From 056cb287fa4121d169c07bdc112661d7317699d0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 23 Jul 2015 14:24:40 +0200 Subject: [PATCH] Improve compatibility with python 3 --- policycoreutils-rhat.patch | 758 +++++++++++++++++++++++++++++++++++-- policycoreutils.spec | 2 +- sepolgen-rhat.patch | 11 + 3 files changed, 728 insertions(+), 43 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index bae6eb3..4bb9d38 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -9,18 +9,287 @@ index 962ac12..6a9c40c 100644 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --git a/policycoreutils-2.4/audit2allow/audit2allow b/policycoreutils-2.4/audit2allow/audit2allow -index c9713a2..5c5bd6e 100644 +index c9713a2..167e135 100644 --- a/policycoreutils-2.4/audit2allow/audit2allow +++ b/policycoreutils-2.4/audit2allow/audit2allow -@@ -271,7 +271,7 @@ class AuditToPolicy: - if rc == audit2why.CONSTRAINT: - print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" - print "#Constraint rule:" -- print "\n\t" + data[0] -+ print "\n#\t" + data[0] - for reason in data[1:]: - print "#\tPossible cause is the source %s and target %s are different.\n" % reason +@@ -135,13 +135,13 @@ class AuditToPolicy: + elif self.__options.audit: + try: + messages = audit.get_audit_msgs() +- except OSError, e: ++ except OSError as e: + sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) + sys.exit(1) + elif self.__options.boot: + try: + messages = audit.get_audit_boot_msgs() +- except OSError, e: ++ except OSError as e: + sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) + sys.exit(1) + else: +@@ -152,7 +152,7 @@ class AuditToPolicy: + if filename is not None: + try: + f = open(filename) +- except IOError, e: ++ except IOError as e: + sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e))) + sys.exit(1) +@@ -214,7 +214,7 @@ class AuditToPolicy: + + try: + fd = open(filename, "w") +- except IOError, e: ++ except IOError as e: + sys.stderr.write("could not write output file: %s\n" % str(e)) + sys.exit(1) + +@@ -225,8 +225,8 @@ class AuditToPolicy: + + try: + mc.create_module_package(filename, self.__options.refpolicy) +- except RuntimeError, e: +- print e ++ except RuntimeError as e: ++ print(e) + sys.exit(1) + + sys.stdout.write(_("******************** IMPORTANT ***********************\n")) +@@ -240,44 +240,44 @@ class AuditToPolicy: + rc = i.type + data = i.data + if rc >= 0: +- print "%s\n\tWas caused by:" % i.message ++ print("%s\n\tWas caused by:" % i.message) + if rc == audit2why.ALLOW: +- print "\t\tUnknown - would be allowed by active policy\n", +- print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" +- print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" ++ print("\t\tUnknown - would be allowed by active policy") ++ print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n") ++ print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n") + continue + if rc == audit2why.DONTAUDIT: +- print "\t\tUnknown - should be dontaudit'd by active policy\n", +- print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" +- print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" ++ print("\t\tUnknown - should be dontaudit'd by active policy") ++ print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n") ++ print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n") + continue + if rc == audit2why.BOOLEAN: + if len(data) > 1: +- print "\tOne of the following booleans was set incorrectly." ++ print("\tOne of the following booleans was set incorrectly.") + for b in data: +- print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]) +- print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]) ++ print("\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])) ++ print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])) + else: +- print "\tThe boolean %s was set incorrectly. " % (data[0][0]) +- print "\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0]) +- print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]) ++ print("\tThe boolean %s was set incorrectly. " % (data[0][0])) ++ print("\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0])) ++ print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1])) + continue + + if rc == audit2why.TERULE: +- print "\t\tMissing type enforcement (TE) allow rule.