--- policycoreutils-2.0.43.orig/debian/NEWS.Debian +++ policycoreutils-2.0.43/debian/NEWS.Debian @@ -0,0 +1,17 @@ +policycoreutils (1.30.28-1) unstable; urgency=low + + * With this version of policycoreutils, the file /etc/selinux/config + shall have the variable SELINUXTYPE set to refpolicy-targeted (you may + also set it to be refpolicy-strict or refpolicy-src). Only 1.30.26-3 + created the file with SELINUXTYPE set to targeted (which is + appropriate on Red Hat machines and not Debian). We can't + automatically change /etc/selinux/config (preserve user changes) since + /etc/selinux/targeted/policy/policy.N might be a legitimate local + security policy. If it is not, and if any of the files + /etc/selinux/refpolicy-targeted/policy/policy.N, + /etc/selinux/refpolicy-strict/policy/policy.N, or + /etc/selinux/refpolicy-src/policy/policy.N exist, please select one + for the SELINUXTYPE variable in /etc/selinux/config + + -- Manoj Srivastava Thu, 7 Sep 2006 11:37:19 -0500 + --- policycoreutils-2.0.43.orig/debian/policycoreutils.install +++ policycoreutils-2.0.43/debian/policycoreutils.install @@ -0,0 +1,9 @@ +/etc/* +/sbin/* +/usr/bin/* +/usr/sbin/* +/usr/sbin/load_policy /sbin +/usr/share/locale/* +/usr/share/man/man1/* +/usr/share/man/man8/* +/usr/share/python-support/site-packages/seobject.py /usr/share/python-support/python-semanage --- policycoreutils-2.0.43.orig/debian/run_init.pam +++ policycoreutils-2.0.43/debian/run_init.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 + +auth required pam_unix.so --- policycoreutils-2.0.43.orig/debian/newrole.pam +++ policycoreutils-2.0.43/debian/newrole.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 + +auth required pam_unix.so --- policycoreutils-2.0.43.orig/debian/rules +++ policycoreutils-2.0.43/debian/rules @@ -0,0 +1,23 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk +include /usr/share/cdbs/1/class/makefile.mk + +# Add here any variable or target overrides you need. + +DEB_DH_INSTALL_ARGS = --sourcedir=debian/tmp +DEB_MAKE_CLEAN_TARGET = clean +DEB_MAKE_BUILD_TARGET = all +DEB_MAKE_INSTALL_TARGET = DESTDIR=$(CURDIR)/debian/tmp PYTHONLIBDIR=$(CURDIR)/debian/tmp/usr/share/python-support/$(package) install +DEB_MAKE_CHECK_TARGET = test + +DEB_COMPRESS_EXCLUDE = .py + +DEB_UPDATE_RCD_PARAMS_restorecond = --name=restorecond -- defaults 1 +DEB_UPDATE_RCD_PARAMS_restorecon = --name=restorecon -- defaults 1 + +binary-install/policycoreutils:: + dh_pysupport -ppolicycoreutils + dh_installinit -ppolicycoreutils --name restorecond -- defaults 1 + dh_installinit -ppolicycoreutils --name restorecon -- defaults 1 --- policycoreutils-2.0.43.orig/debian/control +++ policycoreutils-2.0.43/debian/control @@ -0,0 +1,43 @@ +Source: policycoreutils +Section: utils +Priority: optional +Maintainer: Ubuntu Hardened Developers +XSBC-Original-Maintainer: Caleb Case +Build-Depends: cdbs, debhelper (>= 5), libselinux1-dev (>= 2.0.55), libsepol1-dev (>= 2.0.20), libsemanage1-dev (>= 2.0.23), gettext, python-support, quilt +Standards-Version: 3.7.2 + +Package: policycoreutils +Architecture: any +Pre-Depends: libselinux1 (>= 2.0.55) +Depends: ${shlibs:Depends}, libsepol1 (>= 2.0.20), python, python-semanage, python-selinux, python-sepolgen (>= 1.0.11), checkpolicy +Recommends: selinux-policy +Conflicts: selinux-policy-default (<< 1:1.4-5), selinux-utils (<< 1.28-2) +Description: SELinux core policy utilities + Security-enhanced Linux is a patch of the Linux® kernel and a number + of utilities with enhanced security functionality designed to add + mandatory access controls to Linux. The Security-enhanced Linux + kernel contains new architectural components originally developed to + improve the security of the Flask operating system. These + architectural components provide general support for the enforcement + of many kinds of mandatory access control policies, including those + based on the concepts of Type Enforcement®, Role-based Access Control, + and Multi-level Security. + . + This package contains the policy utilities that are necessary for basic + operation of an SELinux system. + +Package: policycoreutils-dbg +Architecture: any +Depends: policycoreutils (= ${binary:Version}) +Description: SELinux core policy utilities + Security-enhanced Linux is a patch of the Linux® kernel and a number + of utilities with enhanced security functionality designed to add + mandatory access controls to Linux. The Security-enhanced Linux + kernel contains new architectural components originally developed to + improve the security of the Flask operating system. These + architectural components provide general support for the enforcement + of many kinds of mandatory access control policies, including those + based on the concepts of Type Enforcement®, Role-based Access Control, + and Multi-level Security. + . + policycoreutils-dbg contains the debugging symbols for policycoreutils. --- policycoreutils-2.0.43.orig/debian/policycoreutils.restorecond.init +++ policycoreutils-2.0.43/debian/policycoreutils.restorecond.init @@ -0,0 +1,103 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides : restorecond +# Required-Start: +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Daemon used to maintain file contexts. +# Description: restorecond uses inotify to look for creation of +# new files and relabels them according to the policy +# file contexts. See /etc/selinux/restorecond.conf for +# affected files. +# +### END INIT INFO + +# restorecond: Daemon used to maintain path file context +# +# chkconfig: 2345 12 87 +# description: restorecond uses inotify to look for creation of new files \ +# listed in the /etc/selinux/restorecond.conf file, and restores the \ +# correct security context. +# +# processname: /usr/sbin/restorecond +# config: /etc/selinux/restorecond.conf +# pidfile: /var/run/restorecond.pid +# +# Return values according to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +# Source function