[setools/f14/master] - Exit seinfo and sesearch with proper status

Daniel J Walsh dwalsh at fedoraproject.org
Thu Jan 6 20:31:25 UTC 2011 

commit b630dd7b807ecd7b630ebb6ca5c2c321d0f81de9
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Jan 6 15:31:13 2011 -0500

    - Exit seinfo and sesearch with proper status

 setools-exitstatus.patch |  119 ++++++++++++++++++++++++++++++++++++++++++++++
 setools-neverallow.patch |   15 ++++++
 setools.spec             |   12 ++++-
 3 files changed, 145 insertions(+), 1 deletions(-)
---
diff --git a/setools-exitstatus.patch b/setools-exitstatus.patch
new file mode 100644
index 0000000..3500aca
--- /dev/null
+++ b/setools-exitstatus.patch
@@ -0,0 +1,119 @@
+diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c
+--- setools-3.3.7/secmds/seinfo.c.exitstatus	2010-05-03 12:39:02.000000000 -0400
++++ setools-3.3.7/secmds/seinfo.c	2010-11-05 09:54:39.000000000 -0400
+@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c
+  */
+ static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
+ {
+-	int retval = 0;
++	int retval = -1;
+ 	apol_cat_query_t *query = NULL;
+ 	apol_vector_t *v = NULL;
+ 	const qpol_cat_t *cat_datum = NULL;
+@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const 
+ 		fprintf(fp, "   %s\n", tmp);
+ 		free(tmp);
+ 	}
+-	if (type && !apol_vector_get_size(v))
++	if (type && !apol_vector_get_size(v)) {
+ 		ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
+-
++		goto cleanup;
++	}
+ 	retval = 0;
+       cleanup:
+ 	apol_fs_use_query_destroy(&query);
+@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con
+ 		ERR(policydb, "%s", strerror(ENOMEM));
+ 		goto cleanup;
+ 	}
+-
+ 	if (apol_genfscon_query_set_filesystem(policydb, query, type))
+ 		goto cleanup;
+ 	if (apol_genfscon_get_by_query(policydb, query, &v))
+@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con
+ 		free(tmp);
+ 	}
+ 
+-	if (type && !apol_vector_get_size(v))
++	if (type && !apol_vector_get_size(v)) {
+ 		ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
++		goto cleanup;
++	}
+ 
+ 	retval = 0;
+       cleanup:
+@@ -1646,6 +1648,7 @@ cleanup:	// close and destroy iterators 
+ 
+ int main(int argc, char **argv)
+ {
++	int rc = 0;
+ 	int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
+ 		node, port, permissives, polcaps, constrain, linebreaks;
+ 	apol_policy_t *policydb = NULL;
+@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
+ 
+ 	/* display requested info */
+ 	if (stats || all)
+-		print_stats(stdout, policydb);
++		rc = print_stats(stdout, policydb);
+ 	if (classes || all)
+-		print_classes(stdout, class_name, expand, policydb);
++		rc = print_classes(stdout, class_name, expand, policydb);
+ 	if (types || all)
+-		print_types(stdout, type_name, expand, policydb);
++		rc = print_types(stdout, type_name, expand, policydb);
+ 	if (attribs || all)
+-		print_attribs(stdout, attrib_name, expand, policydb);
++		rc = print_attribs(stdout, attrib_name, expand, policydb);
+ 	if (roles || all)
+-		print_roles(stdout, role_name, expand, policydb);
++		rc = print_roles(stdout, role_name, expand, policydb);
+ 	if (users || all)
+-		print_users(stdout, user_name, expand, policydb);
++		rc = print_users(stdout, user_name, expand, policydb);
+ 	if (bools || all)
+-		print_booleans(stdout, bool_name, expand, policydb);
++		rc = print_booleans(stdout, bool_name, expand, policydb);
+ 	if (sens || all)
+-		print_sens(stdout, sens_name, expand, policydb);
++		rc = print_sens(stdout, sens_name, expand, policydb);
+ 	if (cats || all)
+-		print_cats(stdout, cat_name, expand, policydb);
++		rc = print_cats(stdout, cat_name, expand, policydb);
+ 	if (fsuse || all)
+-		print_fsuse(stdout, fsuse_type, policydb);
++		rc = print_fsuse(stdout, fsuse_type, policydb);
+ 	if (genfs || all)
+-		print_genfscon(stdout, genfs_type, policydb);
++		rc = print_genfscon(stdout, genfs_type, policydb);
+ 	if (netif || all)
+-		print_netifcon(stdout, netif_name, policydb);
++		rc = print_netifcon(stdout, netif_name, policydb);
+ 	if (node || all)
+-		print_nodecon(stdout, node_addr, policydb);
++		rc = print_nodecon(stdout, node_addr, policydb);
+ 	if (port || all)
+-		print_portcon(stdout, port_num, protocol, policydb);
++		rc = print_portcon(stdout, port_num, protocol, policydb);
+ 	if (isids || all)
+-		print_isids(stdout, isid_name, expand, policydb);
++		rc = print_isids(stdout, isid_name, expand, policydb);
+ 	if (permissives || all)
+-		print_permissives(stdout, permissive_name, expand, policydb);
++		rc = print_permissives(stdout, permissive_name, expand, policydb);
+ 	if (polcaps || all)
+-		print_polcaps(stdout, polcap_name, expand, policydb);
++		rc = print_polcaps(stdout, polcap_name, expand, policydb);
+ 	if (constrain || all)
+-		print_constraints(stdout, expand, policydb, linebreaks);
++		rc = print_constraints(stdout, expand, policydb, linebreaks);
+ 
+ 	apol_policy_destroy(&policydb);
+ 	apol_policy_path_destroy(&pol_path);
+ 	free(policy_file);
+-	exit(0);
++	exit(rc);
+ }
+ 
+ /**
diff --git a/setools-neverallow.patch b/setools-neverallow.patch
new file mode 100644
index 0000000..e84cc3b
--- /dev/null
+++ b/setools-neverallow.patch
@@ -0,0 +1,15 @@
+diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c
+--- setools-3.3.7/libqpol/src/avrule_query.c~	2010-04-23 12:22:08.000000000 -0400
++++ setools-3.3.7/libqpol/src/avrule_query.c	2011-01-06 10:42:50.000000000 -0500
+@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp
+ 
+ 	if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
+ 		ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
+-		errno = ENOTSUP;
+-		return STATUS_ERR;
++/*		errno = ENOTSUP;
++		return STATUS_ERR; */
++		return STATUS_SUCCESS;
+ 	}
+ 
+ 	db = &policy->p->p;
diff --git a/setools.spec b/setools.spec
index 6d8e2b6..7a74be8 100644
--- a/setools.spec
+++ b/setools.spec
@@ -5,7 +5,7 @@
 
