[policycoreutils/f15/master] Fix portspage in system-config-selinux to not crash More fixes for seunshare from Tomas Hoger
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Mar 9 21:16:18 UTC 2011
commit b6d72dd04b49524465b2d64915c61d989d460ea6
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Mar 9 16:16:13 2011 -0500
Fix portspage in system-config-selinux to not crash
More fixes for seunshare from Tomas Hoger
policycoreutils-gui.patch | 156 ++++++++++++++++++++++----------------------
policycoreutils-rhat.patch | 123 ++++++++++++++++++-----------------
policycoreutils.spec | 6 ++-
3 files changed, 147 insertions(+), 138 deletions(-)
---
diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 9610237..544ddd1 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.0.85/gui/booleansPage.py.gui policycoreutils-2.0.85/gui/booleansPage.py
---- policycoreutils-2.0.85/gui/booleansPage.py.gui 2011-02-23 14:55:19.198081540 -0500
-+++ policycoreutils-2.0.85/gui/booleansPage.py 2011-02-23 14:55:19.198081540 -0500
+--- policycoreutils-2.0.85/gui/booleansPage.py.gui 2011-03-08 17:50:01.451191417 -0500
++++ policycoreutils-2.0.85/gui/booleansPage.py 2011-03-08 17:50:01.451191417 -0500
@@ -0,0 +1,247 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -250,8 +250,8 @@ diff -up policycoreutils-2.0.85/gui/booleansPage.py.gui policycoreutils-2.0.85/g
+ return True
+
diff -up policycoreutils-2.0.85/gui/domainsPage.py.gui policycoreutils-2.0.85/gui/domainsPage.py
---- policycoreutils-2.0.85/gui/domainsPage.py.gui 2011-02-23 14:55:19.198081540 -0500
-+++ policycoreutils-2.0.85/gui/domainsPage.py 2011-02-23 14:55:19.198081540 -0500
+--- policycoreutils-2.0.85/gui/domainsPage.py.gui 2011-03-08 17:50:01.451191417 -0500
++++ policycoreutils-2.0.85/gui/domainsPage.py 2011-03-08 17:50:01.451191417 -0500
@@ -0,0 +1,154 @@
+## domainsPage.py - show selinux domains
+## Copyright (C) 2009 Red Hat, Inc.
@@ -408,8 +408,8 @@ diff -up policycoreutils-2.0.85/gui/domainsPage.py.gui policycoreutils-2.0.85/gu
+ except ValueError, e:
+ self.error(e.args[0])
diff -up policycoreutils-2.0.85/gui/fcontextPage.py.gui policycoreutils-2.0.85/gui/fcontextPage.py
---- policycoreutils-2.0.85/gui/fcontextPage.py.gui 2011-02-23 14:55:19.199081547 -0500
-+++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-02-23 14:55:19.199081547 -0500
+--- policycoreutils-2.0.85/gui/fcontextPage.py.gui 2011-03-08 17:50:01.452191430 -0500
++++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-03-08 17:50:01.452191430 -0500
@@ -0,0 +1,223 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -635,8 +635,8 @@ diff -up policycoreutils-2.0.85/gui/fcontextPage.py.gui policycoreutils-2.0.85/g
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
diff -up policycoreutils-2.0.85/gui/html_util.py.gui policycoreutils-2.0.85/gui/html_util.py
---- policycoreutils-2.0.85/gui/html_util.py.gui 2011-02-23 14:55:19.200081554 -0500
-+++ policycoreutils-2.0.85/gui/html_util.py 2011-02-23 14:55:19.200081554 -0500
+--- policycoreutils-2.0.85/gui/html_util.py.gui 2011-03-08 17:50:01.453191443 -0500
++++ policycoreutils-2.0.85/gui/html_util.py 2011-03-08 17:50:01.453191443 -0500
@@ -0,0 +1,164 @@
+# Authors: John Dennis <jdennis at redhat.com>
+#
@@ -803,8 +803,8 @@ diff -up policycoreutils-2.0.85/gui/html_util.py.gui policycoreutils-2.0.85/gui/
+ return doc
+
diff -up policycoreutils-2.0.85/gui/lockdown.glade.gui policycoreutils-2.0.85/gui/lockdown.glade
---- policycoreutils-2.0.85/gui/lockdown.glade.gui 2011-02-23 14:55:19.202081568 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.glade 2011-02-23 14:55:19.202081568 -0500
+--- policycoreutils-2.0.85/gui/lockdown.glade.gui 2011-03-08 17:50:01.455191469 -0500
++++ policycoreutils-2.0.85/gui/lockdown.glade 2011-03-08 17:50:01.455191469 -0500
@@ -0,0 +1,771 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1578,8 +1578,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.glade.gui policycoreutils-2.0.85/gu
+
+</glade-interface>
diff -up policycoreutils-2.0.85/gui/lockdown.gladep.gui policycoreutils-2.0.85/gui/lockdown.gladep
