take care of any signal setup.
*/
static int set_signal_handles(void)
- {
-@@ -75,32 +109,117 @@ static int set_signal_handles(void)
+@@ -88,12 +109,17 @@ static int set_signal_handles(void)
(void)sigprocmask(SIG_SETMASK, &empty, NULL);
@@ -2186,120 +1796,37 @@ index e713b74..1a0a488 100644
+ return -1;
+ }
+
-+ return 0;
-+}
-+
-+#define status_to_retval(status,retval) do { \
-+ if ((status) == -1) \
-+ retval = -1; \
-+ else if (WIFEXITED((status))) \
-+ retval = WEXITSTATUS((status)); \
-+ else if (WIFSIGNALED((status))) \
-+ retval = 128 + WTERMSIG((status)); \
-+ else \
-+ retval = -1; \
-+ } while(0)
-+
-+/**
-+ * Spawn external command using system() with dropped privileges.
-+ * TODO: avoid system() and use exec*() instead
-+ */
-+static int spawn_command(const char *cmd, uid_t uid){
-+ int child;
-+ int status = -1;
-+
-+ if (verbose > 1)
-+ printf("spawn_command: %s\n", cmd);
-+
-+ child = fork();
-+ if (child == -1) {
-+ perror(_("Unable to fork"));
-+ return status;
-+ }
-+
-+ if (child == 0) {
-+ if (drop_privs(uid) != 0) exit(-1);
-+
-+ status = system(cmd);
-+ status_to_retval(status, status);
-+ exit(status);
-+ }
-+
-+ waitpid(child, &status, 0);
-+ status_to_retval(status, status);
-+ return status;
-+}
-+
-+/**
-+ * Check file/directory ownership, struct stat * must be passed to the
-+ * functions.
-+ */
-+static int check_owner_uid(uid_t uid, const char *file, struct stat *st) {
-+ if (S_ISLNK(st->st_mode)) {
-+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
-+ return -1;
-+ }
-+ if (st->st_uid != uid) {
-+ fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid);
-+ return -1;
-+ }
-+ return 0;
-+}
-+
-+static int check_owner_gid(gid_t gid, const char *file, struct stat *st) {
-+ if (S_ISLNK(st->st_mode)) {
-+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
-+ return -1;
-+ }
-+ if (st->st_gid != gid) {
-+ fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid);
-+ return -1;
-+ }
return 0;
}
-+#define equal_stats(one,two) \
-+ ((one)->st_dev == (two)->st_dev && (one)->st_ino == (two)->st_ino && \
-+ (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \
-+ (one)->st_mode == (two)->st_mode)
-+
+@@ -139,26 +165,6 @@ static int spawn_command(const char *cmd, uid_t uid){
+ }
+
/**
- * This function makes sure the mounted directory is owned by the user executing
- * seunshare.
- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
-+ * Sanity check specified directory. Store stat info for future comparison, or
-+ * compare with previously saved info to detect replaced directories.
-+ * Note: This function does not perform owner checks.
- */
+- */
-static int verify_mount(const char *mntdir, struct passwd *pwd) {
-+static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) {
- struct stat sb;
+- struct stat sb;
- if (stat(mntdir, &sb) == -1) {
- fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir, strerror(errno));
-+
-+ if (st_out == NULL) st_out = &sb;
-+
-+ if (lstat(dir, st_out) == -1) {
-+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
-+ return -1;
-+ }
-+ if (! S_ISDIR(st_out->st_mode)) {
-+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
- return -1;
- }
+- return -1;
+- }
- if (sb.st_uid != pwd->pw_uid) {
- errno = EPERM;
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
- perror(_("Invalid mount point, reporting to administrator"));
-+ if (st_in && !equal_stats(st_in, st_out)) {
-+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
- return -1;
- }
-+
- return 0;
- }
-
-@@ -123,7 +242,7 @@ static int verify_shell(const char *shell_name)
+- return -1;
+- }
+- return 0;
+-}
+-
+-/**
+ * Check file/directory ownership, struct stat * must be passed to the
+ * functions.