library. +. /lib/lsb/init-functions + +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0 + +# Check that we are root ... so non-root users stop here +test `/usr/bin/id -u` = 0 || exit 4 + +test -x /usr/sbin/restorecond || exit 5 +test -f /etc/selinux/restorecond.conf || exit 6 + +RETVAL=0 + +start() +{ + log_daemon_msg "Starting restorecond" + unset HOME MAIL USER USERNAME + /sbin/start-stop-daemon --start --quiet --pidfile=/var/run/restorecond.pid --oknodo --exec /usr/sbin/restorecond + RETVAL=$? + /usr/bin/touch /var/lock/restorecond + log_end_msg $RETVAL + return $RETVAL +} + +stop() +{ + log_daemon_msg "Shutting down restorecond" + /sbin/start-stop-daemon --stop --quiet --pidfile=/var/run/restorecond.pid restorecond + RETVAL=$? + /bin/rm -f /var/lock/restorecond + log_end_msg $RETVAL + return $RETVAL +} + +restart() +{ + stop + start +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status restorecond + RETVAL=$? + ;; + restart|reload) + restart + ;; + condrestart) + [ -e /var/lock/restorecond ] && restart || : + ;; + *) + log_failure_msg "Usage: $0 (start|stop|restart|reload|condrestart)" + RETVAL=3 +esac + +exit $RETVAL + --- policycoreutils-2.0.43.orig/debian/policycoreutils.postrm +++ policycoreutils-2.0.43/debian/policycoreutils.postrm @@ -0,0 +1,46 @@ +#!/bin/sh +# postrm script for policycoreutils +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + if [ -e /etc/selinux/config ]; then + echo "Removing old /etc/selinux/config file." + /bin/rm -f /etc/selinux/config + fi + ;; + + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- policycoreutils-2.0.43.orig/debian/changelog +++ policycoreutils-2.0.43/debian/changelog @@ -0,0 +1,851 @@ +policycoreutils (2.0.43-0ubuntu2) hardy; urgency=low + + * debian/policycoreutils.install, debian/policycoreutils.links: + - Moved load_policy from /usr/sbin to /sbin and added symlink (LP: #126415). + + -- Caleb Case Fri, 29 Feb 2008 12:26:07 -0500 + +policycoreutils (2.0.43-0ubuntu1) hardy; urgency=low + + [ Caleb Case ] + * New upstream SVN HEAD + + Merged support for non-interactive newrole command invocation from + Tim Reed. + + Update Makefile to not build restorecond if + /usr/include/sys/inotify.h is not present + + Drop verbose output on fixfiles -C from Dan Walsh. + + Fix argument handling in fixfiles from Dan Walsh. + + Enhance boolean support in semanage, including using the .xml + description when available, from Dan Walsh. + + load_policy initial load option from Chad Sellers. + + Fix semodule option handling from Dan Walsh. + + Add deleteall support for ports and fcontexts in semanage from Dan + Walsh. + + Add genhomedircon script to invoke semodule -Bn from Dan Walsh. + + Update semodule man page for -D from Dan Walsh. + + Add boolean, locallist, deleteall, and store support to semanage + from Dan Walsh. + + Improve semodule reporting of system errors from Stephen Smalley. + + Fix setfiles selabel option flag setting for 64-bit from Stephen + Smalley. + + Remove genhomedircon script (functionality is now provided + within libsemanage) from Todd Miller. + + Fix genhomedircon searching for USER from Todd Miller + + Install run_init with mode 0755 from Dan Walsh. + + Fix chcat from Dan Walsh. + + Fix fixfiles pattern expansion and error reporting from Dan Walsh. + + Optimize genhomedircon to compile regexes once from Dan Walsh. + + Fix semanage gettext call from Dan Walsh. + + Disable dontaudits via semodule -D + + Rebase setfiles to use new labeling interface. + + Fixed setsebool (falling through to error path on success). + + Merged genhomedircon fixes from Dan Walsh. + + Merged setfiles -c usage fix from Dan Walsh. + + Merged restorecon fix from Yuichi Nakamura. + + Dropped -lsepol where no longer needed. + + Merge newrole support for alternate pam configs from Ted X Toth. + + Merged merging of restorecon into setfiles from Stephen Smalley. + + Merged genhomedircon fix to find conflicting directories correctly + from Dan Walsh. + * debian/policycoreutils.restorecon.init + * Removing improper '$' + + [ Joseph Jackson IV ] + * debian/control + - Update Debian Maintainer field + + -- Caleb Case Sat, 09 Feb 2008 21:36:48 -0500 + +policycoreutils (2.0.16-1) unstable; urgency=low + + * New upstream SVN HEAD + + Merged updates to sepolgen-ifgen from Karl MacMillan. + + Merged seobject setransRecords patch to return the first alias from + Xavier Toth. + + Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon + patches from Dan Walsh. + + Dropped -b option from load_policy in preparation for always + preserving booleans across reloads in the kernel. + + Merged genhomedircon patch to use the __default__ setting from Dan + Walsh. + + Merged setsebool patch to only use libsemanage for persistent boolean + changes from Stephen Smalley. + + Build fix for setsebool. + + Merged move of audit2why to /usr/bin from Dan Walsh. + + Merged support for modifying the prefix via semanage from Dan Walsh. + + -- Manoj Srivastava Sun, 6 May 2007 18:06:30 -0500 + +policycoreutils (2.0.7-1) unstable; urgency=low + + * New upstream trunk release + * Merged sepolgen and audit2allow patches to leave generated files in + the current directory from Karl MacMillan. + * Merged small fix to correct include of errcodes.h in semodule_deps + from Dan Walsh. + * Merged new audit2allow from Karl MacMillan. This audit2allow depends + on the new sepolgen python module. Note that you must run the + sepolgen-ifgen tool to generate the data needed by audit2allow to + generate refpolicy. + + * Added build and runtime dependencies on sepolgen + * Fixed watch file to correctly reflect the fact that this is the trunk + version. + + -- Manoj Srivastava Fri, 20 Apr 2007 10:53:23 -0500 + +policycoreutils (1.34.6-1) unstable; urgency=low + + * New upstream release + * Merged restorecond init script LSB compliance patch from Steve Grubb. + * Merged newrole O_NONBLOCK fix from Linda Knippers. + * Merged restorecond memory