\n" +- print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n" ++ print("\t\tMissing type enforcement (TE) allow rule.\n") ++ print("\t\tYou can use audit2allow to generate a loadable module to allow this access.\n") + continue + + if rc == audit2why.CONSTRAINT: +- print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" +- print "#Constraint rule:" +- print "\n\t" + data[0] ++ print() #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" ++ print("#Constraint rule:") ++ print("\n#\t" + data[0]) + for reason in data[1:]: +- print "#\tPossible cause is the source %s and target %s are different.\n" % reason ++ print("#\tPossible cause is the source %s and target %s are different.\n" % reason) + + if rc == audit2why.RBAC: +- print "\t\tMissing role allow rule.\n" +- print "\t\tAdd an allow rule for the role pair.\n" ++ print("\t\tMissing role allow rule.\n") ++ print("\t\tAdd an allow rule for the role pair.\n") + continue + + audit2why.finish() +@@ -288,8 +288,8 @@ class AuditToPolicy: + if self.__options.audit2why: + try: + return self.__output_audit2why() +- except RuntimeError, e: +- print e ++ except RuntimeError as e: ++ print(e) + sys.exit(1) + + g = policygen.PolicyGenerator() +@@ -348,11 +348,11 @@ class AuditToPolicy: + self.__output() + except KeyboardInterrupt: + sys.exit(0) +- except ValueError, e: +- print e ++ except ValueError as e: ++ print(e) + sys.exit(1) +- except IOError, e: +- print e ++ except IOError as e: ++ print(e) + sys.exit(1) + + if __name__ == "__main__": +diff --git a/policycoreutils-2.4/audit2allow/audit2why b/policycoreutils-2.4/audit2allow/audit2why +index 323eddd..09422a2 100644 +--- a/policycoreutils-2.4/audit2allow/audit2why ++++ b/policycoreutils-2.4/audit2allow/audit2why +@@ -135,13 +135,13 @@ class AuditToPolicy: + elif self.__options.audit: + try: + messages = audit.get_audit_msgs() +- except OSError, e: ++ except OSError as e: + sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) + sys.exit(1) + elif self.__options.boot: + try: + messages = audit.get_audit_boot_msgs() +- except OSError, e: ++ except OSError as e: + sys.stderr.write('could not run ausearch - "%s"\n' % str(e)) + sys.exit(1) + else: +@@ -152,7 +152,7 @@ class AuditToPolicy: + if filename is not None: + try: + f = open(filename) +- except IOError, e: ++ except IOError as e: + sys.stderr.write('could not open file %s - "%s"\n' % (filename, str(e))) + sys.exit(1) + +@@ -214,7 +214,7 @@ class AuditToPolicy: + + try: + fd = open(filename, "w") +- except IOError, e: ++ except IOError as e: + sys.stderr.write("could not write output file: %s\n" % str(e)) + sys.exit(1) + +@@ -225,8 +225,8 @@ class AuditToPolicy: + + try: + mc.create_module_package(filename, self.__options.refpolicy) +- except RuntimeError, e: +- print e ++ except RuntimeError as e: ++ print(e) + sys.exit(1) + + sys.stdout.write(_("******************** IMPORTANT ***********************\n")) +@@ -240,43 +240,43 @@ class AuditToPolicy: + rc = i.type + data = i.data + if rc >= 0: +- print "%s\n\tWas caused by:" % i.message ++ print("%s\n\tWas caused by:" % i.message) + if rc == audit2why.ALLOW: +- print "\t\tUnknown - would be allowed by active policy\n", +- print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" +- print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" ++ print("\t\tUnknown - would be allowed by active policy") ++ print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n") ++ print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n") + continue + if rc == audit2why.DONTAUDIT: +- print "\t\tUnknown - should be dontaudit'd by active policy\n", +- print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" +- print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n" ++ print("\t\tUnknown - should be dontaudit'd by active policy") ++ print("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n") ++ print("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n") + continue + if rc == audit2why.BOOLEAN: + if len(data) > 1: +- print "\tOne of the following booleans was set incorrectly." ++ print("\tOne