+ */
+@@ -236,7 +242,7 @@ static int verify_shell(const char *shell_name)
/* check the shell skipping newline char */
if (!strcmp(shell_name, buf)) {
@@ -2308,7 +1835,7 @@ index e713b74..1a0a488 100644
break;
}
}
-@@ -131,54 +250,618 @@ static int verify_shell(const char *shell_name)
+@@ -244,43 +250,600 @@ static int verify_shell(const char *shell_name)
return rc;
}
@@ -2826,9 +2353,8 @@ index e713b74..1a0a488 100644
+ if (fd_t >= 0) close(fd_t);
+ if (fd_s >= 0) close(fd_s);
+ return tmpdir;
- }
-
--#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++}
++
+#define PROC_BASE "/proc"
+
+static int
@@ -2891,14 +2417,14 @@ index e713b74..1a0a488 100644
+ context_free(con);
+ free(pid_table);
+ return running;
-+}
+ }
int main(int argc, char **argv) {
- int rc;
int status = -1;
+ security_context_t execcon = NULL;
-- security_context_t scontext;
+- security_context_t scontext = NULL;
-
- int flag_index; /* flag index in argv[] */
int clflag; /* holds codes for command line flags */
@@ -2920,29 +2446,23 @@ index e713b74..1a0a488 100644
+ {"kill", 1, 0, 'k'},
{"verbose", 1, 0, 'v'},
+ {"cgroups", 1, 0, 'c'},
-+ {"context", 1, 0, 'Z'},
-+ {"capabilities", 1, 0, 'C'},
+ {"context", 1, 0, 'Z'},
+ {"capabilities", 1, 0, 'C'},
{NULL, 0, 0, 0}
- };
-
- uid_t uid = getuid();
--
-+/*
- if (!uid) {
- fprintf(stderr, _("Must not be root"));
- return -1;
+@@ -294,6 +857,12 @@ int main(int argc, char **argv) {
}
-+*/
-+
+ */
+
+#ifdef USE_NLS
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+#endif
-
++
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
-@@ -187,34 +870,36 @@ int main(int argc, char **argv) {
+ perror(_("getpwduid failed"));
+@@ -301,7 +870,7 @@ int main(int argc, char **argv) {
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -2951,12 +2471,7 @@ index e713b74..1a0a488 100644
return -1;
}
- while (1) {
-- clflag = getopt_long(argc, argv, "h:t:", long_options,
-- &flag_index);
-+ clflag = getopt_long(argc, argv, "Ccvh:t:Z:", long_options, NULL);
- if (clflag == -1)
- break;
+@@ -312,28 +881,25 @@ int main(int argc, char **argv) {
switch (clflag) {
case 't':
@@ -2985,16 +2500,17 @@ index e713b74..1a0a488 100644
+ break;
+ case 'c':
+ usecgroups = 1;
-+ break;
-+ case 'C':
-+ cap_set = CAPNG_SELECT_CAPS;
-+ break;
-+ case 'Z':
+ break;
+ case 'C':
+ cap_set = CAPNG_SELECT_CAPS;
+ break;
+ case 'Z':
+- scontext = strdup(optarg);
+ execcon = optarg;
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,99 +908,131 @@ int main(int argc, char **argv) {
+@@ -342,97 +908,131 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -3004,16 +2520,12 @@ index e713b74..1a0a488 100644
return -1;
}
-- if (argc - optind < 2) {
-- fprintf(stderr, _("Error: context and executable required \n"),
-- "%s\n", USAGE_STRING);
-+ if (argc - optind < 1) {
+ if (argc - optind < 1) {
+- fprintf(stderr, _("Error: executable required \n %s \n"), USAGE_STRING);
+ fprintf(stderr, _("Error: executable required\n %s\n"), USAGE_STRING);
return -1;
}
-- scontext = argv[optind++];
--
- if (set_signal_handles())
+ if (execcon && is_selinux_enabled() != 1) {
+ fprintf(stderr, _("Error: execution context specified, but SELinux is not enabled\n"));
@@ -3046,9 +2558,7 @@ index e713b74..1a0a488 100644
+ * on an NFS mount. It's also desired to avoid leaking info about
+ * existence of the files not accessible to the user. */
+ setfsuid(uid);
-
-- if (drop_capabilities(uid)) {
-- perror(_("Failed to drop all capabilities"));
++
+ /* verify homedir and tmpdir */
+ if (homedir_s && (
+ verify_directory(homedir_s, NULL, &st_homedir) < 0 ||
@@ -3057,13 +2567,14 @@ index e713b74..1a0a488 100644
+ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
+ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
+ setfsuid(0);
-+
+
+- if (drop_privs(uid))
+ /* create runtime tmpdir */
+ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
+ &st_tmpdir_r, pwd, execcon)) == NULL) {
+ fprintf(stderr, _("Failed to create runtime temporary directory\n"));
return -1;
- }
++ }
- int child = fork();
+ /* spawn child process */
@@ -3084,19 +2595,26 @@ index e713b74..1a0a488 100644
- perror(_("Out of memory"));
- exit(-1);
- }
+- }
+ if (child == 0) {
+ char *display = NULL;
+ int rc = -1;
-+
-+ if (unshare(CLONE_NEWNS) < 0) {
-+ perror(_("Failed to unshare"));
-+ goto childerr;
- }
- if ((rc = clearenv())) {
- perror(_("Unable to clear environment"));
- free(display);
- exit(-1);
++ if (unshare(CLONE_NEWNS) < 0) {
++ perror(_("Failed to unshare"));
++ goto childerr;
+ }
+
+- if (scontext) {
+- if (setexeccon(scontext)) {
+- fprintf(stderr, _("Could not set exec context to %s.\n"),
+- scontext);
+- free(display);
+- exit(-1);
+ /* assume fsuid==ruid after this point */
+ setfsuid(uid);
+
@@ -3113,20 +2631,14 @@ index e713b74..1a0a488 100644
+ if ((display = strdup(display)) == NULL) {
+ perror(_("Out of memory"));
+ goto childerr;
-+ }
+ }
}
--
-- if (setexeccon(scontext)) {
-- fprintf(stderr, _("Could not set exec context to %s.\n"),
-- scontext);
-- free(display);
-- exit(-1);
+-
+- if (display)
+ if ((rc = clearenv()) != 0) {
+ perror(_("Failed to clear environment"));
+ goto childerr;