leak fix from Steve Grubb. + * Merged translations update from Dan Walsh. + * Merged chcat fixes from Dan Walsh. + * Merged man page fixes from Dan Walsh. + * Merged seobject prefix validity checking from Dan Walsh. + * Merged seobject exception handler fix from Caleb Case. + * Merged setfiles memory leak patch from Todd Miller. + * Fixed newrole non-pam build. + * Updated version for stable branch. + * Merged po file updates from Dan Walsh. + * Removed update-po from all target in po/Makefile. + * Merged unicode-to-string fix for seobject audit from Dan Walsh. + * Merged man page updates to make "apropos selinux" work from Dan Walsh. + * Merged newrole man page patch from Michael Thompson. + * Merged patch to fix python unicode problem from Dan Walsh. + * Merged newrole securetty check from Dan Walsh. + * Merged semodule patch to generalize list support from Karl MacMillan. + * Merged fixfiles and seobject fixes from Dan Walsh. + * Merged semodule support for list of modules after -i from Karl MacMillan. + * Merged patch to correctly handle a failure during semanage handle + creation from Karl MacMillan. + * Merged patch to fix seobject role modification from Dan Walsh. + * Merged patches from Dan Walsh to: + - omit the optional name from audit2allow + - use the installed python version in the Makefiles + - re-open the tty with O_RDWR in newrole + * Patch from Dan Walsh to correctly suppress warnings in load_policy. + * Patch from Dan Walsh to add an pam_acct_msg call to run_init + * Patch from Dan Walsh to fix error code returns in newrole + * Patch from Dan Walsh to remove verbose flag from semanage man page + * Patch from Dan Walsh to make audit2allow use refpolicy Makefile + in /usr/share/selinux/ + * Merged patch from Michael C Thompson to clean up genhomedircon + error handling. + * Merged po file updates from Dan Walsh. + * Merged setsebool patch from Karl MacMillan. + This fixes a bug reported by Yuichi Nakamura with + always setting booleans persistently on an unmanaged system. + * Merged patch from Dan Walsh (via Karl MacMillan): + * Added newrole audit message on login failure + * Add /var/log/wtmp to restorecond.conf watch list + * Fix genhomedircon, semanage, semodule_expand man pages. + * Merged newrole patch set from Michael Thompson. + * Added XS-VCS-Arch and XS-VCS-Browse to debian/control, and upgrraded + build dependencies. + + -- Manoj Srivastava Thu, 19 Apr 2007 00:57:48 -0500 + +policycoreutils (1.32-3) unstable; urgency=high + + * Remember to run arch_export from the correct checked out working tree, + so as to include the patches that you tested in the upload. + + -- Manoj Srivastava Wed, 7 Mar 2007 16:27:19 -0600 + +policycoreutils (1.32-2) unstable; urgency=low + + * Bug fix: "policycoreutils: fixfiles should warn if no suitable fs + found", thanks to David Härdeman. This was a missing simple check -- + now fixfiles does not attempt to run setfiles on an empty set if it + did not find a valid directory. Low risk, simple test. (Closes: #397198). + * Bug fix: "policycoreutils: audit2allow line 135 should refer to debian + package", thanks to Russell Coker. It now asks the users to install + the checkpolicy package, not the chckpolicy rpm package. + (Closes: #401369). + * Bug fix: "policycoreutils: patch for semanage.8", thanks to Russell + Coker. This adds some options that had been missing from the man page. + (Closes: #406702). + * Bug fix: "policycoreutils: fixfiles excludes reiserfs", thanks to + David Härdeman. Actually, it should: Support for atomic inode labeling + has not been implemented in reiserfs, so there is no SELinux support + for it. This is documented in selinux-doc. Reiser just won't label + files when they are created making it basically worthless for xattr + labeling. (Closes: #397196). + + -- Manoj Srivastava Sun, 4 Mar 2007 00:06:37 -0600 + +policycoreutils (1.32-1) unstable; urgency=low + + * New upstream release + * Merged newrole auditing of failures due to user actions from Michael + Thompson. + * Merged audit2allow -l fix from Yuichi Nakamura. + * Merged restorecon -i and -o - support from Karl MacMillan. + * Merged semanage/seobject fix from Dan Walsh. + * Merged fixfiles -R and verify changes from Dan Walsh. + * Updated version for release. + * Bug fix: "/sbin/fixfiles: bash-ism in /sbin/fixfiles", thanks to Paul + Cupis (Closes: #391674). + + -- Manoj Srivastava Fri, 20 Oct 2006 17:12:58 -0500 + +policycoreutils (1.30.29-1) unstable; urgency=low + + * New upstream point release + * Man page corrections from Dan Walsh + * Change all python invocations to /usr/bin/python -E + * Add missing getopt flags to genhomedircon + + -- Manoj Srivastava Wed, 20 Sep 2006 15:09:32 -0500 + +policycoreutils (1.30.28-2) unstable; urgency=low + + * Bug fix: "Is purging of the whole /etc/selinux a good idea?", thanks + to Uwe Hermann. Perhaps not. (Closes: #386929). + * Bug fix: "postinst: /etc/selinux/config: no such file or directory", + thanks to Uwe Hermann (Closes: #386927). + + -- Manoj Srivastava Mon, 11 Sep 2006 16:29:44 -0500 + +policycoreutils (1.30.28-1) unstable; urgency=low + + * New upstream point release + * Merged fix for restorecon symlink handling from Erich Schubert. + * Merged fix for restorecon // handling from Erich Schubert. + * Merged translations update and fixfiles fix from Dan Walsh. + * Fix the initial /etc/selinux/config to refer to + SELINUXTYPE=refpolicy-targeted to match what we ship (as opposed to + paths on red hat installations). + * Bug fix: "Can't open '/etc/selinux/targeted/policy/policy.20': No such + file or directory", thanks to Uwe Hermann (Closes: #384852). + * Add md5sums + * With this version of policycoreutils, the file /etc/selinux/config + shall have the variable SELINUXTYPE set to refpolicy-targeted (you may + also set it to be refpolicy-strict or refpolicy-src). Only 1.30.26-3 + created the file with SELINUXTYPE set to targeted (which is + appropriate