---- policycoreutils-2.0.85/gui/lockdown.gladep.gui 2011-02-23 14:55:19.203081575 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-02-23 14:55:19.203081575 -0500
+--- policycoreutils-2.0.85/gui/lockdown.gladep.gui 2011-03-08 17:50:01.455191469 -0500
++++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-03-08 17:50:01.455191469 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -1589,8 +1589,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.gladep.gui policycoreutils-2.0.85/g
+ <program_name></program_name>
+</glade-project>
diff -up policycoreutils-2.0.85/gui/lockdown.py.gui policycoreutils-2.0.85/gui/lockdown.py
---- policycoreutils-2.0.85/gui/lockdown.py.gui 2011-02-23 14:55:19.204081582 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.py 2011-02-23 14:55:19.204081582 -0500
+--- policycoreutils-2.0.85/gui/lockdown.py.gui 2011-03-08 17:50:01.457191494 -0500
++++ policycoreutils-2.0.85/gui/lockdown.py 2011-03-08 17:50:01.457191494 -0500
@@ -0,0 +1,382 @@
+#!/usr/bin/python -Es
+#
@@ -1975,8 +1975,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.py.gui policycoreutils-2.0.85/gui/l
+ app = booleanWindow()
+ app.stand_alone()
diff -up policycoreutils-2.0.85/gui/loginsPage.py.gui policycoreutils-2.0.85/gui/loginsPage.py
---- policycoreutils-2.0.85/gui/loginsPage.py.gui 2011-02-23 14:55:19.205081589 -0500
-+++ policycoreutils-2.0.85/gui/loginsPage.py 2011-02-23 14:55:19.205081589 -0500
+--- policycoreutils-2.0.85/gui/loginsPage.py.gui 2011-03-08 17:50:01.458191506 -0500
++++ policycoreutils-2.0.85/gui/loginsPage.py 2011-03-08 17:50:01.458191506 -0500
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2164,8 +2164,8 @@ diff -up policycoreutils-2.0.85/gui/loginsPage.py.gui policycoreutils-2.0.85/gui
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
diff -up policycoreutils-2.0.85/gui/Makefile.gui policycoreutils-2.0.85/gui/Makefile
---- policycoreutils-2.0.85/gui/Makefile.gui 2011-02-23 14:55:19.205081589 -0500
-+++ policycoreutils-2.0.85/gui/Makefile 2011-02-23 14:55:19.205081589 -0500
+--- policycoreutils-2.0.85/gui/Makefile.gui 2011-03-08 17:50:01.458191506 -0500
++++ policycoreutils-2.0.85/gui/Makefile 2011-03-08 17:50:01.458191506 -0500
@@ -0,0 +1,40 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -2208,8 +2208,8 @@ diff -up policycoreutils-2.0.85/gui/Makefile.gui policycoreutils-2.0.85/gui/Make
+
+relabel:
diff -up policycoreutils-2.0.85/gui/mappingsPage.py.gui policycoreutils-2.0.85/gui/mappingsPage.py
---- policycoreutils-2.0.85/gui/mappingsPage.py.gui 2011-02-23 14:55:19.206081596 -0500
-+++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-02-23 14:55:19.206081596 -0500
+--- policycoreutils-2.0.85/gui/mappingsPage.py.gui 2011-03-08 17:50:01.459191518 -0500
++++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-03-08 17:50:01.459191518 -0500
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2268,8 +2268,8 @@ diff -up policycoreutils-2.0.85/gui/mappingsPage.py.gui policycoreutils-2.0.85/g
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
diff -up policycoreutils-2.0.85/gui/modulesPage.py.gui policycoreutils-2.0.85/gui/modulesPage.py
---- policycoreutils-2.0.85/gui/modulesPage.py.gui 2011-02-23 14:55:19.207081603 -0500
-+++ policycoreutils-2.0.85/gui/modulesPage.py 2011-02-23 14:55:19.207081603 -0500
+--- policycoreutils-2.0.85/gui/modulesPage.py.gui 2011-03-08 17:50:01.460191530 -0500
++++ policycoreutils-2.0.85/gui/modulesPage.py 2011-03-08 17:50:01.460191530 -0500
@@ -0,0 +1,190 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -2462,8 +2462,8 @@ diff -up policycoreutils-2.0.85/gui/modulesPage.py.gui policycoreutils-2.0.85/gu
+ except ValueError, e:
+ self.error(e.args[0])
diff -up policycoreutils-2.0.85/gui/polgen.glade.gui policycoreutils-2.0.85/gui/polgen.glade
---- policycoreutils-2.0.85/gui/polgen.glade.gui 2011-02-23 14:55:19.213081645 -0500
-+++ policycoreutils-2.0.85/gui/polgen.glade 2011-02-23 14:55:19.214081651 -0500
+--- policycoreutils-2.0.85/gui/polgen.glade.gui 2011-03-08 17:50:01.466191608 -0500
++++ policycoreutils-2.0.85/gui/polgen.glade 2011-03-08 17:50:01.466191608 -0500