- }
--
-- if (display)
++ }
+ if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
@@ -3164,6 +2676,7 @@ index e713b74..1a0a488 100644
- free(tmpdir_s);
- free(homedir_s);
+- free(scontext);
+ drop_caps();
+
+ /* parent waits for child exit to do the cleanup */
@@ -3182,21 +2695,6 @@ index e713b74..1a0a488 100644
+ free(tmpdir_r);
return status;
}
-diff --git a/policycoreutils/sandbox/start b/policycoreutils/sandbox/start
-new file mode 100644
-index 0000000..52950d7
---- /dev/null
-+++ b/policycoreutils/sandbox/start
-@@ -0,0 +1,9 @@
-+#! /usr/bin/python -Es
-+import gtk, commands, sys
-+rc = [-1,'']
-+try:
-+ rc=commands.getstatusoutput(sys.argv[1])
-+except:
-+ pass
-+if rc[0] == 0:
-+ print rc[1]
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index e4e5f0d..27dcccf 100755
--- a/policycoreutils/scripts/fixfiles
@@ -3487,9 +2985,16 @@ index 0140cd2..656a028 100644
errorExit(error.args[0])
except KeyError, error:
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index 6842b07..6742fe9 100644
+index 6842b07..7f11c4e 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
+@@ -1,5 +1,5 @@
+ #! /usr/bin/python -E
+-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
++# Copyright (C) 2005-2011 2009 Red Hat
+ # see file 'COPYING' for use and warranty information
+ #
+ # semanage is a tool for managing SELinux configuration files
@@ -30,11 +30,10 @@ from IPy import IP
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -3529,7 +3034,22 @@ index 6842b07..6742fe9 100644
if not semanage_is_managed(handle):
semanage_handle_destroy(handle)
-@@ -328,6 +329,7 @@ class permissiveRecords(semanageRecords):
+@@ -253,9 +254,13 @@ class moduleRecords(semanageRecords):
+ return l
+
+ def list(self, heading = 1, locallist = 0):
++ all = self.get_all()
++ if len(all) == 0:
++ return
++
+ if heading:
+ print "\n%-25s%-10s\n" % (_("Modules Name"), _("Version"))
+- for t in self.get_all():
++ for t in all:
+ if t[2] == 0:
+ disabled = _("Disabled")
+ else:
+@@ -328,11 +333,14 @@ class permissiveRecords(semanageRecords):
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -3537,7 +3057,25 @@ index 6842b07..6742fe9 100644
return l
def list(self, heading = 1, locallist = 0):
-@@ -420,7 +422,9 @@ class loginRecords(semanageRecords):
+ import setools
+ all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE)))
++ if len(all) == 0:
++ return
+
+ if heading:
+ print "\n%-25s\n" % (_("Builtin Permissive Types"))
+@@ -340,6 +348,10 @@ class permissiveRecords(semanageRecords):
+ for t in all:
+ if t not in customized:
+ print t
++
++ if len(customized) == 0:
++ return
++
+ if heading:
+ print "\n%-25s\n" % (_("Customized Permissive Types"))
+ for t in customized:
+@@ -420,7 +432,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -3548,7 +3086,18 @@ index 6842b07..6742fe9 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -627,7 +631,8 @@ class seluserRecords(semanageRecords):
+@@ -588,7 +602,10 @@ class loginRecords(semanageRecords):
+ def list(self,heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
++ if len(keys) == 0:
++ return
+ keys.sort()
++
+ if is_mls_enabled == 1:
+ if heading:
+ print "\n%-25s %-25s %-25s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"))
+@@ -627,7 +644,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -3558,7 +3107,18 @@ index 6842b07..6742fe9 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -864,6 +869,7 @@ class portRecords(semanageRecords):
+@@ -820,7 +838,10 @@ class seluserRecords(semanageRecords):
+ def list(self, heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
++ if len(keys) == 0:
++ return
+ keys.sort()
++
+ if is_mls_enabled == 1:
+ if heading:
+ print "\n%-15s %-10s %-10s %-30s" % ("", _("Labeling"), _("MLS/"), _("MLS/"))
+@@ -864,6 +885,7 @@ class portRecords(semanageRecords):
return ( k, proto_d, low, high )
def __add(self, port, proto, serange, type):
@@ -3566,7 +3126,7 @@ index 6842b07..6742fe9 100644
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -926,6 +932,7 @@ class portRecords(semanageRecords):
+@@ -926,6 +948,7 @@ class portRecords(semanageRecords):
self.commit()
def __modify(self, port, proto, serange, setype):
@@ -3574,7 +3134,24 @@ index 6842b07..6742fe9 100644
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
-@@ -1136,7 +1143,8 @@ class nodeRecords(semanageRecords):
+@@ -1073,11 +1096,14 @@ class portRecords(semanageRecords):
+ return l
+
+ def list(self, heading = 1, locallist = 0):
+- if heading:
+- print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
+ ddict = self.get_all_by_type(locallist)
+ keys = ddict.keys()
++ if len(keys) == 0:
++ return
+ keys.sort()
++
++ if heading:
++ print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
+ for i in keys:
+ rec = "%-30s %-8s " % i
+ rec += "%s" % ddict[i][0]
+@@ -1136,7 +1162,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -3584,7 +3161,7 @@ index 6842b07..6742fe9 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1152,7 +1160,6 @@ class nodeRecords(semanageRecords):
+@@ -1152,7 +1179,6 @@ class nodeRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not set mask for %s") % addr)
