policycoreutils/policycoreutils-rhat.patch

338 lines
9.9 KiB
Diff
Raw Normal View History

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.10/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2006-01-19 16:00:44.000000000 -0500
+++ policycoreutils-1.29.10/scripts/chcat 2006-01-20 17:17:02.000000000 -0500
@@ -356,7 +356,7 @@
if list_ind==0 and len(cmds) < 1:
usage()
- except:
+ except ValueError, e:
usage()
if delete_ind:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.10/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-01-20 10:37:37.000000000 -0500
+++ policycoreutils-1.29.10/semanage/semanage 2006-01-20 15:17:56.000000000 -0500
@@ -30,28 +30,27 @@
def usage(message = ""):
print '\
-semanage {login|user|port|interface|fcontext} -l\n\
+semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
semanage login -{a|d|m} [-sr] login_name\n\
semanage user -{a|d|m} [-LrR] selinux_name\n\
-semanage port -{a|d|m} -p protocol [-t] port_number\n\
+semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
semanage interface -{a|d|m} [-tr] interface_spec\n\
-semanage translation -{a|d|m} [-T] level\n\
semanage fcontext -{a|d|m} [-frst] file_spec\n\
+semanage translation -{a|d|m} [-T] level\n\
-a, --add Add a OBJECT record NAME\n\
-d, --delete Delete a OBJECT record NAME\n\
-f, --ftype File Type of OBJECT \n\
-h, --help display this message\n\
-l, --list List the OBJECTS\n\
-L, --level Default SELinux Level\n\
- -n, --noheading Do not print heading when listing OBJECTS\n\
-m, --modify Modify a OBJECT record NAME\n\
- -P, --proto Port protocol\n\
+ -n, --noheading Do not print heading when listing OBJECTS\n\
+ -p, --proto Port protocol\n\
-r, --range MLS/MCS Security Range\n\
-R, --roles SELinux Roles (Separate by spaces)\n\
-s, --seuser SELinux user name\n\
-t, --type SELinux Type for the object\n\
-T, --trans SELinux Level Translation\n\
- -v, --verbose verbose output\n\
'
print message
sys.exit(1)
@@ -62,35 +61,29 @@
sys.stderr.flush()
sys.exit(1)
- def unwanted_ftype():
- if ftype != "":
- sys.stderr.write("ftype not used\n");
- def unwanted_selevel():
- if selevel != "":
- sys.stderr.write("level not used\n");
- def unwanted_proto():
- if proto != "":
- sys.stderr.write("proto not used\n");
- def unwanted_roles():
- if roles != "":
- sys.stderr.write("role not used\n");
- def unwanted_serange():
- if serange != "":
- sys.stderr.write("range not used\n");
- def unwanted_seuser():
- if seuser != "":
- sys.stderr.write("seuser not used\n");
- def unwanted_setype():
- if setype != "":
- sys.stderr.write("type not used\n");
- def unwanted_setrans():
- if setrans != "":
- sys.stderr.write("trans not used\n");
+ def get_options():
+ valid_option={}
+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
+ valid_option["login"] = []
+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
+ valid_option["user"] = []
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ]
+ valid_option["port"] = []
+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range']
+ valid_option["port"] = []
+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ]
+ valid_option["interface"] = []
+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] = []
+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["translation"] = []
+ valid_option["fcontext"] += valid_everyone + [ '-T', '--trans' ]
+ return valid_option
+
#
#
#
try:
- objectlist = ("login", "user", "port", "interface", "fcontext", "translation")
input = sys.stdin
output = sys.stdout
serange = ""
@@ -112,12 +105,14 @@
usage("Requires 2 or more arguments")
object = sys.argv[1]
- if object not in objectlist:
+ option_dict=get_options()
+ if object not in option_dict.keys():
usage("%s not defined" % object)
args = sys.argv[2:]
+
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:P:s:R:L:r:t:vT:',
+ 'adf:lhmnp:s:R:L:r:t:vT:',
['add',
'delete',
'ftype=',
@@ -125,16 +120,18 @@
'list',
'modify',
'noheading',
- 'port=',
'proto=',
'seuser=',
'range=',
'level=',
'roles=',
'type=',
- 'trans=',
- 'verbose'
+ 'trans='
])
+ for o, a in gopts:
+ if o not in option_dict[object]:
+ sys.stderr.write("%s not valid for %s objects\n" % ( o, object) );
+
for o,a in gopts:
if o == "-a" or o == "--add":
if modify or delete:
@@ -167,11 +164,11 @@
if o == "-L" or o == '--level':
selevel = a
- if o == "-P" or o == '--proto':
+ if o == "-p" or o == '--proto':
proto = a
if o == "-R" or o == '--roles':
- roles = roles + " " + a
+ roles = a
if o == "-s" or o == "--seuser":
seuser = a
@@ -185,91 +182,25 @@
if o == "-v" or o == "--verbose":
verbose = 1
-# Note in this section I intentionally leave the unwanted_*() functions for
-# variabled which are wanted commented out and don't delete those lines. This
-# will make it easier to modify the code when the list of wanted variables
-# changes.