@@ -0,0 +1,3432 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -5898,8 +5898,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.glade.gui policycoreutils-2.0.85/gui/
+
+</glade-interface>
diff -up policycoreutils-2.0.85/gui/polgen.gladep.gui policycoreutils-2.0.85/gui/polgen.gladep
---- policycoreutils-2.0.85/gui/polgen.gladep.gui 2011-02-23 14:55:19.216081664 -0500
-+++ policycoreutils-2.0.85/gui/polgen.gladep 2011-02-23 14:55:19.216081664 -0500
+--- policycoreutils-2.0.85/gui/polgen.gladep.gui 2011-03-08 17:50:01.468191632 -0500
++++ policycoreutils-2.0.85/gui/polgen.gladep 2011-03-08 17:50:01.468191632 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -5909,8 +5909,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.gladep.gui policycoreutils-2.0.85/gui
+ <program_name></program_name>
+</glade-project>
diff -up policycoreutils-2.0.85/gui/polgengui.py.gui policycoreutils-2.0.85/gui/polgengui.py
---- policycoreutils-2.0.85/gui/polgengui.py.gui 2011-02-23 14:55:19.217081671 -0500
-+++ policycoreutils-2.0.85/gui/polgengui.py 2011-02-23 14:55:19.218081678 -0500
+--- policycoreutils-2.0.85/gui/polgengui.py.gui 2011-03-08 17:50:01.469191644 -0500
++++ policycoreutils-2.0.85/gui/polgengui.py 2011-03-08 17:50:01.470191656 -0500
@@ -0,0 +1,750 @@
+#!/usr/bin/python -Es
+#
@@ -6663,8 +6663,8 @@ diff -up policycoreutils-2.0.85/gui/polgengui.py.gui policycoreutils-2.0.85/gui/
+ app = childWindow()
+ app.stand_alone()
diff -up policycoreutils-2.0.85/gui/polgen.py.gui policycoreutils-2.0.85/gui/polgen.py
---- policycoreutils-2.0.85/gui/polgen.py.gui 2011-02-23 14:55:19.220081692 -0500
-+++ policycoreutils-2.0.85/gui/polgen.py 2011-03-07 16:55:17.688869261 -0500
+--- policycoreutils-2.0.85/gui/polgen.py.gui 2011-03-08 17:50:01.472191682 -0500
++++ policycoreutils-2.0.85/gui/polgen.py 2011-03-08 17:50:01.472191682 -0500
@@ -0,0 +1,1347 @@
+#!/usr/bin/python -Es
+#
@@ -8014,8 +8014,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.py.gui policycoreutils-2.0.85/gui/pol
+ except ValueError, e:
+ usage(e)
diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/portsPage.py
---- policycoreutils-2.0.85/gui/portsPage.py.gui 2011-02-23 14:55:19.221081699 -0500
-+++ policycoreutils-2.0.85/gui/portsPage.py 2011-02-23 14:55:19.221081699 -0500
+--- policycoreutils-2.0.85/gui/portsPage.py.gui 2011-03-08 17:50:01.473191695 -0500
++++ policycoreutils-2.0.85/gui/portsPage.py 2011-03-09 15:55:17.719020699 -0500
@@ -0,0 +1,259 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8147,9 +8147,9 @@ diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/
+ continue
+ iter = self.store.append()
+ if k[0] == k[1]:
-+ self.store.set_value(iter, PORT_COL, k[0])
++ self.store.set_value(iter, PORT_COL, str(k[0]))
+ else:
-+ rec = "%s-%s" % k[:2]
++ rec = "%d-%d" % k[:2]
+ self.store.set_value(iter, PORT_COL, rec)
+ self.store.set_value(iter, TYPE_COL, dict[k][0])
+ self.store.set_value(iter, PROTOCOL_COL, k[2])
@@ -8277,8 +8277,8 @@ diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/
+ return True
+
diff -up policycoreutils-2.0.85/gui/selinux.tbl.gui policycoreutils-2.0.85/gui/selinux.tbl
---- policycoreutils-2.0.85/gui/selinux.tbl.gui 2011-02-23 14:55:19.223081713 -0500
-+++ policycoreutils-2.0.85/gui/selinux.tbl 2011-02-23 14:55:19.223081713 -0500
+--- policycoreutils-2.0.85/gui/selinux.tbl.gui 2011-03-08 17:50:01.475191721 -0500
++++ policycoreutils-2.0.85/gui/selinux.tbl 2011-03-08 17:50:01.475191721 -0500
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -8515,8 +8515,8 @@ diff -up policycoreutils-2.0.85/gui/selinux.tbl.gui policycoreutils-2.0.85/gui/s
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
diff -up policycoreutils-2.0.85/gui/semanagePage.py.gui policycoreutils-2.0.85/gui/semanagePage.py
---- policycoreutils-2.0.85/gui/semanagePage.py.gui 2011-02-23 14:55:19.224081720 -0500
-+++ policycoreutils-2.0.85/gui/semanagePage.py 2011-02-23 14:55:19.224081720 -0500
+--- policycoreutils-2.0.85/gui/semanagePage.py.gui 2011-03-08 17:50:01.476191734 -0500