@@ -3592,7 +3169,7 @@ index 6842b07..6742fe9 100644
rc = semanage_context_set_user(self.sh, con, "system_u")
if rc < 0:
raise ValueError(_("Could not set user in addr context for %s") % addr)
-@@ -1204,12 +1211,11 @@ class nodeRecords(semanageRecords):
+@@ -1204,12 +1230,11 @@ class nodeRecords(semanageRecords):
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
@@ -3606,7 +3183,24 @@ index 6842b07..6742fe9 100644
if serange != "":
semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
-@@ -1334,7 +1340,8 @@ class interfaceRecords(semanageRecords):
+@@ -1296,11 +1321,14 @@ class nodeRecords(semanageRecords):
+ return l
+
+ def list(self, heading = 1, locallist = 0):
+- if heading:
+- print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
++ if len(keys) == 0:
++ return
+ keys.sort()
++
++ if heading:
++ print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
+ if is_mls_enabled:
+ for k in keys:
+ val = ''
+@@ -1334,7 +1362,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -3616,7 +3210,24 @@ index 6842b07..6742fe9 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1592,7 +1599,8 @@ class fcontextRecords(semanageRecords):
+@@ -1483,11 +1512,14 @@ class interfaceRecords(semanageRecords):
+ return l
+
+ def list(self, heading = 1, locallist = 0):
+- if heading:
+- print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
++ if len(keys) == 0:
++ return
+ keys.sort()
++
++ if heading:
++ print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
+ if is_mls_enabled:
+ for k in keys:
+ print "%-30s %s:%s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2], translate(ddict[k][3], False))
+@@ -1592,7 +1624,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -3626,7 +3237,7 @@ index 6842b07..6742fe9 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1783,11 +1791,11 @@ class fcontextRecords(semanageRecords):
+@@ -1783,11 +1816,14 @@ class fcontextRecords(semanageRecords):
return l
def list(self, heading = 1, locallist = 0 ):
@@ -3634,13 +3245,16 @@ index 6842b07..6742fe9 100644
- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
fcon_dict = self.get_all(locallist)
keys = fcon_dict.keys()
++ if len(keys) == 0:
++ return
keys.sort()
-+ if len(keys) > 0 and heading:
++
++ if heading:
+ print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1814,6 +1822,18 @@ class booleanRecords(semanageRecords):
+@@ -1814,6 +1850,18 @@ class booleanRecords(semanageRecords):
self.dict["1"] = 1
self.dict["0"] = 0
@@ -3659,7 +3273,7 @@ index 6842b07..6742fe9 100644
def __mod(self, name, value):
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
-@@ -1833,9 +1853,10 @@ class booleanRecords(semanageRecords):
+@@ -1833,9 +1881,10 @@ class booleanRecords(semanageRecords):
else:
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
@@ -3673,7 +3287,7 @@ index 6842b07..6742fe9 100644
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
-@@ -1918,8 +1939,12 @@ class booleanRecords(semanageRecords):
+@@ -1918,8 +1967,12 @@ class booleanRecords(semanageRecords):
value = []
name = semanage_bool_get_name(boolean)
value.append(semanage_bool_get_value(boolean))
@@ -3688,181 +3302,24 @@ index 6842b07..6742fe9 100644
ddict[name] = value
return ddict
-diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile
-index 0a4a3a6..f84cd7e 100644
---- a/policycoreutils/semodule_package/Makefile
-+++ b/policycoreutils/semodule_package/Makefile
-@@ -9,15 +9,17 @@ CFLAGS ?= -Werror -Wall -W
- override CFLAGS += -I$(INCLUDEDIR)
- LDLIBS = -lsepol -lselinux -L$(LIBDIR)
-
--all: semodule_package
-+all: semodule_package semodule_unpackage
-
- semodule_package: semodule_package.o
-
- install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
-+ install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
-+ install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
-
- relabel:
-
-diff --git a/policycoreutils/semodule_package/semodule_package.8 b/policycoreutils/semodule_package/semodule_package.8
-index 29c9eb2..ddad2d2 100644
---- a/policycoreutils/semodule_package/semodule_package.8
-+++ b/policycoreutils/semodule_package/semodule_package.8
-@@ -44,7 +44,7 @@ File contexts file for the module (optional).
- netfilter context file to be included in the package.
-
- .SH SEE ALSO
--.B checkmodule(8), semodule(8)
-+.B checkmodule(8), semodule(8), semodule_unpackage(8)
- .SH AUTHORS
- .nf
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-diff --git a/policycoreutils/semodule_package/semodule_unpackage.8 b/policycoreutils/semodule_package/semodule_unpackage.8
-new file mode 100644
-index 0000000..62dd53e
---- /dev/null
-+++ b/policycoreutils/semodule_package/semodule_unpackage.8
-@@ -0,0 +1,24 @@
-+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
-+semodule_unpackage \- Extract polciy module and file context file from an SELinux policy module unpackage.
-+
-+.SH SYNOPSIS
-+.B semodule_unpackage <module> [<file contexts>]
-+.br
-+.SH DESCRIPTION
-+.PP
-+semodule_unpackage is the tool used to extract the SELinux policy module
-+ and file context file from an SELinux Policy Package.
-+
-+.SH EXAMPLE
-+.nf
-+# Extract the httpd module file from httpd policy package.
