rpms/policycoreutils/F-12 policycoreutils-rhat.patch, 1.462, 1.463 policycoreutils.spec, 1.674, 1.675
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Feb 18 15:52:37 UTC 2010
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27038
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Feb 17 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-2
- Fix sandbox to complain if mount-shared has not been run
- Fix to use /etc/sysconfig/sandbox
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 64 -
audit2allow/audit2allow.1 | 3
newrole/newrole.c | 2
restorecond/Makefile | 24
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +---------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 +++++
restorecond/watch.c | 260 ++++++
sandbox/.sandboxSKnKBc/.esd_auth | 1
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml | 24
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml | 8
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml | 6
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml | 23
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml | 6
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml | 4
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml | 8
sandbox/.sandboxSKnKBc/.xmodmap | 248 +++++
sandbox/Makefile | 38
sandbox/deliverables/README | 32
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 +
sandbox/deliverables/sandbox | 216 +++++
sandbox/sandbox | 377 ++++++++
sandbox/sandbox.8 | 50 +
sandbox/sandbox.config | 2
sandbox/sandbox.init | 67 +
sandbox/sandboxX.sh | 14
sandbox/seunshare.c | 265 ++++++
scripts/fixfiles | 20
semanage/default_encoding/Makefile | 8
semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/__init__.py | 17
semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/default_encoding_utf8.so |binary
semanage/default_encoding/build/temp.linux-x86_64-2.6/default_encoding.o |binary
semanage/default_encoding/default_encoding.c | 59 +
semanage/default_encoding/policycoreutils/__init__.py | 17
semanage/default_encoding/setup.py | 38
semanage/semanage | 127 ++
semanage/semanage.8 | 10
semanage/seobject.py | 406 +++++++--
semodule/semodule.8 | 6
semodule/semodule.c | 53 +
setfiles/restore.c | 101 ++
setfiles/restore.h | 4
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 78 -
53 files changed, 2868 insertions(+), 607 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-rhat.patch,v
retrieving revision 1.462
retrieving revision 1.463
diff -u -p -r1.462 -r1.463
--- policycoreutils-rhat.patch 16 Feb 2010 21:47:59 -0000 1.462
+++ policycoreutils-rhat.patch 18 Feb 2010 15:52:36 -0000 1.463
@@ -1690,10 +1690,12 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.79/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/Makefile 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,31 @@
++++ policycoreutils-2.0.79/sandbox/Makefile 2010-02-17 14:53:37.000000000 -0500
+@@ -0,0 +1,38 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
++INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
++SYSCONFDIR ?= ${DESTDIR}/etc/sysconfig
+BINDIR ?= $(PREFIX)/bin
+SBINDIR ?= $(PREFIX)/sbin
+MANDIR ?= $(PREFIX)/share/man
@@ -1712,9 +1714,14 @@ diff --exclude-from=exclude --exclude=se
+ install -m 755 sandbox $(BINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 sandbox.8 $(MANDIR)/man8/
++ -mkdir -p $(SBINDIR)
+ install -m 4755 seunshare $(SBINDIR)/
+ -mkdir -p $(SHAREDIR)
+ install -m 755 sandboxX.sh $(SHAREDIR)
++ -mkdir -p $(INITDIR)
++ install -m 755 sandbox.init $(INITDIR)/sandbox
++ -mkdir -p $(SYSCONFDIR)
++ install -m 644 sandbox.config $(SYSCONFDIR)/sandbox
+
+clean:
+ -rm -f seunshare *.o *~
@@ -1725,8 +1732,8 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.79/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandbox 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,360 @@
++++ policycoreutils-2.0.79/sandbox/sandbox 2010-02-17 14:50:21.000000000 -0500
+@@ -0,0 +1,377 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh at redhat.com>
+# Authors: Josh Cogliati
@@ -1899,13 +1906,28 @@ diff --exclude-from=exclude --exclude=se
+ fd.close()
+ os.chmod(execfile, 0700)
+
++def validate_home():
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++ fd = open("/proc/self/mountinfo", "r")
++ recs = fd.readlines()
++ fd.close()
++ for i in recs:
++ x = i.split()
++ if x[3] == x[4] and homedir.startswith(x[3]+"/"):
++ return
++ raise ValueError(_("""
++'%s' is required to be a shared mount point for this tool to run.
++'%s' can be added to the HOMEDIR variable in /etc/sysconfig/sandbox
++ along with a reboot will fix the problem.