++++ policycoreutils-2.0.85/gui/semanagePage.py 2011-03-08 17:50:01.476191734 -0500
@@ -0,0 +1,168 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8687,8 +8687,8 @@ diff -up policycoreutils-2.0.85/gui/semanagePage.py.gui policycoreutils-2.0.85/g
+ return True
+
diff -up policycoreutils-2.0.85/gui/statusPage.py.gui policycoreutils-2.0.85/gui/statusPage.py
---- policycoreutils-2.0.85/gui/statusPage.py.gui 2011-02-23 14:55:19.225081727 -0500
-+++ policycoreutils-2.0.85/gui/statusPage.py 2011-02-23 14:55:19.225081727 -0500
+--- policycoreutils-2.0.85/gui/statusPage.py.gui 2011-03-08 17:50:01.477191746 -0500
++++ policycoreutils-2.0.85/gui/statusPage.py 2011-03-08 17:50:01.477191746 -0500
@@ -0,0 +1,190 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -8881,8 +8881,8 @@ diff -up policycoreutils-2.0.85/gui/statusPage.py.gui policycoreutils-2.0.85/gui
+
+
diff -up policycoreutils-2.0.85/gui/system-config-selinux.glade.gui policycoreutils-2.0.85/gui/system-config-selinux.glade
---- policycoreutils-2.0.85/gui/system-config-selinux.glade.gui 2011-02-23 14:55:19.229081755 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-02-23 14:55:19.229081755 -0500
+--- policycoreutils-2.0.85/gui/system-config-selinux.glade.gui 2011-03-08 17:50:01.481191795 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-03-08 17:50:01.481191795 -0500
@@ -0,0 +1,3024 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -11909,8 +11909,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.glade.gui policycoreut
+
+</glade-interface>
diff -up policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui policycoreutils-2.0.85/gui/system-config-selinux.gladep
---- policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui 2011-02-23 14:55:19.231081769 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-02-23 14:55:19.231081769 -0500
+--- policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui 2011-03-08 17:50:01.483191821 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-03-08 17:50:01.483191821 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -11920,8 +11920,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui policycoreu
+ <program_name></program_name>
+</glade-project>
diff -up policycoreutils-2.0.85/gui/system-config-selinux.py.gui policycoreutils-2.0.85/gui/system-config-selinux.py
---- policycoreutils-2.0.85/gui/system-config-selinux.py.gui 2011-02-23 14:55:19.232081776 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-02-23 14:55:19.232081776 -0500
+--- policycoreutils-2.0.85/gui/system-config-selinux.py.gui 2011-03-08 17:50:01.484191834 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-03-08 17:50:01.484191834 -0500
@@ -0,0 +1,187 @@
+#!/usr/bin/python -Es
+#
@@ -12111,8 +12111,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.py.gui policycoreutils
+ app = childWindow()
+ app.stand_alone()
diff -up policycoreutils-2.0.85/gui/templates/boolean.py.gui policycoreutils-2.0.85/gui/templates/boolean.py
---- policycoreutils-2.0.85/gui/templates/boolean.py.gui 2011-02-23 14:55:19.233081783 -0500
-+++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-02-23 14:55:19.233081783 -0500
+--- policycoreutils-2.0.85/gui/templates/boolean.py.gui 2011-03-08 17:50:01.485191847 -0500
++++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-03-08 17:50:01.485191847 -0500
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12155,8 +12155,8 @@ diff -up policycoreutils-2.0.85/gui/templates/boolean.py.gui policycoreutils-2.0
+"""
+
diff -up policycoreutils-2.0.85/gui/templates/etc_rw.py.gui policycoreutils-2.0.85/gui/templates/etc_rw.py
---- policycoreutils-2.0.85/gui/templates/etc_rw.py.gui 2011-02-23 14:55:19.234081790 -0500
-+++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-02-23 14:55:19.234081790 -0500
+--- policycoreutils-2.0.85/gui/templates/etc_rw.py.gui 2011-03-08 17:50:01.485191847 -0500
++++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-03-08 17:50:01.485191847 -0500
@@ -0,0 +1,113 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12272,8 +12272,8 @@ diff -up policycoreutils-2.0.85/gui/templates/etc_rw.py.gui policycoreutils-2.0.
