[setools/f14/master] - Exit seinfo and sesearch with proper status
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Jan 6 20:31:25 UTC 2011
commit b630dd7b807ecd7b630ebb6ca5c2c321d0f81de9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Jan 6 15:31:13 2011 -0500
- Exit seinfo and sesearch with proper status
setools-exitstatus.patch | 119 ++++++++++++++++++++++++++++++++++++++++++++++
setools-neverallow.patch | 15 ++++++
setools.spec | 12 ++++-
3 files changed, 145 insertions(+), 1 deletions(-)
---
diff --git a/setools-exitstatus.patch b/setools-exitstatus.patch
new file mode 100644
index 0000000..3500aca
--- /dev/null
+++ b/setools-exitstatus.patch
@@ -0,0 +1,119 @@
+diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c
+--- setools-3.3.7/secmds/seinfo.c.exitstatus 2010-05-03 12:39:02.000000000 -0400
++++ setools-3.3.7/secmds/seinfo.c 2010-11-05 09:54:39.000000000 -0400
+@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c
+ */
+ static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
+ {
+- int retval = 0;
++ int retval = -1;
+ apol_cat_query_t *query = NULL;
+ apol_vector_t *v = NULL;
+ const qpol_cat_t *cat_datum = NULL;
+@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const
+ fprintf(fp, " %s\n", tmp);
+ free(tmp);
+ }
+- if (type && !apol_vector_get_size(v))
++ if (type && !apol_vector_get_size(v)) {
+ ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
+-
++ goto cleanup;
++ }
+ retval = 0;
+ cleanup:
+ apol_fs_use_query_destroy(&query);
+@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con
+ ERR(policydb, "%s", strerror(ENOMEM));
+ goto cleanup;
+ }
+-
+ if (apol_genfscon_query_set_filesystem(policydb, query, type))
+ goto cleanup;
+ if (apol_genfscon_get_by_query(policydb, query, &v))
+@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con
+ free(tmp);
+ }
+
+- if (type && !apol_vector_get_size(v))
++ if (type && !apol_vector_get_size(v)) {
+ ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
++ goto cleanup;
++ }
+
+ retval = 0;
+ cleanup:
+@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators
+
+ int main(int argc, char **argv)
+ {
++ int rc = 0;
+ int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
+ node, port, permissives, polcaps, constrain, linebreaks;
+ apol_policy_t *policydb = NULL;
+@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
+
+ /* display requested info */
+ if (stats || all)
+- print_stats(stdout, policydb);
++ rc = print_stats(stdout, policydb);
+ if (classes || all)
+- print_classes(stdout, class_name, expand, policydb);
++ rc = print_classes(stdout, class_name, expand, policydb);
+ if (types || all)
+- print_types(stdout, type_name, expand, policydb);
++ rc = print_types(stdout, type_name, expand, policydb);
+ if (attribs || all)
+- print_attribs(stdout, attrib_name, expand, policydb);
++ rc = print_attribs(stdout, attrib_name, expand, policydb);
+ if (roles || all)
+- print_roles(stdout, role_name, expand, policydb);
++ rc = print_roles(stdout, role_name, expand, policydb);
+ if (users || all)
+- print_users(stdout, user_name, expand, policydb);
++ rc = print_users(stdout, user_name, expand, policydb);
+ if (bools || all)
+- print_booleans(stdout, bool_name, expand, policydb);
++ rc = print_booleans(stdout, bool_name, expand, policydb);
+ if (sens || all)
+- print_sens(stdout, sens_name, expand, policydb);
++ rc = print_sens(stdout, sens_name, expand, policydb);
+ if (cats || all)
+- print_cats(stdout, cat_name, expand, policydb);
