add setfiles altroot patch, and a couple utility scripts

9 files changed, 172 insertions, 10 deletions

diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
index daca5d0f9713..36a1e32bac00 100644
--- a/sys-apps/policycoreutils/ChangeLog
+++ b/sys-apps/policycoreutils/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-apps/policycoreutils
 # Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.3 2003/08/14 15:32:03 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.4 2003/08/19 00:59:51 pebenito Exp $
+
+*policycoreutils-1.1-r1 (18 Aug 2003)
+
+  18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+  policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
+  files/avc_enforcing, files/avc_toggle,
+  files/policycoreutils-1.1-setfiles.diff:
+  Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
+  scripts for ease of use for old API users. Use package description from RPM
+  spec file in metadata.xml long description.
 
 *policycoreutils-1.1 (14 Aug 2003)
 
diff --git a/sys-apps/policycoreutils/Manifest b/sys-apps/policycoreutils/Manifest
index cc5e1e35d097..307915fd6b14 100644
--- a/sys-apps/policycoreutils/Manifest
+++ b/sys-apps/policycoreutils/Manifest
@@ -1,10 +1,13 @@
-MD5 5e9c77e1722ffe0ba097de3e8d291708 policycoreutils-1.0.ebuild 925
-MD5 fd55bafe00aa7a8e91b2d172642b0ef4 metadata.xml 268
-MD5 319a20355e64020523f0dddb1edc2a22 ChangeLog 691
+MD5 58a0d53c74b291dcf411f17e60f32b5a metadata.xml 726
+MD5 a54427237593c125cff686466c766ea4 ChangeLog 1140
 MD5 502cf1d82408dc282b0ebd0ea8d58f50 policycoreutils-1.1.ebuild 1065
-MD5 a70bb20f56dfca63475bea2bc811927a files/digest-policycoreutils-1.0 67
+MD5 9ae7590768554ce73f2e0838add2cc9d policycoreutils-1.1-r1.ebuild 1206
 MD5 6d4df7058894970c15d4066f7ad88c29 files/policycoreutils-1.0-gentoo.diff 1818
 MD5 1f231a1da642997577ac4567ee9867ac files/rlpkg 2317
 MD5 2d09b4cfc5e5b399863a1ecd381ba33e files/digest-policycoreutils-1.1 67
 MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/newrole 1197
 MD5 8daee4f4fd3e4a74c4d5f2ddb6b086a5 files/run_init 1197
+MD5 2d09b4cfc5e5b399863a1ecd381ba33e files/digest-policycoreutils-1.1-r1 67
+MD5 4de7e167223dcedfb7978ffc3fb3c087 files/policycoreutils-1.1-setfiles.diff 2796
+MD5 7d5ff0bb4eb573840072c4a8a420cd2a files/avc_enforcing 141
+MD5 74b72f384af4ff8868c145ae98e6adaf files/avc_toggle 195
diff --git a/sys-apps/policycoreutils/files/avc_enforcing b/sys-apps/policycoreutils/files/avc_enforcing
new file mode 100644
index 000000000000..40a48ce0002f
--- /dev/null
+++ b/sys-apps/policycoreutils/files/avc_enforcing
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+[ -f /selinux/enforce ] || exit 1;
+
+if [ "`cat /selinux/enforce | grep "1"`" ]; then
+	echo "enforcing"
+else
+	echo "permissive"
+fi
diff --git a/sys-apps/policycoreutils/files/avc_toggle b/sys-apps/policycoreutils/files/avc_toggle
new file mode 100644
index 000000000000..e893b98e6773
--- /dev/null
+++ b/sys-apps/policycoreutils/files/avc_toggle
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+[ -f /selinux/enforce ] || exit 1;
+
+if [ "`cat /selinux/enforce | grep "1"`" ]; then
