[policycoreutils/f16] Backport fixes from restorecond to handle being run within a terminal session Add ~/.local/share/* t
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Oct 31 15:24:44 UTC 2011
commit ceba8ec997fa79a876deabdf36e111d530ac7547
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Oct 31 11:24:40 2011 -0400
Backport fixes from restorecond to handle being run within a terminal session
Add ~/.local/share/* to restorecond_users.conf
Fix semodule man page
Fix a couple of problems found by coverity
policycoreutils-f17.patch | 150 +++++++++++++++++++++++++++++++++++----------
policycoreutils.spec | 10 +++-
2 files changed, 125 insertions(+), 35 deletions(-)
---
diff --git a/policycoreutils-f17.patch b/policycoreutils-f17.patch
index c87ee1a..4a12ec9 100644
--- a/policycoreutils-f17.patch
+++ b/policycoreutils-f17.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4/audit2allow/audit2allow
---- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-10-24 14:35:34.443676401 -0400
-+++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-10-24 14:35:34.950676443 -0400
+--- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-10-31 11:12:36.857781128 -0400
++++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-10-31 11:12:37.170780967 -0400
@@ -104,7 +104,7 @@ class AuditToPolicy:
if name:
options.requires = True
@@ -12,7 +12,7 @@ diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4
# Make -M and -o conflict
diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
--- policycoreutils-2.1.4/.gitignore.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/.gitignore 2011-10-24 14:35:34.951676443 -0400
++++ policycoreutils-2.1.4/.gitignore 2011-10-31 11:12:37.170780967 -0400
@@ -9,6 +9,7 @@ semodule_deps/semodule_deps
semodule_expand/semodule_expand
semodule_link/semodule_link
@@ -23,7 +23,7 @@ diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
setfiles/setfiles
diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/mcstrans/man/Makefile
--- policycoreutils-2.1.4/mcstrans/man/Makefile.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-10-24 14:35:34.952676443 -0400
++++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-10-31 11:12:37.170780967 -0400
@@ -1,7 +1,9 @@
# Installation directories.
MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
@@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/m
install -m 644 man8/*.8 $(MAN8DIR)
diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newrole/newrole.c
---- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-10-24 14:35:34.446676401 -0400
-+++ policycoreutils-2.1.4/newrole/newrole.c 2011-10-24 14:35:34.953676443 -0400
+--- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-10-31 11:12:36.858781127 -0400
++++ policycoreutils-2.1.4/newrole/newrole.c 2011-10-31 11:12:37.171780966 -0400
@@ -543,13 +543,13 @@ static int restore_environment(int prese
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
static int drop_capabilities(int full)
@@ -55,9 +55,63 @@ diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newro
/* Change uid */
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
+diff -up policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 policycoreutils-2.1.4/restorecond/restorecond_user.conf
+--- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2011-10-31 11:13:23.396756853 -0400
++++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2011-10-31 11:13:31.549752558 -0400
+@@ -5,3 +5,4 @@
+ ~/.fonts/*
+ ~/.cache/*
+ ~/.config/*
++~/.local/share/*
+diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/restorecond/user.c
+--- policycoreutils-2.1.4/restorecond/user.c.f17 2011-10-31 11:14:22.239725545 -0400
++++ policycoreutils-2.1.4/restorecond/user.c 2011-10-31 11:14:33.495719482 -0400
+@@ -123,6 +123,11 @@ io_channel_callback
+ sizeof (buffer),
+ &bytes_read);
+
++ if (! bytes_read) {
++ /* Sesssion/Terminal Ended */
++ exit(0);
++ }
++
+ while (i < bytes_read) {
+ struct inotify_event *event;
+ event = (struct inotify_event *)&buffer[i];
+@@ -148,6 +153,7 @@ io_channel_callback
+
+ if (condition & G_IO_HUP) {
+ g_io_channel_close (source);
++ exit(0);
+ return FALSE;
+ }
+
+@@ -210,6 +216,13 @@ static int local_server() {
+ perror("flock");
+ return -1;
+ }
++ /* watch for stdin/terminal going away */
++ GIOChannel *in = g_io_channel_unix_new(0);
++ g_io_add_watch_full( in,
++ G_PRIORITY_HIGH,
++ G_IO_IN|G_IO_ERR|G_IO_HUP,
++ io_channel_callback, NULL, NULL);
++
+ return 0;
+ }
+
+@@ -221,7 +234,7 @@ int server(int master_fd, const char *wa
+ #ifdef HAVE_DBUS
+ if (dbus_server(loop) != 0)
+ #endif /* HAVE_DBUS */
+- if (local_server(loop))
++ if (local_server())
+ goto end;
+
+ read_config(master_fd, watch_file);
diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox/sandbox
---- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-10-24 14:35:34.455676402 -0400
-+++ policycoreutils-2.1.4/sandbox/sandbox 2011-10-24 14:35:34.955676443 -0400
+--- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-10-31 11:12:36.860781127 -0400
