rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update from bachradsusi/selinux branch 2.4

Browse Source 
policycoreutils-2.4-0.6
- policycoreutils: semanage: update to new source policy infrastructure
- semanage: move permissive module creation to /tmp
This commit is contained in:
Petr Lautrbach 2015-07-03 10:23:25 +02:00
parent 4f439d2638
commit 087b495201
2 changed files with 66 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
policycoreutils-rhat.patch
View File

@ -655003,10 +655003,10 @@ index 0fad36c..75b782f 100644
user identities to authorized role sets. In most cases, only the
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
new file mode 100644
index 0000000..05d931c
index 0000000..e3ac4c1
--- /dev/null
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py
@@ -0,0 +1,2250 @@
@@ -0,0 +1,2251 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2005-2013 Red Hat
+# see file 'COPYING' for use and warranty information
@ -655030,7 +655030,7 @@ index 0000000..05d931c
+#
+#
+
+import pwd, grp, string, selinux, os, re, sys, stat
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil
+from semanage import *;
+PROGNAME = "policycoreutils"
+import sepolicy
@ -655295,20 +655295,41 @@ index 0000000..05d931c
+
+ def get_all(self):
+ l = []
+ (rc, mlist, number) = semanage_module_list(self.sh)
+ (rc, mlist, number) = semanage_module_list_all(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list SELinux modules"))
+
+ for i in range(number):
+ mod = semanage_module_list_nth(mlist, i)
+ l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod)))
+
+ rc, name = semanage_module_info_get_name(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module name"))
+
+ rc, enabled = semanage_module_info_get_enabled(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module enabled"))
+
+ rc, priority = semanage_module_info_get_priority(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module priority"))
+
+ rc, lang_ext = semanage_module_info_get_lang_ext(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module lang_ext"))
+
+ l.append((name, enabled, priority, lang_ext))
+
+ # sort the list so they are in name order, but with higher priorities coming first
+ l.sort(key = lambda t: t[3], reverse=True)
+ l.sort(key = lambda t: t[0])
+ return l
+
+ def customized(self):
+ ALL = self.get_all()
+ if len(ALL) == 0:
+ return
+ return ["-d %s" % x[0] for x in [t for t in ALL if t[2] == 0]]
+ return ["-d %s" % x[0] for x in [t for t in ALL if t[1] == 0]]
+
+ def list(self, heading = True, locallist = False):
+ ALL = self.get_all()
@ -655316,50 +655337,47 @@ index 0000000..05d931c
+ return
+
+ if heading:
+ print("\n%-25s%-10s\n" % (_("Modules Name"), _("Version")))
+ print("\n%-25s %-9s %s\n" % (_("Module Name"), _("Priority"), _("Language")))
+ for t in ALL:
+ if t[2] == 0:
+ if t[1] == 0:
+ disabled = _("Disabled")
+ else:
+ if locallist:
+ continue
+ disabled = ""
+ print("%-25s%-10s%s" % (t[0], t[1], disabled))
+ print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
+
+ def add(self, module):
+ def add(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
+ if not os.path.exists(module):
+ raise ValueError(_("Module does not exists %s ") % module)
+
+ rc = semanage_set_default_priority(self.sh, priority)
+ if rc < 0:
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
+
+ rc = semanage_module_install_file(self.sh, module);
+ if rc >= 0:
+ self.commit()
+
+ def disable(self, module):
+ need_commit = False
+ if not module:
+ raise ValueError(_("You did not define module name."))
+ def set_enabled(self, module, enable):
+ for m in module.split():
+ rc = semanage_module_disable(self.sh, m)
+ if rc < 0 and rc != -3:
+ raise ValueError(_("Could not disable module %s (remove failed)") % m)
+ if rc != -3:
+ need_commit = True
+ if need_commit:
+ self.commit()
+ rc, key = semanage_module_key_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create module key"))
+
+ def enable(self, module):
+ need_commit = False
+ if not module:
+ raise ValueError(_("You did not define module name."))
+ for m in module.split():
+ rc = semanage_module_enable(self.sh, m)
+ if rc < 0 and rc != -3:
+ raise ValueError(_("Could not enable module %s (remove failed)") % m)
+ if rc != -3:
+ need_commit = True
+ if need_commit:
+ self.commit()
+ rc = semanage_module_key_set_name(self.sh, key, m)
+ if rc < 0:
+ raise ValueError(_("Could not set module key name"))
+
+ rc = semanage_module_set_enabled(self.sh, key, enable)
+ if rc < 0:
+ if enable:
+ raise ValueError(_("Could not enable module %s") % m)
+ else:
+ raise ValueError(_("Could not disable module %s") % m)
+ self.commit()
+
+ def modify(self, file):
+ if not module:
@ -655368,9 +655386,13 @@ index 0000000..05d931c
+ if rc >= 0:
+ self.commit()
+
+ def delete(self, module):
+ def delete(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
+ rc = semanage_set_default_priority(self.sh, priority)
+ if rc < 0:
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
+
+ for m in module.split():
+ rc = semanage_module_remove(self.sh, m)
+ if rc < 0 and rc != -2:
@ -655379,7 +655401,7 @@ index 0000000..05d931c
+ self.commit()
+
+ def deleteall(self):
+ l = [x[0] for x in [t for t in self.get_all() if t[2] == 0]]
+ l = [x[0] for x in [t for t in self.get_all() if t[1] == 0]]
+ for m in l:
+ self.enable(m)
+
@ -655443,33 +655465,12 @@ index 0000000..05d931c
+ raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
+
+ name = "permissive_%s" % setype
+ dirname = "/var/lib/selinux"
+ os.chdir(dirname)
+ filename = "%s.te" % name
+ modtxt = """
+module %s 1.0;
+ modtxt = "(typepermissive %s)" % type
+
+require {
+ type %s;
+}
+
+permissive %s;
+""" % (name, setype, setype)
+ fd = open(filename, 'w')
+ fd.write(modtxt)
+ fd.close()
+ mc = module.ModuleCompiler()
+ mc.create_module_package(filename, False)
+ fd = open("%s.pp" % name)
+ data = fd.read()
+ fd.close()
+
+ rc = semanage_module_install(self.sh, data, len(data));
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil");
+ if rc >= 0:
+ self.commit()
+
+ for i in glob.glob("permissive_%s.*" % setype):
+ os.remove(i)
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
+

10
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.4
Release: 0%{?dist}.5
Release: 0%{?dist}.6
License: GPLv2
Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases
@ -17,8 +17,8 @@ URL: http://www.selinuxproject.org
Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
# https://github.com/fedora-selinux/selinux/commit/18f0a0563ab5a00d260f325e7a53ee838ae22c99
# use make-rhat-patches.sh to create following patches
# HEAD https://github.com/bachradsusi/selinux/commit/0eb3ecad178187fda63f5ecb0f8f661f87a9647f
Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch
Obsoletes: policycoreutils < 2.0.61-2
@ -386,6 +386,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Fri Jul 03 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.6
- policycoreutils: semanage: update to new source policy infrastructure
- semanage: move permissive module creation to /tmp
* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4
- Update to upstream 2.4