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/templates/executable.py.gui policycoreutils-2.0.85/gui/templates/executable.py
---- policycoreutils-2.0.85/gui/templates/executable.py.gui 2011-02-23 14:55:19.235081797 -0500
-+++ policycoreutils-2.0.85/gui/templates/executable.py 2011-03-07 16:56:00.542178604 -0500
+--- policycoreutils-2.0.85/gui/templates/executable.py.gui 2011-03-08 17:50:01.486191860 -0500
++++ policycoreutils-2.0.85/gui/templates/executable.py 2011-03-08 17:50:01.486191860 -0500
@@ -0,0 +1,444 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12720,8 +12720,8 @@ diff -up policycoreutils-2.0.85/gui/templates/executable.py.gui policycoreutils-
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/templates/__init__.py.gui policycoreutils-2.0.85/gui/templates/__init__.py
---- policycoreutils-2.0.85/gui/templates/__init__.py.gui 2011-02-23 14:55:19.236081804 -0500
-+++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-02-23 14:55:19.236081804 -0500
+--- policycoreutils-2.0.85/gui/templates/__init__.py.gui 2011-03-08 17:50:01.487191872 -0500
++++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-03-08 17:50:01.487191872 -0500
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -12742,8 +12742,8 @@ diff -up policycoreutils-2.0.85/gui/templates/__init__.py.gui policycoreutils-2.
+#
+
diff -up policycoreutils-2.0.85/gui/templates/network.py.gui policycoreutils-2.0.85/gui/templates/network.py
---- policycoreutils-2.0.85/gui/templates/network.py.gui 2011-02-23 14:55:19.237081810 -0500
-+++ policycoreutils-2.0.85/gui/templates/network.py 2011-02-23 14:55:19.237081810 -0500
+--- policycoreutils-2.0.85/gui/templates/network.py.gui 2011-03-08 17:50:01.487191872 -0500
++++ policycoreutils-2.0.85/gui/templates/network.py 2011-03-08 17:50:01.488191884 -0500
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -12826,8 +12826,8 @@ diff -up policycoreutils-2.0.85/gui/templates/network.py.gui policycoreutils-2.0
+"""
+
diff -up policycoreutils-2.0.85/gui/templates/rw.py.gui policycoreutils-2.0.85/gui/templates/rw.py
---- policycoreutils-2.0.85/gui/templates/rw.py.gui 2011-02-23 14:55:19.238081816 -0500
-+++ policycoreutils-2.0.85/gui/templates/rw.py 2011-02-23 14:55:19.238081816 -0500
+--- policycoreutils-2.0.85/gui/templates/rw.py.gui 2011-03-08 17:50:01.488191884 -0500
++++ policycoreutils-2.0.85/gui/templates/rw.py 2011-03-08 17:50:01.488191884 -0500
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12961,8 +12961,8 @@ diff -up policycoreutils-2.0.85/gui/templates/rw.py.gui policycoreutils-2.0.85/g
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/templates/script.py.gui policycoreutils-2.0.85/gui/templates/script.py
---- policycoreutils-2.0.85/gui/templates/script.py.gui 2011-02-23 14:55:19.238081816 -0500
-+++ policycoreutils-2.0.85/gui/templates/script.py 2011-02-23 14:55:19.238081816 -0500
+--- policycoreutils-2.0.85/gui/templates/script.py.gui 2011-03-08 17:50:01.489191896 -0500
++++ policycoreutils-2.0.85/gui/templates/script.py 2011-03-08 17:50:01.489191896 -0500
@@ -0,0 +1,126 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13091,8 +13091,8 @@ diff -up policycoreutils-2.0.85/gui/templates/script.py.gui policycoreutils-2.0.
+fi
+"""
diff -up policycoreutils-2.0.85/gui/templates/semodule.py.gui policycoreutils-2.0.85/gui/templates/semodule.py
---- policycoreutils-2.0.85/gui/templates/semodule.py.gui 2011-02-23 14:55:19.239081823 -0500
-+++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-02-23 14:55:19.239081823 -0500
+--- policycoreutils-2.0.85/gui/templates/semodule.py.gui 2011-03-08 17:50:01.489191896 -0500
++++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-03-08 17:50:01.489191896 -0500
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13136,8 +13136,8 @@ diff -up policycoreutils-2.0.85/gui/templates/semodule.py.gui policycoreutils-2.
