policycoreutils-2.8-10

- semanage: "semanage user" does not use -s, fix documentation
- semanage: add a missing space in ibendport help
- sepolicy: Update to work with setools-4.2.0
This commit is contained in:
Petr Lautrbach 2018-10-02 09:39:49 +02:00
parent 6456a752da
commit 06ebc75d30
2 changed files with 99 additions and 6 deletions

View File

@ -12,7 +12,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.8 Version: 2.8
Release: 9%{?dist} Release: 10%{?dist}
License: GPLv2 License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
@ -531,6 +531,11 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
- semanage: "semanage user" does not use -s, fix documentation
- semanage: add a missing space in ibendport help
- sepolicy: Update to work with setools-4.2.0
* Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9 * Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
- semanage: Stop rejecting aliases in semanage commands - semanage: Stop rejecting aliases in semanage commands
- sepolicy: Stop rejecting aliases in sepolicy commands - sepolicy: Stop rejecting aliases in sepolicy commands

View File

@ -193,7 +193,7 @@ index 0000000..128eb87
+../sepolicy/sepolicy/interface.py +../sepolicy/sepolicy/interface.py
+../sepolicy/sepolicy.py +../sepolicy/sepolicy.py
diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
index 8d8a086..8fd9395 100644 index 8d8a086..4ced085 100644
--- selinux-python-2.8/semanage/semanage --- selinux-python-2.8/semanage/semanage
+++ selinux-python-2.8/semanage/semanage +++ selinux-python-2.8/semanage/semanage
@@ -27,7 +27,7 @@ import traceback @@ -27,7 +27,7 @@ import traceback
@ -205,6 +205,46 @@ index 8d8a086..8fd9395 100644
try: try:
import gettext import gettext
kwargs = {} kwargs = {}
@@ -53,7 +53,7 @@ usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
-usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name'')'), ' --delete': ('selinux_name',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', 'SEUSER', ')'), ' --delete': ('SEUSER',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'SEUSER', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
usage_port = "semanage port [-h] [-n] [-N] [-S STORE] ["
usage_port_dict = {' --add': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --modify': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --delete': ('-p PROTOCOL', '(', 'port_name', '|', 'port_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
@@ -62,7 +62,7 @@ usage_ibpkey = "semanage ibpkey [-h] [-n] [-N] [-s STORE] ["
usage_ibpkey_dict = {' --add': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --modify': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --delete': ('-x SUBNET_PREFIX', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
usage_ibendport = "semanage ibendport [-h] [-n] [-N] [-s STORE] ["
-usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE''(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
usage_node = "semanage node [-h] [-n] [-N] [-S STORE] ["
usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
@@ -421,7 +421,7 @@ def setupUserParser(subparsers):
userParser.add_argument('-R', '--roles', default=[],
action=CheckRole,
help=_('''
-SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
+SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
'''))
userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8
index 30bc670..23fec69 100644
--- selinux-python-2.8/semanage/semanage-user.8
+++ selinux-python-2.8/semanage/semanage-user.8
@@ -2,7 +2,7 @@
.SH "NAME"
.B semanage\-user \- SELinux Policy Management SELinux User mapping tool
.SH "SYNOPSIS"
-.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ]
+.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE SEUSER) | \-\-delete SEUSER | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE SEUSER ) ]
.SH "DESCRIPTION"
semanage is used to configure certain elements of
diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8 diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8
index 0bdb90f..0cdcfcc 100644 index 0bdb90f..0cdcfcc 100644
--- selinux-python-2.8/semanage/semanage.8 --- selinux-python-2.8/semanage/semanage.8
@ -1500,7 +1540,7 @@ index 141f64e..6287502 100755
newval.append(v) newval.append(v)
setattr(namespace, self.dest, values) setattr(namespace, self.dest, values)
diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
index 89346ab..2e77286 100644 index 89346ab..e338af1 100644
--- selinux-python-2.8/sepolicy/sepolicy/__init__.py --- selinux-python-2.8/sepolicy/sepolicy/__init__.py
+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py +++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
@@ -15,7 +15,7 @@ import os @@ -15,7 +15,7 @@ import os
@ -1537,7 +1577,55 @@ index 89346ab..2e77286 100644
elif setype == ROLE: elif setype == ROLE:
q = setools.RoleQuery(_pol) q = setools.RoleQuery(_pol)
@@ -437,6 +443,15 @@ def get_file_types(setype): @@ -272,34 +278,38 @@ def _setools_rule_to_dict(rule):
'class': str(rule.tclass),
}
+ # Evaluate boolean expression associated with given rule (if there is any)
try:
- enabled = bool(rule.qpol_symbol.is_enabled(rule.policy))
+ # Get state of all booleans in the conditional expression
+ boolstate = {}
+ for boolean in rule.conditional.booleans:
+ boolstate[str(boolean)] = boolean.state
+ # evaluate if the rule is enabled
+ enabled = rule.conditional.evaluate(**boolstate) == rule.conditional_block
except AttributeError:
+ # non-conditional rules are always enabled
enabled = True
- if isinstance(rule, setools.policyrep.terule.AVRule):
- d['enabled'] = enabled
+ d['enabled'] = enabled
try:
d['permlist'] = list(map(str, rule.perms))
- except setools.policyrep.exception.RuleUseError:
+ except AttributeError:
pass
try:
d['transtype'] = str(rule.default)
- except setools.policyrep.exception.RuleUseError:
+ except AttributeError:
pass
try:
d['boolean'] = [(str(rule.conditional), enabled)]
- except (AttributeError, setools.policyrep.exception.RuleNotConditional):
+ except AttributeError:
pass
try:
d['filename'] = rule.filename
- except (AttributeError,
- setools.policyrep.exception.RuleNotConditional,
- setools.policyrep.exception.TERuleNoFilename):
+ except AttributeError:
pass
return d
@@ -437,6 +447,15 @@ def get_file_types(setype):
return mpaths return mpaths
@ -1553,7 +1641,7 @@ index 89346ab..2e77286 100644
def get_writable_files(setype): def get_writable_files(setype):
file_types = get_all_file_types() file_types = get_all_file_types()
all_writes = [] all_writes = []
@@ -1051,7 +1066,7 @@ def gen_short_name(setype): @@ -1051,7 +1070,7 @@ def gen_short_name(setype):
domainname = setype[:-2] domainname = setype[:-2]
else: else:
domainname = setype domainname = setype
@ -1562,7 +1650,7 @@ index 89346ab..2e77286 100644
raise ValueError("domain %s_t does not exist" % domainname) raise ValueError("domain %s_t does not exist" % domainname)
if domainname[-1] == 'd': if domainname[-1] == 'd':
short_name = domainname[:-1] + "_" short_name = domainname[:-1] + "_"
@@ -1160,27 +1175,14 @@ def boolean_desc(boolean): @@ -1160,27 +1179,14 @@ def boolean_desc(boolean):
def get_os_version(): def get_os_version():