on Red Hat machines and not Debian). We can't + automatically change /etc/selinux/config (preserve user changes) since + /etc/selinux/targeted/policy/policy.N might be a legitimate local + security policy. If it is not, and if any of the files + /etc/selinux/refpolicy-targeted/policy/policy.N, + /etc/selinux/refpolicy-strict/policy/policy.N, or + /etc/selinux/refpolicy-src/policy/policy.N exist, please select one + for the SELINUXTYPE variable in /etc/selinux/config + + -- Manoj Srivastava Thu, 7 Sep 2006 11:37:47 -0500 + +policycoreutils (1.30.26-3) unstable; urgency=low + + * Create /etc/selinux/config if that file does not exist. We default to + targeted permissive. + * Recommend on of the new reference policy based policy packages. + + -- Manoj Srivastava Mon, 21 Aug 2006 16:42:22 -0500 + +policycoreutils (1.30.26-2) unstable; urgency=low + + * Bug fix: "ImportError: No module named seobject", thanks to Erich + Schubert. Fix wrong directory the modules were installed in. (Closes: #383101). + + -- Manoj Srivastava Tue, 15 Aug 2006 00:44:57 -0500 + +policycoreutils (1.30.26-1) unstable; urgency=low + + * New upstream point release + * Merged semanage local file contexts patch from Chris PeBenito. + + -- Manoj Srivastava Sun, 13 Aug 2006 00:50:58 -0500 + +policycoreutils (1.30.25-1) unstable; urgency=low + + * New upstream point release. + * Merged patch from Dan Walsh with: + * audit2allow: process MAC_POLICY_LOAD events + * newrole: run shell with - prefix to start a login shell + * po: po file updates + * restorecond: bail if SELinux not enabled + * fixfiles: omit -q + * genhomedircon: fix exit code if non-root + * semodule_deps: install man page + * Merged secon Makefile fix from Joshua Brindle. + * Merged netfilter contexts support patch from Chris PeBenito. + * Merged restorecond size_t fix from Joshua Brindle. + * Merged secon keycreate patch from Michael LeMay. + * Merged restorecond fixes from Dan Walsh. + Merged updated po files from Dan Walsh. + * Merged python gettext patch from Stephen Bennett. + * Merged semodule_deps from Karl MacMillan. + * Lindent. + * Merged patch from Dan Walsh with: + * -p option (progress) for setfiles and restorecon. + * disable context translation for setfiles and restorecon. + * on/off values for setsebool. + * Merged setfiles and semodule_link fixes from Joshua Brindle. + * Merged fix for setsebool error path from Serge Hallyn. + * Merged patch from Dan Walsh with: + * Updated po files. + * Fixes for genhomedircon and seobject. + * Audit message for mass relabel by setfiles. + * Updated fixfiles script for new setfiles location in /sbin. + * Merged more translations from Dan Walsh. + * Merged patch to relocate setfiles to /sbin for early relabel + when /usr might not be mounted from Dan Walsh. + * Merged semanage/seobject patch to preserve fcontext ordering in list. + * Merged secon patch from James Antill. + * Merged patch with updates to audit2allow, secon, genhomedircon, + and semanage from Dan Walsh. + * Fixed audit2allow and po Makefiles for DESTDIR= builds. + * Merged .po file patch from Dan Walsh. + * Merged bug fix for genhomedircon. + * Merged patch from Dan Walsh. + This includes audit2allow changes for analysis plugins, + internationalization support for several additional programs + and added po files, some fixes for semanage, and several cleanups. + It also adds a new secon utility. + * Merged fix warnings patch from Karl MacMillan. + * Merged semanage prefix support from Russell Coker. + * Added a test to setfiles to check that the spec file is + a regular file. + * Merged audit2allow fixes for refpolicy from Dan Walsh. + * Merged fixfiles patch from Dan Walsh. + * Merged restorecond daemon from Dan Walsh. + * Merged semanage non-MLS fixes from Chris PeBenito. + * Merged semanage and semodule man page examples from Thomas Bleher. + * Merged semanage labeling prefix patch from Ivan Gyurdiev. + * Bug fix: "ImportError: No module named semanage", thanks to Uwe + Hermann. Since the new semanage package has moved to the new Python + policy, and we depend on it, this issue is resolved. (Closes: #372543). + * Bug fix: "policycoreutils: incorrect syntax in genhomedircon", thanks + to Piotr Meyer. The new point release fixes this. (Closes: #369852). + * Remove support for restorecond, since we do not have support for + inotify in glibc (glibc 2.4 is sitting in experimental) + + -- Manoj Srivastava Sat, 12 Aug 2006 23:52:53 -0500 + +policycoreutils (1.30-2) unstable; urgency=low + + * Bug fix: "policycoreutils - FTBFS: error: 'SEMANAGE_CAN_READ' + undeclared", thanks to Bastian Blank. Tighten dependency on + libsemanage1-dev (Closes: #361903). + + -- Manoj Srivastava Tue, 11 Apr 2006 09:07:42 -0500 + +policycoreutils (1.30-1) unstable; urgency=low + + * New upstream release + * Updated version for release. + * Merged German translations (de.po) by Debian translation team from Manoj Srivastava. + * Merged audit2allow -R support, chcat fix, semanage MLS checks + and semanage audit calls from Dan Walsh. + * Merged semanage bug fix patch from Ivan Gyurdiev. + * Merged improve bindings patch from Ivan Gyurdiev. + * Merged semanage usage patch from Ivan Gyurdiev. + * Merged use PyList patch from Ivan Gyurdiev. + * Merged newrole -V/--version support from Glauber de Oliveira Costa. + * Merged genhomedircon prefix patch from Dan Walsh. + * Merged optionals in base patch from Joshua Brindle. + * Merged seuser/user_extra support patch to semodule_package + from Joshua Brindle. + * Merged getopt type fix for semodule_link/expand and sestatus + from Chris PeBenito. + * Merged clone record on set_con patch from Ivan Gyurdiev. + * Merged genhomedircon fix from Dan Walsh. + * Merged seusers.system patch from Ivan Gyurdiev. + * Merged improve port/fcontext API patch from Ivan Gyurdiev. + * Merged genhomedircon patch from Dan Walsh. + * Merged newrole audit patch from Steve