Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2012-02-16 15:00:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "policycoreutils", Maintainer is "vci...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2011-09-23 12:41:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2012-02-16 15:02:00.000000000 +0100 @@ -1,0 +2,27 @@ +Tue Feb 14 09:57:15 UTC 2012 - mvysko...@suse.cz + +- fix seceral rpmlint errors and warnings + * use /var/adm/fillup-template for sandbox + * don't use /var/lock/subsys in any of init script + * use set_permissions macro and add correct Requires(pre) + * fix the languages to new -lang package + * fix policycoreutils-sandbox Group + * remove runlevel 4 from inint scripts + +------------------------------------------------------------------- +Mon Feb 13 10:53:53 UTC 2012 - co...@suse.com + +- patch license to follow spdx.org standard + +------------------------------------------------------------------- +Mon Mar 14 15:16:51 UTC 2011 - prus...@opensuse.org + +- updated to 2.0.85 + * changes too numerous to list + +------------------------------------------------------------------- +Fri Feb 4 00:09:42 UTC 2011 - toddrme2...@gmail.com + +- fix a typo in the package group + +------------------------------------------------------------------- Old: ---- policycoreutils-2.0.79.tar.bz2 policycoreutils-gnusource.patch sandbox.init sepolgen-1.0.19.tar.bz2 New: ---- policycoreutils-2.0.85.tar.bz2 sepolgen-1.0.23.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ policycoreutils.spec ++++++ --- /var/tmp/diff_new_pack.kkWmZl/_old 2012-02-16 15:02:01.000000000 +0100 +++ /var/tmp/diff_new_pack.kkWmZl/_new 2012-02-16 15:02:01.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package policycoreutils (Version 2.0.79) +# spec file for package policycoreutils # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,21 +15,20 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %define libaudit_ver 1.4.2 %define libsepol_ver 2.0.41 %define libsemanage_ver 2.0.43 %define libselinux_ver 2.0.90 -%define sepolgen_ver 1.0.19 +%define sepolgen_ver 1.0.23 Name: policycoreutils -Version: 2.0.79 -Release: 4 +Version: 2.0.85 +Release: 0 Url: http://www.nsa.gov/selinux/ -License: GPLv2+ -Group: Productivity/Security Summary: SELinux policy core utilities +License: GPL-2.0+ +Group: Productivity/Security Source: %{name}-%{version}.tar.bz2 Source1: sepolgen-%{sepolgen_ver}.tar.bz2 Source2: system-config-selinux.png @@ -39,7 +38,6 @@ Source6: selinux-polgengui.desktop Source7: selinux-polgengui.console Source8: policycoreutils_man_ru2.tar.bz2 -Source9: sandbox.init Patch0: policycoreutils-rhat.patch.bz2 Patch1: policycoreutils-po.patch.bz2 Patch2: policycoreutils-gui.patch.bz2 @@ -47,17 +45,28 @@ Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch6: policycoreutils-setup_py-prefix.patch -Patch7: policycoreutils-gnusource.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: gettext libcap-devel pam-devel python-devel update-desktop-files -BuildRequires: libsepol-devel-static >= %{libsepol_ver} -BuildRequires: libsemanage-devel >= %{libsemanage_ver} -BuildRequires: libselinux-devel >= %{libselinux_ver} BuildRequires: audit-devel >= %{libaudit_ver} -BuildRequires: libcap-ng-devel BuildRequires: dbus-1-glib-devel -PreReq: %insserv_prereq %fillup_prereq permissions -Requires: util-linux gawk rpm checkpolicy python-selinux audit-libs-python +BuildRequires: fdupes +BuildRequires: gettext +BuildRequires: libcap-devel +BuildRequires: libcap-ng-devel +BuildRequires: libcgroup-devel +BuildRequires: libselinux-devel >= %{libselinux_ver} +BuildRequires: libsemanage-devel >= %{libsemanage_ver} +BuildRequires: libsepol-devel-static >= %{libsepol_ver} +BuildRequires: pam-devel +BuildRequires: python-devel +BuildRequires: update-desktop-files +Requires(pre): %insserv_prereq %fillup_prereq permissions +Requires: util-linux +Requires: gawk +Requires: rpm +Requires: checkpolicy +Requires: python-selinux +Requires: audit-libs-python +Recommends: %{name}-lang %description Security-enhanced Linux is a feature of the Linux(R) kernel and a number @@ -76,19 +85,20 @@ to switch roles, and run_init to run /etc/init.d scripts in the proper context. +%lang_package + %prep %setup -q -a 1 -%patch0 -p1 +%patch0 -p2 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 %patch5 %patch6 -%patch7 -sleep 1 -touch po/policycoreutils.pot -sleep 1 +# sleep 5 +# touch po/policycoreutils.pot +# sleep 5 %build export SUSE_ASNEEDED=0 @@ -96,6 +106,7 @@ make -C sepolgen-%{sepolgen_ver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all %install +mkdir -p {buildroot}%{_initddir} mkdir -p %{buildroot}/var/lib/selinux mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_sbindir} @@ -104,7 +115,6 @@ mkdir -p %{buildroot}%{_mandir}/man8 mkdir -p %{buildroot}%{_sysconfdir}/pam.d mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps -install -D -m 0755 %{SOURCE9} %{buildroot}/%{_initddir}/sandbox make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" INITDIR="%{buildroot}%{_initddir}" install make -C sepolgen-%{sepolgen_ver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install install -D -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps/system-config-selinux.png @@ -118,12 +128,15 @@ ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui ln -sf %{_initddir}/restorecond %{buildroot}%{_sbindir}/rcrestorecond ln -sf %{_initddir}/sandbox %{buildroot}%{_sbindir}/rcsandbox +mkdir -p %{buildroot}/var/adm/fillup-templates/ +mv %{buildroot}/%{_sysconfdir}/sysconfig/sandbox %{buildroot}/var/adm/fillup-templates/sysconfig.sandbox +rmdir %{buildroot}/%{_sysconfdir}/sysconfig %suse_update_desktop_file -i system-config-selinux System Security Settings %suse_update_desktop_file -i selinux-polgengui System Security Settings %find_lang %{name} +%fdupes -s %{buildroot}/%{_datadir} %package python -License: GPLv2+ Summary: SELinux policy core python utilities Group: Productivity/Security Requires: policycoreutils = %{version} @@ -143,6 +156,7 @@ %{_bindir}/chcat %{_bindir}/sandbox %{_bindir}/sepolgen-ifgen +%{_bindir}/sepolgen-ifgen-attr-helper %{python_sitearch}/seobject.py* %{python_sitearch}/sepolgen %{python_sitearch}/%{name} @@ -160,15 +174,14 @@ %{_mandir}/ru/man8/semanage.8* %post python -[ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen > /dev/null +selinuxenabled && [ -f %{_datadir}/selinux/devel/include/build.conf ] && %{_bindir}/sepolgen-ifgen 2>/dev/null exit 0 %package sandbox -License: GPLv2+ Summary: SELinux sandbox utilities -Group: System Environment/Base +Group: Productivity/Security Requires: policycoreutils-python = %{version} -# Requires: xorg-x11-server-Xephyr +Requires: xorg-x11-server-extra # Requires: matchbox-window-manager %description sandbox @@ -181,6 +194,10 @@ %attr(0755,root,root) %{_sbindir}/seunshare %dir %{_datadir}/sandbox %{_datadir}/sandbox/sandboxX.sh +%{_datadir}/sandbox/start +/var/adm/fillup-templates/sysconfig.sandbox +%doc %{_mandir}/man5/sandbox.conf.5.gz +%doc %{_mandir}/man8/seunshare.8.gz %post sandbox %fillup_and_insserv sandbox @@ -198,10 +215,10 @@ fi %package newrole -License: GPLv2+ Summary: The newrole application for RBAC/MLS -Group: Producitvity/Security +Group: Productivity/Security Requires: policycoreutils = %{version} +Requires(pre): permissions %description newrole RBAC/MLS policy machines require newrole as a way of changing the role @@ -211,17 +228,17 @@ %defattr(-,root,root) %verify(not mode) %attr(0755,root,root) %{_bindir}/newrole %{_mandir}/man1/newrole.1.gz +%config(noreplace) %{_sysconfdir}/pam.d/newrole %post newrole -%run_permissions +%set_permissions %{_bindir}/newrole %verifyscript %verify_permissions -e %{_bindir}/newrole %package gui -License: GPLv2+ Summary: SELinux configuration GUI -Group: Producitvity/Security +Group: Productivity/Security Requires: policycoreutils-python = %{version} Requires: python-gnome Requires: python-gtk @@ -239,6 +256,9 @@ %{_bindir}/system-config-selinux %{_bindir}/selinux-polgengui %{_bindir}/sepolgen +%{_datadir}/applications/selinux-polgengui.desktop +%{_datadir}/applications/system-config-selinux.desktop +%{_datadir}/pixmaps/system-config-selinux.png %dir %{_datadir}/system-config-selinux %dir %{_datadir}/system-config-selinux/templates %{_datadir}/system-config-selinux/*.py* @@ -248,16 +268,13 @@ %config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux %config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui %dir %{_sysconfdir}/security/console.apps -%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux %config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui -%{_datadir}/applications/selinux-polgengui.desktop -%{_datadir}/applications/system-config-selinux.desktop -%{_datadir}/pixmaps/system-config-selinux.png +%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux %clean rm -rf %{buildroot} -%files -f %{name}.lang +%files %defattr(-,root,root) /sbin/restorecon /sbin/fixfiles @@ -276,7 +293,6 @@ %{_bindir}/semodule_expand %{_bindir}/semodule_link %{_bindir}/semodule_package -%config(noreplace) %{_sysconfdir}/pam.d/newrole %config(noreplace) %{_sysconfdir}/pam.d/run_init %config(noreplace) %{_sysconfdir}/sestatus.conf %attr(755,root,root) %{_initddir}/restorecond @@ -319,6 +335,9 @@ %{_mandir}/ru/man8/setsebool.8* %{_mandir}/man1/secon.1* %{_mandir}/ru/man1/secon.1* +%{_mandir}/man8/genhomedircon.8* + +%files lang -f %{name}.lang %post %fillup_and_insserv restorecond ++++++ policycoreutils-2.0.79.tar.bz2 -> policycoreutils-2.0.85.tar.bz2 ++++++ ++++ 7800 lines of diff (skipped) ++++++ policycoreutils-gui.patch.bz2 ++++++ ++++ 6489 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils-gui.patch.bz2 ++++ and /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils-gui.patch.bz2 ++++++ policycoreutils-initscript.patch ++++++ --- /var/tmp/diff_new_pack.kkWmZl/_old 2012-02-16 15:02:02.000000000 +0100 +++ /var/tmp/diff_new_pack.kkWmZl/_new 2012-02-16 15:02:02.000000000 +0100 @@ -1,7 +1,7 @@ Index: restorecond/restorecond.init =================================================================== ---- restorecond/restorecond.init.orig -+++ restorecond/restorecond.init +--- restorecond/restorecond.init.orig 2012-02-14 10:27:52.948296762 +0100 ++++ restorecond/restorecond.init 2012-02-14 10:42:18.458874663 +0100 @@ -1,14 +1,23 @@ #!/bin/sh # @@ -18,8 +18,8 @@ +# Should-Start: +# Required-Stop: $remote_fs +# Should-Stop: -+# Default-Start: 3 5 -+# Default-Stop: 0 1 2 6 ++# Default-Start: 3 4 5 ++# Default-Stop: 0 1 2 3 4 6 +# Short-Description: Daemon used to maintain path file context +# Description: Restorecond uses inotify to look for creation of new files +# listed in the /etc/selinux/restorecond.conf file, and restores the correct @@ -37,14 +37,14 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin +PROG_BIN=/usr/sbin/restorecond -+LOCK_FILE=/var/lock/subsys/restorecond ++LOCK_FILE=/var/lock/restorecond +PROG_CONF=/etc/selinux/restorecond.conf # Source function library. -. /etc/rc.d/init.d/functions +. /etc/rc.status --[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0 +-[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 +# Check whether SELinux is enabled +if [ ! -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then + echo $"SELinux should be enabled to run this daemon" @@ -118,7 +118,7 @@ { stop start -@@ -72,18 +100,20 @@ case "$1" in +@@ -72,18 +100,20 @@ stop ;; status) @@ -136,11 +136,100 @@ + [ -e $LOCK_FILE ] && restart || : ;; *) - echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}" +- echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}" - RETVAL=3 ++ echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart}" + rc_failed 3 + rc_status -v esac -exit $RETVAL +rc_exit +Index: sandbox/sandbox.init +=================================================================== +--- sandbox/sandbox.init.orig 2012-02-14 10:27:53.001298574 +0100 ++++ sandbox/sandbox.init 2012-02-14 10:38:19.622717182 +0100 +@@ -1,31 +1,32 @@ + #!/bin/bash +-## BEGIN INIT INFO ++ ++# /etc/init.d/sandbox ++ ++### BEGIN INIT INFO + # Provides: sandbox +-# Default-Start: 3 4 5 +-# Default-Stop: 0 1 2 3 4 6 +-# Required-Start: +-# +-## END INIT INFO +-# sandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared +-# +-# chkconfig: 345 1 99 +-# +-# description: sandbox, xguest and other apps that want to use pam_namespace \ ++# Required-Start: $remote_fs ++# Should-Start: ++# Required-Stop: $remote_fs ++# Should-Stop: ++# Default-Start: 3 5 ++# Default-Stop: 0 1 2 3 6 ++# Short-Description: Script for sandbox and other apps using pam_namespace ++# Description: sandbox, xguest and other apps that want to use pam_namespace \ + # require this script be run at boot. This service script does \ + # not actually run any service but sets up: \ + # /var/tmp, /tmp and home directories to be used by these tools.\ + # If you do not use sandbox, xguest or pam_namespace you can turn \ + # this service off.\ +-# ++### END INIT INFO + + # Source function library. +-. /etc/init.d/functions ++. /etc/rc.status + + HOMEDIRS="/home" + + . /etc/sysconfig/sandbox + +-LOCKFILE=/var/lock/subsys/sandbox ++LOCKFILE=/var/lock/sandbox + + base=${0##*/} + +@@ -35,7 +36,7 @@ + [ -f "$LOCKFILE" ] && return 1 + + touch $LOCKFILE +- mount --make-rshared / || return $? ++ mount --make-rshared / || return $? + mount --rbind /tmp /tmp || return $? + mount --rbind /var/tmp /var/tmp || return $? + mount --make-private /tmp || return $? +@@ -81,9 +82,13 @@ + status) + status + ;; ++ reload) ++ # unused ++ exit 3 ++ ;; + + *) +- echo $"Usage: $0 {start|stop|status|restart}" ++ echo $"Usage: $0 {start|stop|status|restart|reload}" + exit 3 + ;; + esac +Index: mcstrans/src/mcstrans.init +=================================================================== +--- mcstrans/src/mcstrans.init.orig 2010-12-21 22:12:03.000000000 +0100 ++++ mcstrans/src/mcstrans.init 2012-02-14 10:33:15.198314694 +0100 +@@ -20,7 +20,7 @@ + + PATH=/sbin:/bin:/usr/bin:/usr/sbin + prog="mcstransd" +-lockfile=/var/lock/subsys/$prog ++lockfile=/var/lock/$prog + + # Source function library. + . /etc/init.d/functions ++++++ policycoreutils-po.patch.bz2 ++++++ ++++ 271857 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils-po.patch.bz2 ++++ and /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils-po.patch.bz2 ++++++ policycoreutils-rhat.patch.bz2 ++++++ ++++ 5284 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils-rhat.patch.bz2 ++++ and /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils-rhat.patch.bz2 ++++++ policycoreutils-sepolgen.patch ++++++ ++++ 620 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils-sepolgen.patch ++++ and /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils-sepolgen.patch ++++++ selinux-polgengui.desktop ++++++ --- /var/tmp/diff_new_pack.kkWmZl/_old 2012-02-16 15:02:03.000000000 +0100 +++ /var/tmp/diff_new_pack.kkWmZl/_new 2012-02-16 15:02:03.000000000 +0100 @@ -1,7 +1,61 @@ [Desktop Entry] Name=SELinux Policy Generation Tool +Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী +Name[ca]=Eina de generació de polítiques del