diff options
Diffstat (limited to 'sys-apps/ccs-tools/files/ccs-tools-1.6.8_p20090623-gentoo.patch')
-rw-r--r-- | sys-apps/ccs-tools/files/ccs-tools-1.6.8_p20090623-gentoo.patch | 234 |
1 files changed, 234 insertions, 0 deletions
diff --git a/sys-apps/ccs-tools/files/ccs-tools-1.6.8_p20090623-gentoo.patch b/sys-apps/ccs-tools/files/ccs-tools-1.6.8_p20090623-gentoo.patch new file mode 100644 index 000000000000..990a29283f3d --- /dev/null +++ b/sys-apps/ccs-tools/files/ccs-tools-1.6.8_p20090623-gentoo.patch @@ -0,0 +1,234 @@ +diff -Naur ccstools.orig/init_policy.sh ccstools/init_policy.sh +--- ccstools.orig/init_policy.sh 2009-06-23 09:00:00.000000000 +0900 ++++ ccstools/init_policy.sh 2009-07-05 11:36:47.000000000 +0900 +@@ -132,16 +132,26 @@ + grep -qF "Fedora Core" /etc/issue && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?' # FC3 + grep -qF "Debian" /etc/issue && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?/crontab' # Sarge + ++ CRONTAB_PATH=`which crontab 2> /dev/null` ++ if [ -n "$CRONTAB_PATH" ]; then ++ # vixie-cron and cronie ++ grep -qF 'crontab.XXXXXXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?' ++ # dcron ++ grep -qF 'crontab.XXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?' ++ # fcron ++ grep -qF 'fcr-XXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/fcr-\?\?\?\?\?\?' ++ fi ++ + # + # Allow reading some data files. + # +- for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib/gconv/gconv-modules.cache /usr/share/locale/locale.alias ++ for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib{,32,64}/gconv/gconv-modules.cache /usr/share/locale/locale.alias + do + FILE=`realpath $i` + [ -n "$FILE" -a -r "$FILE" -a ! -L "$FILE" ] && echo 'allow_read '$FILE + done + set -f +- for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/` ++ for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/` `realpath -n /usr/lib32/` `realpath -n /usr/lib64/` + do + if [ -d $dir ]; then + # Allow reading font files. +@@ -221,7 +231,7 @@ + # + # You can add as you like to the list below. + # +- for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd ++ for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd + do + FILE=`realpath $FILE 2> /dev/null` + [ -n "$FILE" -a -f "$FILE" -a -x "$FILE" -a ! -L "$FILE" ] && echo 'initialize_domain '$FILE +@@ -256,6 +266,11 @@ + echo 'file_pattern /var/spool/squid/\*/\*/' + echo 'file_pattern /var/spool/squid/\*/\*/\*' + fi ++ if [ -d /var/cache/squid/ ]; then ++ echo 'file_pattern /var/cache/squid/\*/' ++ echo 'file_pattern /var/cache/squid/\*/\*/' ++ echo 'file_pattern /var/cache/squid/\*/\*/\*' ++ fi + + # + # Make patterns for spamd(1). +@@ -369,6 +384,10 @@ + if grep -qF '/tmp/whatis.XXXXXX' $MAKEWHATIS_PATH; then + echo 'file_pattern /tmp/whatis.\?\?\?\?\?\?' + fi ++ if grep -qF '/tmp/whatis.tmp.dir.$$' $MAKEWHATIS_PATH; then ++ echo 'file_pattern /tmp/whatis.tmp.dir.\$/' ++ echo 'file_pattern /tmp/whatis.tmp.dir.\$/w' ++ fi + fi + + # +@@ -514,6 +533,41 @@ + echo 'file_pattern /var/run/nscd/db\?\?\?\?\?\?' + fi + ++ if [ -e /etc/gentoo-release ]; then ++ echo 'file_pattern /var/cache/edb/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/eix' ++ echo 'file_pattern /var/cache/revdep-rebuild/\*.rr' ++ echo 'file_pattern /var/db/pkg/\*' ++ echo 'file_pattern /var/db/pkg/\*/\*' ++ echo 'file_pattern /var/db/pkg/\*/\*/\*' ++ echo 'file_pattern /var/lib/portage/\*' ++ echo 'file_pattern /var/tmp/portage/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ fi ++ + if [ -d /var/lib/init.d/ ]; then + echo 'file_pattern /var/lib/init.d/mtime-test.\$' + echo 'file_pattern /var/lib/init.d/exclusive/\*.\$' +@@ -525,6 +579,10 @@ + echo 'file_pattern /etc/gshadow.\$' + echo 'file_pattern /etc/passwd.\$' + echo 'file_pattern /etc/shadow.\$' ++ echo 'file_pattern /etc/group.edit' ++ echo 'file_pattern /etc/gshadow.edit' ++ echo 'file_pattern /etc/passwd.edit' ++ echo 'file_pattern /etc/shadow.edit' + echo 'file_pattern /var/cache/logwatch/logwatch.\*/' + echo 'file_pattern /var/cache/logwatch/logwatch.\*/\*' + echo 'file_pattern /var/tmp/sqlite_\*' +diff -Naur ccstools.orig/tomoyo_init_policy.sh ccstools/tomoyo_init_policy.sh +--- ccstools.orig/tomoyo_init_policy.sh 2009-06-23 09:00:00.000000000 +0900 ++++ ccstools/tomoyo_init_policy.sh 2009-07-05 11:36:40.000000000 +0900 +@@ -120,16 +120,26 @@ + grep -qF "Fedora Core" /etc/issue && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?' # FC3 + grep -qF "Debian" /etc/issue && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?