[policycoreutils/f16] Fix dpi handling in sandbox Make sure semanage fcontext -l -C prints if only local equiv have change
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 29 20:58:48 UTC 2011
commit c5a034dd83b256d04ffc2861a8463e5f81734c88
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Nov 29 15:58:43 2011 -0500
Fix dpi handling in sandbox
Make sure semanage fcontext -l -C prints if only local equiv have changed
policycoreutils-f17.patch | 110 ++++++++++++++++++++++++---------------------
policycoreutils.spec | 1 +
2 files changed, 60 insertions(+), 51 deletions(-)
---
diff --git a/policycoreutils-f17.patch b/policycoreutils-f17.patch
index 9450be1..b5ef36b 100644
--- a/policycoreutils-f17.patch
+++ b/policycoreutils-f17.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4/audit2allow/audit2allow
---- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-11-29 15:26:05.659031642 -0500
-+++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-11-29 15:26:06.191031947 -0500
+--- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-11-29 15:40:33.174601367 -0500
++++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-11-29 15:40:33.541601556 -0500
@@ -104,7 +104,7 @@ class AuditToPolicy:
if name:
options.requires = True
@@ -12,7 +12,7 @@ diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4
# Make -M and -o conflict
diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
--- policycoreutils-2.1.4/.gitignore.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/.gitignore 2011-11-29 15:26:06.192031948 -0500
++++ policycoreutils-2.1.4/.gitignore 2011-11-29 15:40:33.542601556 -0500
@@ -9,6 +9,7 @@ semodule_deps/semodule_deps
semodule_expand/semodule_expand
semodule_link/semodule_link
@@ -23,7 +23,7 @@ diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
setfiles/setfiles
diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/mcstrans/man/Makefile
--- policycoreutils-2.1.4/mcstrans/man/Makefile.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-11-29 15:26:06.193031949 -0500
++++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-11-29 15:40:33.543601557 -0500
@@ -1,7 +1,9 @@
# Installation directories.
MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
@@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/m
install -m 644 man8/*.8 $(MAN8DIR)
diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newrole/newrole.c
---- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-11-29 15:26:05.663031645 -0500
-+++ policycoreutils-2.1.4/newrole/newrole.c 2011-11-29 15:26:06.195031950 -0500
+--- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-11-29 15:40:33.177601369 -0500
++++ policycoreutils-2.1.4/newrole/newrole.c 2011-11-29 15:40:33.545601558 -0500
@@ -543,13 +543,13 @@ static int restore_environment(int prese
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
static int drop_capabilities(int full)
@@ -56,16 +56,16 @@ diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newro
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
diff -up policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 policycoreutils-2.1.4/restorecond/restorecond_user.conf
---- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2011-11-29 15:26:05.669031648 -0500
-+++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2011-11-29 15:26:06.196031950 -0500
+--- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2011-11-29 15:40:33.183601372 -0500
++++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2011-11-29 15:40:33.545601558 -0500
@@ -5,3 +5,4 @@
~/.fonts/*
~/.cache/*
~/.config/*
+~/.local/share/*
diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/restorecond/user.c
---- policycoreutils-2.1.4/restorecond/user.c.f17 2011-11-29 15:26:05.670031648 -0500
-+++ policycoreutils-2.1.4/restorecond/user.c 2011-11-29 15:26:06.196031950 -0500
+--- policycoreutils-2.1.4/restorecond/user.c.f17 2011-11-29 15:40:33.183601372 -0500
++++ policycoreutils-2.1.4/restorecond/user.c 2011-11-29 15:40:33.546601558 -0500
@@ -123,6 +123,11 @@ io_channel_callback
sizeof (buffer),
&bytes_read);
@@ -110,8 +110,8 @@ diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/rest
read_config(master_fd, watch_file);
diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandbox/sandbox.8
---- policycoreutils-2.1.4/sandbox/sandbox.8.f17 2011-11-29 15:26:05.673031651 -0500
-+++ policycoreutils-2.1.4/sandbox/sandbox.8 2011-11-29 15:26:06.197031950 -0500
+--- policycoreutils-2.1.4/sandbox/sandbox.8.f17 2011-11-29 15:40:33.187601374 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.8 2011-11-29 15:40:33.547601559 -0500
@@ -3,11 +3,11 @@
sandbox \- Run cmd under an SELinux sandbox
.SH SYNOPSIS
@@ -137,8 +137,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandb
Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
.TP
diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox/sandbox
---- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-11-29 15:26:05.672031650 -0500
-+++ policycoreutils-2.1.4/sandbox/sandbox 2011-11-29 15:39:57.547581985 -0500
+--- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-11-29 15:40:33.186601373 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox 2011-11-29 15:40:33.548601559 -0500
@@ -118,10 +118,30 @@ def reserve(level):
sock.bind("\0%s" % level)
fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
@@ -245,8 +245,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
cmds += [ "--" ] + self.__paths
return subprocess.Popen(cmds).wait()
diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sandbox/sandbox.init
---- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-11-29 15:26:05.674031652 -0500
-+++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-11-29 15:26:06.199031952 -0500
+--- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-11-29 15:40:33.189601374 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-11-29 15:40:33.548601559 -0500
@@ -13,7 +13,7 @@
# description: sandbox, xguest and other apps that want to use pam_namespace \
# require this script be run at boot. This service script does \
@@ -277,8 +277,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sa
touch $LOCKFILE
mount --make-rshared / || return $?
diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/sandbox/seunshare.c
---- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-11-29 15:26:05.677031652 -0500
-+++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-11-29 15:26:06.200031953 -0500
+--- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-11-29 15:40:33.191601375 -0500
++++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-11-29 15:40:33.549601559 -0500
@@ -5,8 +5,9 @@
#define _GNU_SOURCE
@@ -348,8 +348,8 @@ diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/san
}
diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c
---- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2011-11-29 15:26:05.679031654 -0500
-+++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2011-11-29 15:26:06.200031953 -0500
+--- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2011-11-29 15:40:33.193601377 -0500
++++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2011-11-29 15:40:33.551601560 -0500
@@ -52,8 +52,6 @@ static PyMethodDef methods[] = {
PyMODINIT_FUNC
initdefault_encoding_utf8(void)
@@ -362,7 +362,7 @@ diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17
}
diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/semanage/semanage.8
--- policycoreutils-2.1.4/semanage/semanage.8.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/semanage/semanage.8 2011-11-29 15:26:06.201031954 -0500
++++ policycoreutils-2.1.4/semanage/semanage.8 2011-11-29 15:40:33.552601561 -0500
@@ -163,6 +163,9 @@ SELinux Type for the object
.I \-i, \-\-input
Take a set of commands from a specified file and load them in a single
@@ -374,8 +374,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/sem
.SH EXAMPLE
.nf
diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/semanage/semanage
---- policycoreutils-2.1.4/semanage/semanage.f17 2011-11-29 15:26:05.681031656 -0500
-+++ policycoreutils-2.1.4/semanage/semanage 2011-11-29 15:26:06.202031954 -0500
+--- policycoreutils-2.1.4/semanage/semanage.f17 2011-11-29 15:40:33.195601379 -0500
++++ policycoreutils-2.1.4/semanage/semanage 2011-11-29 15:40:33.553601562 -0500
@@ -575,3 +575,5 @@ Object-specific Options (see above):
errorExit(error.args[1])
except OSError, error:
@@ -383,8 +383,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/seman
+ except RuntimeError, error:
+ errorExit(error.args[0])
diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/semanage/seobject.py
---- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-11-29 15:26:05.683031656 -0500
-+++ policycoreutils-2.1.4/semanage/seobject.py 2011-11-29 15:26:06.203031954 -0500
+--- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-11-29 15:40:33.197601379 -0500
++++ policycoreutils-2.1.4/semanage/seobject.py 2011-11-29 15:58:16.766275247 -0500
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
@@ -546,25 +546,33 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
-@@ -1793,8 +1836,11 @@ class fcontextRecords(semanageRecords):
+@@ -1793,20 +1836,28 @@ class fcontextRecords(semanageRecords):
def list(self, heading = 1, locallist = 0 ):
fcon_dict = self.get_all(locallist)
keys = fcon_dict.keys()
-+ if len(keys) == 0:
-+ return
- keys.sort()
+- keys.sort()
- if len(keys) > 0 and heading:
-+
-+ if heading:
- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
- for k in keys:
- if fcon_dict[k]:
-@@ -1804,9 +1850,17 @@ class fcontextRecords(semanageRecords):
- print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
- else:
- print "%-50s %-18s <<None>>" % (k[0], k[1])
+- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
+- for k in keys:
+- if fcon_dict[k]:
+- if is_mls_enabled:
+- print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3],False))
++ if len(keys) != 0:
++ keys.sort()
++ if heading:
++ print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
++ for k in keys:
++ if fcon_dict[k]:
++ if is_mls_enabled:
++ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3],False))
++ else:
++ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
+ else:
+- print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
+- else:
+- print "%-50s %-18s <<None>>" % (k[0], k[1])
- if len(self.equiv.keys()) > 0:
-+
++ print "%-50s %-18s <<None>>" % (k[0], k[1])
+
+ if len(self.equiv_dist):
+ if not locallist:
@@ -579,7 +587,7 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
for src in self.equiv.keys():
print "%s = %s" % (src, self.equiv[src])
-@@ -1977,11 +2031,13 @@ class booleanRecords(semanageRecords):
+@@ -1977,11 +2028,13 @@ class booleanRecords(semanageRecords):
if ddict[k]:
print "%s=%s" % (k, ddict[k][2])