-+$ semodule_unpackage httpd.pp httpd.mod httpd.fc
-+.fi
-+
-+.SH SEE ALSO
-+.B semodule_package(8)
-+.SH AUTHORS
-+.nf
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Stephen Smalley <sds at tycho.nsa.gov>
-diff --git a/policycoreutils/semodule_package/semodule_unpackage.c b/policycoreutils/semodule_package/semodule_unpackage.c
-new file mode 100644
-index 0000000..0120ee4
---- /dev/null
-+++ b/policycoreutils/semodule_package/semodule_unpackage.c
-@@ -0,0 +1,103 @@
-+#include <sepol/module.h>
-+#include <getopt.h>
-+#include <fcntl.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/mman.h>
-+#include <fcntl.h>
-+#include <errno.h>
-+
-+char *progname = NULL;
-+extern char *optarg;
-+
-+static void usage(char *progname)
-+{
-+ printf("usage: %s ppfile modfile [fcfile]\n", progname);
-+ exit(1);
-+}
-+
-+static int file_to_policy_file(char *filename, struct sepol_policy_file **pf, char *mode)
-+{
-+ FILE *f;
-+
-+ if (sepol_policy_file_create(pf)) {
-+ fprintf(stderr, "%s: Out of memory\n", progname);
-+ return -1;
-+ }
-+
-+ f = fopen(filename, mode);
-+ if (!f) {
-+ fprintf(stderr, "%s: Could not open file %s: %s\n", progname, strerror(errno), filename);
-+ return -1;
-+ }
-+ sepol_policy_file_set_fp(*pf, f);
-+ return 0;
-+}
-+
-+int main(int argc, char **argv)
-+{
-+ struct sepol_module_package *pkg;
-+ struct sepol_policy_file *in, *out;
-+ FILE *fp;
-+ size_t len;
-+ char *ppfile, *modfile, *fcfile = NULL, *fcdata;
-+
-+ progname = argv[0];
-+
-+ if (argc < 3) {
-+ usage(progname);
-+ exit(1);
-+ }
-+
-+ ppfile = argv[1];
-+ modfile = argv[2];
-+ if (argc >= 3)
-+ fcfile = argv[3];
-+
-+ if (file_to_policy_file(ppfile, &in, "r"))
-+ exit(1);
-+
-+ if (sepol_module_package_create(&pkg)) {
-+ fprintf(stderr, "%s: Out of memory\n", progname);
-+ exit(1);
-+ }
-+
-+ if (sepol_module_package_read(pkg, in, 0) == -1) {
-+ fprintf(stderr, "%s: Error while reading policy module from %s\n",
-+ progname, ppfile);
-+ exit(1);
-+ }
-+
-+ if (file_to_policy_file(modfile, &out, "w"))
-+ exit(1);
-+
-+ if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {
-+ fprintf(stderr, "%s: Error while writing module to %s\n", progname, modfile);
-+ exit(1);
-+ }
-+
-+ sepol_policy_file_free(in);
-+ sepol_policy_file_free(out);
-+
-+ len = sepol_module_package_get_file_contexts_len(pkg);
-+ if (fcfile && len) {
-+ fp = fopen(fcfile, "w");
-+ if (!fp) {
-+ fprintf(stderr, "%s: Could not open file %s: %s\n", progname, strerror(errno), fcfile);
-+ exit(1);
-+ }
-+ fcdata = sepol_module_package_get_file_contexts(pkg);
-+ if (fwrite(fcdata, 1, len, fp) != len) {
-+ fprintf(stderr, "%s: Could not write file %s: %s\n", progname, strerror(errno), fcfile);
-+ exit(1);
-+ }
-+ fclose(fp);
-+ }
-+
-+ sepol_module_package_free(pkg);
-+ exit(0);
-+}
+@@ -1952,11 +2005,13 @@ class booleanRecords(semanageRecords):
+ if ddict[k]:
+ print "%s=%s" % (k, ddict[k][2])
+ return
+- if heading:
+- print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
++ if len(keys) == 0:
++ return
++
++ if heading:
++ print "%-30s %s %s %s\n" % (_("SELinux boolean"),_("State"), _("Default"), _("Description"))
+ for k in keys:
+ if ddict[k]:
+- print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
+-
++ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
diff --git a/policycoreutils/sepolgen-ifgen/.gitignore b/policycoreutils/sepolgen-ifgen/.gitignore
new file mode 100644
index 0000000..3816d2e
@@ -4140,10 +3597,23 @@ index 0000000..1ce37b0
+ return 0;
+}
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index e05761a..5bcb44a 100644
+index 48ffcad..15f2bf0 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
-@@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path)
+@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *opts)
+ r_opts = opts;
+ struct selinux_opt selinux_opts[] = {
+ { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
+- { SELABEL_OPT_PATH, r_opts->selabel_opt_path }
++ { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
++ { SELABEL_OPT_SUBSET, r_opts->selabel_opt_subset }
+ };
+- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2);
++ r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
+ if (!r_opts->hnd) {
+ perror(r_opts->selabel_opt_path);
+ exit(1);
+@@ -318,11 +319,16 @@ static int process_one(char *name, int recurse_this_path)
ftsent = fts_read(fts_handle);
@@ -4163,41 +3633,7 @@ index e05761a..5bcb44a 100644
do {
rc = 0;
/* Skip the post order nodes. */
-@@ -368,19 +373,21 @@ int process_glob(char *name, int recurse) {
- int errors;
- memset(&globbuf, 0, sizeof(globbuf));
- errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf);
-- if (errors)
-- errors = process_one_realpath(name, recurse);
-- else {
-- for (i = 0; i < globbuf.gl_pathc; i++) {
-- int len = strlen(globbuf.gl_pathv[i]) -2;
-- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
-- continue;
-- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
-- continue;
-- errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
-- }
-- globfree(&globbuf);
-+ if (errors == GLOB_NOMATCH)
-+ return 0;
-+
-+ if (errors)
-+ return errors;
-+
-+ for (i = 0; i < globbuf.gl_pathc; i++) {
-+ int len = strlen(globbuf.gl_pathv[i]) -2;
-+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
-+ continue;
-+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
-+ continue;
-+ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
- }
-+ globfree(&globbuf);
- return errors;
- }
-
-@@ -388,7 +395,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -390,7 +396,7 @@ int process_one_realpath(char *name, int recurse)
{
int rc = 0;
char *p;
@@ -4206,7 +3642,7 @@ index e05761a..5bcb44a 100644
if (r_opts == NULL){
fprintf(stderr,
-@@ -399,7 +406,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -401,7 +407,7 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) {
return process_one(name, recurse);
} else {
@@ -4215,7 +3651,7 @@ index e05761a..5bcb44a 100644
if (rc < 0) {
if (r_opts->ignore_enoent && errno == ENOENT)
return 0;
-@@ -566,7 +573,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -568,7 +574,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{
file_spec_t *prevfl, *fl;
int h, ret;
@@ -4224,7 +3660,7 @@ index e05761a..5bcb44a 100644
if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -579,7 +586,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -581,7 +587,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) {
if (ino == fl->ino) {
@@ -4233,214 +3669,38 @@ index e05761a..5bcb44a 100644
if (ret < 0 || sb.st_ino != ino) {
freecon(fl->con);
free(fl->file);
-@@ -631,5 +638,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
- return -1;
- }
-
-+#include <sys/utsname.h>
-+/*
-+ Search /proc/mounts for all file systems that do not support extended
-+ attributes and add them to the exclude directory table. File systems
-+ that support security labels have the seclabel option.