SELinux +Name[de]=Tool zur Erstellung von SELinux-Richtlinien +Name[es]=Generador de Políticas de SELinux +Name[fi]=SELinux-käytäntöjen generointityökalu +Name[fr]=Outil de génération de stratégies SELinux +Name[gu]=SELinux પોલિસી બનાવટ સાધન +Name[hi]=SELinux पॉलिसी जनन औजार +Name[it]=Tool di generazione della policy di SELinux +Name[ja]=SELinux ポリシー生成ツール +Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ +Name[ko]=SELinux 정책 생성 도구 +Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം +Name[mr]=SELinux करार निर्माण साधन +Name[nl]=SELinux tactiek generatie gereedschap +Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ +Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ +Name[pl]=Narzędzie tworzenia polityki SELinuksa +Name[pt]=Ferramenta de Geração de Políticas SELinux +Name[pt_BR]=Ferramenta de criação de políticas do SELinux +Name[ru]=Средство создания политики SELinux +Name[sv]=Genereringsverktyg för SELinuxpolicy +Name[ta]=SELinux பாலிசி உற்பத்தி கருவி +Name[te]=SELinux నిర్వహణ +Name[uk]=Утиліта генерації політики SELinux +Name[zh_CN]=SELinux 策略生成工具 +Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool) GenericName=SELinux Comment=Generate SELinux policy modules +Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন +Comment[ca]=Genera els mòduls de les polítiques de SELinux +Comment[de]=Tool zur Erstellung von SELinux-Richtlinien +Comment[es]=Generar módulos de política de SELinux +Comment[fi]=Generoi SELinuxin käytäntömoduuleja +Comment[fr]=Génére des modules de stratégie SELinux +Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો +Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें +Comment[it]=Genera moduli della politica di SELinux +Comment[ja]=新しいポリシーモジュールの作成 +Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು +Comment[ko]=SELinux 정책 모듈 생성 +Comment[ml]=SELinux യ പോളിസി ഘങ്ങള് തയ്യാറാക്കുക +Comment[mr]=SELinux करार घटके निर्माण करा +Comment[nl]=Maak een SELinux tactiek module aan +Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ +Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ +Comment[pl]=Tworzenie nowych modułów polityki SELinuksa +Comment[pt]=Gerar módulos de políticas SELinux +Comment[pt_BR]=Gerar módulos de política do SELinux +Comment[ru]=Генерация модулей политики SELinux +Comment[sv]=Generera SELinux-policymoduler +Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும் +Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము +Comment[uk]=Створення модулів контролю доступу SELinux +Comment[zh_CN]=生成 SELinux 策略模块 +Comment[zh_TW]=產生 SELinux 政策模組 StartupNotify=true Icon=system-config-selinux Exec=selinux-polgengui ++++++ sepolgen-1.0.19.tar.bz2 -> sepolgen-1.0.23.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/ChangeLog new/sepolgen-1.0.23/ChangeLog --- old/sepolgen-1.0.19/ChangeLog 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/ChangeLog 2010-03-24 20:57:19.000000000 +0100 @@ -1,3 +1,17 @@ +1.0.23 2010-03-24 + * Fix unit tests from Dan Walsh. + +1.0.22 2010-03-23 + * improve parser error recovery from Karl MacMillan. + +1.0.21 2010-03-18 + * Add since-last-boot option to audit2allow from Dan Walsh. + * Fix sepolgen output to match what Chris expects for upstream + refpolicy from Dan Walsh. + +1.0.20 2010-03-12 + * Add dontaudit flag to audit2allow from Dan Walsh. + 1.0.19 2009-11-27 * fix sepolgen to read a "type 1403" msg as a policy load by Stephen Smalley <s...@tycho.nsa.gov> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/VERSION new/sepolgen-1.0.23/VERSION --- old/sepolgen-1.0.19/VERSION 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/VERSION 2010-03-24 20:57:20.000000000 +0100 @@ -1 +1 @@ -1.0.19 +1.0.23 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/src/sepolgen/access.py new/sepolgen-1.0.23/src/sepolgen/access.py --- old/sepolgen-1.0.19/src/sepolgen/access.