of the following booleans was set incorrectly.") + for b in data: +- print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]) +- print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]) ++ print("\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])) ++ print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])) + else: +- print "\tThe boolean %s was set incorrectly. " % (data[0][0]) +- print "\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0]) +- print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]) ++ print("\tThe boolean %s was set incorrectly. " % (data[0][0])) ++ print("\tDescription:\n\t%s\n" % seobject.boolean_desc(data[0][0])) ++ print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1])) + continue + + if rc == audit2why.TERULE: +- print "\t\tMissing type enforcement (TE) allow rule.\n" +- print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n" ++ print("\t\tMissing type enforcement (TE) allow rule.\n") ++ print("\t\tYou can use audit2allow to generate a loadable module to allow this access.\n") + continue + + if rc == audit2why.CONSTRAINT: +- print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" +- print "#Constraint rule: \n\t" + data[0] ++ print() #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" ++ print("#Constraint rule: \n\t" + data[0]) + for reason in data[1:]: +- print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason ++ print("#\tPossible cause is the source %s and target %s are different.\n\b" % reason) + + if rc == audit2why.RBAC: +- print "\t\tMissing role allow rule.\n" +- print "\t\tAdd an allow rule for the role pair.\n" ++ print("\t\tMissing role allow rule.\n") ++ print("\t\tAdd an allow rule for the role pair.\n") + continue + + audit2why.finish() +@@ -287,8 +287,8 @@ class AuditToPolicy: + if self.__options.audit2why: + try: + return self.__output_audit2why() +- except RuntimeError, e: +- print e ++ except RuntimeError as e: ++ print(e) + sys.exit(1) + + g = policygen.PolicyGenerator() +@@ -347,11 +347,11 @@ class AuditToPolicy: + self.__output() + except KeyboardInterrupt: + sys.exit(0) +- except ValueError, e: +- print e ++ except ValueError as e: ++ print(e) + sys.exit(1) +- except IOError, e: +- print e ++ except IOError as e: ++ print(e) + sys.exit(1) + + if __name__ == "__main__": diff --git a/policycoreutils-2.4/audit2allow/sepolgen-ifgen b/policycoreutils-2.4/audit2allow/sepolgen-ifgen index 83c7ecf..7f8caaf 100644 --- a/policycoreutils-2.4/audit2allow/sepolgen-ifgen @@ -65,6 +334,33 @@ index 83c7ecf..7f8caaf 100644 return 1 if_set = interfaces.InterfaceSet(output=log) +diff --git a/policycoreutils-2.4/audit2allow/test_audit2allow.py b/policycoreutils-2.4/audit2allow/test_audit2allow.py +index 794673e..d6bd60b 100644 +--- a/policycoreutils-2.4/audit2allow/test_audit2allow.py ++++ b/policycoreutils-2.4/audit2allow/test_audit2allow.py +@@ -4,18 +4,18 @@ from subprocess import Popen, PIPE + + class Audit2allowTests(unittest.TestCase): + def assertDenied(self, err): +- self.assert_('Permission denied' in err, ++ self.assertTrue('Permission denied' in err, + '"Permission denied" not found in %r' % err) + def assertNotFound(self, err): +- self.assert_('not found' in err, ++ self.assertTrue('not found' in err, + '"not found" not found in %r' % err) + + def assertFailure(self, status): +- self.assert_(status != 0, ++ self.assertTrue(status != 0, + '"Succeeded when it should have failed') + + def assertSuccess(self, cmd, status, err): +- self.assert_(status == 0, ++ self.assertTrue(status == 0, + '"%s should have succeeded for this test %r' % (cmd, err)) + + def test_sepolgen_ifgen(self): diff --git a/policycoreutils-2.4/gui/Makefile b/policycoreutils-2.4/gui/Makefile index 9d9f820..0c2b390 100644 --- a/policycoreutils-2.4/gui/Makefile @@ -654485,6 +654781,367 @@ index b306041..16eb50b 100644 +#: ../sepolicy/sepolicy/gui.py:2777 msgid "Loss of data Dialog" msgstr "" +diff --git a/policycoreutils-2.4/sandbox/sandbox b/policycoreutils-2.4/sandbox/sandbox +index 3678c5d..fb64464 100644 +--- a/policycoreutils-2.4/sandbox/sandbox ++++ b/policycoreutils-2.4/sandbox/sandbox +@@ -25,7 +25,6 @@ import selinux + import signal + from tempfile import mkdtemp + import pwd +-import commands + import sepolicy + + PROGNAME = "policycoreutils" +@@ -36,13 +35,16 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale") + gettext.textdomain(PROGNAME) + + try: +- gettext.install(PROGNAME, +- localedir = "/usr/share/locale", +- unicode=False, +- codeset = 'utf-8') ++ gettext.install(PROGNAME, ++ localedir = "/usr/share/locale", ++ codeset = 'utf-8') + except IOError: +- import __builtin__ +- __builtin__.