mcstrans package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
6 years ago · 353c942b8f
3 changed files with 447 additions and 0 deletions
--- a/SOURCES/mcstransd.service
+++ b/SOURCES/mcstransd.service
@ -0,0 +1,12 @@
				@@ -0,0 +1,12 @@
+[Unit]
+Description= Daemon used to translate SELinux MCS/MLS labels to human readable form
+After=syslog.target
+ConditionPathExists=/etc/selinux/mls/setrans.d
+
+[Service]
+Type=forking
+PIDFile=/run/mcstransd.pid
+ExecStart=/usr/sbin/mcstransd
+
+[Install]
+WantedBy=multi-user.target
--- a/SOURCES/secolor.conf.5
+++ b/SOURCES/secolor.conf.5
@ -0,0 +1,178 @@
				@@ -0,0 +1,178 @@
+.TH "secolor.conf" "5" "08 April 2011" "SELinux API documentation"
+.SH "NAME"
+secolor.conf \- The SELinux color configuration file
+.
+.SH "DESCRIPTION"
+This optional file controls the color to be associated to the context components associated to the
+.I raw
+context passed by
+.BR selinux_raw_context_to_color "(3),"
+when context related information is to be displayed in color by an SELinux-aware application.
+.sp
+.BR selinux_raw_context_to_color "(3)"
+obtains this color information from the active policy
+.B secolor.conf
+file as returned by
+.BR selinux_colors_path "(3)."
+.
+.SH "FILE FORMAT"
+The file format is as follows:
+.RS
+.B color
+.I color_name
+.BI "= #"color_mask
+.br
+[...]
+.sp
+.I context_component string
+.B =
+.I fg_color_name bg_color_name
+.br
+[...]
+.sp
+.RE
+
+Where:
+.br
+.B color
+.RS
+The color keyword. Each color entry is on a new line.
+.RE
+.I color_name
+.RS
+A single word name for the color (e.g. red).
+.RE
+.I color_mask
+.RS
+A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff.
+.RE
+.I context_component
+.RS
+The context component name that must be one of the following:
+.br
+.RS
+user, role, type or range
+.RE
+Each
+.IR context_component " " string " ..."
+entry is on a new line.
+.RE
+.I string
+.RS
+This is the
+.I context_component
+string that will be matched with the
+.I raw
+context component passed by
+.BR selinux_raw_context_to_color "(3)."
+.br
+A wildcard '*' may be used to match any undefined string for the user, role and type
+.I context_component
+entries only.
+.RE
+
+.I fg_color_name
+.RS
+The color_name string that will be used as the foreground color.
+A
+.I color_mask
+may also be used.
+.RE
+.I bg_color_name
+.RS
+The color_name string that will be used as the background color.
+A
+.I color_mask
+may also be used.
+.RE
+.
+.SH "EXAMPLES"
+Example 1 entries are:
+.RS
+color black  = #000000
+.br
+color green  = #008000
+.br
+color yellow = #ffff00
+.br
+color blue   = #0000ff
+.br
+color white  = #ffffff
+.br
+color red    = #ff0000
+.br
+color orange = #ffa500
+.br
+color tan    = #D2B48C
+.sp
+user * = black white
+.br
+role * = white black
+.br
+type * = tan orange
+.br
+range s0\-s0:c0.c1023 = black green
+.br
+range s1\-s1:c0.c1023 = white green
+.br
+range s3\-s3:c0.c1023 = black tan
+.br
+range s5\-s5:c0.c1023 = white blue
+.br
+range s7\-s7:c0.c1023 = black red
+.br
+range s9\-s9:c0.c1023 = black orange
+.br
+range s15:c0.c1023   = black yellow
+.RE
+
+.sp
+Example 2 entries are:
+.RS
+color black  = #000000
+.br
+color green  = #008000
+.br
+color yellow = #ffff00
+.br
+color blue   = #0000ff
+.br
+color white  = #ffffff
+.br
+color red    = #ff0000
+.br
+color orange = #ffa500
+.br
+color tan    = #d2b48c
+.sp
+user unconfined_u = #ff0000 green
+.br
+role unconfined_r = red #ffffff
+.br
+type unconfined_t = red orange
+.br
+user user_u       = black green
+.br
+role user_r       = white black
+.br
+type user_t       = tan red
+.br
+user xguest_u     = black yellow
+.br
+role xguest_r     = black red
+.br
+type xguest_t     = black green
+.br
+user sysadm_u     = white black
+.br
+range s0:c0.c1023 = black white
+.br
+user *            = black white
+.br
+role *            = black white
+.br
+type *            = black white
+.RE
+.
