[policycoreutils] Allow semodule to pick alternate root for selinux files Add ~/.config/* to restorcond_user.conf, so
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Jun 6 17:01:26 UTC 2011
commit c2ef4a0bea81ea237457098293e43ebb769841b2
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Jun 6 13:01:14 2011 -0400
Allow semodule to pick alternate root for selinux files
Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
policycoreutils-rhat.patch | 74 +++++++++++++++++++++++++++++--------------
policycoreutils.spec | 8 +++-
2 files changed, 56 insertions(+), 26 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0703981..970a515 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1027,7 +1027,7 @@ index b966db6..775c52b 100644
-
diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf
new file mode 100644
-index 0000000..f88a29a
+index 0000000..e0c2871
--- /dev/null
+++ b/policycoreutils/restorecond/restorecond_user.conf
@@ -0,0 +1,7 @@
@@ -1037,7 +1037,7 @@ index 0000000..f88a29a
+~/local/*
+~/.fonts/*
+~/.cache/*
-+
++~/.config/*
diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
new file mode 100644
index 0000000..8cf2f20
@@ -1642,7 +1642,7 @@ index ff0ee7c..0c8a085 100644
test:
@python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..5fa1d72 100644
+index 48a26c2..29c99ed 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
@@ -1702,7 +1702,7 @@ index 48a26c2..5fa1d72 100644
if not os.path.exists(newdir):
os.makedirs(newdir)
dest = newdir + "/" + bname
-@@ -81,9 +85,12 @@ def copyfile(file, dir, dest):
+@@ -81,9 +85,10 @@ def copyfile(file, dir, dest):
shutil.copytree(file, dest)
else:
shutil.copy2(file, dest)
@@ -1711,13 +1711,11 @@ index 48a26c2..5fa1d72 100644
- for e in elist:
- sys.stderr.write(e[1])
+ for e in elist.message:
-+ # ignore files that are missing
-+ if not e[2].startswith("[Errno 2]"):
-+ sys.stderr.write(e[2])
++ sys.stderr.write(e[2])
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
-@@ -161,10 +168,10 @@ class Sandbox:
+@@ -161,10 +166,10 @@ class Sandbox:
if not self.__options.homedir or not self.__options.tmpdir:
self.usage(_("Homedir and tempdir required for level mounts"))
@@ -1731,7 +1729,7 @@ index 48a26c2..5fa1d72 100644
def __mount_callback(self, option, opt, value, parser):
self.__mount = True
-@@ -172,6 +179,15 @@ class Sandbox:
+@@ -172,6 +177,15 @@ class Sandbox:
def __x_callback(self, option, opt, value, parser):
self.__mount = True
setattr(parser.values, option.dest, True)
@@ -1747,7 +1745,7 @@ index 48a26c2..5fa1d72 100644
def __validdir(self, option, opt, value, parser):
if not os.path.isdir(value):
-@@ -194,6 +210,8 @@ class Sandbox:
+@@ -194,6 +208,8 @@ class Sandbox:
self.__include(option, opt, i[:-1], parser)
except IOError, e:
sys.stderr.write(str(e))
@@ -1756,7 +1754,7 @@ index 48a26c2..5fa1d72 100644
fd.close()
def __copyfiles(self):
-@@ -212,13 +230,15 @@ class Sandbox:
+@@ -212,13 +228,15 @@ class Sandbox:
/etc/gdm/Xsession
""")
else:
@@ -1774,7 +1772,7 @@ index 48a26c2..5fa1d72 100644
kill -TERM $WM_PID 2> /dev/null
""" % (command, wm, command))
fd.close()
-@@ -226,14 +246,25 @@ kill -TERM $WM_PID 2> /dev/null
+@@ -226,14 +244,25 @@ kill -TERM $WM_PID 2> /dev/null
def usage(self, message = ""):
error_exit("%s\n%s" % (self.__parser.usage, message))
@@ -1804,7 +1802,7 @@ index 48a26c2..5fa1d72 100644
parser = OptionParser(version=self.VERSION, usage=usage)
parser.disable_interspersed_args()
-@@ -268,6 +299,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -268,6 +297,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
@@ -1815,7 +1813,7 @@ index 48a26c2..5fa1d72 100644
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +311,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -276,13 +309,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -1834,7 +1832,7 @@ index 48a26c2..5fa1d72 100644
if self.__options.setype:
self.setype = self.__options.setype
-@@ -300,6 +339,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -300,6 +337,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
else:
@@ -1845,7 +1843,7 @@ index 48a26c2..5fa1d72 100644
if len(cmds) == 0:
self.usage(_("Command required"))
cmds[0] = fullpath(cmds[0])
-@@ -329,44 +372,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -329,44 +370,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
def __setup_dir(self):
if self.__options.level or self.__options.session:
return
@@ -1909,7 +1907,7 @@ index 48a26c2..5fa1d72 100644
selinux.setexeccon(self.__execcon)
rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +446,7 @@ if __name__ == '__main__':
+@@ -404,7 +444,7 @@ if __name__ == '__main__':
sandbox = Sandbox()
rc = sandbox.main()
except OSError, error:
@@ -2059,22 +2057,19 @@ index ff8b3ef..8508647 100644
# Source function library.
diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
-index 8338203..f9e23ec 100644
+index 8338203..e501b03 100644
--- a/policycoreutils/sandbox/sandboxX.sh
+++ b/policycoreutils/sandbox/sandboxX.sh
@@ -1,13 +1,17 @@
#!/bin/bash
--context=`id -Z | secon -t -l -P`
--export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
+ context=`id -Z | secon -t -l -P`
+ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
-export SCREENSIZE="1000x700"
-#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
-+context=`id -Z | secon -t `
-+export TITLE="`grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` ($context)"
+[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
trap "exit 0" HUP
--(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
-+(/usr/bin/Xephyr -nolisten tcp -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
+ cat > ~/seremote << __EOF
@@ -5056,6 +5051,37 @@ index b7d257b..4462c9e 100644
def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"), _("on"))
if use_file:
+diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
+index 059f629..81d6a3c 100644
+--- a/policycoreutils/semodule/semodule.c
++++ b/policycoreutils/semodule/semodule.c
+@@ -162,6 +162,7 @@ static void parse_command_line(int argc, char **argv)
+ {"noreload", 0, NULL, 'n'},
+ {"build", 0, NULL, 'B'},
+ {"disable_dontaudit", 0, NULL, 'D'},
++ {"path", required_argument, NULL, 'p'},
+ {NULL, 0, NULL, 0}
+ };
+ int i;
+@@ -170,7 +171,7 @@ static void parse_command_line(int argc, char **argv)
+ no_reload = 0;
+ create_store = 0;
+ while ((i =
+- getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
++ getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBD", opts,
+ NULL)) != -1) {
+ switch (i) {
+ case 'b':
+@@ -198,6 +199,9 @@ static void parse_command_line(int argc, char **argv)
+ case 'r':
+ set_mode(REMOVE_M, optarg);
+ break;
++ case 'p':
++ semanage_set_root(optarg);
++ break;
+ case 'u':
+ set_mode(UPGRADE_M, optarg);
+ break;
diff --git a/policycoreutils/sepolgen-ifgen/Makefile b/policycoreutils/sepolgen-ifgen/Makefile
new file mode 100644
index 0000000..211580d
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 152628a..8658932 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,13 +1,13 @@
%define libauditver 1.4.2-1
%define libsepolver 2.0.44-2
-%define libsemanagever 2.0.44-1
+%define libsemanagever 2.0.46-4
%define libselinuxver 2.0.90-3
%define sepolgenver 1.0.23
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.86
-Release: 9%{?dist}
+Release: 10%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -331,6 +331,10 @@ fi
exit 0
%changelog
+* Mon Jun 6 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-10
+- Allow semodule to pick alternate root for selinux files
+- Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
+
* Wed May 25 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-9
- Fix var_spool template read_spool_files
- Fix sepolgen to handle filename transitions
More information about the scm-commits
mailing list