-+*/
-+void exclude_non_seclabel_mounts()
-+{
-+ struct utsname uts;
-+ FILE *fp;
-+ size_t len;
-+ ssize_t num;
-+ int index = 0, found = 0;
-+ char *mount_info[4];
-+ char *buf = NULL, *item;
-+
-+ /* Check to see if the kernel supports seclabel */
-+ if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
-+ return;
-+ if (is_selinux_enabled() <= 0)
-+ return;
-+
-+ fp = fopen("/proc/mounts", "r");
-+ if (!fp)
-+ return;
-+
-+ while ((num = getline(&buf, &len, fp)) != -1) {
-+ found = 0;
-+ index = 0;
-+ item = strtok(buf, " ");
-+ while (item != NULL) {
-+ mount_info[index] = item;
-+ if (index == 3)
-+ break;
-+ index++;
-+ item = strtok(NULL, " ");
-+ }
-+ if (index < 3) {
-+ fprintf(stderr,
-+ "/proc/mounts record \"%s\" has incorrect format.\n",
-+ buf);
-+ continue;
-+ }
-
-+ /* remove pre-existing entry */
-+ remove_exclude(mount_info[1]);
-+
-+ item = strtok(mount_info[3], ",");
-+ while (item != NULL) {
-+ if (strcmp(item, "seclabel") == 0) {
-+ found = 1;
-+ break;
-+ }
-+ item = strtok(NULL, ",");
-+ }
-+
-+ /* exclude mount points without the seclabel option */
-+ if (!found)
-+ add_exclude(mount_info[1]);
-+ }
-+
-+ free(buf);
-+}
-
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
-index 7e988d5..ac27222 100644
+index ac27222..fb8eaf9 100644
--- a/policycoreutils/setfiles/restore.h
+++ b/policycoreutils/setfiles/restore.h
-@@ -49,5 +49,6 @@ int exclude(const char *path);
- void remove_exclude(const char *directory);
- int process_one_realpath(char *name, int recurse);
- int process_glob(char *name, int recurse);
-+void exclude_non_seclabel_mounts();
-
- #endif
+@@ -40,6 +40,7 @@ struct restore_opts {
+ int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
+ const char *selabel_opt_validate;
+ const char *selabel_opt_path;
++ const char *selabel_opt_subset;
+ };
+
+ void restore_init(struct restore_opts *opts);
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
-index d320e9f..fa0cd6a 100644
+index fa0cd6a..81c6c13 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
-@@ -5,7 +5,6 @@
- #include <ctype.h>
- #include <regex.h>
- #include <sys/vfs.h>
--#include <sys/utsname.h>
- #define __USE_XOPEN_EXTENDED 1 /* nftw */
- #include <libgen.h>
- #ifdef USE_AUDIT
-@@ -15,8 +14,6 @@
- #define AUDIT_FS_RELABEL 2309
- #endif
- #endif
--static int mass_relabel;
--static int mass_relabel_errs;
-
-
- /* cmdline opts*/
-@@ -24,7 +21,6 @@ static int mass_relabel_errs;
- static char *policyfile = NULL;
- static int warn_no_match = 0;
- static int null_terminated = 0;
--static int errors;
- static struct restore_opts r_opts;
-
- #define STAT_BLOCK_SIZE 1
-@@ -108,10 +104,11 @@ int canoncon(char **contextp)
- }
+@@ -217,7 +217,7 @@ int main(int argc, char **argv)
+ exclude_non_seclabel_mounts();
- #ifndef USE_AUDIT
--static void maybe_audit_mass_relabel(void)
-+static void maybe_audit_mass_relabel(int mass_relabel __attribute__((unused)),
-+ int mass_relabel_errs __attribute__((unused)))
- {
- #else
--static void maybe_audit_mass_relabel(void)
-+static void maybe_audit_mass_relabel(int mass_relabel, int mass_relabel_errs)
- {
- int audit_fd = -1;
- int rc = 0;
-@@ -137,69 +134,6 @@ static void maybe_audit_mass_relabel(void)
- #endif
- }
-
--/*
-- Search /proc/mounts for all file systems that do not support extended
-- attributes and add them to the exclude directory table. File systems
-- that support security labels have the seclabel option.
