[policycoreutils/f16] Dont syslog changes if you are only checking in setfiles/restorecon

Daniel J Walsh dwalsh at fedoraproject.org
Wed May 2 19:57:16 UTC 2012 

commit 8a84b9dc0e16070f836a51f06bfbd69891ee4313
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed May 2 15:57:11 2012 -0400

    Dont syslog changes if you are only checking in setfiles/restorecon
    
    - Don't syslog on full relabel

 policycoreutils-f17.patch |  106 ++++++++++++++++++++++++++------------------
 policycoreutils.spec      |    6 ++-
 2 files changed, 68 insertions(+), 44 deletions(-)
---
diff --git a/policycoreutils-f17.patch b/policycoreutils-f17.patch
index 5e32472..79d908b 100644
--- a/policycoreutils-f17.patch
+++ b/policycoreutils-f17.patch
@@ -1,6 +1,6 @@
 diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4/audit2allow/audit2allow
---- policycoreutils-2.1.4/audit2allow/audit2allow.f17	2011-12-23 10:54:40.518003992 +0000
-+++ policycoreutils-2.1.4/audit2allow/audit2allow	2011-12-23 10:54:41.290004734 +0000
+--- policycoreutils-2.1.4/audit2allow/audit2allow.f17	2012-01-31 14:48:48.590686550 -0500
++++ policycoreutils-2.1.4/audit2allow/audit2allow	2012-01-31 14:48:49.120686630 -0500
 @@ -104,7 +104,7 @@ class AuditToPolicy:
          if name:
              options.requires = True
@@ -11,8 +11,8 @@ diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4
  
          # Make -M and -o conflict
 diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
---- policycoreutils-2.1.4/.gitignore.f17	2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/.gitignore	2011-12-23 10:54:41.291004735 +0000
+--- policycoreutils-2.1.4/.gitignore.f17	2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/.gitignore	2012-01-31 14:48:49.121686630 -0500
 @@ -9,6 +9,7 @@ semodule_deps/semodule_deps
  semodule_expand/semodule_expand
  semodule_link/semodule_link
@@ -22,8 +22,8 @@ diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
  setfiles/restorecon
  setfiles/setfiles
 diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/mcstrans/man/Makefile
---- policycoreutils-2.1.4/mcstrans/man/Makefile.f17	2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/mcstrans/man/Makefile	2011-12-23 10:54:41.292004736 +0000
+--- policycoreutils-2.1.4/mcstrans/man/Makefile.f17	2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/mcstrans/man/Makefile	2012-01-31 14:48:49.121686630 -0500
 @@ -1,7 +1,9 @@
  # Installation directories.
  MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
@@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/m
  	install -m 644 man8/*.8 $(MAN8DIR)
  
 diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newrole/newrole.c
---- policycoreutils-2.1.4/newrole/newrole.c.f17	2011-12-23 10:54:40.522003996 +0000
-+++ policycoreutils-2.1.4/newrole/newrole.c	2011-12-23 10:54:41.294004738 +0000
+--- policycoreutils-2.1.4/newrole/newrole.c.f17	2012-01-31 14:48:48.594686550 -0500
++++ policycoreutils-2.1.4/newrole/newrole.c	2012-01-31 14:48:49.123686630 -0500
 @@ -543,13 +543,13 @@ static int restore_environment(int prese
  #if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
  static int drop_capabilities(int full)
@@ -56,16 +56,16 @@ diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newro
  	if (setresuid(uid, uid, uid)) {
  		fprintf(stderr, _("Error changing uid, aborting.\n"));
 diff -up policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 policycoreutils-2.1.4/restorecond/restorecond_user.conf
---- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17	2011-12-23 10:54:40.529004003 +0000
-+++ policycoreutils-2.1.4/restorecond/restorecond_user.conf	2011-12-23 10:54:41.295004739 +0000
+--- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17	2012-01-31 14:48:48.600686552 -0500
++++ policycoreutils-2.1.4/restorecond/restorecond_user.conf	2012-01-31 14:48:49.123686630 -0500
 @@ -5,3 +5,4 @@
  ~/.fonts/*
  ~/.cache/*
  ~/.config/*
 +~/.local/share/*
 diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/restorecond/user.c
---- policycoreutils-2.1.4/restorecond/user.c.f17	2011-12-23 10:54:40.530004004 +0000
-+++ policycoreutils-2.1.4/restorecond/user.c	2011-12-23 10:54:41.296004740 +0000
+--- policycoreutils-2.1.4/restorecond/user.c.f17	2012-01-31 14:48:48.601686552 -0500
++++ policycoreutils-2.1.4/restorecond/user.c	2012-01-31 14:48:49.124686630 -0500
 @@ -123,6 +123,11 @@ io_channel_callback
         sizeof (buffer),
         &bytes_read);
@@ -110,8 +110,8 @@ diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/rest
  