Grubb. + * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. + * Merged semanage and semodule access check patches from Joshua Brindle. + * Merged restorecon, chcat, and semanage patches from Dan Walsh. + * Modified newrole and run_init to use the loginuid when + supported to obtain the Linux user identity to re-authenticate, + and to fall back to real uid. Dropped the use of the SELinux + user identity, as Linux users are now mapped to SELinux users + via seusers and the SELinux user identity space is separate. + * Merged semanage bug fixes from Ivan Gyurdiev. + * Merged semanage fixes from Russell Coker. + * Merged chcat.8 and genhomedircon patches from Dan Walsh. + * Merged chcat, semanage, and setsebool patches from Dan Walsh. + * Merged semanage fixes from Ivan Gyurdiev. + * Merged semanage fixes from Russell Coker. + * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh. + * Merged newrole cleanup patch from Steve Grubb. + * Merged setfiles/restorecon performance patch from Russell Coker. + * Merged genhomedircon and semanage patches from Dan Walsh. + * Merged remove add_local/set_local patch from Ivan Gyurdiev. + * Added filename to semodule error reporting. + * Merged genhomedircon and semanage patch from Dan Walsh. + * Changed semodule error reporting to include argv[0]. + * Merged semanage getpwnam bug fix from Serge Hallyn (IBM). + * Merged patch series from Ivan Gyurdiev. + This includes patches to: + - cleanup setsebool + - update setsebool to apply active booleans through libsemanage + - update semodule to use the new semanage_set_rebuild() interface + - fix various bugs in semanage + * Merged patch from Dan Walsh (Red Hat). + This includes fixes for restorecon, chcat, fixfiles, genhomedircon, + and semanage. + * Merged patch for chcat script from Dan Walsh. + * Merged fix for audit2allow long option list from Dan Walsh. + * Merged -r option for restorecon (alias for -R) from Dan Walsh. + * Merged chcat script and man page from Dan Walsh. + + + -- Manoj Srivastava Mon, 10 Apr 2006 15:11:05 -0500 + +policycoreutils (1.28-6) unstable; urgency=low + + * Hmm. Actually ship the postrm file, so we really remove setfiles.old + + -- Manoj Srivastava Sun, 12 Mar 2006 10:55:39 -0600 + +policycoreutils (1.28-5) unstable; urgency=low + + * Bug fix: "policycoreutils: [L10N:DE] German PO file update", thanks to + Holger Wansing (Closes: #353069). + + -- Manoj Srivastava Sun, 12 Mar 2006 10:17:22 -0600 + +policycoreutils (1.28-4) unstable; urgency=low + + * Bug fix: "undeclared conflict with selinux-utils over + /usr/sbin/setsebool", thanks to Robert Bihlmeyer (Closes: #346356). + + -- Manoj Srivastava Mon, 23 Jan 2006 13:38:02 -0600 + +policycoreutils (1.28-3) unstable; urgency=low + + * Furthe changes to build dependencies; we now need python 2.4, since we + use the selinux and semanage python bindings. + + -- Manoj Srivastava Sun, 1 Jan 2006 18:27:15 -0600 + +policycoreutils (1.28-2) unstable; urgency=low + + * Fix build dependencies; remove debian revisions from the dependency + relations to facilitate backports. + + -- Manoj Srivastava Sat, 31 Dec 2005 14:20:08 -0600 + +policycoreutils (1.28-1) unstable; urgency=low + + * New upstream release + * Updated version for release. + * Clarified the genhomedircon warning message. + * Changed genhomedircon to warn on use of ROLE in homedir_template + if using managed policy, as libsemanage does not yet support it. + * Merged genhomedircon bug fix from Dan Walsh. + * Revised semodule* man pages to refer to checkmodule and + to include example sections. + * Merged audit2allow --tefile and --fcfile support from Dan Walsh. + * Merged genhomedircon fix from Dan Walsh. + * Merged semodule* man pages from Dan Walsh, and edited them. + * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to + retain validation/canonicalization of contexts during init. + * Changed genhomedircon to always use user_r for the role in the + managed case since user_get_defrole is broken. + * Merged sestatus, audit2allow, and semanage patch from Dan Walsh. + * Fixed semodule -v option. + * Merged audit2allow python script from Dan Walsh. + (old script moved to audit2allow.perl, will be removed later). + * Merged genhomedircon fixes from Dan Walsh. + * Merged semodule quieting patch from Dan Walsh + (inverts default, use -v to restore original behavior). + * Merged genhomedircon rewrite from Dan Walsh. + * Merged setsebool cleanup patch from Ivan Gyurdiev. + * Added -B (--build) option to semodule to force a rebuild. + * Reverted setsebool patch to call semanage_set_reload_bools(). + * Changed setsebool to disable policy reload and to call + security_set_boolean_list to update the runtime booleans. + * Changed setfiles -c to use new flag to set_matchpathcon_flags() + to disable context translation by matchpathcon_init(). + * Changed setfiles for the context canonicalization support. + * Changed setsebool to call semanage_is_managed() interface + and fall back to security_set_boolean_list() if policy is + not managed. + * Merged setsebool memory leak fix from Ivan Gyurdiev. + * Merged setsebool patch to call semanage_set_reload_bools() + interface from Ivan Gyurdiev. + * Merged setsebool patch from Ivan Gyurdiev. + This moves setsebool from libselinux/utils to policycoreutils, + and rewrites it to use libsemanage for permanent boolean changes. + * Merged semodule support for reload, noreload, and store options + from Joshua Brindle. + * Merged semodule_package rewrite from Joshua Brindle. + * Cleaned up usage and error messages and releasing of memory by + semodule_* utilities. + * Corrected error reporting by semodule. + * Updated semodule_expand for change to sepol interface. + * Merged fixes for make DESTDIR= builds from Joshua Brindle. + * Updated semodule_package for sepol interface changes. + * Updated semodule_expand/link for sepol interface changes. + * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood. + * Updated semodule_expand