--*/
--static void exclude_non_seclabel_mounts()
--{
-- struct utsname uts;
-- FILE *fp;
-- size_t len;
-- ssize_t num;
-- int index = 0, found = 0;
-- char *mount_info[4];
-- char *buf = NULL, *item;
--
-- /* Check to see if the kernel supports seclabel */
-- if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
-- return;
-- if (is_selinux_enabled() <= 0)
-- return;
--
-- fp = fopen("/proc/mounts", "r");
-- if (!fp)
-- return;
--
-- while ((num = getline(&buf, &len, fp)) != -1) {
-- found = 0;
-- index = 0;
-- item = strtok(buf, " ");
-- while (item != NULL) {
-- mount_info[index] = item;
-- if (index == 3)
-- break;
-- index++;
-- item = strtok(NULL, " ");
-- }
-- if (index < 3) {
-- fprintf(stderr,
-- "/proc/mounts record \"%s\" has incorrect format.\n",
-- buf);
-- continue;
-- }
--
-- /* remove pre-existing entry */
-- remove_exclude(mount_info[1]);
--
-- item = strtok(mount_info[3], ",");
-- while (item != NULL) {
-- if (strcmp(item, "seclabel") == 0) {
-- found = 1;
-- break;
-- }
-- item = strtok(NULL, ",");
-- }
--
-- /* exclude mount points without the seclabel option */
-- if (!found)
-- add_exclude(mount_info[1]);
-- }
--
-- free(buf);
--}
--
- int main(int argc, char **argv)
- {
- struct stat sb;
-@@ -210,6 +144,7 @@ int main(int argc, char **argv)
- size_t buf_len;
- int recurse; /* Recursive descent. */
- char *base;
-+ int mass_relabel = 0, errors = 0;
-
- memset(&r_opts, 0, sizeof(r_opts));
-
-@@ -487,9 +422,7 @@ int main(int argc, char **argv)
- }
- }
-
-- if (mass_relabel)
-- mass_relabel_errs = errors;
-- maybe_audit_mass_relabel();
-+ maybe_audit_mass_relabel(mass_relabel, errors);
-
- if (warn_no_match)
- selabel_stats(r_opts.hnd);
+ /* Process any options. */
+- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
++ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:S:FRW0")) > 0) {
+ switch (opt) {
+ case 'c':
+ {
+@@ -280,6 +280,9 @@ int main(int argc, char **argv)
+ case 'n':
+ r_opts.change = 0;
+ break;
++ case 'S':
++ r_opts.selabel_opt_subset = optarg;
++ break;
+ case 'o':
+ if (strcmp(optarg, "-") == 0) {
+ r_opts.outfile = stdout;
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index a504f05..3ca80c7 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -1,7 +1,8 @@
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py 2011-05-25 16:11:58.150628048 -0400
-@@ -32,6 +32,7 @@ in a variety of ways, but they are the f
+diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
+index 3eda2fd..649735f 100644
+--- a/sepolgen/src/sepolgen/access.py
++++ b/sepolgen/src/sepolgen/access.py
+@@ -32,6 +32,7 @@ in a variety of ways, but they are the fundamental representation of access.
"""
import refpolicy
@@ -45,9 +46,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen
access.perms.update(perms)
if audit_msg:
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py 2011-05-25 16:11:58.150628048 -0400
+diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
+index 24e308e..e23725f 100644
+--- a/sepolgen/src/sepolgen/audit.py
++++ b/sepolgen/src/sepolgen/audit.py
@@ -68,6 +68,17 @@ def get_dmesg_msgs():
stdout=subprocess.PIPE).communicate()[0]
return output
@@ -131,9 +133,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen p
return av_set
class AVCTypeFilter:
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py 2011-05-25 16:11:58.150628048 -0400
+diff --git a/sepolgen/src/sepolgen/defaults.py b/sepolgen/src/sepolgen/defaults.py
+index 45ce61a..6d511c3 100644
+--- a/sepolgen/src/sepolgen/defaults.py
++++ b/sepolgen/src/sepolgen/defaults.py
@@ -30,6 +30,9 @@ def perm_map():
def interface_info():
return data_dir() + "/interface_info"
@@ -144,9 +147,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolge
def refpolicy_devel():
return "/usr/share/selinux/devel"
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py 2011-05-25 16:11:58.151628058 -0400
+diff --git a/sepolgen/src/sepolgen/interfaces.py b/sepolgen/src/sepolgen/interfaces.py
+index d8b3e34..ae1c9c5 100644
+--- a/sepolgen/src/sepolgen/interfaces.py
++++ b/sepolgen/src/sepolgen/interfaces.py
@@ -29,6 +29,8 @@ import matching
from sepolgeni18n import _
@@ -156,7 +160,7 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepol
class Param:
"""
Object representing a paramater for an interface.
