[policycoreutils/f14/master] - Fix sandbox handling of files with spaces in them
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Oct 18 18:16:44 UTC 2010
commit e0b77e4af2f86be09c969390e53bd88522331a7f
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Oct 18 14:16:39 2010 -0400
- Fix sandbox handling of files with spaces in them
policycoreutils-rhat.patch | 50 ++++++++++++++++++++++++++++++++++++-------
policycoreutils.spec | 5 +++-
2 files changed, 46 insertions(+), 9 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index cb3187c..895dd24 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1722,7 +1722,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
@python test_sandbox.py -v
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-27 09:42:59.000000000 -0400
++++ policycoreutils-2.0.83/sandbox/sandbox 2010-10-18 14:14:54.000000000 -0400
@@ -1,5 +1,6 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@@ -1831,7 +1831,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
fd.close()
def __copyfiles(self):
-@@ -218,7 +234,7 @@
+@@ -212,13 +228,15 @@
+ /etc/gdm/Xsession
+ """)
+ else:
+- command = " ".join(self.__paths)
++ command = self.__paths[0] + " "
++ for p in self.__paths[1:]:
++ command += "'%s' " % p
+ fd.write("""#! /bin/sh
+ #TITLE: %s
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
%s &
WM_PID=$!
@@ -1840,7 +1849,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
kill -TERM $WM_PID 2> /dev/null
""" % (command, wm, command))
fd.close()
-@@ -230,9 +246,9 @@
+@@ -230,9 +248,9 @@
def __parse_options(self):
from optparse import OptionParser
usage = _("""
@@ -1852,7 +1861,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
""")
parser = OptionParser(version=self.VERSION, usage=usage)
-@@ -268,6 +284,10 @@
+@@ -268,6 +286,10 @@
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
@@ -1863,7 +1872,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +296,17 @@
+@@ -276,13 +298,17 @@
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -1882,7 +1891,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if self.__options.setype:
self.setype = self.__options.setype
-@@ -299,6 +323,9 @@
+@@ -299,6 +325,9 @@
self.__options.X_ind = True
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
@@ -1892,7 +1901,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
else:
if len(cmds) == 0:
self.usage(_("Command required"))
-@@ -351,22 +378,24 @@
+@@ -351,22 +380,24 @@
def __execute(self):
try:
@@ -2149,7 +2158,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Thomas Liu <tliu at fedoraproject.org>
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-08-24 22:49:42.000000000 -0400
++++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-10-15 17:36:29.000000000 -0400
@@ -1,13 +1,21 @@
+/*
+ * Authors: Dan Walsh <dwalsh at redhat.com>
@@ -2739,6 +2748,31 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
install -m 644 chcat.8 $(MANDIR)/man8/
clean:
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/severify.py policycoreutils-2.0.83/scripts/severify.py
+--- nsapolicycoreutils/scripts/severify.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.83/scripts/severify.py 2010-10-13 14:14:23.000000000 -0400
+@@ -0,0 +1,21 @@
++#! /usr/bin/python -Es
++import seobject
++import selinux
++import setools
++import sys
++#store = selinux.selinux_getpolicytype()[1]
++#mod=seobject.moduleRecords(store = store, reload=False)
++#mod.disable("zebra")
++fd = open(sys.argv[1], "r")
++lines = fd.readlines()
++#fd.close()
++#for i in lines:
++# j = i.split()
++# if len(j) == 0 or ( j[0] != "allow" and j[0] != "dontaudit"):
++# continue
++# allow = j[0]
++# print j[1]
++#sys.exit()
++#setools.sesearch([ setools.ALLOW ], { setools.SCONTEXT:"rwho_t", setools.TCONTEXT:"rwho_spool_t" } )
++#mod.enable("zebra")
++
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c 2010-07-30 13:50:40.000000000 -0400
diff --git a/policycoreutils.spec b/policycoreutils.spec
index da31f45..5e55584 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.83
-Release: 30%{?dist}
+Release: 31%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -315,6 +315,9 @@ fi
exit 0
%changelog
+* Mon Oct 18 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-31
+- Fix sandbox handling of files with spaces in them
+
* Mon Sep 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-30
- Catch TypeError exception on sandbox processing -I files
More information about the scm-commits
mailing list