+.SH "SEE ALSO"
+.BR selinux "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)"
--- a/SPECS/mcstrans.spec
+++ b/SPECS/mcstrans.spec
@ -0,0 +1,257 @@
				@@ -0,0 +1,257 @@
+Summary: SELinux Translation Daemon
+Name: mcstrans
+Version: 0.3.4
+Release: 5%{?dist}
+License: GPL+
+Group: System Environment/Daemons
+Source: http://fedora.redhat.com/projects/%{name}-%{version}.tgz
+Source1: mcstransd.service
+Source2: secolor.conf.5
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: libselinux-devel >= 1.30.3-1
+BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
+BuildRequires:  systemd-units
+Requires: pcre
+Requires(pre): systemd-units
+Requires(post):systemd-units
+Provides: setransd
+Provides: libsetrans
+Obsoletes: libsetrans
+
+%description
+Security-enhanced Linux is a feature of the Linux® kernel and a number
+of utilities with enhanced security functionality designed to add
+mandatory access controls to Linux.  The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These
+architectural components provide general support for the enforcement
+of many kinds of mandatory access control policies, including those
+based on the concepts of Type Enforcement®, Role-based Access
+Control, and Multi-level Security.
+
+mcstrans provides an translation daemon to translate SELinux categories
+from internal representations to user defined representation.
+
+%prep
+%setup -q
+
+%build
+make clean
+make LIBDIR="%{_libdir}" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" CFLAGS="%{optflags} -fPIE" %{?_smp_mflags}
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}/%{_lib}
+mkdir -p %{buildroot}/%{_libdir}
+mkdir -p %{buildroot}%{_usr}/share/mcstrans
+mkdir -p %{buildroot}%{_sysconfdir}/selinux/mls/setrans.d
+
+make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" SBINDIR="%{buildroot}%{_sbindir}" install
+rm -f %{buildroot}%{_libdir}/*.a
+cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
+# Systemd
+mkdir -p %{buildroot}%{_unitdir}
+install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
+install -d %{buildroot}/usr/share/man/man5/
+install -m644 %{SOURCE2} %{buildroot}/usr/share/man/man5/
+rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
+
+%clean
+rm -rf %{buildroot}
+
+%post
+if [ $1 -eq 1 ] ; then
+   /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
+
+%preun
+if [ $1 -eq 0 ]; then
+   /usr/bin/systemctl --no-reload mcstransd.service >/dev/null 2>&1 || :
+   /usr/bin/systemctl stop mcstransd.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ]; then
+    /usr/bin/systemctl try-restart mcstransd.service >/dev/null 2>&1 || :
+fi
+
+%files
+%defattr(-,root,root,0755)
+%{_mandir}/man5/secolor.conf.5.gz
+%{_mandir}/man8/mcs.8.gz
+%{_mandir}/man8/mcstransd.8.gz
+%{_mandir}/man8/setrans.conf.8.gz
+%{_mandir}/man8/secolor.conf.8.gz
+/usr/sbin/mcstransd
+%{_unitdir}/mcstransd.service
+%dir %{_sysconfdir}/selinux/mls/setrans.d
+
+%dir %{_usr}/share/mcstrans
+
+%defattr(0644,root,root,0755)
+%dir %{_usr}/share/mcstrans/util
+%dir %{_usr}/share/mcstrans/examples
+%{_usr}/share/mcstrans/examples/*
+
+%defattr(0755,root,root,0755)
+%{_usr}/share/mcstrans/util/*
+
+%changelog
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.3.4-5
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.3.4-4
+- Mass rebuild 2013-12-27
+
+* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-3
+- Add secolor.conf.5 man page
+- Make mcstrans PIE and fully relro
+Resolves: #983268
+
+* Tue Oct 15 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-2
+- Add RELRO support for long running services
+
+* Thu Sep 12 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-1
+- Update to latest version/applying patches
+- Move binary to /usr/sbin rather then /sbin
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.3-7
+- Add secolor.conf.5 man page
+- Make mcstransd watch for content being written to /run/setrans for files names containing translations.
