Fix setsebool command, handling of = broken.

- Add missing error option in booleansPage
This commit is contained in:
Dan Walsh 2012-05-24 05:55:35 -04:00
parent 1b634710d1
commit 03b8834355
2 changed files with 62 additions and 16 deletions

View File

@ -89,10 +89,10 @@ index 0000000..53efa84
+relabel: +relabel:
diff --git a/policycoreutils/gui/booleansPage.py b/policycoreutils/gui/booleansPage.py diff --git a/policycoreutils/gui/booleansPage.py b/policycoreutils/gui/booleansPage.py
new file mode 100644 new file mode 100644
index 0000000..dca786d index 0000000..1216255
--- /dev/null --- /dev/null
+++ b/policycoreutils/gui/booleansPage.py +++ b/policycoreutils/gui/booleansPage.py
@@ -0,0 +1,247 @@ @@ -0,0 +1,258 @@
+# +#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# booleansPage.py - GUI for Booleans page in system-config-securitylevel
+# +#
@ -233,6 +233,15 @@ index 0000000..dca786d
+ self.filter="" + self.filter=""
+ self.load(self.filter) + self.load(self.filter)
+ +
+ def error(self, message):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
+ gtk.BUTTONS_CLOSE,
+ message)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ dlg.run()
+ dlg.destroy()
+
+ def __search(self, model, col, key, i): + def __search(self, model, col, key, i):
+ sort_col = self.store.get_sort_column_id()[0] + sort_col = self.store.get_sort_column_id()[0]
+ if sort_col > 0: + if sort_col > 0:
@ -310,8 +319,10 @@ index 0000000..dca786d
+ key = self.store.get_value(iter, BOOLEAN) + key = self.store.get_value(iter, BOOLEAN)
+ self.store.set_value(iter, ACTIVE , not val) + self.store.set_value(iter, ACTIVE , not val)
+ self.wait() + self.wait()
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) + setsebool="/usr/sbin/setsebool -P %s %d" % (key, not val)
+ commands.getstatusoutput(setsebool) + rc,out = commands.getstatusoutput(setsebool)
+ if rc != 0:
+ self.error(out)
+ self.load(self.filter) + self.load(self.filter)
+ self.ready() + self.ready()
+ +
@ -5946,10 +5957,10 @@ index 0000000..55bad9d
+</glade-interface> +</glade-interface>
diff --git a/policycoreutils/gui/polgen.py b/policycoreutils/gui/polgen.py diff --git a/policycoreutils/gui/polgen.py b/policycoreutils/gui/polgen.py
new file mode 100644 new file mode 100644
index 0000000..5a73fa3 index 0000000..2a7c61e
--- /dev/null --- /dev/null
+++ b/policycoreutils/gui/polgen.py +++ b/policycoreutils/gui/polgen.py
@@ -0,0 +1,1370 @@ @@ -0,0 +1,1372 @@
+#!/usr/bin/python -Es +#!/usr/bin/python -Es
+# +#
+# Copyright (C) 2007-2012 Red Hat +# Copyright (C) 2007-2012 Red Hat
@ -7306,9 +7317,11 @@ index 0000000..5a73fa3
+ usage(_("Executable or Name required")) + usage(_("Executable or Name required"))
+ +
+ try: + try:
+ cmd = os.path.realpath(cmds[0])
+ if not name: + if not name:
+ name = os.path.basename(cmds[0]).replace("-","_") + name = os.path.basename(cmd).replace("-","_")
+ cmd = cmds[0] +
+ print("Generating Policy for %s named %s" % (cmd, name))
+ mypolicy = policy(name, setype) + mypolicy = policy(name, setype)
+ if setype not in USERS + [ SANDBOX ]: + if setype not in USERS + [ SANDBOX ]:
+ mypolicy.set_program(cmd) + mypolicy.set_program(cmd)
@ -287455,7 +287468,7 @@ index 2b66bad..38abeb8 100644
This manual page was written by Dan Walsh <dwalsh@redhat.com>. This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Tresys Technology. The program was written by Tresys Technology.
diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c
index d6c041b..ba118f3 100644 index d6c041b..db1d1e1 100644
--- a/policycoreutils/setsebool/setsebool.c --- a/policycoreutils/setsebool/setsebool.c
+++ b/policycoreutils/setsebool/setsebool.c +++ b/policycoreutils/setsebool/setsebool.c
@@ -6,6 +6,7 @@ @@ -6,6 +6,7 @@
@ -287466,7 +287479,7 @@ index d6c041b..ba118f3 100644
#include <pwd.h> #include <pwd.h>
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <semanage/handle.h> #include <semanage/handle.h>
@@ -15,13 +16,14 @@ @@ -15,21 +16,22 @@
#include <errno.h> #include <errno.h>
int permanent = 0; int permanent = 0;
@ -287482,16 +287495,17 @@ index d6c041b..ba118f3 100644
stderr); stderr);
exit(1); exit(1);
} }
@@ -29,7 +31,7 @@ void usage(void)
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
size_t rc, start; - size_t rc, start;
- -
+ size_t rc;
+ int clflag; /* holds codes for command line flags */ + int clflag; /* holds codes for command line flags */
if (argc < 2) if (argc < 2)
usage(); usage();
@@ -38,14 +40,30 @@ int main(int argc, char **argv) @@ -38,37 +40,52 @@ int main(int argc, char **argv)
return 1; return 1;
} }
@ -287524,11 +287538,39 @@ index d6c041b..ba118f3 100644
+ usage(); + usage();
+ } + }
+ start = argc-optind;
/* Check to see which way we are being called. If a '=' is passed, /* Check to see which way we are being called. If a '=' is passed,
we'll enforce the list syntax. If not we'll enforce the original we'll enforce the list syntax. If not we'll enforce the original
syntax for backward compatibility. */ syntax for backward compatibility. */
@@ -165,7 +183,7 @@ static int semanage_set_boolean_list(size_t boolcnt, - if (strchr(argv[start], '=') == 0) {
+ if (strchr(argv[optind], '=') == 0) {
int len;
char *bool_list[1];
- if ((argc - start) != 2)
+ if ((argc - optind) != 2)
usage();
/* Add 1 for the '=' */
- len = strlen(argv[start]) + strlen(argv[start + 1]) + 2;
+ len = strlen(argv[optind]) + strlen(argv[optind + 1]) + 2;
bool_list[0] = (char *)malloc(len);
if (bool_list[0] == 0) {
fputs("Out of memory - aborting\n", stderr);
return 1;
}
- snprintf(bool_list[0], len, "%s=%s", argv[start],
- argv[start + 1]);
+ snprintf(bool_list[0], len, "%s=%s", argv[optind],
+ argv[optind + 1]);
rc = setbool(bool_list, 0, 1);
free(bool_list[0]);
} else
- rc = setbool(argv, start, argc);
+ rc = setbool(argv, optind, argc);
return rc;
}
@@ -165,7 +182,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
boolean = NULL; boolean = NULL;
} }

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.11 Version: 2.1.11
Release: 15%{?dist} Release: 16%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -340,6 +340,10 @@ fi
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu May 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-16
- Fix setsebool command, handling of = broken.
- Add missing error option in booleansPage
* Fri May 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-15 * Fri May 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-15
- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen - Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
- Trigger on selinux-policy needs to change to selinux-policy-devel - Trigger on selinux-policy needs to change to selinux-policy-devel