return
@@ -598,8 +606,8 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
-
+ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1.4/semodule_package/Makefile
---- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-11-29 15:26:05.684031656 -0500
-+++ policycoreutils-2.1.4/semodule_package/Makefile 2011-11-29 15:26:06.204031954 -0500
+--- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-11-29 15:40:33.198601379 -0500
++++ policycoreutils-2.1.4/semodule_package/Makefile 2011-11-29 15:40:33.555601564 -0500
@@ -24,7 +24,7 @@ install: all
relabel:
@@ -611,7 +619,7 @@ diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1
../../scripts/Lindent $(wildcard *.[ch])
diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/semodule/semodule.8
--- policycoreutils-2.1.4/semodule/semodule.8.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/semodule/semodule.8 2011-11-29 15:26:06.205031955 -0500
++++ policycoreutils-2.1.4/semodule/semodule.8 2011-11-29 15:40:33.556601564 -0500
@@ -41,6 +41,9 @@ disable existing module
.B \-e,\-\-enable=MODULE_NAME
enable existing module
@@ -623,8 +631,8 @@ diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/sem
remove existing module
.TP
diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setfiles/restore.c
---- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-11-29 15:26:05.732031685 -0500
-+++ policycoreutils-2.1.4/setfiles/restore.c 2011-11-29 15:26:06.205031955 -0500
+--- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-11-29 15:40:33.202601381 -0500
++++ policycoreutils-2.1.4/setfiles/restore.c 2011-11-29 15:40:33.556601564 -0500
@@ -1,5 +1,6 @@
#include "restore.h"
#include <glob.h>
@@ -847,7 +855,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
*/
diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/setfiles/restorecon.8
--- policycoreutils-2.1.4/setfiles/restorecon.8.f17 2011-08-18 06:52:32.000000000 -0400
-+++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-11-29 15:26:06.206031956 -0500
++++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-11-29 15:40:33.557601564 -0500
@@ -4,22 +4,27 @@ restorecon \- restore file(s) default SE
.SH "SYNOPSIS"
@@ -906,8 +914,8 @@ diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/s
.SH "ARGUMENTS"
.B pathname...
diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setfiles/restore.h
---- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-11-29 15:26:05.733031684 -0500
-+++ policycoreutils-2.1.4/setfiles/restore.h 2011-11-29 15:26:06.207031957 -0500
+--- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-11-29 15:40:33.203601382 -0500
++++ policycoreutils-2.1.4/setfiles/restore.h 2011-11-29 15:40:33.558601564 -0500
@@ -40,6 +40,7 @@ struct restore_opts {
int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
const char *selabel_opt_validate;
@@ -918,7 +926,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setf
void restore_init(struct restore_opts *opts);
diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/setfiles/setfiles.8
--- policycoreutils-2.1.4/setfiles/setfiles.8.f17 2011-08-18 06:52:32.000000000 -0400
-+++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-11-29 15:26:06.207031957 -0500
++++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-11-29 15:40:33.558601564 -0500
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security co
.SH "SYNOPSIS"
@@ -965,8 +973,8 @@ diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/set
.B \-W
display warnings about entries that had no matching files.
diff -up policycoreutils-2.1.4/setfiles/setfiles.c.f17 policycoreutils-2.1.4/setfiles/setfiles.c
---- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-11-29 15:26:05.733031684 -0500
-+++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-11-29 15:26:06.208031958 -0500
+--- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-11-29 15:40:33.203601382 -0500
++++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-11-29 15:40:33.559601564 -0500
@@ -39,7 +39,7 @@ void usage(const char *const name)
{
if (iamrestorecon) {
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 7ea5ae4..690d793 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -356,6 +356,7 @@ fi
%changelog
* Tue Nov 29 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-10
- Fix dpi handling in sandbox
+- Make sure semanage fcontext -l -C prints if only local equiv have changed
* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-10
- Add listing of distribution equivalence class from semanage fcontext -l
More information about the scm-commits
mailing list