++ rc = print_cats(stdout, cat_name, expand, policydb);
+ if (fsuse || all)
+- print_fsuse(stdout, fsuse_type, policydb);
++ rc = print_fsuse(stdout, fsuse_type, policydb);
+ if (genfs || all)
+- print_genfscon(stdout, genfs_type, policydb);
++ rc = print_genfscon(stdout, genfs_type, policydb);
+ if (netif || all)
+- print_netifcon(stdout, netif_name, policydb);
++ rc = print_netifcon(stdout, netif_name, policydb);
+ if (node || all)
+- print_nodecon(stdout, node_addr, policydb);
++ rc = print_nodecon(stdout, node_addr, policydb);
+ if (port || all)
+- print_portcon(stdout, port_num, protocol, policydb);
++ rc = print_portcon(stdout, port_num, protocol, policydb);
+ if (isids || all)
+- print_isids(stdout, isid_name, expand, policydb);
++ rc = print_isids(stdout, isid_name, expand, policydb);
+ if (permissives || all)
+- print_permissives(stdout, permissive_name, expand, policydb);
++ rc = print_permissives(stdout, permissive_name, expand, policydb);
+ if (polcaps || all)
+- print_polcaps(stdout, polcap_name, expand, policydb);
++ rc = print_polcaps(stdout, polcap_name, expand, policydb);
+ if (constrain || all)
+- print_constraints(stdout, expand, policydb, linebreaks);
++ rc = print_constraints(stdout, expand, policydb, linebreaks);
+
+ apol_policy_destroy(&policydb);
+ apol_policy_path_destroy(&pol_path);
+ free(policy_file);
+- exit(0);
++ exit(rc);
+ }
+
+ /**
diff --git a/setools-neverallow.patch b/setools-neverallow.patch
new file mode 100644
index 0000000..e84cc3b
--- /dev/null
+++ b/setools-neverallow.patch
@@ -0,0 +1,15 @@
+diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c
+--- setools-3.3.7/libqpol/src/avrule_query.c~ 2010-04-23 12:22:08.000000000 -0400
++++ setools-3.3.7/libqpol/src/avrule_query.c 2011-01-06 10:42:50.000000000 -0500
+@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp
+
+ if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
+ ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
+- errno = ENOTSUP;
+- return STATUS_ERR;
++/* errno = ENOTSUP;
++ return STATUS_ERR; */
++ return STATUS_SUCCESS;
+ }
+
+ db = &policy->p->p;
diff --git a/setools.spec b/setools.spec
index 6d8e2b6..7a74be8 100644
--- a/setools.spec
+++ b/setools.spec
@@ -5,7 +5,7 @@
Name: setools
Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 8%{?dist}
+Release: 11%{?dist}
License: GPLv2
URL: http://oss.tresys.com/projects/setools
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -15,6 +15,8 @@ Source2: apol.desktop
Source3: seaudit.desktop
Source4: sediffx.desktop
Patch1: setools-python.patch
+Patch2: setools-exitstatus.patch
+Patch3: setools-neverallow.patch
Summary: Policy analysis tools for SELinux
Group: System Environment/Base
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
@@ -187,6 +189,8 @@ This package includes the following graphical tools:
%prep
%setup -q
%patch1 -p 1 -b .python
+%patch2 -p 1 -b .exitstatus
+%patch3 -p 1 -b .neverallow
# Fixup expected version of SWIG:
sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(2.0.0)|g" configure.ac
@@ -353,6 +357,12 @@ rm -rf ${RPM_BUILD_ROOT}
%postun libs-tcl -p /sbin/ldconfig
%changelog
+* Fri Nov 5 2010 Dan Walsh <dwalsh at redhat.com> 3.3.6-10
+- Exit seinfo and sesearch with proper status
+
+* Fri Nov 5 2010 Dan Walsh <dwalsh at redhat.com> 3.3.6-9
+- Rebuild for new libxml2
+
* Thu Oct 14 2010 Dan Walsh <dwalsh at redhat.com> 3.3.6-8
- Return None when no records match python setools.sesearch
More information about the scm-commits
mailing list