+"""
+
diff -up policycoreutils-2.0.85/gui/templates/tmp.py.gui policycoreutils-2.0.85/gui/templates/tmp.py
---- policycoreutils-2.0.85/gui/templates/tmp.py.gui 2011-02-23 14:55:19.240081830 -0500
-+++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-02-23 14:55:19.240081830 -0500
+--- policycoreutils-2.0.85/gui/templates/tmp.py.gui 2011-03-08 17:50:01.490191908 -0500
++++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-03-08 17:50:01.490191908 -0500
@@ -0,0 +1,102 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13242,8 +13242,8 @@ diff -up policycoreutils-2.0.85/gui/templates/tmp.py.gui policycoreutils-2.0.85/
+ admin_pattern($1, TEMPLATETYPE_tmp_t)
+"""
diff -up policycoreutils-2.0.85/gui/templates/user.py.gui policycoreutils-2.0.85/gui/templates/user.py
---- policycoreutils-2.0.85/gui/templates/user.py.gui 2011-02-23 14:55:19.240081830 -0500
-+++ policycoreutils-2.0.85/gui/templates/user.py 2011-02-23 14:55:19.240081830 -0500
+--- policycoreutils-2.0.85/gui/templates/user.py.gui 2011-03-08 17:50:01.491191921 -0500
++++ policycoreutils-2.0.85/gui/templates/user.py 2011-03-08 17:50:01.491191921 -0500
@@ -0,0 +1,205 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13451,8 +13451,8 @@ diff -up policycoreutils-2.0.85/gui/templates/user.py.gui policycoreutils-2.0.85
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
+"""
diff -up policycoreutils-2.0.85/gui/templates/var_cache.py.gui policycoreutils-2.0.85/gui/templates/var_cache.py
---- policycoreutils-2.0.85/gui/templates/var_cache.py.gui 2011-02-23 14:55:19.241081837 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-02-23 14:55:19.241081837 -0500
+--- policycoreutils-2.0.85/gui/templates/var_cache.py.gui 2011-03-08 17:50:01.492191934 -0500
++++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-03-08 17:50:01.492191934 -0500
@@ -0,0 +1,133 @@
+# Copyright (C) 2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13588,8 +13588,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_cache.py.gui policycoreutils-2
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/templates/var_lib.py.gui policycoreutils-2.0.85/gui/templates/var_lib.py
---- policycoreutils-2.0.85/gui/templates/var_lib.py.gui 2011-02-23 14:55:19.242081844 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-02-23 14:55:19.242081844 -0500
+--- policycoreutils-2.0.85/gui/templates/var_lib.py.gui 2011-03-08 17:50:01.493191947 -0500
++++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-03-08 17:50:01.493191947 -0500
@@ -0,0 +1,161 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13753,8 +13753,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_lib.py.gui policycoreutils-2.0
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/templates/var_log.py.gui policycoreutils-2.0.85/gui/templates/var_log.py
---- policycoreutils-2.0.85/gui/templates/var_log.py.gui 2011-02-23 14:55:19.243081851 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-02-23 14:55:19.243081851 -0500
+--- policycoreutils-2.0.85/gui/templates/var_log.py.gui 2011-03-08 17:50:01.493191947 -0500
++++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-03-08 17:50:01.493191947 -0500
@@ -0,0 +1,116 @@
+# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13873,8 +13873,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_log.py.gui policycoreutils-2.0
+"""
+
diff -up policycoreutils-2.0.85/gui/templates/var_run.py.gui policycoreutils-2.0.85/gui/templates/var_run.py
---- policycoreutils-2.0.85/gui/templates/var_run.py.gui 2011-02-23 14:55:19.243081851 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-02-23 14:55:19.243081851 -0500
+--- policycoreutils-2.0.85/gui/templates/var_run.py.gui 2011-03-08 17:50:01.494191960 -0500
++++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-03-08 17:50:01.494191960 -0500
@@ -0,0 +1,101 @@
+# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13978,8 +13978,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_run.py.gui policycoreutils-2.0
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/templates/var_spool.py.gui policycoreutils-2.0.85/gui/templates/var_spool.py
---- policycoreutils-2.0.85/gui/templates/var_spool.py.gui 2011-02-23 14:55:19.244081858 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-02-23 14:55:19.244081858 -0500
+--- policycoreutils-2.0.85/gui/templates/var_spool.py.gui 2011-03-08 17:50:01.495191973 -0500
++++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-03-08 17:50:01.495191973 -0500
@@ -0,0 +1,133 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14115,8 +14115,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_spool.py.gui policycoreutils-2
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
diff -up policycoreutils-2.0.85/gui/usersPage.py.gui policycoreutils-2.0.85/gui/usersPage.py
---- policycoreutils-2.0.85/gui/usersPage.py.gui 2011-02-23 14:55:19.245081865 -0500
-+++ policycoreutils-2.0.85/gui/usersPage.py 2011-02-23 14:55:19.245081865 -0500
+--- policycoreutils-2.0.85/gui/usersPage.py.gui 2011-03-08 17:50:01.495191973 -0500
++++ policycoreutils-2.0.85/gui/usersPage.py 2011-03-08 17:50:01.495191973 -0500
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 70b776a..ed69325 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -2079,7 +2079,7 @@ index 0000000..6063d6a
+and
+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..b79e781 100644
+index ec692e7..7df3167 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,28 +1,34 @@
@@ -2122,7 +2122,7 @@ index ec692e7..b79e781 100644
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
#include <libintl.h> /* for gettext() */
-@@ -39,29 +45,45 @@
+@@ -39,29 +45,47 @@
#define MS_PRIVATE 1<<18
#endif
@@ -2146,6 +2146,8 @@ index ec692e7..b79e781 100644
-static int drop_capabilities(uid_t uid)
+static int drop_caps()
{
++ if (capng_have_capabilities(CAPNG_SELECT_BOTH) == CAPNG_NONE)
++ return 0;
capng_clear(CAPNG_SELECT_BOTH);
-
- if (capng_lock() < 0)
@@ -2181,7 +2183,7 @@ index ec692e7..b79e781 100644
*/
static int set_signal_handles(void)
{
-@@ -75,8 +97,8 @@ static int set_signal_handles(void)
+@@ -75,8 +99,8 @@ static int set_signal_handles(void)
(void)sigprocmask(SIG_SETMASK, &empty, NULL);
@@ -2192,7 +2194,7 @@ index ec692e7..b79e781 100644
perror("Unable to set SIGHUP handler");
return -1;
}
-@@ -84,23 +106,100 @@ static int set_signal_handles(void)
+@@ -84,23 +108,103 @@ static int set_signal_handles(void)
return 0;
}
@@ -2207,14 +2209,10 @@ index ec692e7..b79e781 100644
+ retval = -1; \
+ } while(0)
+
- /**
-- * This function makes sure the mounted directory is owned by the user executing
-- * seunshare.
-- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
++/**
+ * Spawn external command using system() with dropped privileges.
+ * TODO: avoid system() and use exec*() instead
- */
--static int verify_mount(const char *mntdir, struct passwd *pwd) {
++ */
+static int spawn_command(const char *cmd, uid_t uid){
+ int child;
+ int status = -1;
@@ -2245,25 +2243,28 @@ index ec692e7..b79e781 100644
+ * Check file/directory ownership, struct stat * must be passed to the
+ * functions.
+ */
-+#define check_owner_common(f,st) do { \
-+ if (lstat(f, st) == -1) { \
-+ fprintf(stderr, _("Failed to stat %s: %s\n"), f, strerror(errno)); \
-+ return -1; \
-+ } \
-+ if (S_ISLNK(st->st_mode)) { \
-+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), f); \
-+ return -1; \
-+ } \
-+ } while(0)
-+
+static int check_owner_uid(uid_t uid, const char *file, struct stat *st) {
-+ check_owner_common(file, st);
-+ return (st->st_uid == uid ? 0 : -1);
++ if (S_ISLNK(st->st_mode)) {
++ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++ return -1;
++ }
++ if (st->st_uid != uid) {
++ fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid);
++ return -1;
++ }
++ return 0;
+}
+
+static int check_owner_gid(gid_t gid, const char *file, struct stat *st) {
-+ check_owner_common(file, st);
-+ return (st->st_gid == gid ? 0 : -1);
++ if (S_ISLNK(st->st_mode)) {
++ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++ return -1;
++ }
++ if (st->st_gid != gid) {
++ fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid);
++ return -1;
++ }
++ return 0;
+}
+
+#define equal_stats(one,two) \
@@ -2271,11 +2272,15 @@ index ec692e7..b79e781 100644
+ (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \
+ (one)->st_mode == (two)->st_mode)
+
-+/**
+ /**
+- * This function makes sure the mounted directory is owned by the user executing
+- * seunshare.
+- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
+ * Sanity check specified directory. Store stat info for future comparison, or
+ * compare with previously saved info to detect replaced directories.
+ * Note: This function does not perform owner checks.
-+ */
+ */
+-static int verify_mount(const char *mntdir, struct passwd *pwd) {
+static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) {
struct stat sb;
- if (stat(mntdir, &sb) == -1) {
@@ -2285,25 +2290,25 @@ index ec692e7..b79e781 100644
+
+ if (lstat(dir, st_out) == -1) {
+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
-+ return -1;
-+ }
-+ if (! S_ISDIR(st_out->st_mode)) {
-+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
return -1;
}
- if (sb.st_uid != pwd->pw_uid) {
- errno = EPERM;
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
- perror(_("Invalid mount point, reporting to administrator"));
-+ if (st_in && !equal_stats(st_in, st_out)) {
-+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
++ if (! S_ISDIR(st_out->st_mode)) {
++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
return -1;
}
++ if (st_in && !equal_stats(st_in, st_out)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
++ return -1;
++ }
+
return 0;
}
-@@ -123,7 +222,7 @@ static int verify_shell(const char *shell_name)
+@@ -123,7 +227,7 @@ static int verify_shell(const char *shell_name)
/* check the shell skipping newline char */
if (!strcmp(shell_name, buf)) {
@@ -2312,7 +2317,7 @@ index ec692e7..b79e781 100644
break;
}
}
-@@ -131,45 +230,443 @@ static int verify_shell(const char *shell_name)
+@@ -131,45 +235,439 @@ static int verify_shell(const char *shell_name)
return rc;
}
@@ -2642,8 +2647,9 @@ index ec692e7..b79e781 100644
+ struct stat tmp_st;
+ security_context_t con = NULL;
+
-+ /* copy selinux context */
++ /* get selinux context */
+ if (execcon) {
++ setfsuid(pwd->pw_uid);
+ if ((fd_s = open(src, O_RDONLY)) < 0) {
+ fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
+ goto err;
@@ -2660,9 +2666,10 @@ index ec692e7..b79e781 100644
+ fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno));
+ goto err;
+ }
++ /* ok to not reach this if there is an error */
++ setfsuid(0);
+ }
+
-+ setfsuid(0);
+ if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
+ fprintf(stderr, _("Out of memory\n"));
+ tmpdir = NULL;
@@ -2677,14 +2684,8 @@ index ec692e7..b79e781 100644
+ if (verify_directory(tmpdir, NULL, out_st) < 0) {
+ goto err;
+ }