__dict__['_'] = unicode ++ try: ++ import builtins ++ builtins.__dict__['_'] = str ++ except ImportError: ++ import __builtin__ ++ __builtin__.__dict__['_'] = unicode + + DEFAULT_WINDOWSIZE = "1000x700" + DEFAULT_TYPE = "sandbox_t" +@@ -86,7 +88,7 @@ def copyfile(file, srcdir, dest): + else: + shutil.copy2(file, dest) + +- except shutil.Error, elist: ++ except shutil.Error as elist: + for e in elist.message: + sys.stderr.write(e[2]) + +@@ -107,7 +109,11 @@ def savefile(new, orig, X_ind): + if rc == gtk.RESPONSE_YES: + copy = True + else: +- ans = raw_input(_("Do you want to save changes to '%s' (y/N): ") % orig) ++ try: ++ input = raw_input ++ except NameError: ++ pass ++ ans = input(_("Do you want to save changes to '%s' (y/N): ") % orig) + if(re.match(_("[yY]"),ans)): + copy = True + if(copy): +@@ -228,9 +234,9 @@ class Sandbox: + for i in fd.readlines(): + try: + self.__include(option, opt, i[:-1], parser) +- except IOError, e: ++ except IOError as e: + sys.stderr.write(str(e)) +- except TypeError, e: ++ except TypeError as e: + sys.stderr.write(str(e)) + fd.close() + +@@ -263,7 +269,7 @@ dbus-launch --exit-with-session %s + kill -TERM $WM_PID 2> /dev/null + """ % (command, wm, command)) + fd.close() +- os.chmod(execfile, 0700) ++ os.chmod(execfile, 0o700) + + def usage(self, message = ""): + error_exit("%s\n%s" % (self.__parser.usage, message)) +@@ -492,13 +498,13 @@ if __name__ == '__main__': + try: + sandbox = Sandbox() + rc = sandbox.main() +- except OSError, error: ++ except OSError as error: + error_exit(error) +- except ValueError, error: ++ except ValueError as error: + error_exit(error.args[0]) +- except KeyError, error: ++ except KeyError as error: + error_exit(_("Invalid value %s") % error.args[0]) +- except IOError, error: ++ except IOError as error: + error_exit(error) + except KeyboardInterrupt: + rc = 0 +diff --git a/policycoreutils-2.4/sandbox/start b/policycoreutils-2.4/sandbox/start +index 52950d7..d895ba2 100644 +--- a/policycoreutils-2.4/sandbox/start ++++ b/policycoreutils-2.4/sandbox/start +@@ -1,9 +1,9 @@ + #! /usr/bin/python -Es +-import gtk, commands, sys ++import gtk, subprocess, sys + rc = [-1,''] + try: +- rc=commands.getstatusoutput(sys.argv[1]) ++ rc=subprocess.getstatusoutput(sys.argv[1]) + except: + pass + if rc[0] == 0: +- print rc[1] ++ print(rc[1]) +diff --git a/policycoreutils-2.4/sandbox/test_sandbox.py b/policycoreutils-2.4/sandbox/test_sandbox.py +index b3b7f64..d765cb4 100644 +--- a/policycoreutils-2.4/sandbox/test_sandbox.py ++++ b/policycoreutils-2.4/sandbox/test_sandbox.py +@@ -4,18 +4,18 @@ from subprocess import Popen, PIPE + + class SandboxTests(unittest.TestCase): + def assertDenied(self, err): +- self.assert_('Permission denied' in err, ++ self.assertTrue(b'Permission denied' in err, + '"Permission denied" not found in %r' % err) + def assertNotFound(self, err): +- self.assert_('not found' in err, ++ self.assertTrue(b'not found' in err, + '"not found" not found in %r' % err) + + def assertFailure(self, status): +- self.assert_(status != 0, ++ self.assertTrue(status != 0, + '"Succeeded when it should have failed') + + def assertSuccess(self, status, err): +- self.assert_(status == 0, ++ self.assertTrue(status == 0, + '"Sandbox should have succeeded for this test %r' % err) + + def test_simple_success(self): +@@ -23,7 +23,7 @@ class SandboxTests(unittest.TestCase): + p1 = Popen(['cat', '/etc/passwd'], stdout = PIPE) + p2 = Popen(['sandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE) + out, err = p2.communicate() +- self.assert_('root' in out) ++ self.assertTrue(b'root' in out) + + def test_cant_kill(self): + "Verify that we cannot send kill signal in the sandbox" +@@ -95,4 +95,4 @@ if __name__ == "__main__": + if selinux.security_getenforce() == 1: + unittest.main() + else: +- print "SELinux must be in enforcing mode for this test" ++ print("SELinux must be in enforcing mode for this test") +diff --git a/policycoreutils-2.4/scripts/chcat b/policycoreutils-2.4/scripts/chcat +index 9efcb22..21212be 100755 +--- a/policycoreutils-2.4/scripts/chcat ++++ b/policycoreutils-2.4/scripts/chcat +@@ -22,15 +22,19 @@ + # 02111-1307 USA + # + # +-import commands, sys, os, pwd, string, getopt, selinux ++import subprocess, sys, os, pwd, string, getopt, selinux + import seobject + import gettext + + try: + gettext.install('policycoreutils') + except IOError: +- import __builtin__ +- __builtin__.__dict__['_'] = unicode ++ try: ++ import builtins ++ builtins.__dict__['_'] = str ++ except ImportError: ++ import __builtin__ ++ __builtin__.__dict__['_'] = unicode + + def errorExit(error): + sys.stderr.write("%s: " % sys.argv[0]) +@@ -80,9 +84,9 @@ def chcat_user_add(newcat, users): + cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) + else: + cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) +- rc = commands.getstatusoutput(cmd) ++ rc = subprocess.getstatusoutput(cmd) + if rc[0] != 0: +- print rc[1] ++ print(rc[1]) + errors += 1 + + return errors +@@ -107,7 +111,7 @@ def chcat_add(orig, newcat, objects,login_ind): + + if len(clist) > 1: + if cat in clist[1:]: +- print _("%s is already in %s") % (f, orig) ++ print(_("%s is already in %s") % (f, orig)) + continue + clist.append(cat) + cats = clist[1:] +@@ -118,9 +122,9 @@ def chcat_add(orig, newcat, objects,login_ind): + else: + cat_string = cat + cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f) +- rc = commands.getstatusoutput(cmd) ++ rc = subprocess.getstatusoutput(cmd) + if rc[0] != 0: +- print rc[1] ++ print(rc[1]) + errors += 1 + return errors + +@@ -158,9 +162,9 @@ def chcat_user_remove(newcat, users): + cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) + else: + cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) +- rc = commands.getstatusoutput(cmd) ++ rc = subprocess.getstatusoutput(cmd) + if rc[0] != 0: +- print rc[1] ++ print(rc[1]) + errors += 1 + return errors + +@@ -185,7 +189,7 @@ def chcat_remove(orig, newcat, objects, login_ind): + + if len(clist) > 1: + if cat not in clist[1:]: +- print _("%s is not in %s") % (f, orig) ++ print(_("%s is not in %s") % (f, orig)) + continue + clist.remove(cat) + if len(clist) > 1: +@@ -195,16 +199,16 @@ def chcat_remove(orig, newcat, objects, login_ind): + else: + cat = "" + else: +- print _("%s is not in %s") % (f, orig) ++ print(_("%s is not in %s") % (f, orig)) + continue + + if len(cat) == 0: + cmd = 'chcon -l %s %s' % (sensitivity, f) + else: + cmd = 'chcon -l %s:%s %s' % (sensitivity,cat, f) +- rc = commands.getstatusoutput(cmd) ++ rc = subprocess.getstatusoutput(cmd) + if rc[0] != 0: +- print rc[1] ++ print(rc[1]) + errors += 1 + return errors + +@@ -229,9 +233,9 @@ def chcat_user_replace(newcat, users): + cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) + else: + cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) +- rc = commands.getstatusoutput(cmd) ++ rc = subprocess.getstatusoutput(cmd) + if rc[0] != 0: +- print rc[1] ++ print(rc[1]) + errors += 1 + return errors + +@@ -251,9 +255,9 @@ def chcat_replace(newcat, objects, login_ind): + for f in objects: + cmd = "%s %s" % (cmd, f) + +- rc = commands.getstatusoutput(cmd) ++ rc = subprocess.getstatusoutput(cmd) + if rc[0] != 0: +- print rc[1] ++ print(rc[1]) + errors += 1 + + return errors +@@ -322,18 +326,18 @@ def translate(cats): + return newcat + + def usage(): +- print _("Usage %s CATEGORY File ...") % sys.argv[0] +- print _("Usage %s -l CATEGORY user ...") % sys.argv[0] +- print _("Usage %s [[+|-]CATEGORY],...]q File ...") % sys.argv[0] +- print _("Usage %s -l [[+|-]CATEGORY],...]q user ...") % sys.argv[0] +- print _("Usage %s -d File ...") % sys.argv[0] +- print _("Usage %s -l -d user ...") % sys.argv[0] +- print _("Usage %s -L") % sys.argv[0] +- print _("Usage %s -L -l user") % sys.argv[0] +- print _("Use -- to end option list. For example") +- print _("chcat -- -CompanyConfidential /docs/businessplan.odt") +- print _("chcat -l +CompanyConfidential juser") +- sys.exit(1) ++ print(_("Usage %s CATEGORY File ...") % sys.argv[0]) ++ print(_("Usage %s -l CATEGORY user ...") % sys.argv[0]) ++ print(_("Usage %s [[+|-]CATEGORY],...]q File ...") % sys.argv[0]) ++ print(_("Usage %s -l [[+|-]CATEGORY],...]q user ...") % sys.argv[0]) ++ print(_("Usage %s -d File ...") % sys.argv[0]) ++ print(_("Usage %s -l -d user ...") % sys.argv[0]) ++ print(_("Usage %s -L") % sys.argv[0]) ++ print(_("Usage %s -L -l user") % sys.argv[0]) ++ print(_("Use -- to end option list. For example")) ++ print(_("chcat -- -CompanyConfidential /docs/businessplan.odt")) ++ print(_("chcat -l +CompanyConfidential juser")) ++ sys.exit(1) + + def listcats(): + fd = open(selinux.selinux_translations_path()) +@@ -342,7 +346,7 @@ def listcats(): + continue + if l.find("=") != -1: + rec = l.split("=") +- print "%-30s %s" % tuple(rec) ++ print("%-30s %s" % tuple(rec)) + fd.close() + return 0 + +@@ -356,12 +360,12 @@ def listusercats(users): + cats = seobject.translate(selinux.getseuserbyname(u)[2]) + cats = cats.split("-") + if len(cats) > 1 and cats[1] != "s0": +- print "%s: %s" % (u, cats[1]) ++ print("%s: %s" % (u, cats[1])) + else: +- print "%s: %s" % (u, cats[0]) ++ print("%s: %s" % (u, cats[0])) + + def error(msg): +- print "%s: %s" % (sys.argv[0], msg) ++ print("%s: %s" % (sys.argv[0], msg)) + sys.exit(1) + + if __name__ == '__main__': +@@ -395,10 +399,10 @@ if __name__ == '__main__': + if list_ind == 0 and len(cmds) < 1: + usage() + +- except getopt.error, error: ++ except getopt.error as error: + errorExit(_("Options Error %s ") % error.msg) + +- except ValueError, e: ++ except ValueError as e: + usage() + + if delete_ind: +@@ -433,9 +437,9 @@ if __name__ == '__main__': + if len(c) > 0 and c[0] == "-": + errors += chcat_remove(c[1:],translate(l), objects, login_ind) + continue +- except ValueError, e: ++ except ValueError as e: + error(e) +- except OSError, e: ++ except OSError as e: + error(e) + + sys.exit(errors) diff --git a/policycoreutils-2.4/scripts/fixfiles b/policycoreutils-2.4/scripts/fixfiles index 5c29eb9..db53c0b 100755 --- a/policycoreutils-2.4/scripts/fixfiles @@ -654686,10 +655343,10 @@ index 0000000..e2befdb + packages=["policycoreutils"], +) diff --git a/policycoreutils-2.4/semanage/semanage b/policycoreutils-2.4/semanage/semanage -index dd63010..7f32b40 100644 +index dd63010..fa02242 100644 --- a/policycoreutils-2.4/semanage/semanage +++ b/policycoreutils-2.4/semanage/semanage -@@ -18,24 +18,34 @@ +@@ -18,24 +18,38 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software @@ -654716,22 +655373,26 @@ index dd63010..7f32b40 100644 - localedir="/usr/share/locale", - unicode=True, - codeset = 'utf-8') ++ kwargs = {} ++ if sys.version_info < (3,): ++ kwargs['unicode'] = True + gettext.install(PROGNAME, -+ unicode=True, -+ codeset = 'utf-8') -+except TypeError: -+ # Failover to python3 install -+ gettext.install(PROGNAME, -+ codeset = 'utf-8') ++ localedir="/usr/share/locale", ++ codeset = 'utf-8', ++ **kwargs) except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode -+ import builtins -+ builtins.__dict__['_'] = str ++ try: ++ import builtins ++ builtins.__dict__['_'] = str ++ except ImportError: ++ import __builtin__ ++ __builtin__.__dict__['_'] = unicode # define custom usages for selected main actions usage_login = "semanage login [-h] [-n] [-N] [-s STORE] [" -@@ -61,16 +71,16 @@ usage_boolean_dict = {' --modify':('(','--on','|','--off',')','boolean'), ' --li +@@ -61,16 +75,16 @@ usage_boolean_dict = {' --modify':('(','--on','|','--off',')','boolean'), ' --li import sepolicy class CheckRole(argparse.Action): @@ -654758,7 +655419,7 @@ index dd63010..7f32b40 100644 store = '' class SetStore(argparse.Action): -@@ -103,7 +113,7 @@ class SetImportFile(argparse.Action): +@@ -103,7 +117,7 @@ class SetImportFile(argparse.Action): if values and values is not "-": try: sys.stdin = open(values, 'r') @@ -654767,7 +655428,7 @@ index dd63010..7f32b40 100644 sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) sys.exit(1) setattr(namespace, self.dest, values) -@@ -155,7 +165,7 @@ object_dict = {'login':login_ini, 'user':user_ini, 'port':port_ini, 