to use get interfaces for hidden sepol_module_package type. + * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat). + * Merged fixfiles patch from Dan Walsh (Red Hat). + * Updated semodule for removal of semanage_strerror. + * Updated semodule_link and semodule_expand to use shared libsepol. + Fixed audit2why to call policydb_init prior to policydb_read (still + uses the static libsepol). + * Bug fix: "policycoreutils: doesn't remove /usr/sbin/setfiles.old on + purge", thanks to Lars Wirzenius (Closes: #341418). + + -- Manoj Srivastava Fri, 30 Dec 2005 00:56:01 -0600 + +policycoreutils (1.26-1) unstable; urgency=low + + * New upstream release + * Updated version for release. + * Changed setfiles -c to translate the context to raw format + prior to calling libsepol. + * Changed semodule to report errors even without -v, + to detect extraneous arguments, and corrected usage message. + * Merged patch for fixfiles -C from Dan Walsh. + * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM). + Bugs found by Coverity. + * Merged patch to move module read/write code from libsemanage + to libsepol from Jason Tang (Tresys). + * Changed semodule* to link with libsemanage. + * Merged restorecon patch from Ivan Gyurdiev. + * Merged load_policy, newrole, and genhomedircon patches from Red Hat. + * Merged loadable module support from Tresys Technology. + * Updated build depends. (Closes: #326153). + * policycoreutils: run_init blocks sigCHLD but doesn't unblock it before + exec, thanks to Erich Schubert (Closes: #326152). + + -- Manoj Srivastava Thu, 15 Sep 2005 01:06:11 -0500 + +policycoreutils (1.24-2) unstable; urgency=low + + * use /etc/adduser.conf as authoritative for the starting UID, and + otherwise change genhomedircon to match Debian practice. This had + worked while Russell Coker maintained this package, but this patch was + lost in transition. + * Bug fix: "FTBFS: build-depends not strict enough", thanks to Christian + T. Steigies (Closes: #316440). + + -- Manoj Srivastava Thu, 7 Jul 2005 13:11:01 -0500 + +policycoreutils (1.24-1) unstable; urgency=low + + * New upstream release + * Updated version for release. + * Merged fixfiles and newrole patch from Dan Walsh. + * Merged audit2why man page from Dan Walsh. + * Extended audit2why to incorporate booleans and local user + settings when analyzing audit messages. + * Updated audit2why for sepol_ prefixes on Flask types to + avoid namespace collision with libselinux, and to + include now. + * Added audit2why utility. + * Merged patch for fixfiles from Dan Walsh. + Allow passing -F to force reset of customizable contexts. + * Fixed signed/unsigned pointer bug in load_policy. + * Reverted context validation patch for genhomedircon. + * Reverted load_policy is_selinux_enabled patch from Dan Walsh. + Otherwise, an initial policy load cannot be performed using + load_policy, e.g. for anaconda. + * Merged load_policy is_selinux_enabled patch from Dan Walsh. + * Merged restorecon verbose output patch from Dan Walsh. + * Merged setfiles altroot patch from Chris PeBenito. + * Merged context validation patch for genhomedircon from Eric Paris. + * Changed setfiles -c to call set_matchpathcon_flags(3) to + turn off processing of .homedirs and .local. + * Merged rewrite of genhomedircon by Eric Paris. + * Changed fixfiles to relabel jfs since it now supports security xattrs + (as of 2.6.11). Removed reiserfs until 2.6.12 is released with + fixed support for reiserfs and selinux. + + -- Manoj Srivastava Mon, 27 Jun 2005 16:00:56 -0500 + +policycoreutils (1.22+0-2) unstable; urgency=low + + * New upstream release + * Bug fix: "policycoreutils: package description typo(s) and the like", + thanks to Florian Zumbiehl (Closes: #300054). + + -- Manoj Srivastava Thu, 17 Mar 2005 19:54:20 -0600 + +policycoreutils (1.22+0-1) unstable; urgency=low + + * An release number designed to fix up fix the broken orig.tar.gz in the + previous release. This is really the 1.22-2 release, but the + 1.22.orig.tar.gz in the archive is an incorrect one. + * Bug fix: "policycoreutils: FTBFS due to undeclared functions", thanks + to Christian T. Steigies. The build dependencies needed to be + versioned as well. (Closes: #299338). + + -- Manoj Srivastava Sun, 13 Mar 2005 13:36:24 -0600 + +policycoreutils (1.22-1) unstable; urgency=low + + * New upstream release + * Merged restorecon and genhomedircon patch from Dan Walsh. + * Merged load_policy and genhomedircon patch from Dan Walsh. + * Merged fixfiles and genhomedircon patch from Dan Walsh. + * Merged several fixes from Ulrich Drepper. + * Changed load_policy to fall back to the original policy upon + an error from sepol_genusers(). + * Merged new genhomedircon script from Dan Walsh. + * Changed load_policy to call sepol_genusers(). + * Changed relabel Makefile target to use restorecon. + * Merged restorecon patch from Dan Walsh. + * Merged sestatus patch from Dan Walsh. + * Merged further change to fixfiles -C from Dan Walsh. + * Merged further patches for restorecon/setfiles -e and fixfiles -C. + * Merged patch for fixfiles -C option from Dan Walsh. + * Merged patch -e support for restorecon from Dan Walsh. + * Merged updated -e support for setfiles from Dan Walsh. + * Merged patch for open_init_pty from Manoj Srivastava. + * Merged updated fixfiles script from Dan Walsh. + * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped. + * Reverted fixfiles patch for file_contexts.local; + obsoleted by setfiles rewrite. + * Merged error handling patch for restorecon from Dan Walsh. + * Merged semi raw mode for open_init_pty helper from Manoj Srivastava. + * Rewrote setfiles to use matchpathcon and the new interfaces + exported by libselinux (>= 1.21.5). + * Prevent overflow of spec array in setfiles. + * Merged genhomedircon STARTING_UID bug fix from Dan Walsh. + * Merged newrole -l support from Darrel Goeddel (TCS). + * Merged fixfiles patch for file_contexts.local