      read_config(master_fd, watch_file);
 diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandbox/sandbox.8
---- policycoreutils-2.1.4/sandbox/sandbox.8.f17	2011-12-23 10:54:40.535004009 +0000
-+++ policycoreutils-2.1.4/sandbox/sandbox.8	2011-12-23 10:54:41.297004741 +0000
+--- policycoreutils-2.1.4/sandbox/sandbox.8.f17	2012-01-31 14:48:48.605686552 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.8	2012-01-31 14:48:49.124686630 -0500
 @@ -3,11 +3,11 @@
  sandbox \- Run cmd under an SELinux sandbox
  .SH SYNOPSIS
@@ -137,8 +137,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandb
  Use control groups to control this copy of sandbox.  Specify parameters in /etc/sysconfig/sandbox.  Max memory usage and cpu usage are to be specified in percent.  You can specify which CPUs to use by numbering them 0,1,2... etc.
  .TP
 diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox/sandbox
---- policycoreutils-2.1.4/sandbox/sandbox.f17	2011-12-23 10:54:40.534004008 +0000
-+++ policycoreutils-2.1.4/sandbox/sandbox	2011-12-23 10:55:51.334071589 +0000
+--- policycoreutils-2.1.4/sandbox/sandbox.f17	2012-01-31 14:48:48.604686552 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox	2012-01-31 14:48:49.126686631 -0500
 @@ -118,10 +118,30 @@ def reserve(level):
      sock.bind("\0%s" % level)
      fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
@@ -236,8 +236,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
                                  cmds += [ "--" ] + self.__paths
                           return subprocess.Popen(cmds).wait()
 diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sandbox/sandbox.init
---- policycoreutils-2.1.4/sandbox/sandbox.init.f17	2011-12-23 10:54:40.537004011 +0000
-+++ policycoreutils-2.1.4/sandbox/sandbox.init	2011-12-23 10:54:41.299004743 +0000
+--- policycoreutils-2.1.4/sandbox/sandbox.init.f17	2012-01-31 14:48:48.607686552 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.init	2012-01-31 14:48:49.127686632 -0500
 @@ -13,7 +13,7 @@
  # description: sandbox, xguest and other apps that want to use pam_namespace \
  #              require this script be run at boot.  This service script does \
@@ -268,8 +268,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sa
  	touch $LOCKFILE
  	mount --make-rshared / || return $? 
 diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/sandbox/seunshare.c
---- policycoreutils-2.1.4/sandbox/seunshare.c.f17	2011-12-23 10:54:40.541004015 +0000
-+++ policycoreutils-2.1.4/sandbox/seunshare.c	2011-12-23 10:55:01.459024075 +0000
+--- policycoreutils-2.1.4/sandbox/seunshare.c.f17	2012-01-31 14:48:48.609686552 -0500
++++ policycoreutils-2.1.4/sandbox/seunshare.c	2012-01-31 14:48:49.129686632 -0500
 @@ -5,8 +5,9 @@
  
  #define _GNU_SOURCE
@@ -402,9 +402,29 @@ diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/san
  		exit(-1);
  	}
  