++++ policycoreutils-2.1.4/sandbox/sandbox 2011-10-31 11:12:37.171780966 -0400
@@ -263,7 +263,6 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
%s
""") % types
@@ -67,8 +121,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
parser.disable_interspersed_args()
parser.add_option("-i", "--include",
diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sandbox/sandbox.init
---- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-10-24 14:35:34.457676402 -0400
-+++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-10-24 14:36:36.383681482 -0400
+--- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-10-31 11:12:36.861781127 -0400
++++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-10-31 11:12:37.171780966 -0400
@@ -13,7 +13,7 @@
# description: sandbox, xguest and other apps that want to use pam_namespace \
# require this script be run at boot. This service script does \
@@ -90,8 +144,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sa
base=${0##*/}
diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/sandbox/seunshare.c
---- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-10-24 14:35:34.461676403 -0400
-+++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-10-24 14:35:34.956676443 -0400
+--- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-10-31 11:12:36.862781127 -0400
++++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-10-31 11:12:37.171780966 -0400
@@ -5,8 +5,9 @@
#define _GNU_SOURCE
@@ -160,9 +214,22 @@ diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/san
exit(-1);
}
+diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c
+--- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2011-10-31 11:12:36.863781126 -0400
++++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2011-10-31 11:23:38.392773952 -0400
+@@ -52,8 +52,6 @@ static PyMethodDef methods[] = {
+ PyMODINIT_FUNC
+ initdefault_encoding_utf8(void)
+ {
+- PyObject* m;
+-
+ PyUnicode_SetDefaultEncoding("utf-8");
+- m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
++ Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
+ }
diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/semanage/semanage.8
--- policycoreutils-2.1.4/semanage/semanage.8.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/semanage/semanage.8 2011-10-24 14:35:34.957676443 -0400
++++ policycoreutils-2.1.4/semanage/semanage.8 2011-10-31 11:12:37.171780966 -0400
@@ -163,6 +163,9 @@ SELinux Type for the object
.I \-i, \-\-input
Take a set of commands from a specified file and load them in a single
@@ -174,8 +241,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/sem
.SH EXAMPLE
.nf
diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/semanage/semanage
---- policycoreutils-2.1.4/semanage/semanage.f17 2011-10-24 14:35:34.465676403 -0400
-+++ policycoreutils-2.1.4/semanage/semanage 2011-10-24 14:35:34.958676443 -0400
+--- policycoreutils-2.1.4/semanage/semanage.f17 2011-10-31 11:12:36.863781126 -0400
++++ policycoreutils-2.1.4/semanage/semanage 2011-10-31 11:12:37.171780966 -0400
@@ -575,3 +575,5 @@ Object-specific Options (see above):
errorExit(error.args[1])
except OSError, error:
@@ -183,8 +250,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/seman
+ except RuntimeError, error:
+ errorExit(error.args[0])
diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/semanage/seobject.py
---- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-10-24 14:35:34.467676403 -0400
-+++ policycoreutils-2.1.4/semanage/seobject.py 2011-10-24 14:35:34.960676443 -0400
+--- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-10-31 11:12:36.864781125 -0400
++++ policycoreutils-2.1.4/semanage/seobject.py 2011-10-31 11:12:37.172780966 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
@@ -332,8 +399,8 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
-
+ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1.4/semodule_package/Makefile
---- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-10-24 14:35:34.468676403 -0400
-+++ policycoreutils-2.1.4/semodule_package/Makefile 2011-10-24 14:35:34.960676443 -0400
+--- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-10-31 11:12:36.864781125 -0400
++++ policycoreutils-2.1.4/semodule_package/Makefile 2011-10-31 11:12:37.172780966 -0400
@@ -24,7 +24,7 @@ install: all
relabel:
@@ -343,9 +410,22 @@ diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1
indent:
../../scripts/Lindent $(wildcard *.[ch])
+diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/semodule/semodule.8
+--- policycoreutils-2.1.4/semodule/semodule.8.f17 2011-10-31 11:22:08.388701102 -0400
++++ policycoreutils-2.1.4/semodule/semodule.8 2011-10-31 11:22:17.530705316 -0400
+@@ -41,6 +41,9 @@ disable existing module
+ .B \-e,\-\-enable=MODULE_NAME
+ enable existing module
+ .TP
++.B \-p,\-\-path=ROOTPATH
++use an alternate root path
++.TP
+ .B \-r,\-\-remove=MODULE_NAME
+ remove existing module
+ .TP
diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setfiles/restore.c
---- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-10-24 14:35:34.472676403 -0400
