policycoreutils-2.8-10
- semanage: "semanage user" does not use -s, fix documentation - semanage: add a missing space in ibendport help - sepolicy: Update to work with setools-4.2.0
This commit is contained in:
parent
6456a752da
commit
06ebc75d30
@ -12,7 +12,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.8
|
Version: 2.8
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
|
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
|
||||||
@ -531,6 +531,11 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
|
||||||
|
- semanage: "semanage user" does not use -s, fix documentation
|
||||||
|
- semanage: add a missing space in ibendport help
|
||||||
|
- sepolicy: Update to work with setools-4.2.0
|
||||||
|
|
||||||
* Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
|
* Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
|
||||||
- semanage: Stop rejecting aliases in semanage commands
|
- semanage: Stop rejecting aliases in semanage commands
|
||||||
- sepolicy: Stop rejecting aliases in sepolicy commands
|
- sepolicy: Stop rejecting aliases in sepolicy commands
|
||||||
|
@ -193,7 +193,7 @@ index 0000000..128eb87
|
|||||||
+../sepolicy/sepolicy/interface.py
|
+../sepolicy/sepolicy/interface.py
|
||||||
+../sepolicy/sepolicy.py
|
+../sepolicy/sepolicy.py
|
||||||
diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
|
diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
|
||||||
index 8d8a086..8fd9395 100644
|
index 8d8a086..4ced085 100644
|
||||||
--- selinux-python-2.8/semanage/semanage
|
--- selinux-python-2.8/semanage/semanage
|
||||||
+++ selinux-python-2.8/semanage/semanage
|
+++ selinux-python-2.8/semanage/semanage
|
||||||
@@ -27,7 +27,7 @@ import traceback
|
@@ -27,7 +27,7 @@ import traceback
|
||||||
@ -205,6 +205,46 @@ index 8d8a086..8fd9395 100644
|
|||||||
try:
|
try:
|
||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
|
@@ -53,7 +53,7 @@ usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
|
||||||
|
usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
|
||||||
|
usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
|
||||||
|
-usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name'')'), ' --delete': ('selinux_name',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
+usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', 'SEUSER', ')'), ' --delete': ('SEUSER',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'SEUSER', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
|
||||||
|
usage_port = "semanage port [-h] [-n] [-N] [-S STORE] ["
|
||||||
|
usage_port_dict = {' --add': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --modify': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --delete': ('-p PROTOCOL', '(', 'port_name', '|', 'port_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
@@ -62,7 +62,7 @@ usage_ibpkey = "semanage ibpkey [-h] [-n] [-N] [-s STORE] ["
|
||||||
|
usage_ibpkey_dict = {' --add': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --modify': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --delete': ('-x SUBNET_PREFIX', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
|
||||||
|
usage_ibendport = "semanage ibendport [-h] [-n] [-N] [-s STORE] ["
|
||||||
|
-usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE''(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
+usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
|
||||||
|
usage_node = "semanage node [-h] [-n] [-N] [-S STORE] ["
|
||||||
|
usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
@@ -421,7 +421,7 @@ def setupUserParser(subparsers):
|
||||||
|
userParser.add_argument('-R', '--roles', default=[],
|
||||||
|
action=CheckRole,
|
||||||
|
help=_('''
|
||||||
|
-SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
|
||||||
|
+SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
|
||||||
|
'''))
|
||||||
|
userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
|
||||||
|
userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
|
||||||
|
diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8
|
||||||
|
index 30bc670..23fec69 100644
|
||||||
|
--- selinux-python-2.8/semanage/semanage-user.8
|
||||||
|
+++ selinux-python-2.8/semanage/semanage-user.8
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
.SH "NAME"
|
||||||
|
.B semanage\-user \- SELinux Policy Management SELinux User mapping tool
|
||||||
|
.SH "SYNOPSIS"
|
||||||
|
-.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ]