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/src/sepolgen/access.py 2010-03-24 20:57:20.000000000 +0100 @@ -127,7 +127,7 @@ return self.to_string() def to_string(self): - return "allow %s %s : %s %s;" % (self.src_type, self.tgt_type, + return "allow %s %s:%s %s;" % (self.src_type, self.tgt_type, self.obj_class, self.perms.to_space_str()) def __cmp__(self, other): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/src/sepolgen/audit.py new/sepolgen-1.0.23/src/sepolgen/audit.py --- old/sepolgen-1.0.19/src/sepolgen/audit.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/src/sepolgen/audit.py 2010-03-24 20:57:20.000000000 +0100 @@ -23,6 +23,27 @@ # Convenience functions +def get_audit_boot_msgs(): + """Obtain all of the avc and policy load messages from the audit + log. This function uses ausearch and requires that the current + process have sufficient rights to run ausearch. + + Returns: + string contain all of the audit messages returned by ausearch. + """ + import subprocess + import time + fd=open("/proc/uptime", "r") + off=float(fd.read().split()[0]) + fd.close + s = time.localtime(time.time() - off) + date = time.strftime("%D/%Y", s).split("/") + bootdate="%s/%s/%s" % (date[0], date[1], date[3]) + boottime = time.strftime("%X", s) + output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], + stdout=subprocess.PIPE).communicate()[0] + return output + def get_audit_msgs(): """Obtain all of the avc and policy load messages from the audit log. This function uses ausearch and requires that the current diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/src/sepolgen/policygen.py new/sepolgen-1.0.23/src/sepolgen/policygen.py --- old/sepolgen-1.0.19/src/sepolgen/policygen.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-03-24 20:57:20.000000000 +0100 @@ -75,6 +75,8 @@ else: self.module = refpolicy.Module() + self.dontaudit = False + def set_gen_refpol(self, if_set=None, perm_maps=None): """Set whether reference policy interfaces are generated. @@ -108,6 +110,9 @@ """ self.explain = explain + def set_gen_dontaudit(self, dontaudit): + self.dontaudit = dontaudit + def __set_module_style(self): if self.ifgen: refpolicy = True @@ -144,6 +149,8 @@ def __add_allow_rules(self, avs): for av in avs: rule = refpolicy.AVRule(av) + if self.dontaudit: + rule.rule_type = rule.DONTAUDIT if self.explain: rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain)) self.module.children.append(rule) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/src/sepolgen/refparser.py new/sepolgen-1.0.23/src/sepolgen/refparser.py --- old/sepolgen-1.0.19/src/sepolgen/refparser.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-03-24 20:57:20.000000000 +0100 @@ -279,7 +279,7 @@ # refpolicy.SupportMacros and should always be present during parsing # though it may not contain any macros. spt = None -success=True +success = True # utilities def collect(stmts, parent, val=None): @@ -921,9 +921,7 @@ # def p_error(tok): - global error - global parse_file - global success + global error, parse_file, success, parser error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file, tok.lineno, tok.value, tok.type) print error success = False @@ -939,6 +937,7 @@ lexer = None def create_globals(module, support, debug): global parser, lexer, m, spt + if not parser: lexer = lex.lex() parser = yacc.yacc(method="LALR", debug=debug, write_tables=0) @@ -955,17 +954,20 @@ def parse(text, module=None, support=None, debug=False): create_globals(module, support, debug) - lexer.lexdata = [] - lexer.lexpos = 0 - lexer.lineno = 1 + global error, parser, lexer, success + + success = True try: - parser.parse(text, debug=debug) + parser.parse(text, debug=debug, lexer=lexer) except Exception, e: - global error + parser = None + lexer = None error = "internal parser error: %s" % str(e) + "\n" + traceback.format_exc() - if error is not None: + if not success: + # force the parser and lexer to be rebuilt - we have some problems otherwise + parser = None msg = 'could not parse text: "%s"' % error raise ValueError(msg) return m @@ -973,15 +975,9 @@ def list_headers(root): modules = [] support_macros = None - blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"] for dirpath, dirnames, filenames in os.walk(root): for name in filenames: - # FIXME: these make the parser barf in various unrecoverable ways, so we must skip - # them. - if name in blacklist: - continue - modname = os.path.splitext(name) filename = os.path.join(dirpath, name) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/tests/test_access.py new/sepolgen-1.0.23/tests/test_access.py --- old/sepolgen-1.0.19/tests/test_access.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/tests/test_access.py 2010-03-24 20:57:19.000000000 +0100 @@ -82,8 +82,8 @@ a.obj_class = "file" a.perms.update(["read", "write"]) - self.assertEquals(str(a), "allow foo bar : file { read write };") - self.assertEquals(a.to_string(), "allow foo bar : file { read write };") + self.assertEquals(str(a), "allow foo bar:file { read write };") + self.assertEquals(a.to_string(), "allow foo bar:file { read write };") def test_cmp(self): a = access.AccessVector() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/tests/test_interfaces.py new/sepolgen-1.0.23/tests/test_interfaces.py --- old/sepolgen-1.0.19/tests/test_interfaces.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/tests/test_interfaces.py 2010-03-24 20:57:19.000000000 +0100 @@ -86,17 +86,17 @@ ') allow $1 usr_t:dir search; - allow { domain $1 } { usr_t usr_home_t } : { file dir } { read write getattr }; + allow { domain $1 } { usr_t usr_home_t }:{ file dir } { read write getattr }; typeattribute $1 file_type; if (foo) { - allow $1 foo : bar baz; + allow $1 foo:bar baz; } if (bar) { - allow $1 foo : bar baz; + allow $1 foo:bar baz; } else { - allow $1 foo : bar baz; + allow $1 foo:bar baz; } ') @@ -135,8 +135,8 @@ gen_require(` type usr_t; ') - allow $1 usr_t : dir { create add_name }; - allow $1 usr_t : file { read write }; + allow $1 usr_t:dir { create add_name }; + allow $1 usr_t:file { read write }; ') """ @@ -145,16 +145,16 @@ gen_require(` type usr_t; ') - allow $1 usr_t : dir { create add_name }; - allow $1 usr_t : file { read write }; + allow $1 usr_t:dir { create add_name }; + allow $1 usr_t:file { read write }; ') interface(`map', ` gen_require(` type bar_t; ') - allow $1 bar_t : file read; - allow $2 bar_t : file write; + allow $1 bar_t:file read; + allow $2 bar_t:file write; foo($2) ') @@ -163,9 +163,9 @@ gen_require(` type baz_t; ') - allow $1 baz_t : file getattr; - allow $2 baz_t : file read; - allow $3 baz_t : file write; + allow $1 baz_t:file getattr; + allow $2 baz_t:file read; + allow $3 baz_t:file write; map($1, $2) map($2, $3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/tests/test_matching.py new/sepolgen-1.0.23/tests/test_matching.py --- old/sepolgen-1.0.19/tests/test_matching.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/tests/test_matching.py 2010-03-24 20:57:19.000000000 +0100 @@ -98,16 +98,16 @@ gen_require(` type usr_t; ') - allow $1 usr_t : dir { create add_name }; - allow $1 usr_t : file { read write }; + allow $1 usr_t:dir { create add_name }; + allow $1 usr_t:file { read write }; ') interface(`map', ` gen_require(` type bar_t; ') - allow $1 bar_t : file read; - allow $2 bar_t : file write; + allow $1 bar_t:file read; + allow $2 bar_t:file write; foo($2) ') @@ -116,9 +116,9 @@ gen_require(` type baz_t; ') - allow $1 baz_t : file getattr; - allow $2 baz_t : file read; - allow $3 baz_t : file write; + allow $1 baz_t:file getattr; + allow $2 baz_t:file read; + allow $3 baz_t:file write; map($1, $2) map($2, $3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.19/tests/test_refparser.py new/sepolgen-1.0.23/tests/test_refparser.py --- old/sepolgen-1.0.19/tests/test_refparser.py 2009-12-01 21:49:11.000000000 +0100 +++ new/sepolgen-1.0.23/tests/test_refparser.py 2010-03-24 20:57:19.000000000 +0100 @@ -37,17 +37,17 @@ ') allow $1 usr_t:dir search; - allow { domain $1 } { usr_t usr_home_t } : { file dir } { read write getattr }; + allow { domain $1 } { usr_t usr_home_t }:{ file dir } { read write getattr }; typeattribute $1 file_type; if (foo) { - allow $1 foo : bar baz; + allow $1 foo:bar baz; } if (bar) { - allow $1 foo : bar baz; + allow $1 foo:bar baz; } else { - allow $1 foo : bar baz; + allow $1 foo:bar baz; } ') ++++++ system-config-selinux.desktop ++++++ --- /var/tmp/diff_new_pack.kkWmZl/_old 2012-02-16 15:02:03.000000000 +0100 +++ /var/tmp/diff_new_pack.kkWmZl/_new 2012-02-16 15:02:03.000000000 +0100 @@ -1,10 +1,64 @@ [Desktop Entry] Name=SELinux Management +Name[bn_IN]=SELinux পরিচালনা +Name[de]=SELinux-Management +Name[ca]=Gestió de SELinux +Name[es]=Administración de SELinux +Name[fi]=SELinuxin ylläpito +Name[fr]=Gestion de SELinux +Name[gu]=SELinux સંચાલન +Name[hi]=SELinux प्रबंधन +Name[jp]=SELinux 管理 +Name[it]=Gestione di SELinux +Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ +Name[ko]=SELinux 관리 +Name[ml]=SELinux മാനേജ്മെന്റ് +Name[mr]=SELinux मॅनेजमेंट +Name[nl]=SELinux beheer +Name[or]=SELinux ପରିଚାଳନା +Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ +Name[pl]=Zarządzanie SELinuksem +Name[pt_BR]=Gerenciamento do SELinux +Name[pt]=Gestão de SELinux +Name[ru]=Управление SELinux +Name[sv]=SELinux-hantering +Name[ta]=SELinux மேலாண்மை +Name[te]=SELinux నిర్వహణ +Name[uk]=Керування SELinux +Name[zh_CN]=SELinux 管理 +Name[zh_TW]=SELinux 管理 GenericName=SELinux Comment=Configure SELinux in a graphical setting +Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন +Comment[ca]=Configura SELinuc an mode de preferències gràfiques +Comment[de]=SELinux in einer grafischen Einstellung konfigurieren +Comment[es]=Defina SELinux en una configuración de interfaz gráfica +Comment[fi]=Tee SELinuxin asetukset graafisesti +Comment[fr]=Configure SELinux dans un environnement graphique +Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો +Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें +Comment[it]=Configura SELinux in una impostazione grafica +Comment[jp]=グラフィカルな設定画面で SELinux を設定する +Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정 +Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ +Comment[ml]=ഒരു ഗ്രാഫിക്കല് സജ്ജീകരണത്തില് SELinux ക്രമീകരിയ്ക്കുക +Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा +Comment[nl]=Configureer SELinux in een grafische omgeving +Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ +Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ +Comment[pl]=Konfiguracja SELinuksa w trybie graficznym +Comment[pt]=Configurar o SELinux num ambiente gráfico +Comment[pt_BR]=Configure o SELinux em uma configuração gráfica +Comment[ru]=Настройка SELinux в графическом режиме +Comment[sv]=Konfigurera SELinux i en grafisk miljö +Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும் +Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము +Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом +Comment[zh_CN]=在图形设置中配置 SELinux +Comment[zh_TW]=在圖形話設定中配置 SELinux StartupNotify=true Icon=system-config-selinux Exec=system-config-selinux Type=Application Terminal=false -Categories=System;Security;Settings; +Categories=System;Security;Settings; \ No newline at end of file -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org