rpms/policycoreutils/devel .cvsignore, 1.200, 1.201 policycoreutils-rhat.patch, 1.428, 1.429 policycoreutils-sepolgen.patch, 1.25, 1.26 policycoreutils.spec, 1.622, 1.623 sources, 1.208, 1.209
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Aug 18 19:25:07 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2867
Modified Files:
.cvsignore policycoreutils-rhat.patch
policycoreutils-sepolgen.patch policycoreutils.spec sources
Log Message:
* Tue Aug 18 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-4
- Add --boot flag to audit2allow to get all AVC messages since last boot
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.200
retrieving revision 1.201
diff -u -p -r1.200 -r1.201
--- .cvsignore 13 Aug 2009 15:51:51 -0000 1.200
+++ .cvsignore 18 Aug 2009 19:25:04 -0000 1.201
@@ -205,3 +205,4 @@ policycoreutils-2.0.68.tgz
policycoreutils-2.0.70.tgz
policycoreutils_man_ru2.tar.bz2
policycoreutils-2.0.71.tgz
+sepolgen-1.0.17.tgz
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
restorecond/Makefile | 20 +
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 397 +++-------------------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19 +
restorecond/restorecond_user.conf | 2
restorecond/user.c | 220 +++++++++++++++
restorecond/walk.c | 30 ++
restorecond/watch.c | 346 ++++++++++++++++++++++++
scripts/Makefile | 3
scripts/chcat | 2
scripts/sandbox | 139 +++++++++
scripts/sandbox.8 | 22 +
scripts/sandbox.py | 67 ++++
semanage/semanage | 53 +++
semanage/semanage.8 | 2
semanage/seobject.py | 109 +++++++
20 files changed, 1087 insertions(+), 375 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.428
retrieving revision 1.429
diff -u -p -r1.428 -r1.429
--- policycoreutils-rhat.patch 18 Aug 2009 12:32:44 -0000 1.428
+++ policycoreutils-rhat.patch 18 Aug 2009 19:25:04 -0000 1.429
@@ -1,3 +1,43 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
++++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-18 15:19:58.000000000 -0400
+@@ -42,6 +42,8 @@
+ from optparse import OptionParser
+
+ parser = OptionParser(version=self.VERSION)
++ parser.add_option("-b", "--boot", action="store_true", dest="boot", default=False,
++ help="audit messages since last boot conflicts with -i")
+ parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
+ help="read input from audit log - conflicts with -i")
+ parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
+@@ -80,11 +82,11 @@
+ options, args = parser.parse_args()
+
+ # Make -d, -a, and -i conflict
+- if options.audit is True:
++ if options.audit is True or options.boot:
+ if options.input is not None:
+- sys.stderr.write("error: --all conflicts with --input\n")
++ sys.stderr.write("error: --all/--boot conflicts with --input\n")
+ if options.dmesg is True:
+- sys.stderr.write("error: --all conflicts with --dmesg\n")
++ sys.stderr.write("error: --all/--boot conflicts with --dmesg\n")
+ if options.input is not None and options.dmesg is True:
+ sys.stderr.write("error: --input conflicts with --dmesg\n")
+
+@@ -129,6 +131,12 @@
+ except OSError, e:
+ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+ sys.exit(1)
++ elif self.__options.boot:
++ try:
++ messages = audit.get_audit_boot_msgs()
++ except OSError, e:
++ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
++ sys.exit(1)
+ else:
+ # This is the default if no input is specified
+ f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/Makefile 2009-08-13 17:57:54.000000000 -0400
policycoreutils-sepolgen.patch:
audit.py | 32 ++++++++++++++++++++++++++++++++
refparser.py | 2 +-
2 files changed, 33 insertions(+), 1 deletion(-)
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-sepolgen.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- policycoreutils-sepolgen.patch 13 Aug 2009 22:22:35 -0000 1.25
+++ policycoreutils-sepolgen.patch 18 Aug 2009 19:25:06 -0000 1.26
@@ -1,19 +1,35 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
---- nsasepolgen/src/sepolgen/access.py 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-21 14:54:12.000000000 -0400
-@@ -313,7 +313,7 @@
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/audit.py 2009-08-18 15:21:13.000000000 -0400
+@@ -23,6 +23,27 @@
- def __len__(self):
- """Return the unique number of role allow statements."""
-- return len(self.role_type.keys())
-+ return len(self.role_types.keys())
+ # Convenience functions
- def add(self, role, type):
- if self.role_types.has_key(role):
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
---- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py 2009-04-24 13:19:39.000000000 -0400
-@@ -47,6 +47,17 @@
++def get_audit_boot_msgs():
++ """Obtain all of the avc and policy load messages from the audit
++ log. This function uses ausearch and requires that the current
++ process have sufficient rights to run ausearch.
++
++ Returns:
++ string contain all of the audit messages returned by ausearch.
++ """
++ import subprocess
++ import time
++ fd=open("/proc/uptime", "r")
++ off=float(fd.read().split()[0])
++ fd.close
++ s = time.localtime(time.time() - off)
++ date = time.strftime("%D/%Y", s).split("/")
++ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
++ boottime = time.strftime("%X", s)
++ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
++ stdout=subprocess.PIPE).communicate()[0]
++ return output
++
+ def get_audit_msgs():
+ """Obtain all of the avc and policy load messages from the audit
+ log. This function uses ausearch and requires that the current
+@@ -47,6 +68,17 @@
stdout=subprocess.PIPE).communicate()[0]
return output
@@ -31,15 +47,15 @@ diff --exclude-from=exclude -N -u -r nsa
# Classes representing audit messages
class AuditMessage:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-04-21 14:54:12.000000000 -0400
++++ policycoreutils-2.0.71/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-08-13 17:57:55.000000000 -0400
@@ -919,7 +919,7 @@
def list_headers(root):
modules = []
support_macros = None
- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
-+ blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
++ blacklist = ["uml.if", "thunderbird.if, unconfined.if"]
for dirpath, dirnames, filenames in os.walk(root):
for name in filenames:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.622
retrieving revision 1.623
diff -u -p -r1.622 -r1.623
--- policycoreutils.spec 18 Aug 2009 12:32:48 -0000 1.622
+++ policycoreutils.spec 18 Aug 2009 19:25:06 -0000 1.623
@@ -2,11 +2,11 @@
%define libsepolver 2.0.19-1
%define libsemanagever 2.0.28-2
%define libselinuxver 2.0.46-5
-%define sepolgenver 1.0.16
+%define sepolgenver 1.0.17
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.71
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -265,6 +265,9 @@ else
fi
%changelog
+* Tue Aug 18 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-4
+- Add --boot flag to audit2allow to get all AVC messages since last boot
+
* Tue Aug 18 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-3
- Fix semanage command
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -p -r1.208 -r1.209
--- sources 13 Aug 2009 22:08:59 -0000 1.208
+++ sources 18 Aug 2009 19:25:06 -0000 1.209
@@ -1,3 +1,3 @@
-e1b5416c3e0d76e5d702b3f54f4def45 sepolgen-1.0.16.tgz
00fd9d86bd6a8066da710d6fda910b01 policycoreutils-2.0.71.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
+480cc64a050735fa1163a87dc89c4f49 sepolgen-1.0.17.tgz
More information about the scm-commits
mailing list