|
||||||
|
+.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE SEUSER) | \-\-delete SEUSER | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE SEUSER ) ]
|
||||||
|
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
semanage is used to configure certain elements of
|
||||||
diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8
|
diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8
|
||||||
index 0bdb90f..0cdcfcc 100644
|
index 0bdb90f..0cdcfcc 100644
|
||||||
--- selinux-python-2.8/semanage/semanage.8
|
--- selinux-python-2.8/semanage/semanage.8
|
||||||
@ -1500,7 +1540,7 @@ index 141f64e..6287502 100755
|
|||||||
newval.append(v)
|
newval.append(v)
|
||||||
setattr(namespace, self.dest, values)
|
setattr(namespace, self.dest, values)
|
||||||
diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
||||||
index 89346ab..2e77286 100644
|
index 89346ab..e338af1 100644
|
||||||
--- selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
--- selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
||||||
+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
||||||
@@ -15,7 +15,7 @@ import os
|
@@ -15,7 +15,7 @@ import os
|
||||||
@ -1537,7 +1577,55 @@ index 89346ab..2e77286 100644
|
|||||||
|
|
||||||
elif setype == ROLE:
|
elif setype == ROLE:
|
||||||
q = setools.RoleQuery(_pol)
|
q = setools.RoleQuery(_pol)
|
||||||
@@ -437,6 +443,15 @@ def get_file_types(setype):
|
@@ -272,34 +278,38 @@ def _setools_rule_to_dict(rule):
|
||||||
|
'class': str(rule.tclass),
|
||||||
|
}
|
||||||
|
|
||||||
|
+ # Evaluate boolean expression associated with given rule (if there is any)
|
||||||
|
try:
|
||||||
|
- enabled = bool(rule.qpol_symbol.is_enabled(rule.policy))
|
||||||
|
+ # Get state of all booleans in the conditional expression
|
||||||
|
+ boolstate = {}
|
||||||
|
+ for boolean in rule.conditional.booleans:
|
||||||
|
+ boolstate[str(boolean)] = boolean.state
|
||||||
|
+ # evaluate if the rule is enabled
|
||||||
|
+ enabled = rule.conditional.evaluate(**boolstate) == rule.conditional_block
|
||||||
|
except AttributeError:
|
||||||
|
+ # non-conditional rules are always enabled
|
||||||
|
enabled = True
|
||||||
|
|
||||||
|
- if isinstance(rule, setools.policyrep.terule.AVRule):
|
||||||
|
- d['enabled'] = enabled
|
||||||
|
+ d['enabled'] = enabled
|
||||||
|
|
||||||
|
try:
|
||||||
|
d['permlist'] = list(map(str, rule.perms))
|
||||||
|
- except setools.policyrep.exception.RuleUseError:
|
||||||
|
+ except AttributeError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
d['transtype'] = str(rule.default)
|
||||||
|
- except setools.policyrep.exception.RuleUseError:
|
||||||
|
+ except AttributeError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
d['boolean'] = [(str(rule.conditional), enabled)]
|
||||||
|
- except (AttributeError, setools.policyrep.exception.RuleNotConditional):
|
||||||
|
+ except AttributeError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
d['filename'] = rule.filename
|
||||||
|
- except (AttributeError,
|
||||||
|
- setools.policyrep.exception.RuleNotConditional,
|
||||||
|
- setools.policyrep.exception.TERuleNoFilename):
|
||||||
|
+ except AttributeError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return d
|
||||||
|
@@ -437,6 +447,15 @@ def get_file_types(setype):
|
||||||
return mpaths
|
return mpaths
|
||||||
|
|
||||||
|
|
||||||
@ -1553,7 +1641,7 @@ index 89346ab..2e77286 100644
|
|||||||
def get_writable_files(setype):
|
def get_writable_files(setype):
|
||||||
file_types = get_all_file_types()
|
file_types = get_all_file_types()
|
||||||
all_writes = []
|
all_writes = []
|
||||||
@@ -1051,7 +1066,7 @@ def gen_short_name(setype):
|
@@ -1051,7 +1070,7 @@ def gen_short_name(setype):
|
||||||
domainname = setype[:-2]
|
domainname = setype[:-2]
|
||||||
else:
|
else:
|
||||||
domainname = setype
|
domainname = setype
|
||||||
@ -1562,7 +1650,7 @@ index 89346ab..2e77286 100644
|
|||||||
raise ValueError("domain %s_t does not exist" % domainname)
|
raise ValueError("domain %s_t does not exist" % domainname)
|
||||||
if domainname[-1] == 'd':
|
if domainname[-1] == 'd':
|
||||||
short_name = domainname[:-1] + "_"
|
short_name = domainname[:-1] + "_"
|
||||||
@@ -1160,27 +1175,14 @@ def boolean_desc(boolean):
|
@@ -1160,27 +1179,14 @@ def boolean_desc(boolean):
|
||||||
|
|
||||||
|
|
||||||
def get_os_version():
|
def get_os_version():
|
||||||
|
Loading…
Reference in New Issue
Block a user