+	echo 0 > /selinux/enforce
+	echo "permissive"
+else
+	echo 1 > /selinux/enforce
+	echo "enforcing"
+fi
diff --git a/sys-apps/policycoreutils/files/digest-policycoreutils-1.0 b/sys-apps/policycoreutils/files/digest-policycoreutils-1.0
deleted file mode 100644
index a6dc6dc0a999..000000000000
--- a/sys-apps/policycoreutils/files/digest-policycoreutils-1.0
+++ /dev/null
@@ -1 +0,0 @@
-MD5 8717fd6f3106db74a780a9e1e6d3e971 policycoreutils-1.0.tgz 28018
diff --git a/sys-apps/policycoreutils/files/digest-policycoreutils-1.1-r1 b/sys-apps/policycoreutils/files/digest-policycoreutils-1.1-r1
new file mode 100644
index 000000000000..1d1d16f0ec17
--- /dev/null
+++ b/sys-apps/policycoreutils/files/digest-policycoreutils-1.1-r1
@@ -0,0 +1 @@
+MD5 c7b6ef63f76ef16ad9548f55d58dc148 policycoreutils-1.1.tgz 22695
diff --git a/sys-apps/policycoreutils/files/policycoreutils-1.1-setfiles.diff b/sys-apps/policycoreutils/files/policycoreutils-1.1-setfiles.diff
new file mode 100644
index 000000000000..15bf5eecd9b3
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-1.1-setfiles.diff
@@ -0,0 +1,111 @@
+diff -ur policycoreutils-1.1.orig/setfiles/setfiles.c policycoreutils-1.1/setfiles/setfiles.c
+--- policycoreutils-1.1.orig/setfiles/setfiles.c	2003-07-14 15:00:06.000000000 -0500
++++ policycoreutils-1.1/setfiles/setfiles.c	2003-08-17 13:22:20.000000000 -0500
+@@ -17,6 +17,7 @@
+  * -d   Show what specification matched each file.
+  * -n	Do not change any file labels.
+  * -q   Be quiet (suppress non-error output).
++ * -r   Use an alternate root path
+  * -s   Use stdin for a list of files instead of searching a partition.
+  * -v	Show changes in file labels.  
+  * -W   Warn about entries that have no matching file.
+@@ -78,6 +79,8 @@
+ static int use_stdin = 0;
+ static int verbose = 0;
+ static int warn_no_match = 0;
++static char *rootpath = NULL;
++static int rootpathlen = 0;
+ 
+ /*
+  * Program name and error message buffer.
+@@ -267,11 +270,23 @@
+ int match(const char *name, struct stat *sb)
+ {
+ 	int i, ret;
++	const char *fullname = name;
+ 
+-	ret = lstat(name, sb);
++	/* fullname will be the real file that gets labeled
++	 * name will be what is matched in the policy */
++	if (NULL != rootpath) {
++		if (0 != strncmp(rootpath, name, rootpathlen)) {
++			fprintf(stderr, "%s:  %s is not located in %s\n", 
++				progname, name, rootpath);
++			return -1;
++		}
++		name += rootpathlen;
++	}
++
++	ret = lstat(fullname, sb);
+ 	if (ret) {
+ 		fprintf(stderr, "%s:  unable to stat file %s\n", progname,
+-			name);
++			fullname);
+ 		return -1;
+ 	}
+ 
+@@ -511,6 +526,23 @@
+ 	return 0;
+ }
+ 
++void set_rootpath(const char *arg)
++{
++	int len;
++
++	rootpath = strdup(arg);
++	if (NULL == rootpath) {
++		fprintf(stderr, "%s:  insufficient memory for rootpath\n", 
++			progname);
++		exit(1);
++	}
++
++	/* trim trailing /, if present */
++	len = strlen(rootpath);
++	while ('/' == rootpath[len - 1])
++		rootpath[--len] = 0;
++	rootpathlen = len;
++}
+ 
+ int main(int argc, char **argv)
+ {
+@@ -521,7 +553,7 @@
+ 	int opt, items, len, lineno, pass, nerr, regerr, i;