'module':mod +@@ -155,7 +169,7 @@ object_dict = {'login':login_ini, 'user':user_ini, 'port':port_ini, 'module':mod def generate_custom_usage(usage_text,usage_dict): # generate custom usage from given text and dictonary sorted_keys = [] @@ -654776,7 +655437,7 @@ index dd63010..7f32b40 100644 sorted_keys.append(i) sorted_keys.sort() for k in sorted_keys: -@@ -170,18 +180,18 @@ def handle_opts(args,dict,target_key): +@@ -170,18 +184,18 @@ def handle_opts(args,dict,target_key): # {action:[conflict_opts,require_opts]} # first we need to catch conflicts @@ -654799,7 +655460,7 @@ index dd63010..7f32b40 100644 sys.exit(2) except KeyError: continue -@@ -207,7 +217,7 @@ def handleLogin(args): +@@ -207,7 +221,7 @@ def handleLogin(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654808,7 +655469,7 @@ index dd63010..7f32b40 100644 def parser_add_store(parser, name): parser.add_argument('-S', '--store', action=SetStore, help=_("Select an alternate SELinux Policy Store to manage")) -@@ -292,7 +302,7 @@ def handleFcontext(args): +@@ -292,7 +306,7 @@ def handleFcontext(args): fcontext_equal_args = {'equal':[('list','locallist','type','ftype','seuser','deleteall','extract'),()]} if args.action is None: @@ -654817,7 +655478,7 @@ index dd63010..7f32b40 100644 sys.exit(2) elif args.action and args.equal: handle_opts(args, fcontext_equal_args, "equal") -@@ -323,7 +333,7 @@ def handleFcontext(args): +@@ -323,7 +337,7 @@ def handleFcontext(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654826,7 +655487,7 @@ index dd63010..7f32b40 100644 def setupFcontextParser(subparsers): ftype_help = ''' -@@ -381,7 +391,7 @@ def handleUser(args): +@@ -381,7 +395,7 @@ def handleUser(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654835,7 +655496,7 @@ index dd63010..7f32b40 100644 def setupUserParser(subparsers): generated_usage = generate_custom_usage(usage_user, usage_user_dict) -@@ -430,7 +440,7 @@ def handlePort(args): +@@ -430,7 +444,7 @@ def handlePort(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654844,7 +655505,7 @@ index dd63010..7f32b40 100644 def setupPortParser(subparsers): generated_usage = generate_custom_usage(usage_port, usage_port_dict) -@@ -473,7 +483,7 @@ def handleInterface(args): +@@ -473,7 +487,7 @@ def handleInterface(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654853,7 +655514,7 @@ index dd63010..7f32b40 100644 def setupInterfaceParser(subparsers): generated_usage = generate_custom_usage(usage_interface, usage_interface_dict) -@@ -512,7 +522,7 @@ def handleModule(args): +@@ -512,7 +526,7 @@ def handleModule(args): OBJECT.list(args.noheading, args.locallist) if args.action is "extract": for i in OBJECT.customized(): @@ -654862,7 +655523,7 @@ index dd63010..7f32b40 100644 def setupModuleParser(subparsers): moduleParser = subparsers.add_parser('module', help=_('Manage SELinux policy modules')) -@@ -552,7 +562,7 @@ def handleNode(args): +@@ -552,7 +566,7 @@ def handleNode(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654871,7 +655532,7 @@ index dd63010..7f32b40 100644 def setupNodeParser(subparsers): generated_usage = generate_custom_usage(usage_node, usage_node_dict) -@@ -580,14 +590,14 @@ def setupNodeParser(subparsers): +@@ -580,14 +594,14 @@ def setupNodeParser(subparsers): def handleBoolean(args): boolean_args = {'list':[('state','boolean'),('')],'modify':[('localist'),('')], 'extract':[('locallist','state','boolean'),('')],'deleteall':[('locallist'),('')],'state':[('locallist','list','extract','deleteall'),('modify')]} if args.action is None: @@ -654889,7 +655550,7 @@ index dd63010..7f32b40 100644 sys.exit(1) else: handle_opts(args,boolean_args,args.action) -@@ -604,7 +614,7 @@ def handleBoolean(args): +@@ -604,7 +618,7 @@ def handleBoolean(args): OBJECT.deleteall() if args.action is "extract": for i in OBJECT.customized(): @@ -654898,21 +655559,21 @@ index dd63010..7f32b40 100644 def setupBooleanParser(subparsers): generated_usage = generate_custom_usage(usage_boolean, usage_boolean_dict) -@@ -670,11 +680,11 @@ def setupDontauditParser(subparsers): +@@ -670,11 +684,11 @@ def setupDontauditParser(subparsers): def handleExport(args): manageditems=[ "boolean", "login", "interface", "user", "port", "node", "fcontext", "module"] for i in manageditems: - print "%s -D" % i -+ print("%s -D" % i) ++ print("%s -D" % i) for i in manageditems: OBJECT = object_dict[i]() for c in OBJECT.customized(): - print "%s %s" % (i, str(c)) -+ print("%s %s" % (i, str(c))) ++ print("%s %s" % (i, str(c))) sys.exit(0) -@@ -743,10 +753,10 @@ def handleImport(args): +@@ -743,10 +757,10 @@ def handleImport(args): commandParser = createCommandParser() args = commandParser.parse_args(mkargv(l)) args.func(args) @@ -654925,7 +655586,7 @@ index dd63010..7f32b40 100644 sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) sys.exit(1) except KeyboardInterrupt: -@@ -764,11 +774,11 @@ def setupImportParser(subparsers): +@@ -764,11 +778,11 @@ def setupImportParser(subparsers): def createCommandParser(): commandParser = seParser(prog='semanage', @@ -654942,7 +655603,7 @@ index dd63010..7f32b40 100644 #To add a new subcommand define the parser for it in a function above and call it here. subparsers = commandParser.add_subparsers(dest='subcommand') setupImportParser(subparsers) -@@ -788,7 +798,7 @@ def createCommandParser(): +@@ -788,7 +802,7 @@ def createCommandParser(): def make_io_args(args): # import/export backward compability @@ -654951,7 +655612,7 @@ index dd63010..7f32b40 100644 args_file = [] args_ie = [] args_subcommand = [] -@@ -808,6 +818,8 @@ def make_io_args(args): +@@ -808,6 +822,8 @@ def make_io_args(args): return args_subcommand+args_ie+args_file def make_args(sys_args): @@ -654960,7 +655621,7 @@ index dd63010..7f32b40 100644 args = [] if "-o" in sys_args[1:] or "-i" in sys_args[1:]: args=make_io_args(sys_args[1:]) -@@ -822,21 +834,21 @@ def do_parser(): +@@ -822,21 +838,21 @@ def do_parser(): args = commandParser.parse_args(make_args(sys.argv)) args.func(args) sys.exit(0) @@ -657309,7 +657970,7 @@ index 0000000..7735c59 + packages=["seobject"], +) diff --git a/policycoreutils-2.4/semanage/test-semanage.py b/policycoreutils-2.4/semanage/test-semanage.py -index d39013e..e847ca7 100644 +index d39013e..e7bd92c 100644 --- a/policycoreutils-2.4/semanage/test-semanage.py +++ b/policycoreutils-2.4/semanage/test-semanage.py @@ -9,18 +9,18 @@ object_list = [ 'login', 'user', 'port', 'module', 'interface', 'node', 'fcontex @@ -657335,6 +657996,19 @@ index d39013e..e847ca7 100644 def test_extract(self): for object in object_list: +@@ -273,10 +273,10 @@ if __name__ == "__main__": + args = parser.parse_args() + args.func(args) + sys.exit(0) +- except ValueError,e: ++ except ValueError as e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) +- except IOError,e: ++ except IOError as e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) + except KeyboardInterrupt: diff --git a/policycoreutils-2.4/sepolicy/common.h b/policycoreutils-2.4/sepolicy/common.h index dc3ce6a..3b93845 100644 --- a/policycoreutils-2.4/sepolicy/common.h diff --git a/policycoreutils.spec b/policycoreutils.spec index 18c4fef..e3c4a15 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2 Source3: system-config-selinux.png Source4: sepolicy-icons.tgz # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ -# HEAD https://github.com/fedora-selinux/selinux/commit/8d62f8e52428267d48bc9058fcdb203e155c9621 +# HEAD https://github.com/fedora-selinux/selinux/commit/5f7664af80fa232f5c470a9c9bca13d40c950c32 Patch: policycoreutils-rhat.patch Patch1: sepolgen-rhat.patch Obsoletes: policycoreutils < 2.0.61-2 diff --git a/sepolgen-rhat.patch b/sepolgen-rhat.patch index 9eb6e28..1e236c4 100644 --- a/sepolgen-rhat.patch +++ b/sepolgen-rhat.patch @@ -1,3 +1,14 @@ +diff --git a/sepolgen-1.2.2/ChangeLog b/sepolgen-1.2.2/ChangeLog +index a304ab7..bec96bb 100644 +--- a/sepolgen-1.2.2/ChangeLog ++++ b/sepolgen-1.2.2/ChangeLog +@@ -1,3 +1,6 @@ ++ * Add support for python3, from Robert Kuska. ++ * Add device tree ocontext nodes to Xen policy, from Daniel De Graaf. ++ + 1.2.2 2015-02-02 + * Fix bugs found by hardened gcc flags, from Nicolas Iooss. + * Remove unnecessary grammar in interface call param list to fix poor diff --git a/sepolgen-1.2.2/src/sepolgen/access.py b/sepolgen-1.2.2/src/sepolgen/access.py index cf13210..60ff4e9 100644 --- a/sepolgen-1.2.2/src/sepolgen/access.py