[policycoreutils/f15/master] Fix sepolgen-ifgen call, add -p option
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Mar 23 21:55:31 UTC 2011
commit 6d8189f15073ff562a63aeaf0c0ebebc38e1e93a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Mar 23 17:55:22 2011 -0400
Fix sepolgen-ifgen call, add -p option
policycoreutils-rhat.patch | 49 +++++++++++++++++++++++--------------------
policycoreutils.spec | 6 ++--
2 files changed, 29 insertions(+), 26 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 3520885..99d6c4d 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -192,7 +192,7 @@ index 6178cc8..b6f386d 100644
.PP
.SH AUTHOR
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
-index 03f95a1..466e8ea 100644
+index 03f95a1..dad2009 100644
--- a/policycoreutils/audit2allow/sepolgen-ifgen
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
@@ -1,4 +1,4 @@
@@ -220,11 +220,12 @@ index 03f95a1..466e8ea 100644
def parse_options():
from optparse import OptionParser
-@@ -44,14 +49,56 @@ def parse_options():
+@@ -44,14 +49,58 @@ def parse_options():
help="filename to store output")
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
help="location of the interface header files")
+ parser.add_option("-a", "--attribute_info", dest="attribute_info")
++ parser.add_option("-p", "--policy", dest="policy_path")
parser.add_option("-v", "--verbose", action="store_true", default=False,
help="print debuging output")
parser.add_option("-d", "--debug", action="store_true", default=False,
@@ -245,9 +246,10 @@ index 03f95a1..466e8ea 100644
+ return p
+ return None
+
-+def get_attrs():
++def get_attrs(policy_path):
+ try:
-+ policy_path = get_policy()
++ if not policy_path:
++ policy_path = get_policy()
+ if not policy_path:
+ sys.stderr.write("No installed policy to check\n")
+ return None
@@ -277,14 +279,14 @@ index 03f95a1..466e8ea 100644
def main():
options = parse_options()
-@@ -68,6 +115,14 @@ def main():
+@@ -68,6 +117,14 @@ def main():
else:
log = None
+ # Get the attibutes from the binary
+ attrs = None
+ if not options.no_attrs:
-+ attrs = get_attrs()
++ attrs = get_attrs(options.policy_path)
+ if attrs is None:
+ return 1
+
@@ -292,7 +294,7 @@ index 03f95a1..466e8ea 100644
try:
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
except ValueError, e:
-@@ -76,7 +131,7 @@ def main():
+@@ -76,7 +133,7 @@ def main():
return 1
if_set = interfaces.InterfaceSet(output=log)
@@ -2123,7 +2125,7 @@ index 0000000..e7b8991
+and
+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..05a18b3 100644
+index ec692e7..d8171d8 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,28 +1,35 @@
@@ -2335,20 +2337,20 @@ index ec692e7..05a18b3 100644
+
+ if (lstat(dir, st_out) == -1) {
+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
++ return -1;
++ }
++ if (! S_ISDIR(st_out->st_mode)) {
++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
return -1;
}
- if (sb.st_uid != pwd->pw_uid) {
- errno = EPERM;
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
- perror(_("Invalid mount point, reporting to administrator"));
-+ if (! S_ISDIR(st_out->st_mode)) {
-+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
- return -1;
- }
+ if (st_in && !equal_stats(st_in, st_out)) {
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
-+ return -1;
-+ }
+ return -1;
+ }
+
return 0;
}
@@ -2362,7 +2364,7 @@ index ec692e7..05a18b3 100644
break;
}
}
-@@ -131,45 +236,519 @@ static int verify_shell(const char *shell_name)
+@@ -131,45 +236,520 @@ static int verify_shell(const char *shell_name)
return rc;
}
@@ -2794,6 +2796,11 @@ index ec692e7..05a18b3 100644
+ fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno));
+ goto err;
+ }
++
++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
++ goto err;
++ }
++
+ /* ok to not reach this if there is an error */
+ setfsuid(0);
+ }
@@ -2846,10 +2853,6 @@ index ec692e7..05a18b3 100644
+ }
+ }
+
-+ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
-+ goto err;
-+ }
-+
+ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
+ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
+ cleanup_tmpdir(tmpdir, src, pwd, 0);
@@ -2896,7 +2899,7 @@ index ec692e7..05a18b3 100644
{NULL, 0, 0, 0}
};
-@@ -180,6 +759,12 @@ int main(int argc, char **argv) {
+@@ -180,6 +760,12 @@ int main(int argc, char **argv) {
return -1;
}
@@ -2909,7 +2912,7 @@ index ec692e7..05a18b3 100644
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -187,34 +772,30 @@ int main(int argc, char **argv) {
+@@ -187,34 +773,30 @@ int main(int argc, char **argv) {
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -2955,7 +2958,7 @@ index ec692e7..05a18b3 100644
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +804,84 @@ int main(int argc, char **argv) {
+@@ -223,76 +805,84 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -3089,7 +3092,7 @@ index ec692e7..05a18b3 100644
if (display)
rc |= setenv("DISPLAY", display, 1);
rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +889,41 @@ int main(int argc, char **argv) {
+@@ -300,22 +890,41 @@ int main(int argc, char **argv) {
rc |= setenv("USER", pwd->pw_name, 1);
rc |= setenv("LOGNAME", pwd->pw_name, 1);
rc |= setenv("PATH", DEFAULT_PATH, 1);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 623e472..6da2a16 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
-Release: 25%{?dist}
+Release: 26%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -331,8 +331,8 @@ fi
exit 0
%changelog
-* Wed Mar 23 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-25
-- Fix sepolgen-ifgen call
+* Wed Mar 23 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-26
+- Fix sepolgen-ifgen call, add -p option
* Fri Mar 18 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-24
- Fix rsync command to work if the directory is old.
More information about the scm-commits
mailing list