++""" % ((os.path.dirname(homedir)), os.path.dirname(homedir))))
++
+if __name__ == '__main__':
+ setup_sighandlers()
+ if selinux.is_selinux_enabled() != 1:
+ error_exit("Requires an SELinux enabled system")
-+
++
+ init_files = []
-+
++
+ def usage(message = ""):
+ text = _("""
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
@@ -1996,6 +2018,8 @@ diff --exclude-from=exclude --exclude=se
+
+ try:
+ if home_and_temp:
++ validate_home()
++
+ if not os.path.exists("/usr/sbin/seunshare"):
+ raise ValueError("""/usr/sbin/seunshare required for sandbox -M, to install you need to execute
+#yum install /usr/sbin/seunshare""")
@@ -2141,6 +2165,83 @@ diff --exclude-from=exclude --exclude=se
+.TP
+runcon(1)
+.PP
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.79/sandbox/sandbox.config
+--- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/sandbox.config 2010-02-17 13:29:45.000000000 -0500
+@@ -0,0 +1,2 @@
++# Space separate list of homedirs
++HOMEDIRS="/home"
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.79/sandbox/sandbox.init
+--- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/sandbox.init 2010-02-17 13:29:54.000000000 -0500
+@@ -0,0 +1,67 @@
++#!/bin/bash
++## BEGIN INIT INFO
++# Provides: sandbox
++# Default-Start: 3 4 5
++# Default-Stop: 0 1 2 3 4 6
++# Required-Start:
++#
++## END INIT INFO
++# sandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
++#
++# chkconfig: 345 1 99
++#
++# Description: sandbox is using pam_namespace to share the /var/tmp, /tmp and
++# /home/sandbox accounts. This script will setup the / mount
++# point as shared and all of the subdirectories just these
++# directories as unshared.
++#
++
++# Source function library.
++. /etc/init.d/functions
++
++HOMEDIRS="/home"
++
++. /etc/sysconfig/sandbox
++
++LOCKFILE=/var/lock/subsys/sandbox
++
++base=${0##*/}
++
++case "$1" in
++ start)
++ [ -f "$LOCKFILE" ] && exit 0
++
++ touch $LOCKFILE
++ mount --make-rshared /
++ mount --bind /tmp /tmp
++ mount --bind /var/tmp /var/tmp
++ mount --make-private /tmp
++ mount --make-private /var/tmp
++ for h in $HOMEDIRS; do
++ mount --bind $h $h
++ mount --make-private $h
++ done
++
++ RETVAL=$?
++ exit $RETVAL
++ ;;
++
++ status)
++ if [ -f "$LOCKFILE" ]; then
++ echo "$base is running"
++ else
++ echo "$base is stopped"
++ fi
++ exit 0
++ ;;
++
++ stop)
++ rm -f $LOCKFILE
++ exit 0
++ ;;
++
++ *)
++ echo $"Usage: $0 {start|stop}"
++ exit 3
++ ;;
++esac
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.esd_auth
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.esd_auth 2010-02-16 13:46:01.000000000 -0500
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils.spec,v
retrieving revision 1.674
retrieving revision 1.675
diff -u -p -r1.674 -r1.675
--- policycoreutils.spec 16 Feb 2010 21:48:02 -0000 1.674
+++ policycoreutils.spec 18 Feb 2010 15:52:36 -0000 1.675
@@ -1,12 +1,13 @@
%define libauditver 1.4.2-1
%define libsepolver 2.0.38-1
%define libsemanagever 2.0.39-1
-%define libselinuxver 2.0.87-1
+%define libselinuxver 2.0.90-1
%define sepolgenver 1.0.19
+
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.79
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -19,7 +20,6 @@ Source5: system-config-selinux.console
Source6: selinux-polgengui.desktop
Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2
-Source9: sandbox.init
Patch: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch
Patch3: policycoreutils-gui.patch
@@ -79,7 +79,6 @@ mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
-install -m0755 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rc.d/init.d/sandbox
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
@@ -128,9 +127,8 @@ The policycoreutils-python package conta
%{_bindir}/sepolgen-ifgen
%{python_sitelib}/seobject.py*
%{python_sitelib}/sepolgen
-%{python_sitelib}/%{name}
%{python_sitelib}/%{name}*.egg-info
-%{pkgpythondir}/default_encoding_utf8.so
+%{pkgpythondir}
%dir /var/lib/sepolgen
%dir /var/lib/selinux
/var/lib/sepolgen/perm_map
@@ -162,6 +160,8 @@ The policycoreutils-python package conta
%files sandbox
%defattr(-,root,root,-)
%{_sysconfdir}/rc.d/init.d/sandbox
+%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
+%{_sysconfdir}/sysconfig/sandbox
%{_sbindir}/seunshare
%{_datadir}/sandbox/sandboxX.sh
@@ -305,7 +305,11 @@ fi
exit 0
%changelog
-* Thu Feb 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-1
+* Wed Feb 17 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-2
+- Fix sandbox to complain if mount-shared has not been run
+- Fix to use /etc/sysconfig/sandbox
+
+* Tue Feb 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-1
- Update to upstream
* Fix double-free in newrole
- Fix python language handling
@@ -314,7 +318,6 @@ exit 0
- Fix display of command in sandbox
* Fri Feb 5 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-20
-
- Catch OSError in semanage
* Wed Feb 3 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-19
More information about the scm-commits
mailing list