From 03b8834355364b97a762ca2d2560e2ddaa28adf0 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 24 May 2012 05:55:35 -0400 Subject: [PATCH] Fix setsebool command, handling of = broken. - Add missing error option in booleansPage --- policycoreutils-rhat.patch | 72 ++++++++++++++++++++++++++++++-------- policycoreutils.spec | 6 +++- 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 47bf144..f8caa4f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -89,10 +89,10 @@ index 0000000..53efa84 +relabel: diff --git a/policycoreutils/gui/booleansPage.py b/policycoreutils/gui/booleansPage.py new file mode 100644 -index 0000000..dca786d +index 0000000..1216255 --- /dev/null +++ b/policycoreutils/gui/booleansPage.py -@@ -0,0 +1,247 @@ +@@ -0,0 +1,258 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# @@ -233,6 +233,15 @@ index 0000000..dca786d + self.filter="" + self.load(self.filter) + ++ def error(self, message): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, ++ gtk.BUTTONS_CLOSE, ++ message) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ dlg.run() ++ dlg.destroy() ++ + def __search(self, model, col, key, i): + sort_col = self.store.get_sort_column_id()[0] + if sort_col > 0: @@ -310,8 +319,10 @@ index 0000000..dca786d + key = self.store.get_value(iter, BOOLEAN) + self.store.set_value(iter, ACTIVE , not val) + self.wait() -+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) -+ commands.getstatusoutput(setsebool) ++ setsebool="/usr/sbin/setsebool -P %s %d" % (key, not val) ++ rc,out = commands.getstatusoutput(setsebool) ++ if rc != 0: ++ self.error(out) + self.load(self.filter) + self.ready() + @@ -5946,10 +5957,10 @@ index 0000000..55bad9d + diff --git a/policycoreutils/gui/polgen.py b/policycoreutils/gui/polgen.py new file mode 100644 -index 0000000..5a73fa3 +index 0000000..2a7c61e --- /dev/null +++ b/policycoreutils/gui/polgen.py -@@ -0,0 +1,1370 @@ +@@ -0,0 +1,1372 @@ +#!/usr/bin/python -Es +# +# Copyright (C) 2007-2012 Red Hat @@ -7306,9 +7317,11 @@ index 0000000..5a73fa3 + usage(_("Executable or Name required")) + + try: ++ cmd = os.path.realpath(cmds[0]) + if not name: -+ name = os.path.basename(cmds[0]).replace("-","_") -+ cmd = cmds[0] ++ name = os.path.basename(cmd).replace("-","_") ++ ++ print("Generating Policy for %s named %s" % (cmd, name)) + mypolicy = policy(name, setype) + if setype not in USERS + [ SANDBOX ]: + mypolicy.set_program(cmd) @@ -287455,7 +287468,7 @@ index 2b66bad..38abeb8 100644 This manual page was written by Dan Walsh . The program was written by Tresys Technology. diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c -index d6c041b..ba118f3 100644 +index d6c041b..db1d1e1 100644 --- a/policycoreutils/setsebool/setsebool.c +++ b/policycoreutils/setsebool/setsebool.c @@ -6,6 +6,7 @@ @@ -287466,7 +287479,7 @@ index d6c041b..ba118f3 100644 #include #include #include -@@ -15,13 +16,14 @@ +@@ -15,21 +16,22 @@ #include int permanent = 0; @@ -287482,16 +287495,17 @@ index d6c041b..ba118f3 100644 stderr); exit(1); } -@@ -29,7 +31,7 @@ void usage(void) + int main(int argc, char **argv) { - size_t rc, start; +- size_t rc, start; - ++ size_t rc; + int clflag; /* holds codes for command line flags */ if (argc < 2) usage(); -@@ -38,14 +40,30 @@ int main(int argc, char **argv) +@@ -38,37 +40,52 @@ int main(int argc, char **argv) return 1; } @@ -287524,11 +287538,39 @@ index d6c041b..ba118f3 100644 + usage(); + } -+ start = argc-optind; /* Check to see which way we are being called. If a '=' is passed, we'll enforce the list syntax. If not we'll enforce the original syntax for backward compatibility. */ -@@ -165,7 +183,7 @@ static int semanage_set_boolean_list(size_t boolcnt, +- if (strchr(argv[start], '=') == 0) { ++ if (strchr(argv[optind], '=') == 0) { + int len; + char *bool_list[1]; + +- if ((argc - start) != 2) ++ if ((argc - optind) != 2) + usage(); + + /* Add 1 for the '=' */ +- len = strlen(argv[start]) + strlen(argv[start + 1]) + 2; ++ len = strlen(argv[optind]) + strlen(argv[optind + 1]) + 2; + bool_list[0] = (char *)malloc(len); + if (bool_list[0] == 0) { + fputs("Out of memory - aborting\n", stderr); + return 1; + } +- snprintf(bool_list[0], len, "%s=%s", argv[start], +- argv[start + 1]); ++ snprintf(bool_list[0], len, "%s=%s", argv[optind], ++ argv[optind + 1]); + rc = setbool(bool_list, 0, 1); + free(bool_list[0]); + } else +- rc = setbool(argv, start, argc); ++ rc = setbool(argv, optind, argc); + + return rc; + } +@@ -165,7 +182,7 @@ static int semanage_set_boolean_list(size_t boolcnt, boolean = NULL; } diff --git a/policycoreutils.spec b/policycoreutils.spec index 90cbdfa..d4a4a46 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.11 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -340,6 +340,10 @@ fi %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Thu May 24 2012 Dan Walsh - 2.1.11-16 +- Fix setsebool command, handling of = broken. +- Add missing error option in booleansPage + * Fri May 18 2012 Dan Walsh - 2.1.11-15 - Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen - Trigger on selinux-policy needs to change to selinux-policy-devel