rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update from bachradsusi/selinux branch 2.4

Browse Source 
policycoreutils-2.4-0.6
- policycoreutils: semanage: update to new source policy infrastructure
- semanage: move permissive module creation to /tmp
This commit is contained in:
Petr Lautrbach 2015-07-03 10:23:25 +02:00
parent 4f439d2638
commit 087b495201
2 changed files with 66 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
policycoreutils-rhat.patch
View File

@ -655003,10 +655003,10 @@ index 0fad36c..75b782f 100644
user identities to authorized role sets. In most cases, only the user identities to authorized role sets. In most cases, only the
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
new file mode 100644 new file mode 100644
index 0000000..05d931c index 0000000..e3ac4c1
--- /dev/null --- /dev/null
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py +++ b/policycoreutils-2.4/semanage/seobject/__init__.py
@@ -0,0 +1,2250 @@ @@ -0,0 +1,2251 @@
+#! /usr/bin/python -Es +#! /usr/bin/python -Es
+# Copyright (C) 2005-2013 Red Hat +# Copyright (C) 2005-2013 Red Hat
+# see file 'COPYING' for use and warranty information +# see file 'COPYING' for use and warranty information
@ -655030,7 +655030,7 @@ index 0000000..05d931c
+# +#
+# +#
+ +
+import pwd, grp, string, selinux, os, re, sys, stat +import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil
+from semanage import *; +from semanage import *;
+PROGNAME = "policycoreutils" +PROGNAME = "policycoreutils"
+import sepolicy +import sepolicy
@ -655295,20 +655295,41 @@ index 0000000..05d931c
+ +
+ def get_all(self): + def get_all(self):
+ l = [] + l = []
+ (rc, mlist, number) = semanage_module_list(self.sh) + (rc, mlist, number) = semanage_module_list_all(self.sh)
+ if rc < 0: + if rc < 0:
+ raise ValueError(_("Could not list SELinux modules")) + raise ValueError(_("Could not list SELinux modules"))
+ +
+ for i in range(number): + for i in range(number):
+ mod = semanage_module_list_nth(mlist, i) + mod = semanage_module_list_nth(mlist, i)
+ l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod))) +
+ rc, name = semanage_module_info_get_name(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module name"))
+
+ rc, enabled = semanage_module_info_get_enabled(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module enabled"))
+
+ rc, priority = semanage_module_info_get_priority(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module priority"))
+
+ rc, lang_ext = semanage_module_info_get_lang_ext(self.sh, mod)
+ if rc < 0:
+ raise ValueError(_("Could not get module lang_ext"))
+
+ l.append((name, enabled, priority, lang_ext))
+
+ # sort the list so they are in name order, but with higher priorities coming first
+ l.sort(key = lambda t: t[3], reverse=True)
+ l.sort(key = lambda t: t[0])
+ return l + return l
+ +
+ def customized(self): + def customized(self):
+ ALL = self.get_all() + ALL = self.get_all()
+ if len(ALL) == 0: + if len(ALL) == 0:
+ return + return
+ return ["-d %s" % x[0] for x in [t for t in ALL if t[2] == 0]] + return ["-d %s" % x[0] for x in [t for t in ALL if t[1] == 0]]
+ +
+ def list(self, heading = True, locallist = False): + def list(self, heading = True, locallist = False):
+ ALL = self.get_all() + ALL = self.get_all()
@ -655316,50 +655337,47 @@ index 0000000..05d931c
+ return + return
+ +
+ if heading: + if heading:
+ print("\n%-25s%-10s\n" % (_("Modules Name"), _("Version"))) + print("\n%-25s %-9s %s\n" % (_("Module Name"), _("Priority"), _("Language")))
+ for t in ALL: + for t in ALL:
+ if t[2] == 0: + if t[1] == 0:
+ disabled = _("Disabled") + disabled = _("Disabled")
+ else: + else:
+ if locallist: + if locallist:
+ continue + continue
+ disabled = "" + disabled = ""
+ print("%-25s%-10s%s" % (t[0], t[1], disabled)) + print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
+ +
+ def add(self, module): + def add(self, module, priority):
+ if not module: + if not module:
+ raise ValueError(_("You did not define module name.")) + raise ValueError(_("You did not define module name."))
+ if not os.path.exists(module): + if not os.path.exists(module):
+ raise ValueError(_("Module does not exists %s ") % module) + raise ValueError(_("Module does not exists %s ") % module)
+
+ rc = semanage_set_default_priority(self.sh, priority)
+ if rc < 0:
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
+
+ rc = semanage_module_install_file(self.sh, module); + rc = semanage_module_install_file(self.sh, module);
+ if rc >= 0: + if rc >= 0:
+ self.commit() + self.commit()
+ +
+ def disable(self, module): + def set_enabled(self, module, enable):
+ need_commit = False
+ if not module:
+ raise ValueError(_("You did not define module name."))
+ for m in module.split(): + for m in module.split():
+ rc = semanage_module_disable(self.sh, m) + rc, key = semanage_module_key_create(self.sh)
+ if rc < 0 and rc != -3: + if rc < 0:
+ raise ValueError(_("Could not disable module %s (remove failed)") % m) + raise ValueError(_("Could not create module key"))
+ if rc != -3:
+ need_commit = True
+ if need_commit:
+ self.commit()
+ +
+ def enable(self, module): + rc = semanage_module_key_set_name(self.sh, key, m)
+ need_commit = False + if rc < 0:
+ if not module: + raise ValueError(_("Could not set module key name"))
+ raise ValueError(_("You did not define module name.")) +
+ for m in module.split(): + rc = semanage_module_set_enabled(self.sh, key, enable)
+ rc = semanage_module_enable(self.sh, m) + if rc < 0:
+ if rc < 0 and rc != -3: + if enable:
+ raise ValueError(_("Could not enable module %s (remove failed)") % m) + raise ValueError(_("Could not enable module %s") % m)
+ if rc != -3: + else:
+ need_commit = True + raise ValueError(_("Could not disable module %s") % m)
+ if need_commit: + self.commit()
+ self.commit()
+ +
+ def modify(self, file): + def modify(self, file):
+ if not module: + if not module:
@ -655368,9 +655386,13 @@ index 0000000..05d931c
+ if rc >= 0: + if rc >= 0:
+ self.commit() + self.commit()
+ +
+ def delete(self, module): + def delete(self, module, priority):
+ if not module: + if not module:
+ raise ValueError(_("You did not define module name.")) + raise ValueError(_("You did not define module name."))
+ rc = semanage_set_default_priority(self.sh, priority)
+ if rc < 0:
+ raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
+
+ for m in module.split(): + for m in module.split():
+ rc = semanage_module_remove(self.sh, m) + rc = semanage_module_remove(self.sh, m)
+ if rc < 0 and rc != -2: + if rc < 0 and rc != -2:
@ -655379,7 +655401,7 @@ index 0000000..05d931c
+ self.commit() + self.commit()
+ +
+ def deleteall(self): + def deleteall(self):
+ l = [x[0] for x in [t for t in self.get_all() if t[2] == 0]] + l = [x[0] for x in [t for t in self.get_all() if t[1] == 0]]
+ for m in l: + for m in l:
+ self.enable(m) + self.enable(m)
+ +
@ -655443,33 +655465,12 @@ index 0000000..05d931c
+ raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro.")) + raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
+ +
+ name = "permissive_%s" % setype + name = "permissive_%s" % setype
+ dirname = "/var/lib/selinux" + modtxt = "(typepermissive %s)" % type
+ os.chdir(dirname)
+ filename = "%s.te" % name
+ modtxt = """
+module %s 1.0;
+ +
+require { + rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil");
+ type %s;
+}
+
+permissive %s;
+""" % (name, setype, setype)
+ fd = open(filename, 'w')
+ fd.write(modtxt)
+ fd.close()
+ mc = module.ModuleCompiler()
+ mc.create_module_package(filename, False)
+ fd = open("%s.pp" % name)
+ data = fd.read()
+ fd.close()
+
+ rc = semanage_module_install(self.sh, data, len(data));
+ if rc >= 0: + if rc >= 0:
+ self.commit() + self.commit()
+ +
+ for i in glob.glob("permissive_%s.*" % setype):
+ os.remove(i)
+ if rc < 0: + if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name) + raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
+ +

10
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.4 Version: 2.4
Release: 0%{?dist}.5 Release: 0%{?dist}.6
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -17,8 +17,8 @@ URL: http://www.selinuxproject.org
Source2: policycoreutils_man_ru2.tar.bz2 Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ # use make-rhat-patches.sh to create following patches
# https://github.com/fedora-selinux/selinux/commit/18f0a0563ab5a00d260f325e7a53ee838ae22c99 # HEAD https://github.com/bachradsusi/selinux/commit/0eb3ecad178187fda63f5ecb0f8f661f87a9647f
Patch: policycoreutils-rhat.patch Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch Patch1: sepolgen-rhat.patch
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
@ -386,6 +386,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Fri Jul 03 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.6
- policycoreutils: semanage: update to new source policy infrastructure
- semanage: move permissive module creation to /tmp
* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4 * Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4
- Update to upstream 2.4 - Update to upstream 2.4