-+ if (check_owner_uid(0, tmpdir, out_st) < 0) {
-+ fprintf(stderr, _("Error: %s not owned by UID %d\n"), tmpdir, 0);
-+ goto err;
-+ }
-+ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) {
-+ fprintf(stderr, _("Error: %s not owned by GID %d\n"), tmpdir, getgid());
-+ goto err;
-+ }
++ if (check_owner_uid(0, tmpdir, out_st) < 0) goto err;
++ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err;
+
+ /* change permissions of the temporary directory */
+ if ((fd_t = open(tmpdir, O_RDONLY)) < 0) {
@@ -2709,6 +2710,7 @@ index ec692e7..b79e781 100644
+ goto err;
+ }
+
++ /* copy selinux context */
+ if (execcon) {
+ if (fsetfilecon(fd_t, con) == -1) {
+ fprintf(stderr, _("Failed to set context of the directory %s: %s\n"), tmpdir, strerror(errno));
@@ -2732,11 +2734,10 @@ index ec692e7..b79e781 100644
+
+ goto good;
+err:
-+ free(tmpdir);
-+ tmpdir = NULL;
++ free(tmpdir); tmpdir = NULL;
+good:
+ free(cmdbuf); cmdbuf = NULL;
-+ freecon(con);
++ freecon(con); con = NULL;
+ if (fd_t >= 0) close(fd_t);
+ if (fd_s >= 0) close(fd_s);
+ return tmpdir;
@@ -2771,7 +2772,7 @@ index ec692e7..b79e781 100644
{NULL, 0, 0, 0}
};
-@@ -180,6 +677,12 @@ int main(int argc, char **argv) {
+@@ -180,6 +678,12 @@ int main(int argc, char **argv) {
return -1;
}
@@ -2784,7 +2785,7 @@ index ec692e7..b79e781 100644
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -187,34 +690,30 @@ int main(int argc, char **argv) {
+@@ -187,34 +691,30 @@ int main(int argc, char **argv) {
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -2830,7 +2831,7 @@ index ec692e7..b79e781 100644
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +722,81 @@ int main(int argc, char **argv) {
+@@ -223,76 +723,84 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -2872,15 +2873,17 @@ index ec692e7..b79e781 100644
- if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
- return -1;
- }
+-
+- if (drop_capabilities(uid)) {
+- perror(_("Failed to drop all capabilities"));
+ if (set_signal_handles()) return -1;
+
+ if (usecgroups && setup_cgroups() < 0) return -1;
-
-- if (drop_capabilities(uid)) {
-- perror(_("Failed to drop all capabilities"));
-+ /* On NFS machines you need to setfsuid to be able to access files
-+ on homedir, if this fails on a non NFS machine, we don't care,
-+ if it fails on an NFS machine, the code below will fail. */
++
++ /* set fsuid to ruid */
++ /* Changing fsuid is usually required when user-specified directory is
++ * on an NFS mount. It's also desired to avoid leaking info about
++ * existence of the files not accessible to the user. */
+ setfsuid(uid);
+
+ /* verify homedir and tmpdir */
@@ -2890,6 +2893,7 @@ index ec692e7..b79e781 100644
+ if (tmpdir_s && (
+ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
+ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
++ setfsuid(0);
+
+ /* create runtime tmpdir */
+ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
@@ -2929,6 +2933,7 @@ index ec692e7..b79e781 100644
- perror(_("Unable to clear environment"));
- free(display);
- exit(-1);
++ /* assume fsuid==ruid after this point */
+ setfsuid(uid);
+
+ /* mount homedir and tmpdir, in this order */
@@ -2960,7 +2965,7 @@ index ec692e7..b79e781 100644
if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +804,41 @@ int main(int argc, char **argv) {
+@@ -300,22 +808,41 @@ int main(int argc, char **argv) {
rc |= setenv("USER", pwd->pw_name, 1);
rc |= setenv("LOGNAME", pwd->pw_name, 1);
rc |= setenv("PATH", DEFAULT_PATH, 1);
@@ -2995,7 +3000,7 @@ index ec692e7..b79e781 100644
- free(tmpdir_s);
- free(homedir_s);
-+ // XXX: drop some caps here?
++ drop_caps();
+ /* parent waits for child exit to do the cleanup */
+ waitpid(child, &status, 0);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fa7822d..aa77d14 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
-Release: 18%{?dist}
+Release: 19%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -331,6 +331,10 @@ fi
exit 0
%changelog
+* Wed Mar 8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-19
+- Fix portspage in system-config-selinux to not crash
+- More fixes for seunshare from Tomas Hoger
+
* Tue Mar 8 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-18
- put back in old handling of -T in sandbox command
- Put back setsid in seunshare
More information about the scm-commits
mailing list