[policycoreutils/f16] Dont syslog changes if you are only checking in setfiles/restorecon
Daniel J Walsh
dwalsh at fedoraproject.org
Wed May 2 19:57:16 UTC 2012
commit 8a84b9dc0e16070f836a51f06bfbd69891ee4313
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed May 2 15:57:11 2012 -0400
Dont syslog changes if you are only checking in setfiles/restorecon
- Don't syslog on full relabel
policycoreutils-f17.patch | 106 ++++++++++++++++++++++++++------------------
policycoreutils.spec | 6 ++-
2 files changed, 68 insertions(+), 44 deletions(-)
---
diff --git a/policycoreutils-f17.patch b/policycoreutils-f17.patch
index 5e32472..79d908b 100644
--- a/policycoreutils-f17.patch
+++ b/policycoreutils-f17.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4/audit2allow/audit2allow
---- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-12-23 10:54:40.518003992 +0000
-+++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-12-23 10:54:41.290004734 +0000
+--- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2012-01-31 14:48:48.590686550 -0500
++++ policycoreutils-2.1.4/audit2allow/audit2allow 2012-01-31 14:48:49.120686630 -0500
@@ -104,7 +104,7 @@ class AuditToPolicy:
if name:
options.requires = True
@@ -11,8 +11,8 @@ diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4
# Make -M and -o conflict
diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
---- policycoreutils-2.1.4/.gitignore.f17 2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/.gitignore 2011-12-23 10:54:41.291004735 +0000
+--- policycoreutils-2.1.4/.gitignore.f17 2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/.gitignore 2012-01-31 14:48:49.121686630 -0500
@@ -9,6 +9,7 @@ semodule_deps/semodule_deps
semodule_expand/semodule_expand
semodule_link/semodule_link
@@ -22,8 +22,8 @@ diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
setfiles/restorecon
setfiles/setfiles
diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/mcstrans/man/Makefile
---- policycoreutils-2.1.4/mcstrans/man/Makefile.f17 2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-12-23 10:54:41.292004736 +0000
+--- policycoreutils-2.1.4/mcstrans/man/Makefile.f17 2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/mcstrans/man/Makefile 2012-01-31 14:48:49.121686630 -0500
@@ -1,7 +1,9 @@
# Installation directories.
MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
@@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/m
install -m 644 man8/*.8 $(MAN8DIR)
diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newrole/newrole.c
---- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-12-23 10:54:40.522003996 +0000
-+++ policycoreutils-2.1.4/newrole/newrole.c 2011-12-23 10:54:41.294004738 +0000
+--- policycoreutils-2.1.4/newrole/newrole.c.f17 2012-01-31 14:48:48.594686550 -0500
++++ policycoreutils-2.1.4/newrole/newrole.c 2012-01-31 14:48:49.123686630 -0500
@@ -543,13 +543,13 @@ static int restore_environment(int prese
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
static int drop_capabilities(int full)
@@ -56,16 +56,16 @@ diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newro
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
diff -up policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 policycoreutils-2.1.4/restorecond/restorecond_user.conf
---- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2011-12-23 10:54:40.529004003 +0000
-+++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2011-12-23 10:54:41.295004739 +0000
+--- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2012-01-31 14:48:48.600686552 -0500
++++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2012-01-31 14:48:49.123686630 -0500
@@ -5,3 +5,4 @@
~/.fonts/*
~/.cache/*
~/.config/*
+~/.local/share/*
diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/restorecond/user.c
---- policycoreutils-2.1.4/restorecond/user.c.f17 2011-12-23 10:54:40.530004004 +0000
-+++ policycoreutils-2.1.4/restorecond/user.c 2011-12-23 10:54:41.296004740 +0000
+--- policycoreutils-2.1.4/restorecond/user.c.f17 2012-01-31 14:48:48.601686552 -0500
++++ policycoreutils-2.1.4/restorecond/user.c 2012-01-31 14:48:49.124686630 -0500
@@ -123,6 +123,11 @@ io_channel_callback
sizeof (buffer),
&bytes_read);
@@ -110,8 +110,8 @@ diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/rest
read_config(master_fd, watch_file);
diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandbox/sandbox.8
---- policycoreutils-2.1.4/sandbox/sandbox.8.f17 2011-12-23 10:54:40.535004009 +0000
-+++ policycoreutils-2.1.4/sandbox/sandbox.8 2011-12-23 10:54:41.297004741 +0000
+--- policycoreutils-2.1.4/sandbox/sandbox.8.f17 2012-01-31 14:48:48.605686552 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.8 2012-01-31 14:48:49.124686630 -0500
@@ -3,11 +3,11 @@
sandbox \- Run cmd under an SELinux sandbox
.SH SYNOPSIS
@@ -137,8 +137,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandb
Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
.TP
diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox/sandbox
---- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-12-23 10:54:40.534004008 +0000
-+++ policycoreutils-2.1.4/sandbox/sandbox 2011-12-23 10:55:51.334071589 +0000
+--- policycoreutils-2.1.4/sandbox/sandbox.f17 2012-01-31 14:48:48.604686552 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox 2012-01-31 14:48:49.126686631 -0500
@@ -118,10 +118,30 @@ def reserve(level):
sock.bind("\0%s" % level)
fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
@@ -236,8 +236,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
cmds += [ "--" ] + self.__paths
return subprocess.Popen(cmds).wait()
diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sandbox/sandbox.init
---- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-12-23 10:54:40.537004011 +0000
-+++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-12-23 10:54:41.299004743 +0000
+--- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2012-01-31 14:48:48.607686552 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.init 2012-01-31 14:48:49.127686632 -0500
@@ -13,7 +13,7 @@
# description: sandbox, xguest and other apps that want to use pam_namespace \
# require this script be run at boot. This service script does \
@@ -268,8 +268,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sa
touch $LOCKFILE
mount --make-rshared / || return $?
diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/sandbox/seunshare.c
---- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-12-23 10:54:40.541004015 +0000
-+++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-12-23 10:55:01.459024075 +0000
+--- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2012-01-31 14:48:48.609686552 -0500
++++ policycoreutils-2.1.4/sandbox/seunshare.c 2012-01-31 14:48:49.129686632 -0500
@@ -5,8 +5,9 @@
#define _GNU_SOURCE
@@ -402,9 +402,29 @@ diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/san
exit(-1);
}
+diff -up policycoreutils-2.1.4/scripts/fixfiles.f17 policycoreutils-2.1.4/scripts/fixfiles
+--- policycoreutils-2.1.4/scripts/fixfiles.f17 2012-01-31 14:51:23.126632085 -0500
++++ policycoreutils-2.1.4/scripts/fixfiles 2012-01-31 14:51:27.821630204 -0500
+@@ -121,7 +121,6 @@ LOGFILE=`tty`
+ if [ $? != 0 ]; then
+ LOGFILE="/dev/null"
+ fi
+-SYSLOGFLAG="-l"
+ LOGGER=/usr/sbin/logger
+ SETFILES=/sbin/setfiles
+ RESTORECON=/sbin/restorecon
+@@ -234,7 +233,7 @@ then
+ done
+ FC=$TEMPFCFILE
+ fi
+-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
++${SETFILES} -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+ rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
+
+ UNDEFINED=`get_undefined_type` || exit $?
diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c
---- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2011-12-23 10:54:40.545004018 +0000
-+++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2011-12-23 10:54:41.301004745 +0000
+--- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2012-01-31 14:48:48.611686552 -0500
++++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2012-01-31 14:48:49.130686632 -0500
@@ -52,8 +52,6 @@ static PyMethodDef methods[] = {
PyMODINIT_FUNC
initdefault_encoding_utf8(void)
@@ -416,8 +436,8 @@ diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17
+ Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
}
diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/semanage/semanage.8
---- policycoreutils-2.1.4/semanage/semanage.8.f17 2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/semanage/semanage.8 2011-12-23 10:54:41.302004746 +0000
+--- policycoreutils-2.1.4/semanage/semanage.8.f17 2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/semanage/semanage.8 2012-01-31 14:48:49.132686632 -0500
@@ -163,6 +163,9 @@ SELinux Type for the object
.I \-i, \-\-input
Take a set of commands from a specified file and load them in a single
@@ -429,8 +449,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/sem
.SH EXAMPLE
.nf
diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/semanage/semanage
---- policycoreutils-2.1.4/semanage/semanage.f17 2011-12-23 10:54:40.547004020 +0000
-+++ policycoreutils-2.1.4/semanage/semanage 2011-12-23 10:54:41.303004747 +0000
+--- policycoreutils-2.1.4/semanage/semanage.f17 2012-01-31 14:48:48.613686554 -0500
++++ policycoreutils-2.1.4/semanage/semanage 2012-01-31 14:48:49.133686632 -0500
@@ -575,3 +575,5 @@ Object-specific Options (see above):
errorExit(error.args[1])
except OSError, error:
@@ -438,8 +458,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/seman
+ except RuntimeError, error:
+ errorExit(error.args[0])
diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/semanage/seobject.py
---- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-12-23 10:54:40.550004023 +0000
-+++ policycoreutils-2.1.4/semanage/seobject.py 2011-12-23 10:54:41.307004751 +0000
+--- policycoreutils-2.1.4/semanage/seobject.py.f17 2012-01-31 14:48:48.615686554 -0500
++++ policycoreutils-2.1.4/semanage/seobject.py 2012-01-31 14:48:49.135686632 -0500
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
@@ -661,8 +681,8 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
-
+ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1.4/semodule_package/Makefile
---- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-12-23 10:54:40.551004024 +0000
-+++ policycoreutils-2.1.4/semodule_package/Makefile 2011-12-23 10:54:41.308004752 +0000
+--- policycoreutils-2.1.4/semodule_package/Makefile.f17 2012-01-31 14:48:48.616686554 -0500
++++ policycoreutils-2.1.4/semodule_package/Makefile 2012-01-31 14:48:49.136686632 -0500
@@ -24,7 +24,7 @@ install: all
relabel:
@@ -673,8 +693,8 @@ diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1
indent:
../../scripts/Lindent $(wildcard *.[ch])
diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/semodule/semodule.8
---- policycoreutils-2.1.4/semodule/semodule.8.f17 2011-08-18 10:52:31.000000000 +0000
