rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

policycoreutils-2.7-1

Browse Source 
- Update to upstream release 2017-08-04
- Move DBUS API from -gui to -dbus package
This commit is contained in:
Petr Lautrbach 2017-08-07 17:13:28 +02:00
parent 19abd3c9a6
commit 0ea988e102
9 changed files with 525 additions and 2956 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -241,3 +241,10 @@ policycoreutils-2.0.83.tgz
/sepolgen-1.2.3.tar.gz
/policycoreutils-2.6.tar.gz
/sepolgen-2.6.tar.gz
/policycoreutils-2.7.tar.gz
/selinux-python-2.7.tar.gz
/selinux-gui-2.7.tar.gz
/selinux-sandbox-2.7.tar.gz
/selinux-dbus-2.7.tar.gz
/semodule-utils-2.7.tar.gz
/restorecond-2.7.tar.gz

2915
policycoreutils-fedora.patch
View File

File diff suppressed because it is too large Load Diff

149
policycoreutils.spec
View File

@ -1,36 +1,46 @@
%global libauditver 2.1.3-4
%global libsepolver 2.6-0
%global libsemanagever 2.6-0
%global libselinuxver 2.6-5
%global sepolgenver 2.6
%global libsepolver 2.7-1
%global libsemanagever 2.7-1
%global libselinuxver 2.7-1
%global sepolgenver 2.7
%global generatorsdir %{_prefix}/lib/systemd/system-generators
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.6
Release: 9%{?dist}
Version: 2.7
Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/policycoreutils-2.6.tar.gz
Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-2.6.tar.gz
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/policycoreutils-2.7.tar.gz
Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-python-2.7.tar.gz
Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-gui-2.7.tar.gz
Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-sandbox-2.7.tar.gz
Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-dbus-2.7.tar.gz
Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/semodule-utils-2.7.tar.gz
Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/restorecond-2.7.tar.gz
URL: http://www.selinuxproject.org
Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz
Source5: selinux-autorelabel
Source6: selinux-autorelabel.service
Source7: selinux-autorelabel-mark.service
Source8: selinux-autorelabel.target
Source9: selinux-autorelabel-generator.sh
Source12: policycoreutils_man_ru2.tar.bz2
Source13: system-config-selinux.png
Source14: sepolicy-icons.tgz
Source15: selinux-autorelabel
Source16: selinux-autorelabel.service
Source17: selinux-autorelabel-mark.service
Source18: selinux-autorelabel.target
Source19: selinux-autorelabel-generator.sh
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.6 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/601a1d1363fe4137ff3a2991c546f7a0ccfec4cb
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9
Patch: policycoreutils-fedora.patch
# $ VERSION=2.6 ./make-fedora-selinux-patch.sh sepolgen
# Patch1: sepolgen-fedora.patch
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh selinux-python
Patch1: selinux-python-fedora.patch
Patch2: selinux-gui-fedora.patch
Patch3: selinux-sandbox-fedora.patch
Patch4: selinux-dbus-fedora.patch
# Patch5: semodule-utils-fedora.patch
# Patch6: restorecond
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
@ -64,20 +74,34 @@ to switch roles.
%prep
# create selinux/ directory and extract %{SOURCE0} there
%setup -q -c -n selinux
%patch -p0 -b .policycoreutils-fedora
pushd policycoreutils-%{version}
popd
cp %{SOURCE3} policycoreutils-%{version}/gui/
tar -xvf %{SOURCE4} -C policycoreutils-%{version}/
# extract {%SOURCE1} in selinux/ directory
%setup -T -D -a 1 -n selinux
# %patch1 -p0 -b .sepolgen-fedora
%setup -T -D -a 2 -n selinux
%setup -T -D -a 3 -n selinux
%setup -T -D -a 4 -n selinux
%setup -T -D -a 5 -n selinux
%setup -T -D -a 6 -n selinux
%patch -p0 -b .policycoreutils-fedora
cp %{SOURCE13} selinux-gui-%{version}/
tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
# extract {%SOURCE1} in selinux/ directory
# %setup -T -D -a 1 -n selinux
%patch1 -p0 -b .selinux-python
%patch2 -p0 -b .selinux-gui
%patch3 -p0 -b .selinux-sandbox
%patch4 -p0 -b .selinux-dbus
# %patch5 -p0 -b .semodule-utils
# %patch6 -p0 -b .restorecond
%build
make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
make -C sepolgen-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-python-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
%install
mkdir -p %{buildroot}%{_bindir}
@ -87,16 +111,27 @@ mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
make -C policycoreutils-%{version} PYTHON=%{__python3} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
# make -C policycoreutils-%{version} PYTHON=%{__python3} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
make -C sepolgen-%{version} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
tar -jxf %{SOURCE2} -C %{buildroot}/
tar -jxf %{SOURCE12} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
@ -126,11 +161,11 @@ rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.deskto
# https://bugzilla.redhat.com/show_bug.cgi?id=1328825
mkdir -m 755 -p %{buildroot}/%{_unitdir}/basic.target.wants/
mkdir -m 755 -p %{buildroot}/%{generatorsdir}
install -m 644 -p %{SOURCE6} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE7} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE8} %{buildroot}/%{_unitdir}/
install -m 755 -p %{SOURCE9} %{buildroot}/%{generatorsdir}/
install -m 755 -p %{SOURCE5} %{buildroot}/%{_libexecdir}/selinux/
install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
ln -s ../selinux-autorelabel-mark.service %{buildroot}/%{_unitdir}/basic.target.wants/
# change /usr/bin/python3 to /usr/bin/python in policycoreutils-python
@ -150,6 +185,7 @@ sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' \
%{buildroot}%{_bindir}/audit2why \
%{buildroot}%{_bindir}/sepolicy \
%{buildroot}%{_bindir}/sepolgen{,-ifgen} \
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
%nil
%find_lang %{name}
@ -184,6 +220,22 @@ an SELinux environment.
%{_datadir}/bash-completion/completions/semanage
%{_datadir}/bash-completion/completions/setsebool
%package dbus
Summary: SELinux policy core DBUS api
Requires: policycoreutils-python3 = %{version}-%{release}
Requires: python3-slip-dbus
%description dbus
The policycoreutils-dbus package contains the management DBUS API use to manage
an SELinux environment.
%files dbus
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{_datadir}/dbus-1/system-services/org.selinux.service
%{_datadir}/polkit-1/actions/org.selinux.policy
%{_datadir}/polkit-1/actions/org.selinux.config.policy
%{_datadir}/system-config-selinux/selinux_server.py*
%package python3
Summary: SELinux policy core python3 interfaces
Group: System Environment/Base
@ -326,7 +378,8 @@ Group: System Environment/Base
Requires: policycoreutils-devel = %{version}-%{release}, policycoreutils-python = %{version}-%{release}
Requires: gnome-python2 gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
Requires: usermode-gtk
Requires: python >= 2.6, python-slip-dbus
Requires: python >= 2.6
Requires: policycoreutils-dbus = %{version}-%{release}
BuildRequires: desktop-file-utils
%description gui
@ -342,7 +395,10 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/pixmaps/system-config-selinux.png
%dir %{_datadir}/system-config-selinux
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*.py*
%{_datadir}/system-config-selinux/*Page.py*
%{_datadir}/system-config-selinux/html_util.py*
%{_datadir}/system-config-selinux/polgengui.py*
%{_datadir}/system-config-selinux/system-config-selinux.py*
%{_datadir}/system-config-selinux/*.glade
%{python_sitelib}/sepolicy/gui.py*
%{python_sitelib}/sepolicy/sepolicy.glade
@ -355,9 +411,6 @@ system-config-selinux is a utility for managing the SELinux environment
%{_mandir}/man8/system-config-selinux.8*
%{_mandir}/man8/selinux-polgengui.8*
%{_mandir}/man8/sepolicy-gui.8*
%{_datadir}/dbus-1/system-services/org.selinux.service
%{_datadir}/polkit-1/actions/org.selinux.policy
%{_datadir}/polkit-1/actions/org.selinux.config.policy
%post gui
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -445,6 +498,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
- Update to upstream release 2017-08-04
- Move DBUS API from -gui to -dbus package
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