-+++ policycoreutils-2.1.4/setfiles/restore.c 2011-10-24 14:35:34.961676444 -0400
+--- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-10-31 11:12:36.866781124 -0400
++++ policycoreutils-2.1.4/setfiles/restore.c 2011-10-31 11:15:32.342687398 -0400
@@ -1,5 +1,6 @@
#include "restore.h"
#include <glob.h>
@@ -361,25 +441,29 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
struct restore_opts *r_opts = NULL;
static void filespec_destroy(void);
static void filespec_eval(void);
-@@ -60,9 +60,10 @@ void restore_init(struct restore_opts *o
+@@ -59,10 +59,11 @@ void restore_init(struct restore_opts *o
+ {
r_opts = opts;
struct selinux_opt selinux_opts[] = {
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
+- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path }
-+ { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
-+ { SELABEL_OPT_SUBSET, r_opts->selabel_opt_subset }
++ { SELABEL_OPT_VALIDATE , { r_opts->selabel_opt_validate } },
++ { SELABEL_OPT_PATH, {r_opts->selabel_opt_path }},
++ { SELABEL_OPT_SUBSET,{r_opts->selabel_opt_subset }}
};
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 2);
+ r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
if (!r_opts->hnd) {
perror(r_opts->selabel_opt_path);
exit(1);
-@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent)
+@@ -103,9 +104,8 @@ static int match(const char *name, struc
+ static int restore(FTSENT *ftsent)
{
char *my_file = strdupa(ftsent->fts_path);
- int ret;
+- int ret;
- char *context, *newcon;
- int user_only_changed = 0;
++ int ret = -1;
+ security_context_t curcon = NULL, newcon = NULL;
if (match(my_file, ftsent->fts_statp, &newcon) < 0)
@@ -564,7 +648,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
*/
diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/setfiles/restorecon.8
--- policycoreutils-2.1.4/setfiles/restorecon.8.f17 2011-08-18 06:52:32.000000000 -0400
-+++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-10-24 14:35:34.962676444 -0400
++++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-10-31 11:12:37.172780966 -0400
@@ -4,22 +4,27 @@ restorecon \- restore file(s) default SE
.SH "SYNOPSIS"
@@ -623,8 +707,8 @@ diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/s
.SH "ARGUMENTS"
.B pathname...
diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setfiles/restore.h
---- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-10-24 14:35:34.472676403 -0400
-+++ policycoreutils-2.1.4/setfiles/restore.h 2011-10-24 14:35:34.962676444 -0400
+--- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-10-31 11:12:36.866781124 -0400
++++ policycoreutils-2.1.4/setfiles/restore.h 2011-10-31 11:12:37.172780966 -0400
@@ -40,6 +40,7 @@ struct restore_opts {
int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
const char *selabel_opt_validate;
@@ -635,7 +719,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setf
void restore_init(struct restore_opts *opts);
diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/setfiles/setfiles.8
--- policycoreutils-2.1.4/setfiles/setfiles.8.f17 2011-08-18 06:52:32.000000000 -0400
-+++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-10-24 14:35:34.963676444 -0400
++++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-10-31 11:12:37.173780966 -0400
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security co
.SH "SYNOPSIS"
@@ -682,8 +766,8 @@ diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/set
.B \-W
display warnings about entries that had no matching files.
diff -up policycoreutils-2.1.4/setfiles/setfiles.c.f17 policycoreutils-2.1.4/setfiles/setfiles.c
---- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-10-24 14:35:34.473676404 -0400
-+++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-10-24 14:35:34.964676444 -0400
+--- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-10-31 11:12:36.866781124 -0400
++++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-10-31 11:12:37.173780966 -0400
@@ -39,7 +39,7 @@ void usage(const char *const name)
{
if (iamrestorecon) {
diff --git a/policycoreutils.spec b/policycoreutils.spec
index e0c8547..bdbf31a 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.4
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -22,8 +22,8 @@ Source6: selinux-polgengui.desktop
Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2
Source9: semanage-bash-completion.sh
-Patch: policycoreutils-rhat.patch
Source10: restorecond.service
+Patch: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch
Patch3: policycoreutils-gui.patch
Patch4: policycoreutils-sepolgen.patch
@@ -354,6 +354,12 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Mon Oct 31 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-7
+- Backport fixes from restorecond to handle being run within a terminal session
+- Add ~/.local/share/* to restorecond_users.conf
+- Fix semodule man page
+- Fix a couple of problems found by coverity
+
* Mon Oct 24 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-6
- Inlcude the patch this time to fix sandbox.init
More information about the scm-commits
mailing list