from Dan Walsh. + * Fixed restorecon to not treat errors from is_context_customizable() + as a customizable context. + * Merged setfiles/restorecon patch to not reset user field unless + -F option is specified from Dan Walsh. + * Merged open_init_pty helper for run_init from Manoj Srivastava. + * Merged audit2allow and genhomedircon man pages from Manoj Srivastava. + * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh. + + -- Manoj Srivastava Sat, 12 Mar 2005 18:07:50 -0600 + +policycoreutils (1.20-3) unstable; urgency=low + + * policycoreutils_1.20-2(ia64/unstable): FTBFS: missing build-depends, + thanks to Lamont Jones. I wonder why this builds on my debootstrap + installed UML with just build essential ad selinux. (Closes: #291501). + + -- Manoj Srivastava Fri, 21 Jan 2005 10:30:16 -0600 + +policycoreutils (1.20-2) unstable; urgency=low + + * Arranged to flush stdout and stderr run at all the exit points for the + open_init_pty executable. Also, improved comments and man page for + genhomedircon, and corrected the default value for STARTING_UID. + + -- Manoj Srivastava Thu, 20 Jan 2005 23:15:13 -0600 + +policycoreutils (1.20-1) unstable; urgency=low + + * New upstream release. + * Merged fixfiles rewrite from Dan Walsh. + * Merged restorecon patch from Dan Walsh. + * Merged fixfiles and restorecon patches from Dan Walsh. + * Changed restorecon to ignore ENOENT errors from matchpathcon. + * Merged nonls patch from Chris PeBenito. + * Removed fixfiles.cron. + * Merged run_init.8 patch from Dan Walsh. + * Added man pages for genhomedircon, audit2allow, and all the se_* + scripts. + * Converted to new build system, and arch. + * Bug fix: "policycoreutils: Too heavy dependency on the package + expect", thanks to YAMASHITA Junji. rewrote open_init_tty in C, and + added man page. I guess it can be moved to /usr/bin, though I don't + really see what other purpose it can serve. (Closes: #255674). + * Bug fix: "policycoreutils: error in genhomedircon: doesn't recognize + FIRST_UID", thanks to Thomas Bleher. Since this was packaged from + scratch, this debian specific flaw has been corrected. (Closes: #281988). + + -- Manoj Srivastava Thu, 20 Jan 2005 01:53:32 -0600 + +policycoreutils (1.18-1) unstable; urgency=low + + * New upstream version. Setfiles now works with policy Makefile. + + -- Russell Coker Sat, 6 Nov 2004 02:31:00 +1100 + +policycoreutils (1.16-2) unstable; urgency=low + + * Depends on libsepol for load_polixy. + + -- Russell Coker Mon, 23 Aug 2004 19:25:00 +1000 + +policycoreutils (1.16-1) unstable; urgency=low + + * New upstream release. + + -- Russell Coker Fri, 20 Aug 2004 22:48:00 +1000 + +policycoreutils (1.14-6) unstable; urgency=low + + * Minor newrole bugfix from Chad Hanson . + + -- Russell Coker Tue, 10 Aug 2004 16:23:00 +1000 + +policycoreutils (1.14-5) unstable; urgency=low + + * Fixed a couple of minor bugs in error handling for genhomedircon. + + -- Russell Coker Sun, 8 Aug 2004 22:39:00 +1000 + +policycoreutils (1.14-4) unstable; urgency=low + + * Made it depend on the latest sed, genhomedircon doesn't seem to work with + older versions. + + -- Russell Coker Sun, 1 Aug 2004 17:50:00 +1000 + +policycoreutils (1.14-3) unstable; urgency=low + + * Changed genhomedircon to search /etc/adduser.conf for the first UID for a + non-system user. The previous version really stuffed up a system that had + a system user with a home directory under /var/run. + + -- Russell Coker Mon, 19 Jul 2004 22:56:00 +1000 + +policycoreutils (1.14-2) unstable; urgency=low + + * Made it build-depend on the latest libselinux1-dev. + Closes: #257351 + + -- Russell Coker Sat, 3 Jul 2004 22:54:00 +1000 + +policycoreutils (1.14-1) unstable; urgency=low + + * New upstream version, adds -o option to setfiles and a few other features. + + -- Russell Coker Wed, 30 Jun 2004 15:21:00 +1000 + +policycoreutils (1.12-5) unstable; urgency=low + + * Add better error messages to genhomedircon and make it not abort when only + one role is specified for a user without {}. + + -- Russell Coker Sun, 20 Jun 2004 14:03:00 +1000 + +policycoreutils (1.12-4) unstable; urgency=low + + * Use the upstream genhomedircon and patch it to use DHOME from + /etc/adduser.conf + + -- Russell Coker Thu, 10 Jun 2004 17:59:00 +1000 + +policycoreutils (1.12-3) unstable; urgency=low + + * Made setfiles -s use lstat() instead of stat() so it can label sym-links. + + -- Russell Coker Sun, 30 May 2004 14:08:00 +1000 + +policycoreutils (1.12-2) unstable; urgency=low + + * Added /selinux directory. + + -- Russell Coker Sat, 29 May 2004 13:48:00 +1000 + +policycoreutils (1.12-1) unstable; urgency=low + + * New upstream version and taking over the package. + + * Newrole patch and added fixfiles. + + -- Russell Coker Sat, 15 May 2004 16:34:00 +1000 + +policycoreutils (1.10-0.1) unstable; urgency=low + + * NMU for new upstream version. + + -- Russell Coker Fri, 9 Apr 2004 15:09:00 +1000 + +policycoreutils (1.8-0.1) unstable; urgency=low + + * NMU for new upstream version. + + * Moved load_policy back to /usr/sbin. + + -- Russell Coker Tue, 16 Mar 2004 19:05:00 +1100 + +policycoreutils (1.6-0.3) unstable; urgency=low + + * New upload because of rejected build-depends. + + -- Russell Coker Thu, 26 Feb 2004 22:56:00 +1100 + +policycoreutils (1.6-0.1) unstable; urgency=low + + * NMU to upload new upstream version. + + -- Russell Coker Thu, 26 Feb 2004 21:46:00 +1100 + +policycoreutils (1.4-4) unstable; urgency=low + + * debian/patches/setfiles-order.patch: + - New patch to fix ordering of file context regexps, from + Stephen Smalley. + + -- Colin Walters Mon, 23 Feb 2004 04:43:36 +0000 + +policycoreutils (1.4-3) unstable; urgency=low + + * Rebuild with fixed tar to remove /DEBIAN (Closes: #231541) + * Apply (modified) patch from Robert Bihlmeyer to handle + regexps with starting metacharacters (Closes: #231561) + + -- Colin Walters Sun, 15 Feb 2004 03:46:17 +0000 + +policycoreutils (1.4-2) unstable; urgency=low + + * debian/genhomedircon: + - New file, used to set contexts in home directories. + * debian/control: + - Conflict with selinux-policy-default (<< 1:1.4-5). + + -- Colin Walters Wed, 4 Feb 2004 13:46:23 +0000 + +policycoreutils (1.4-1) unstable; urgency=low + + * debian/control: + - Build-Depend on libpam0g-dev (Closes: #225727) + - Depend on expect (Closes: #225880) + + -- Colin Walters Sun, 4 Jan 2004 00:16:55 +0000 + +policycoreutils (1.4-0.2) unstable; urgency=low + + * Fixed a the help for audit2allow to have the right name. + + -- Russell Coker Fri, 26 Dec 2003 10:37:00 +1100 + +policycoreutils (1.4-0.1) unstable; urgency=low + + * New upstream, no significant change as mostly I had included the changes + already. + + -- Russell Coker Sat, 6 Dec 2003 22:59:00 +1100 + +policycoreutils (1.2-0.2) unstable; urgency=low + + * Put in a symlink for /usr/sbin/load_policy so existing scripts will work. + + -- Russell Coker Fri, 21 Nov 2003 12:43:00 +1100 + +policycoreutils (1.2-0.1) unstable; urgency=low + + * Patches from CVS upstream version, makes setfiles slightly faster and + adds audit2allow. + + -- Russell Coker Fri, 21 Nov 2003 01:20:00 +1100 + +policycoreutils (1.2-0) unstable; urgency=low + + * New upstream version (NMU). Setfiles is now a lot faster. + + -- Russell Coker Wed, 19 Nov 2003 18:18:00 +1100 + +policycoreutils (1.0-1) unstable; urgency=low + + * Initial version. + + -- Colin Walters Thu, 3 Jul 2003 17:16:19 -0400 --- policycoreutils-2.0.43.orig/debian/policycoreutils.postinst +++ policycoreutils-2.0.43/debian/policycoreutils.postinst @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- policycoreutils-2.0.43.orig/debian/copyright +++ policycoreutils-2.0.43/debian/copyright @@ -0,0 +1,44 @@ +This is the Debian package for policycoreutils, and it is built from +sources obtained from: http://www.nsa.gov/selinux/code/download5.cfm. + +This package was debianized by Colin Walters on +Thu, 3 Jul 2003 17:10:57 -0400. + +This package is maintained by Tresys Technology . + +Portions of this package are copyright by various people, inluding + +Copyright (C) 2001 Justin R. Smith (jsmith@mcs.drexel.edu) +Copyright (C) 1995, 1996, 1997 by Ulrich Drepper +Copyright (c) 2005 Manoj Srivastava +Copyright (C) 2004,2005 Red Hat, Inc. +Copyright (c) 2005 Dan Walsh +Copyright (C) 2004, 2005 Tresys Technology, LLC +Copyright 1999-2004 Gentoo Technologies, Inc. +Copyright (C) 2006 Free Software Foundation, Inc. + + +This packaged is licensed under the terms of the GNU GPL. + + These programs are free software; you can redistribute it and/or modify + them under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + These programs are distributed in the hope that they will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +The Debian specific changes are copyright; + Copyright 2008, Tresys Technology , + Copyright 2005, 2006, Manoj Srivastava , + and distributed under the terms of the GNU General Public License, + version 2. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + + A copy of the GNU General Public License is also available at + . You may also obtain + it by writing to the Free Software Foundation, Inc., 51 Franklin + St, Fifth Floor, Boston, MA 02110-1301, USA. --- policycoreutils-2.0.43.orig/debian/policycoreutils.links +++ policycoreutils-2.0.43/debian/policycoreutils.links @@ -0,0 +1 @@ +/sbin/load_policy /usr/sbin/load_policy --- policycoreutils-2.0.43.orig/debian/dirs +++ policycoreutils-2.0.43/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/sbin --- policycoreutils-2.0.43.orig/debian/policycoreutils.restorecon.init +++ policycoreutils-2.0.43/debian/policycoreutils.restorecon.init @@ -0,0 +1,59 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides : restorecon +# Required-Start: mountkernfs +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Restores contexts on tmpfs mounts. +### END INIT INFO + +# Return values according to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +# Source function library. +. /lib/lsb/init-functions + +# Do nothing if selinux is not enabled. +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0 + +# Check that we are root ... so non-root users stop here +test `/usr/bin/id -u` = 0 || exit 4 + +# Check that restorecon is installed. +test -x /sbin/restorecon || exit 5 + +RETVAL=0 + +start() +{ + log_action_begin_msg "Starting restorecon" + /sbin/restorecon -R /var/run /var/lock + RETVAL=$? + log_action_end_msg $RETVAL + exit $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + ;; + *) + log_failure_msg "Usage: $0 (start|stop)" + RETVAL=3 +esac + +exit $RETVAL + --- policycoreutils-2.0.43.orig/debian/policycoreutils.prerm +++ policycoreutils-2.0.43/debian/policycoreutils.prerm @@ -0,0 +1,40 @@ +#!/bin/sh +# prerm script for policycoreutils +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- policycoreutils-2.0.43.orig/debian/policycoreutils.preinst +++ policycoreutils-2.0.43/debian/policycoreutils.preinst @@ -0,0 +1,37 @@ +#!/bin/sh +# preinst script for policycoreutils +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- policycoreutils-2.0.43.orig/debian/compat +++ policycoreutils-2.0.43/debian/compat @@ -0,0 +1 @@ +5 --- policycoreutils-2.0.43.orig/debian/patches/restorecond.conf.patch +++ policycoreutils-2.0.43/debian/patches/restorecond.conf.patch @@ -0,0 +1,16 @@ +--- + restorecond/restorecond.conf | 1 + + 1 file changed, 1 insertion(+) + +Index: policycoreutils/restorecond/restorecond.conf +=================================================================== +--- policycoreutils.orig/restorecond/restorecond.conf ++++ policycoreutils/restorecond/restorecond.conf +@@ -1,6 +1,7 @@ + /etc/resolv.conf + /etc/samba/secrets.tdb + /etc/mtab ++/var/run/cups + /var/run/utmp + /var/log/wtmp + ~/public_html --- policycoreutils-2.0.43.orig/debian/patches/series +++ policycoreutils-2.0.43/debian/patches/series @@ -0,0 +1 @@ +restorecond.conf.patch