From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <450845E8.2090709@redhat.com> Date: Wed, 13 Sep 2006 13:54:48 -0400 From: Daniel J Walsh MIME-Version: 1.0 To: Stephen Smalley , SE Linux Subject: Latest policycoreutils.patch Content-Type: multipart/mixed; boundary="------------060903070100050101090703" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. --------------060903070100050101090703 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit This patch include simple man page fixes and changes the way python scripts run to make the somewhat more secure. Also fixes some missing getopt flags. --------------060903070100050101090703 Content-Type: text/x-patch; name="python.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="python.patch" diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.30.28/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/audit2allow/audit2allow 2006-09-08 09:12:12.000000000 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/python -E # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.28/audit2allow/avc.py --- nsapolicycoreutils/audit2allow/avc.py 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/audit2allow/avc.py 2006-09-08 09:12:12.000000000 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/python -E # Copyright (C) 2006 Red Hat # see file 'COPYING' for use and warranty information # diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-1.30.28/restorecond/restorecond.init --- nsapolicycoreutils/restorecond/restorecond.init 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/restorecond/restorecond.init 2006-09-08 09:12:12.000000000 -0400 @@ -3,9 +3,9 @@ # restorecond: Daemo used to maintain path file context # # chkconfig: 2345 10 90 -# description: restorecond uses inotify to look for creation of new files listed in the -# /etc/selinux/POLICYTYPE/restorefiles.conf file, and sets the correct security -# context. +# description: restorecond uses inotify to look for creation of new files \ +# listed in the /etc/selinux/restorecond.conf file, and restores the \ +# correct security context. # # Source function library. diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.30.28/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/scripts/chcat 2006-09-08 09:12:12.000000000 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/python -E # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.30.28/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/scripts/genhomedircon 2006-09-13 07:32:44.000000000 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/python +#! /usr/bin/python -E # Copyright (C) 2004 Tresys Technology, LLC # see file 'COPYING' for use and warranty information # @@ -356,7 +356,7 @@ usepwd = 1 directory = "/etc/selinux" type = None - gopts, cmds = getopt.getopt(sys.argv[1:], 'nd:t:', ['help', + gopts, cmds = getopt.getopt(sys.argv[1:], 'hnd:t:', ['help', 'type=', 'nopasswd', 'dir=']) @@ -367,7 +367,7 @@ usepwd = 0 if o == '--dir' or o == "-d": directory = a - if o == '--help': + if o == '--help' or o == "-h": usage() diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/secon/Makefile policycoreutils-1.30.28/secon/Makefile --- nsapolicycoreutils/secon/Makefile 2006-08-28 16:58:20.000000000 -0400 +++ policycoreutils-1.30.28/secon/Makefile 2006-09-08 09:16:28.000000000 -0400 @@ -20,8 +20,8 @@ install: all install -m 755 secon $(BINDIR); -# test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 -# install -m 644 ../man/secon.1 $(MANDIR)/man1 + test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 + install -m 644 secon.1 $(MANDIR)/man1 relabel: /sbin/restorecon $(BINDIR)/secon diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.30.28/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2006-08-28 16:58:18.000000000 -0400 +++ policycoreutils-1.30.28/semanage/semanage 2006-09-08 09:12:12.000000000 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/python -E # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.30.28/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2006-08-28 16:58:18.000000000 -0400 +++ policycoreutils-1.30.28/semanage/semanage.8 2006-09-11 16:02:25.000000000 -0400 @@ -88,9 +88,9 @@ # View SELinux user mappings $ semanage user -l # Allow joe to login as staff_u -$ semanage login -a -s staff_u +$ semanage login -a -s staff_u joe # Add file-context for everything under /web (used by restorecon) -$ semanage fcontext -a -t httpd_sys_content_t '/web(/.*)?' +$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" # Allow Apache to listen on port 81 $ semanage port -a -t http_port_t -p tcp 81 .fi diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.28/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2006-08-28 16:58:18.000000000 -0400 +++ policycoreutils-1.30.28/semanage/seobject.py 2006-09-08 09:12:12.000000000 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/python -E # Copyright (C) 2005 Red Hat # see file 'COPYING' for use and warranty information # diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semodule_link/semodule_link.8 policycoreutils-1.30.28/semodule_link/semodule_link.8 --- nsapolicycoreutils/semodule_link/semodule_link.8 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/semodule_link/semodule_link.8 2006-09-13 07:41:52.000000000 -0400 @@ -3,7 +3,7 @@ semodule_link \- Link SELinux policy module packages together .SH SYNOPSIS -.B semodule_link [-V] [-o outfile] basemodpkg modpkg1 [modpkg2]... +.B semodule_link [-Vv] [-o outfile] basemodpkg modpkg1 [modpkg2]... .br .SH DESCRIPTION .PP @@ -17,9 +17,12 @@ .SH "OPTIONS" .TP .B \-V +show version +.TP +.B \-v verbose mode .TP -.B \-o \-\-outfile +.B \-o Linked policy module package generated by this tool. diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semodule_package/semodule_package.8 policycoreutils-1.30.28/semodule_package/semodule_package.8 --- nsapolicycoreutils/semodule_package/semodule_package.8 2006-08-28 16:58:19.000000000 -0400 +++ policycoreutils-1.30.28/semodule_package/semodule_package.8 2006-09-13 07:46:26.000000000 -0400 @@ -28,11 +28,20 @@ .B \-o \-\-outfile Policy module package file generated by this tool. .TP +.B \-s \-\-seuser +seuser file to be included in the package. +.TP +.B \-u \-\-user_extra +user_extra file to be included in the package. +.TP .B \-m \-\-module Policy module file to be included in the package. .TP .B \-f \-\-fc File contexts file for the module (optional). +.TP +.B \-n \-\-nc +netfilter context file to be included in the package. .SH SEE ALSO .B checkmodule(8), semodule(8) diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-1.30.28/setfiles/setfiles.8 --- nsapolicycoreutils/setfiles/setfiles.8 2006-08-28 16:58:22.000000000 -0400 +++ policycoreutils-1.30.28/setfiles/setfiles.8 2006-09-08 09:12:12.000000000 -0400 @@ -4,7 +4,7 @@ .SH "SYNOPSIS" .B setfiles -.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... +.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... .SH "DESCRIPTION" This manual page describes the .BR setfiles @@ -44,8 +44,8 @@ .B \-F Force reset of context to match file_context for customizable files .TP -.B \-o filename -save list of files with incorrect context in filename. +.B \-o +Print list of files with incorrect context. .TP .B \-s take a list of files from standard input instead of using a pathname on the --------------060903070100050101090703-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.