-+++ policycoreutils-2.1.4/semodule/semodule.8 2011-12-23 10:54:41.309004752 +0000
+--- policycoreutils-2.1.4/semodule/semodule.8.f17 2011-08-18 06:52:31.000000000 -0400
++++ policycoreutils-2.1.4/semodule/semodule.8 2012-01-31 14:48:49.136686632 -0500
@@ -41,6 +41,9 @@ disable existing module
.B \-e,\-\-enable=MODULE_NAME
enable existing module
@@ -686,8 +706,8 @@ diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/sem
remove existing module
.TP
diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setfiles/restore.c
---- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-12-23 10:54:40.556004029 +0000
-+++ policycoreutils-2.1.4/setfiles/restore.c 2011-12-23 10:54:41.310004753 +0000
+--- policycoreutils-2.1.4/setfiles/restore.c.f17 2012-01-31 14:48:48.620686554 -0500
++++ policycoreutils-2.1.4/setfiles/restore.c 2012-01-31 14:50:27.107655970 -0500
@@ -1,5 +1,6 @@
#include "restore.h"
#include <glob.h>
@@ -851,7 +871,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
+ r_opts->progname, my_file, curcon ?: "", newcon);
+ }
+
-+ if (r_opts->logging) {
++ if (r_opts->logging && r_opts->change) {
+ if (curcon)
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
- my_file, context, newcon);
@@ -909,8 +929,8 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
* Evaluate the association hash table distribution.
*/
diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/setfiles/restorecon.8
---- policycoreutils-2.1.4/setfiles/restorecon.8.f17 2011-08-18 10:52:32.000000000 +0000
-+++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-12-23 10:54:41.311004754 +0000
+--- policycoreutils-2.1.4/setfiles/restorecon.8.f17 2011-08-18 06:52:32.000000000 -0400
++++ policycoreutils-2.1.4/setfiles/restorecon.8 2012-01-31 14:48:49.138686632 -0500
@@ -4,22 +4,27 @@ restorecon \- restore file(s) default SE
.SH "SYNOPSIS"
@@ -969,8 +989,8 @@ diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/s
.SH "ARGUMENTS"
.B pathname...
diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setfiles/restore.h
---- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-12-23 10:54:40.557004030 +0000
-+++ policycoreutils-2.1.4/setfiles/restore.h 2011-12-23 10:54:41.312004755 +0000
+--- policycoreutils-2.1.4/setfiles/restore.h.f17 2012-01-31 14:48:48.621686554 -0500
++++ policycoreutils-2.1.4/setfiles/restore.h 2012-01-31 14:48:49.139686633 -0500
@@ -40,6 +40,7 @@ struct restore_opts {
int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
const char *selabel_opt_validate;
@@ -980,8 +1000,8 @@ diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setf
void restore_init(struct restore_opts *opts);
diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/setfiles/setfiles.8
---- policycoreutils-2.1.4/setfiles/setfiles.8.f17 2011-08-18 10:52:32.000000000 +0000
-+++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-12-23 10:54:41.313004756 +0000
+--- policycoreutils-2.1.4/setfiles/setfiles.8.f17 2011-08-18 06:52:32.000000000 -0400
++++ policycoreutils-2.1.4/setfiles/setfiles.8 2012-01-31 14:48:49.139686633 -0500
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security co
.SH "SYNOPSIS"
@@ -1028,8 +1048,8 @@ diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/set
.B \-W
display warnings about entries that had no matching files.
diff -up policycoreutils-2.1.4/setfiles/setfiles.c.f17 policycoreutils-2.1.4/setfiles/setfiles.c
---- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-12-23 10:54:40.558004031 +0000
-+++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-12-23 10:54:41.314004757 +0000
+--- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2012-01-31 14:48:48.622686554 -0500
++++ policycoreutils-2.1.4/setfiles/setfiles.c 2012-01-31 14:48:49.140686634 -0500
@@ -39,7 +39,7 @@ void usage(const char *const name)
{
if (iamrestorecon) {
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 29cb7d0..a405728 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.4
-Release: 15%{?dist}
+Release: 16%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -354,6 +354,10 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Jan 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.4-16
+- Dont syslog changes if you are only checking in setfiles/restorecon
+- Don't syslog on full relabel
+
* Wed Jan 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.4-15
- fix sepolgen to not crash on echo "" | audit2allow
- Fix English in templates for sepolgen
More information about the scm-commits
mailing list