+-- This will allow apps like libvirt to write content nameing randomly selected MCS labels
+- Fix memory leak in mcstransd
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.3.3-4
+- Rebuild against PCRE 8.30
+
+* Thu Feb 2 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-3
+- Fix the systemd service file
+
+* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-2
+- Update to upstream
+- Write pid file
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Jan  5 2011 Ted X Toth <txtoth@gmail.com> - 0.3.2-0
+- Add constraints
+- Add setrans.conf man page
+- Fix mixed raw and translated range bug
+- Moved todo comments to TODO file
+
+* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 0.3.1-4
+- Add mcstransd man page
+
+* Thu Sep 17 2009 Miroslav Grepl <mgrepl@redhat.com> 0.3.1-3
+- Fix init script
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Feb 5 2009 Joe Nall <joe@nall.com> 0.3.1-1
+- Rewrite translations to allow individual word/category mapping
+- Eamon Walsh's color mapping changes
+
+* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.2.11-2
+- fix license tag
+
+* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 0.2.11-1
+- More fixes from Jim Meyering
+
+* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.10-1
+- More error checking on failed strdup
+
+* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.9-1
+- Start mcstrans before netlabel
+
+* Mon Apr 14 2008 Dan Walsh <dwalsh@redhat.com> 0.2.8-1
+- Fix error handling
+
+* Tue Feb 12 2008 Dan Walsh <dwalsh@redhat.com> 0.2.7-2
+- Rebuild for gcc 4.3
+
+* Tue Oct 30 2007 Steve Conklin <sconklin@redhat.com> - 0.2.7-1
+- Folded current patches into tarball
+
+* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-3
+- Fixed a compile problem with max_categories
+
+* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-2
+- Fixed some init script errors
+
+* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 0.2.6-1
+- Check for max_categories and error out
+
+* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 0.2.5-1
+- Fix case where s0=""
+
+* Mon Feb 26 2007 Dan Walsh <dwalsh@redhat.com> 0.2.4-1
+- Translate range if fully specified correctly
+
+* Mon Feb 12 2007 Dan Walsh <dwalsh@redhat.com> 0.2.3-1
+- Additional fix to handle ssh root/sysadm_r/s0:c1,c2
+Resolves: #224637
+
+* Mon Feb 5 2007 Dan Walsh <dwalsh@redhat.com> 0.2.1-1
+- Rewrite to handle MLS properly
+Resolves: #225355
+
+* Mon Jan 29 2007 Dan Walsh <dwalsh@redhat.com> 0.1.10-2
+- Cleanup memory when complete
+
+* Mon Dec 4 2006 Dan Walsh <dwalsh@redhat.com> 0.1.10-1
+- Fix Memory Leak
+Resolves: #218173
+
+* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 0.1.9-1
+- Add -pie
+- Fix compiler warnings
+- Fix Memory Leak
+Resolves: #218173
+
+* Wed Sep 13 2006 Peter Jones <pjones@redhat.com> - 0.1.8-3
+- Fix subsys locking in init script
+
+* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> 0.1.8-1
+- Only allow one version to run
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
+- rebuild
+
+* Mon Jun 19 2006 Dan Walsh <dwalsh@redhat.com> 0.1.7-1
+- Apply sgrubb patch to only call getpeercon on translations
+
+* Tue Jun 6 2006 Dan Walsh <dwalsh@redhat.com> 0.1.6-1
+- Exit gracefully when selinux is not enabled
+
+* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.5-1
+- Fix sighup handling
+
+* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.4-1
+- Add patch from sgrubb
+- 	Fix 64 bit size problems
+- 	Increase the open file limit
+-	Make sure maximum size is not exceeded
+
+* Fri May 12 2006 Dan Walsh <dwalsh@redhat.com> 0.1.3-1
+- Move initscripts to /etc/rc.d/init.d
+
+* Thu May 11 2006 Dan Walsh <dwalsh@redhat.com> 0.1.2-1
+- Drop Privs
+
+* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 0.1.1-1
+- Initial Version
+- This daemon reuses the code from libsetrans