-@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params
+@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params):
ret = 1
return ret
@@ -262,9 +266,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepol
self.expand_ifcalls(headers)
self.index()
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py 2011-05-25 16:11:58.151628058 -0400
+diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
+index 1a9a3e5..d56dd92 100644
+--- a/sepolgen/src/sepolgen/matching.py
++++ b/sepolgen/src/sepolgen/matching.py
@@ -50,7 +50,7 @@ class Match:
return 1
@@ -293,9 +298,25 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolge
def __iter__(self):
return iter(self.children)
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py 2011-05-25 16:11:58.151628058 -0400
+diff --git a/sepolgen/src/sepolgen/module.py b/sepolgen/src/sepolgen/module.py
+index edd24c6..5818cec 100644
+--- a/sepolgen/src/sepolgen/module.py
++++ b/sepolgen/src/sepolgen/module.py
+@@ -37,8 +37,8 @@ import shutil
+ def is_valid_name(modname):
+ """Check that a module name is valid.
+ """
+- m = re.findall("[^a-zA-Z0-9]", modname)
+- if len(m) == 0:
++ m = re.findall("[^a-zA-Z0-9_\-\.]", modname)
++ if len(m) == 0 and modname[0].isalpha():
+ return True
+ else:
+ return False
+diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
+index 0e6b502..6ce892c 100644
+--- a/sepolgen/src/sepolgen/policygen.py
++++ b/sepolgen/src/sepolgen/policygen.py
@@ -29,6 +29,8 @@ import objectmodel
import access
import interfaces
@@ -334,7 +355,7 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolg
+
+ if av.type == audit2why.CONSTRAINT:
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
-+ rule.comment += "#Contraint rule: "
++ rule.comment += "#Constraint rule: "
+
+ if av.type == audit2why.TERULE:
+ if "write" in av.perms:
@@ -356,38 +377,10 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolg
self.module.children.append(rule)
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py 2011-05-25 16:18:20.911964611 -0400
-@@ -243,7 +243,7 @@ def t_refpolicywarn(t):
- t.lexer.lineno += 1
-
- def t_IDENTIFIER(t):
-- r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
-+ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
- # Handle any keywords
- t.type = reserved.get(t.value,'IDENTIFIER')
- return t
-@@ -768,6 +768,7 @@ def p_avrule_def(p):
-
- def p_typerule_def(p):
- '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
-+ | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
- | TYPE_CHANGE names names COLON names IDENTIFIER SEMI
- | TYPE_MEMBER names names COLON names IDENTIFIER SEMI
- '''
-@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, exp
- # of misc_macros. We are just going to pretend that this is an interface
- # to make the expansion work correctly.
- can_exec = refpolicy.Interface("can_exec")
-- av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
-+ av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read",
- "getattr","lock","execute","ioctl"])
-
- can_exec.children.append(refpolicy.AVRule(av))
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map
---- policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen 2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map 2011-05-25 16:11:58.152628068 -0400
+diff --git a/sepolgen/src/share/perm_map b/sepolgen/src/share/perm_map
+index eb2e23b..ca4fa4d 100644
+--- a/sepolgen/src/share/perm_map
++++ b/sepolgen/src/share/perm_map
@@ -124,7 +124,7 @@ class filesystem 10
quotamod w 1
quotaget r 1
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 10dff19..6ace70d 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,13 +1,13 @@
%define libauditver 1.4.2-1
-%define libsepolver 2.1.0-1
-%define libsemanagever 2.1.0-0
-%define libselinuxver 2.1.0-1
-%define sepolgenver 1.0.23
+%define libsepolver 2.1.2-1
+%define libsemanagever 2.1.2-1
+%define libselinuxver 2.1.5-1
+%define sepolgenver 1.1.1
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.1.4
-Release: 2%{?dist}
+Version: 2.1.5
+Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -66,10 +66,10 @@ context.
%patch -p2 -b .rhat
%patch1 -p1 -b .rhatpo
%patch3 -p1 -b .gui
-%patch4 -p1 -b .sepolgen
+%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
%build
-make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all
+make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install
@@ -352,6 +352,34 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Tue Aug 30 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-1
+-Update to upstream
+ * policycoreutils
+ * setfiles: Fix process_glob to handle error situations
+ * sandbox: Allow seunshare to run as root
+ * sandbox: trap sigterm to make sure sandbox
+ * sandbox: pass DPI from the desktop
+ * sandbox: seunshare: introduce helper spawn_command
+ * sandbox: seunshare: introduce new filesystem helpers
+ * sandbox: add -C option to not drop
+ * sandbox: split seunshare caps dropping
+ * sandbox: use dbus-launch
+ * sandbox: numerous simple updates to sandbox
+ * sandbox: do not require selinux context
+ * sandbox: Makefile: new man pages
+ * sandbox: rename dir to srcdir
+ * sandbox: allow users specify sandbox window size
+ * sandbox: check for paths up front
+ * sandbox: use defined values for paths rather
+ * sandbox: move seunshare globals to the top
+ * sandbox: whitespace fix
+ * semodule_package: Add semodule_unpackage executable
+ * setfiles: get rid of some stupid globals
+ * setfiles: move exclude_non_seclabel_mounts to a generic location
+ * sepolgen
+ * refparser: include open among valid permissions
+ * refparser: add support for filename_trans rules
+
* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-2
- Fix bug in glob handling for restorecon
diff --git a/sources b/sources
index 53b109d..69b7e4a 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
-7e1e18c09798ffb44913bce3d60c667d policycoreutils-2.1.4.tgz
+fcff0d994c5106e04190432304b1e8c6 sepolgen-1.1.1.tgz
+a84ec479bf09e8d2a912fd32532853e9 policycoreutils-2.1.5.tgz
More information about the scm-commits
mailing list