 Name: setools
 Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 8%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 URL: http://oss.tresys.com/projects/setools
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -15,6 +15,8 @@ Source2: apol.desktop
 Source3: seaudit.desktop
 Source4: sediffx.desktop
 Patch1: setools-python.patch
+Patch2: setools-exitstatus.patch
+Patch3: setools-neverallow.patch
 Summary: Policy analysis tools for SELinux
 Group: System Environment/Base
 Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
@@ -187,6 +189,8 @@ This package includes the following graphical tools:
 %prep
 %setup -q
 %patch1 -p 1 -b .python
+%patch2 -p 1 -b .exitstatus
+%patch3 -p 1 -b .neverallow
 
 # Fixup expected version of SWIG:
 sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(2.0.0)|g" configure.ac
@@ -353,6 +357,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %postun libs-tcl -p /sbin/ldconfig
 
 %changelog
+* Fri Nov 5 2010 Dan Walsh <dwalsh at redhat.com> 3.3.6-10
+- Exit seinfo and sesearch with proper status
+
+* Fri Nov 5 2010 Dan Walsh <dwalsh at redhat.com> 3.3.6-9
+- Rebuild for new libxml2
+
 * Thu Oct 14 2010 Dan Walsh <dwalsh at redhat.com> 3.3.6-8
 - Return None when no records match python setools.sesearch

More information about the scm-commits mailing list