+diff -up policycoreutils-2.1.4/scripts/fixfiles.f17 policycoreutils-2.1.4/scripts/fixfiles
+--- policycoreutils-2.1.4/scripts/fixfiles.f17	2012-01-31 14:51:23.126632085 -0500
++++ policycoreutils-2.1.4/scripts/fixfiles	2012-01-31 14:51:27.821630204 -0500
+@@ -121,7 +121,6 @@ LOGFILE=`tty`
+ if [ $? != 0 ]; then
+     LOGFILE="/dev/null"
+ fi
+-SYSLOGFLAG="-l"
+ LOGGER=/usr/sbin/logger
+ SETFILES=/sbin/setfiles
+ RESTORECON=/sbin/restorecon
+@@ -234,7 +233,7 @@ then
+ 	done
+ FC=$TEMPFCFILE
+ fi
+-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
++${SETFILES} -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+ rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
+ 
+ UNDEFINED=`get_undefined_type` || exit $?
 diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c
---- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17	2011-12-23 10:54:40.545004018 +0000
-+++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c	2011-12-23 10:54:41.301004745 +0000
+--- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17	2012-01-31 14:48:48.611686552 -0500
++++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c	2012-01-31 14:48:49.130686632 -0500
 @@ -52,8 +52,6 @@ static PyMethodDef methods[] = {
  PyMODINIT_FUNC
  initdefault_encoding_utf8(void)
@@ -416,8 +436,8 @@ diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17
 +    Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
  }
 diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/semanage/semanage.8
---- policycoreutils-2.1.4/semanage/semanage.8.f17	2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/semanage/semanage.8	2011-12-23 10:54:41.302004746 +0000
+--- policycoreutils-2.1.4/semanage/semanage.8.f17	2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/semanage/semanage.8	2012-01-31 14:48:49.132686632 -0500
 @@ -163,6 +163,9 @@ SELinux Type for the object
  .I                \-i, \-\-input
  Take a set of commands from a specified file and load them in a single
@@ -429,8 +449,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/sem
  .SH EXAMPLE
  .nf
 diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/semanage/semanage
---- policycoreutils-2.1.4/semanage/semanage.f17	2011-12-23 10:54:40.547004020 +0000
-+++ policycoreutils-2.1.4/semanage/semanage	2011-12-23 10:54:41.303004747 +0000
+--- policycoreutils-2.1.4/semanage/semanage.f17	2012-01-31 14:48:48.613686554 -0500
++++ policycoreutils-2.1.4/semanage/semanage	2012-01-31 14:48:49.133686632 -0500
 @@ -575,3 +575,5 @@ Object-specific Options (see above):
  		errorExit(error.args[1])
  	except OSError, error:
@@ -438,8 +458,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/seman
 +	except RuntimeError, error:
 +		errorExit(error.args[0])
 diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/semanage/seobject.py
---- policycoreutils-2.1.4/semanage/seobject.py.f17	2011-12-23 10:54:40.550004023 +0000
-+++ policycoreutils-2.1.4/semanage/seobject.py	2011-12-23 10:54:41.307004751 +0000
+--- policycoreutils-2.1.4/semanage/seobject.py.f17	2012-01-31 14:48:48.615686554 -0500
++++ policycoreutils-2.1.4/semanage/seobject.py	2012-01-31 14:48:49.135686632 -0500
 @@ -1,5 +1,5 @@
  #! /usr/bin/python -E
 -# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat 
@@ -661,8 +681,8 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
 -
 +				print "%-30s (%-5s,%5s)  %s" %  (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
 diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1.4/semodule_package/Makefile
---- policycoreutils-2.1.4/semodule_package/Makefile.f17	2011-12-23 10:54:40.551004024 +0000
-+++ policycoreutils-2.1.4/semodule_package/Makefile	2011-12-23 10:54:41.308004752 +0000
+--- policycoreutils-2.1.4/semodule_package/Makefile.f17	2012-01-31 14:48:48.616686554 -0500
++++ policycoreutils-2.1.4/semodule_package/Makefile	2012-01-31 14:48:49.136686632 -0500
 @@ -24,7 +24,7 @@ install: all
  relabel:
  
