~ubuntu-branches/ubuntu/precise/policycoreutils/precise

Committer: Bazaar Package Importer
Author(s): Caleb Case, Caleb Case, Joseph Jackson IV
Date: 2008-02-09 21:36:48 UTC
mfrom: (1.2.9 upstream)
Revision ID: james.westby@ubuntu.com-20080209213648-lgax8nm8jer4ld25

Tags: 2.0.43-0ubuntu1

[ Caleb Case ]
* New upstream SVN HEAD
+ Merged support for non-interactive newrole command invocation from
   Tim Reed.
+ Update Makefile to not build restorecond if
   /usr/include/sys/inotify.h is not present
+ Drop verbose output on fixfiles -C from Dan Walsh.
+ Fix argument handling in fixfiles from Dan Walsh.
+ Enhance boolean support in semanage, including using the .xml
   description when available, from Dan Walsh.
+ load_policy initial load option from Chad Sellers.
+ Fix semodule option handling from Dan Walsh.
+ Add deleteall support for ports and fcontexts in semanage from Dan
   Walsh.
+ Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
+ Update semodule man page for -D from Dan Walsh.
+ Add boolean, locallist, deleteall, and store support to semanage
   from Dan Walsh.
+ Improve semodule reporting of system errors from Stephen Smalley.
+ Fix setfiles selabel option flag setting for 64-bit from Stephen
   Smalley.
+ Remove genhomedircon script (functionality is now provided
   within libsemanage) from Todd Miller.
+ Fix genhomedircon searching for USER from Todd Miller
+ Install run_init with mode 0755 from Dan Walsh.
+ Fix chcat from Dan Walsh.
+ Fix fixfiles pattern expansion and error reporting from Dan Walsh.
+ Optimize genhomedircon to compile regexes once from Dan Walsh.
+ Fix semanage gettext call from Dan Walsh.
+ Disable dontaudits via semodule -D
+ Rebase setfiles to use new labeling interface.
+ Fixed setsebool (falling through to error path on success).
+ Merged genhomedircon fixes from Dan Walsh.
+ Merged setfiles -c usage fix from Dan Walsh.
+ Merged restorecon fix from Yuichi Nakamura.
+ Dropped -lsepol where no longer needed.
+ Merge newrole support for alternate pam configs from Ted X Toth.
+ Merged merging of restorecon into setfiles from Stephen Smalley.
+ Merged genhomedircon fix to find conflicting directories correctly
   from Dan Walsh.
* debian/policycoreutils.restorecon.init
  * Removing improper '$'

[ Joseph Jackson IV ]
* debian/control
  - Update Debian Maintainer field

files added:
audit2why/audit2why

audit2why/audit2why.1

debian/compat

debian/dirs

debian/patches

debian/patches/restorecond.conf.patch

debian/patches/series

debian/policycoreutils.install

debian/policycoreutils.postinst

debian/policycoreutils.postrm

debian/policycoreutils.preinst

debian/policycoreutils.prerm

debian/policycoreutils.restorecon.init

debian/policycoreutils.restorecond.init

newrole/hashtab.c

newrole/hashtab.h

setfiles/restorecon.8

files removed:
audit2why/audit2why.8

audit2why/audit2why.c

debian/common

debian/common/ChangeLog

debian/common/archvars.mk

debian/common/automake.mk

debian/common/checklibs

debian/common/copt.mk

debian/common/debconf.mk

debian/common/install_cmds.mk

debian/common/perlvars.mk

debian/common/pkgvars.mk

debian/common/targets.mk

debian/conffiles

debian/config

debian/local-vars.mk

debian/local.mk

debian/postinst

debian/postrm

debian/preinst

debian/prerm

debian/se_dpkg

debian/se_dpkg.8

debian/watch

restorecon

restorecon/Makefile

restorecon/restorecon.8

restorecon/restorecon.c

scripts/genhomedircon.8

files modified:
ChangeLog

Makefile

VERSION

audit2allow/audit2allow

audit2allow/audit2allow.1

audit2allow/sepolgen-ifgen

audit2why/Makefile

debian/changelog

debian/control

debian/copyright

debian/rules

load_policy/load_policy.8

load_policy/load_policy.c

newrole/Makefile

newrole/newrole.1

newrole/newrole.c

restorecond/Makefile

run_init/Makefile

scripts/Makefile

scripts/chcat

scripts/fixfiles

scripts/fixfiles.8

scripts/genhomedircon *

secon/Makefile

semanage/semanage

semanage/seobject.py

semodule/semodule.8

semodule/semodule.c

semodule_deps/semodule_deps.c

semodule_expand/semodule_expand.c

sestatus/Makefile

setfiles/Makefile

setfiles/setfiles.8

setfiles/setfiles.c

setsebool/setsebool.c

Show diffs side-by-side

added added

removed removed

scripts/fixfiles

LOGGER=/usr/sbin/logger

SETFILES=/sbin/setfiles

RESTORECON=/sbin/restorecon

FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '$(|.*,)bind(,.*|)$' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';`

FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '$(|.*,)bind(,.*|)$' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';`

FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '$(|.*,)bind(,.*|)$' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`

FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '$(|.*,)bind(,.*|)$' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`

FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"

SELINUXTYPE="targeted"

if [ -e /etc/selinux/config ]; then

do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \

echo "$pattern"; \

case "$pattern" in *"*") \

echo "$pattern" | sed 's,\*$,,g' >> ${TEMPFILE};;

echo "$pattern" | sed -e 's,^,^,' -e 's,\*$,,g' >> ${TEMPFILE};;

esac; \

fi; \

done | \

while read pattern ; do find $pattern \

! $ -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs $ -prune -o \

$ -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev $ -prune -o -print; \

while read pattern ; do sh -c "find $pattern \

! $ -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs $ -prune -o \

$ -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev $ -prune -o -print0"; \

done 2> /dev/null | \

${RESTORECON} $2 -v -f -

${RESTORECON} $* -0 -f -

rm -f ${TEMPFILE} ${PREFCTEMPFILE}

}

108

109

rpmlist() {

110

rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '

111

[ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr

111

112

}

112

113

114

116

117

118

restore () {

118

119

if [ ! -z "$PREFC" ]; then

119

diff_filecontext $1

120

diff_filecontext $*

120

121

exit $?

121

122

123

if [ ! -z "$RPMFILES" ]; then

125

126

done

126

127

exit $?

127

128

if [ ! -z "$DIRS" ]; then

129

if [ ! -z "$FILEPATH" ]; then

129

130

if [ -x /usr/bin/find ]; then

130

for d in ${DIRS} ; do find $d \

131

! $ -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs $ -prune -o -print | \

132

${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE

133

done

131

/usr/bin/find "$FILEPATH" \

132

! $ -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs $ -prune -o -print0 | \

133

${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE

134

else

135

${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE

135

${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE

136

137

138

exit $?

137

return

139

138

140

139

LogReadOnly

141

if [ -n "${FILESYSTEMSRW}" ]; then

142

${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE

143

else

144

echo >&2 "fixfiles: No suitable file systems found"

145

140

${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE

146

141

exit $?

147

142

}

148

143

176

171

177

172

}

178

173

174

process() {

175

176

# Make sure they specified one of the three valid commands

177

178

case "$1" in

179

restore) restore -p ;;

180

check) restore -n -v;;

181

verify) restore -n -o -;;

182

relabel) relabel;;

183

184

usage

185

exit 1

186

esac

187

}

179

188

usage() {

180

189

echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "

181

190

echo or

214

223

esac

215

224

done

216

225

226

# Move out processed options from arguments

227

shift $(( OPTIND - 1 ))

217

228

218

229

# Check for the command

219

eval command=\$${OPTIND}

220

let OPTIND=$OPTIND+1

230

command=$1

221

231

if [ -z $command ]; then

222

232

usage

223

233

224

234

235

# Move out command from arguments

236

shift

237

225

238

226

239

# check if they specified both DIRS and RPMFILES

227

240

228

241

229

242

if [ ! -z "$RPMFILES" ]; then

230

if [ $OPTIND -le $# ]; then

243

process $command

244

if [ $# -gt 0 ]; then

231

245

usage

232

246

233

247

else

234

while [ $OPTIND -le $# ]; do

235

eval DIR=\$${OPTIND}

236

DIRS="$DIRS $DIR"

237

let OPTIND=$OPTIND+1

238

done

248

if [ -z "$1" ]; then

249

process $command

250

else

251

while [ -n "$1" ]; do

252

FILEPATH=$1

253

process $command

254

shift

255

done

256

239

257

240

241

# Make sure they specified one of the three valid commands

242

243

case "$command" in

244

restore) restore -p ;;

245

check) restore -n -v ;;

246

verify) restore -n -o -;;

247

relabel) relabel;;

248

249

usage

250

exit 1

251

esac

258

exit $?

Older »