/crontab' # Sarge + ++ CRONTAB_PATH=`which crontab 2> /dev/null` ++ if [ -n "$CRONTAB_PATH" ]; then ++ # vixie-cron and cronie ++ grep -qF 'crontab.XXXXXXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.XXXX\?\?\?\?\?\?' ++ # dcron ++ grep -qF 'crontab.XXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/crontab.\?\?\?\?\?\?' ++ # fcron ++ grep -qF 'fcr-XXXXXX' $CRONTAB_PATH && echo 'file_pattern /tmp/fcr-\?\?\?\?\?\?' ++ fi ++ + # + # Allow reading some data files. + # +- for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib/gconv/gconv-modules.cache /usr/share/locale/locale.alias ++ for i in /etc/ld.so.cache /proc/meminfo /proc/sys/kernel/version /etc/localtime /usr/lib{,32,64}/gconv/gconv-modules.cache /usr/share/locale/locale.alias + do + FILE=`realpath $i` + [ -n "$FILE" -a -r "$FILE" -a ! -L "$FILE" ] && echo 'allow_read '$FILE + done + set -f +- for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/` ++ for dir in `realpath -n /usr/share/` `realpath -n /usr/lib/` `realpath -n /usr/lib32/` `realpath -n /usr/lib64/` + do + if [ -d $dir ]; then + # Allow reading font files. +@@ -209,7 +219,7 @@ + # + # You can add as you like to the list below. + # +- for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd ++ for FILE in /sbin/cardmgr /sbin/getty /sbin/init /sbin/klogd /sbin/mingetty /sbin/portmap /sbin/rpc.statd /sbin/syslogd /sbin/udevd /usr/X11R6/bin/xfs /usr/bin/dbus-daemon /usr/bin/dbus-daemon-1 /usr/bin/jserver /usr/bin/mDNSResponder /usr/bin/nifd /usr/bin/spamd /usr/sbin/acpid /usr/sbin/afpd /usr/sbin/anacron /usr/sbin/apache2 /usr/sbin/apmd /usr/sbin/atalkd /usr/sbin/atd /usr/sbin/cannaserver /usr/sbin/cpuspeed /usr/sbin/cron /usr/sbin/crond /usr/sbin/cupsd /usr/sbin/dhcpd /usr/sbin/exim4 /usr/sbin/gpm /usr/sbin/hald /usr/sbin/htt /usr/sbin/httpd /usr/sbin/inetd /usr/sbin/logrotate /usr/sbin/lpd /usr/sbin/nmbd /usr/sbin/papd /usr/sbin/rpc.idmapd /usr/sbin/rpc.mountd /usr/sbin/rpc.rquotad /usr/sbin/sendmail.sendmail /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/squid /usr/sbin/sshd /usr/sbin/vmware-guestd /usr/sbin/vsftpd /usr/sbin/xinetd + do + FILE=`realpath $FILE 2> /dev/null` + [ -n "$FILE" -a -f "$FILE" -a -x "$FILE" -a ! -L "$FILE" ] && echo 'initialize_domain '$FILE +@@ -244,6 +254,11 @@ + echo 'file_pattern /var/spool/squid/\*/\*/' + echo 'file_pattern /var/spool/squid/\*/\*/\*' + fi ++ if [ -d /var/cache/squid/ ]; then ++ echo 'file_pattern /var/cache/squid/\*/' ++ echo 'file_pattern /var/cache/squid/\*/\*/' ++ echo 'file_pattern /var/cache/squid/\*/\*/\*' ++ fi + + # + # Make patterns for spamd(1). +@@ -357,6 +372,10 @@ + if grep -qF '/tmp/whatis.XXXXXX' $MAKEWHATIS_PATH; then + echo 'file_pattern /tmp/whatis.\?\?\?\?\?\?' + fi ++ if grep -qF '/tmp/whatis.tmp.dir.$$' $MAKEWHATIS_PATH; then ++ echo 'file_pattern /tmp/whatis.tmp.dir.\$/' ++ echo 'file_pattern /tmp/whatis.tmp.dir.\$/w' ++ fi + fi + + # +@@ -502,6 +521,41 @@ + echo 'file_pattern /var/run/nscd/db\?\?\?\?\?\?' + fi + ++ if [ -e /etc/gentoo-release ]; then ++ echo 'file_pattern /var/cache/edb/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/edb/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/cache/eix' ++ echo 'file_pattern /var/cache/revdep-rebuild/\*.rr' ++ echo 'file_pattern /var/db/pkg/\*' ++ echo 'file_pattern /var/db/pkg/\*/\*' ++ echo 'file_pattern /var/db/pkg/\*/\*/\*' ++ echo 'file_pattern /var/lib/portage/\*' ++ echo 'file_pattern /var/tmp/portage/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ echo 'file_pattern /var/tmp/portage/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*/\*' ++ fi ++ + if [ -d /var/lib/init.d/ ]; then + echo 'file_pattern /var/lib/init.d/mtime-test.\$' + echo 'file_pattern /var/lib/init.d/exclusive/\*.\$' +@@ -513,6 +567,10 @@ + echo 'file_pattern /etc/gshadow.\$' + echo 'file_pattern /etc/passwd.\$' + echo 'file_pattern /etc/shadow.\$' ++ echo 'file_pattern /etc/group.edit' ++ echo 'file_pattern /etc/gshadow.edit' ++ echo 'file_pattern /etc/passwd.edit' ++ echo 'file_pattern /etc/shadow.edit' + echo 'file_pattern /var/cache/logwatch/logwatch.\*/' + echo 'file_pattern /var/cache/logwatch/logwatch.\*/\*' + echo 'file_pattern /var/tmp/sqlite_\*' |