if object == "login":
- if not delete:
- unwanted_ftype()
- unwanted_selevel()
- unwanted_proto()
- unwanted_roles()
-# unwanted_serange()
-# unwanted_seuser()
- unwanted_setype()
- unwanted_setrans()
OBJECT = seobject.loginRecords()
if object == "user":
- if not delete:
- unwanted_ftype()
-# unwanted_selevel()
- unwanted_proto()
-# unwanted_roles()
-# unwanted_serange()
- unwanted_seuser()
- unwanted_setype()
- unwanted_setrans()
OBJECT = seobject.seluserRecords()
if object == "port":
- if not delete:
- unwanted_ftype()
- unwanted_selevel()
-# unwanted_proto()
- unwanted_roles()
- unwanted_serange()
- unwanted_seuser()
-# unwanted_setype()
- unwanted_setrans()
OBJECT = seobject.portRecords()
if object == "interface":
- if not delete:
- unwanted_ftype()
- unwanted_selevel()
- unwanted_proto()
- unwanted_roles()
-# unwanted_serange()
- unwanted_seuser()
-# unwanted_setype()
- unwanted_setrans()
OBJECT = seobject.interfaceRecords()
if object == "fcontext":
- if not delete:
-# unwanted_ftype()
- unwanted_selevel()
- unwanted_proto()
- unwanted_roles()
-# unwanted_serange()
-# unwanted_seuser()
-# unwanted_setype()
- unwanted_setrans()
OBJECT = seobject.fcontextRecords()
if object == "translation":
- if not delete:
- unwanted_ftype()
- unwanted_selevel()
- unwanted_proto()
- unwanted_roles()
- unwanted_serange()
- unwanted_seuser()
- unwanted_setype()
-# unwanted_setrans()
OBJECT = seobject.setransRecords()
if list:
- unwanted_ftype()
- unwanted_selevel()
- unwanted_proto()
- unwanted_roles()
- unwanted_serange()
- unwanted_seuser()
- unwanted_setype()
- unwanted_setrans()
OBJECT.list(heading)
sys.exit(0);
@@ -324,16 +255,6 @@
sys.exit(0);
if delete:
- if object != "fcontext":
- unwanted_ftype()
- unwanted_selevel()
- if object == "port":
- unwanted_proto()
- unwanted_roles()
- unwanted_serange()
- unwanted_seuser()
- unwanted_setype()
- unwanted_setrans()
if object == "port":
OBJECT.delete(target, proto)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.10/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2006-01-20 10:37:37.000000000 -0500
+++ policycoreutils-1.29.10/semanage/semanage.8 2006-01-20 15:10:15.000000000 -0500
@@ -3,19 +3,19 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {login|user|port|interface|fcontext} \-l [\-n]
+.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n]
.br
.B semanage login \-{a|d|m} [\-sr] login_name
.br
.B semanage user \-{a|d|m} [\-LrR] selinux_name
.br
-.B semanage port \-{a|d|m} \-p protocol [\-t] port_number
+.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range
.br
.B semanage interface \-{a|d|m} [\-tr] interface_spec
.br
-.B semanage translation \-{a|d|m} [\-T] level
-.br
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+.br
+.B semanage translation \-{a|d|m} [\-T] level
.P
This tool is used to configure SELinux policy
@@ -35,34 +35,34 @@
.I \-d, \-\-delete
Delete a OBJECT record NAME
.TP
-.I \-h, \-\-help
-display this message
-.TP
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
.TP
+.I \-h, \-\-help
+display this message
+.TP
.I \-l, \-\-list
List the OBJECTS
.TP
-.I \-n, \-\-noheading
-Do not print heading when listing OBJECTS
-.TP
.I \-L, \-\-level
Default SELinux Level for SELinux use. (s0)
.TP
.I \-m, \-\-modify
Modify a OBJECT record NAME
.TP
+.I \-n, \-\-noheading
+Do not print heading when listing OBJECTS.
+.TP
.I \-p, \-\-proto
Protocol for the specified port (tcp|udp).
.TP
-.I \-R, \-\-role
-SELinux Roles (Separate by spaces)
-.TP
.I \-r, \-\-range
MLS/MCS Security Range
.TP
+.I \-R, \-\-role
+SELinux Roles. You must inclose multiple roles within quotes, separate by spaces.
+.TP
.I \-s, \-\-seuser
SELinux user name
.TP