@@ -673,8 +693,8 @@ diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1
  indent:
  	../../scripts/Lindent $(wildcard *.[ch])
 diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/semodule/semodule.8
---- policycoreutils-2.1.4/semodule/semodule.8.f17	2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/semodule/semodule.8	2011-12-23 10:54:41.309004752 +0000
+--- policycoreutils-2.1.4/semodule/semodule.8.f17	2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/semodule/semodule.8	2012-01-31 14:48:49.136686632 -0500
 @@ -41,6 +41,9 @@ disable existing module
  .B  \-e,\-\-enable=MODULE_NAME
  enable existing module
@@ -686,8 +706,8 @@ diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/sem
  remove existing module
  .TP
 diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setfiles/restore.c
---- policycoreutils-2.1.4/setfiles/restore.c.f17	2011-12-23 10:54:40.556004029 +0000
-+++ policycoreutils-2.1.4/setfiles/restore.c	2011-12-23 10:54:41.310004753 +0000
+--- policycoreutils-2.1.4/setfiles/restore.c.f17	2012-01-31 14:48:48.620686554 -0500
++++ policycoreutils-2.1.4/setfiles/restore.c	2012-01-31 14:50:27.107655970 -0500
 @@ -1,5 +1,6 @@
  #include "restore.h"
  #include <glob.h>
@@ -851,7 +871,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
 +		       r_opts->progname, my_file, curcon ?: "", newcon);
 +	}
 +
-+	if (r_opts->logging) {
++	if (r_opts->logging && r_opts->change) {
 +		if (curcon)
  			syslog(LOG_INFO, "relabeling %s from %s to %s\n",
 -			       my_file, context, newcon);
@@ -909,8 +929,8 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
   * Evaluate the association hash table distribution.
   */
 diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/setfiles/restorecon.8
---- policycoreutils-2.1.4/setfiles/restorecon.8.f17	2011-08-18 10:52:32.000000000 +0000
-+++ policycoreutils-2.1.4/setfiles/restorecon.8	2011-12-23 10:54:41.311004754 +0000
+--- policycoreutils-2.1.4/setfiles/restorecon.8.f17	2011-08-18 06:52:32.000000000 -0400
++++ policycoreutils-2.1.4/setfiles/restorecon.8	2012-01-31 14:48:49.138686632 -0500
 @@ -4,22 +4,27 @@ restorecon \- restore file(s) default SE
  
  .SH "SYNOPSIS"
@@ -969,8 +989,8 @@ diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/s
  .SH "ARGUMENTS"
  .B pathname...
 diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setfiles/restore.h
---- policycoreutils-2.1.4/setfiles/restore.h.f17	2011-12-23 10:54:40.557004030 +0000
-+++ policycoreutils-2.1.4/setfiles/restore.h	2011-12-23 10:54:41.312004755 +0000
+--- policycoreutils-2.1.4/setfiles/restore.h.f17	2012-01-31 14:48:48.621686554 -0500
++++ policycoreutils-2.1.4/setfiles/restore.h	2012-01-31 14:48:49.139686633 -0500
 @@ -40,6 +40,7 @@ struct restore_opts {
  	int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
  	const char *selabel_opt_validate;
@@ -980,8 +1000,8 @@ diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setf
  
  void restore_init(struct restore_opts *opts);
 diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/setfiles/setfiles.8
---- policycoreutils-2.1.4/setfiles/setfiles.8.f17	2011-08-18 10:52:32.000000000 +0000
-+++ policycoreutils-2.1.4/setfiles/setfiles.8	2011-12-23 10:54:41.313004756 +0000
+--- policycoreutils-2.1.4/setfiles/setfiles.8.f17	2011-08-18 06:52:32.000000000 -0400
++++ policycoreutils-2.1.4/setfiles/setfiles.8	2012-01-31 14:48:49.139686633 -0500
 @@ -4,7 +4,7 @@ setfiles \- set file SELinux security co
  
  .SH "SYNOPSIS"
@@ -1028,8 +1048,8 @@ diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/set
  .B \-W
  display warnings about entries that had no matching files.
 diff -up policycoreutils-2.1.4/setfiles/setfiles.c.f17 policycoreutils-2.1.4/setfiles/setfiles.c
---- policycoreutils-2.1.4/setfiles/setfiles.c.f17	2011-12-23 10:54:40.558004031 +0000
-+++ policycoreutils-2.1.4/setfiles/setfiles.c	2011-12-23 10:54:41.314004757 +0000
+--- policycoreutils-2.1.4/setfiles/setfiles.c.f17	2012-01-31 14:48:48.622686554 -0500
++++ policycoreutils-2.1.4/setfiles/setfiles.c	2012-01-31 14:48:49.140686634 -0500
 @@ -39,7 +39,7 @@ void usage(const char *const name)
  {
  	if (iamrestorecon) {
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 29cb7d0..a405728 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.4
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -354,6 +354,10 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Wed Jan 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.4-16
+- Dont syslog changes if you are only checking in setfiles/restorecon
+- Don't syslog on full relabel
+
 * Wed Jan 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.4-15
 - fix sepolgen to not crash on echo "" | audit2allow 
 - Fix English in templates for sepolgen

More information about the scm-commits mailing list