+ 
+ 	/* Process any options. */
+-	while ((opt = getopt(argc, argv, "dnpqsvxW")) > 0) {
++	while ((opt = getopt(argc, argv, "dnpqrsvxW")) > 0) {
+ 		switch (opt) {
+ 		case 'd':
+ 			debug = 1;
+@@ -532,6 +564,20 @@
+ 		case 'q':
+ 			quiet = 1;
+ 			break;
++		case 'r':
++			if (optind + 1 >= argc) {
++				fprintf(stderr, "usage:  %s -r rootpath\n", 
++					argv[0]);
++				exit(1);
++			}
++			if (NULL != rootpath) {
++				fprintf(stderr, 
++					"%s: only one -r can be specified\n", 
++					argv[0]);
++				exit(1);
++			}
++			set_rootpath(argv[optind++]);
++			break;
+ 		case 's':
+ 			use_stdin = 1;
+ 			add_assoc = 0;
+@@ -789,6 +835,10 @@
+ 	}
+ 	else for (; optind < argc; optind++)
+ 	{
++		if (NULL != rootpath) {
++			QPRINTF("%s:  labeling files, pretending %s is /\n",
++				argv[0], rootpath);
++		}
+ 
+ 		QPRINTF("%s:  labeling files under %s\n", argv[0],
+ 			argv[optind]);
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
index 9508cb1dc25b..a0665e7d6470 100644
--- a/sys-apps/policycoreutils/metadata.xml
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -5,5 +5,16 @@
 	<name>Chris PeBenito</name>
 	<description>Primary Maintainer</description>
 </maintainer>
-<longdescription>SELinux core policy utilities and userland</longdescription>
+<longdescription>
+Policycoreutils contains the policy core utilities that are required
+for basic operation of a SELinux system.  These utilities include
+load_policy to load policies, setfiles to label filesystems, newrole
+to switch roles, and run_init to run /etc/init.d scripts in the proper
+context.
+
+Gentoo-specific tools include rlpkg for relabeling packages by name,
+avc_toggle to toggle between enforcing and permissive modes, and
+avc_enforcing to query the current mode of the system, enforcing or
+permissive.
+</longdescription>
 </pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-1.0.ebuild b/sys-apps/policycoreutils/policycoreutils-1.1-r1.ebuild
index 3326c1235325..82a7d9c9e683 100644
--- a/sys-apps/policycoreutils/policycoreutils-1.0.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-1.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-1.0.ebuild,v 1.2 2003/08/11 00:05:08 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-1.1-r1.ebuild,v 1.1 2003/08/19 00:59:52 pebenito Exp $
 
 IUSE=""
 
@@ -9,7 +9,7 @@ HOMEPAGE="http://www.nsa.gov/selinux"
 SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz"
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="x86 ppc"
+KEYWORDS="~x86 ~ppc"
 
 DEPEND="sys-libs/libselinux
 	sys-apps/attr
@@ -26,7 +26,13 @@ src_unpack() {
 	unpack ${A}
 
 	cd ${S}
-	epatch ${FILESDIR}/${P}-gentoo.diff
+	epatch ${FILESDIR}/${PN}-1.0-gentoo.diff
+	epatch ${FILESDIR}/${P}-setfiles.diff
+
+	# overwrite the /etc/pam.d files with ones
+	# that work with our pam setup
+	cp -f ${FILESDIR}/newrole ${S}/newrole/newrole.pamd
+	cp -f ${FILESDIR}/run_init ${S}/run_init/run_init.pamd
 }
 
 src_compile() {
@@ -43,4 +49,5 @@ src_install() {
 	make DESTDIR="${D}" install
 
 	dosbin ${FILESDIR}/rlpkg
+	dobin ${FILESDIR}/{avc_enforcing,avc_toggle}
 }