35
selinux-dbus-fedora.patch Normal file
View File

@ -0,0 +1,35 @@
diff --git selinux-dbus-2.7/org.selinux.conf selinux-dbus-2.7/org.selinux.conf
index a350978..1ae079d 100644
--- selinux-dbus-2.7/org.selinux.conf
+++ selinux-dbus-2.7/org.selinux.conf
@@ -12,12 +12,8 @@
<!-- Allow anyone to invoke methods on the interfaces,
authorization is performed by PolicyKit -->
- <policy at_console="true">
- <allow send_destination="org.selinux"/>
- </policy>
<policy context="default">
- <allow send_destination="org.selinux"
- send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.selinux"/>
</policy>
</busconfig>
diff --git selinux-dbus-2.7/org.selinux.policy selinux-dbus-2.7/org.selinux.policy
index 0126610..9772127 100644
--- selinux-dbus-2.7/org.selinux.policy
+++ selinux-dbus-2.7/org.selinux.policy
@@ -70,9 +70,9 @@
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
- <action id="org.selinux.change_policy_type">
- <description>SELinux write access</description>
- <message>System policy prevents change_policy_type access to SELinux</message>
+ <action id="org.selinux.change_default_mode">
+ <description>Change SELinux default enforcing mode</description>
+ <message>System policy prevents change_default_policy access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>

52
selinux-gui-fedora.patch Normal file
View File

@ -0,0 +1,52 @@
diff --git selinux-gui-2.7/polgengui.py selinux-gui-2.7/polgengui.py
index 7460cce..064001b 100644
--- selinux-gui-2.7/polgengui.py
+++ selinux-gui-2.7/polgengui.py
@@ -34,7 +34,9 @@ except ValueError as e:
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
sys.exit(1)
+import sepolicy.generate
import sepolicy.interface
+
try:
from subprocess import getstatusoutput
except ImportError:
@@ -696,16 +698,16 @@ class childWindow:
def on_in_net_page_next(self, *args):
try:
- generate.verify_ports(self.in_tcp_entry.get_text())
- generate.verify_ports(self.in_udp_entry.get_text())
+ sepolicy.generate.verify_ports(self.in_tcp_entry.get_text())
+ sepolicy.generate.verify_ports(self.in_udp_entry.get_text())
except ValueError as e:
self.error(e.message)
return True
def on_out_net_page_next(self, *args):
try:
- generate.verify_ports(self.out_tcp_entry.get_text())
- generate.verify_ports(self.out_udp_entry.get_text())
+ sepolicy.generate.verify_ports(self.out_tcp_entry.get_text())
+ sepolicy.generate.verify_ports(self.out_udp_entry.get_text())
except ValueError as e:
self.error(e.message)
return True
diff --git selinux-gui-2.7/portsPage.py selinux-gui-2.7/portsPage.py
index b8fdaad..f86d2d3 100644
--- selinux-gui-2.7/portsPage.py
+++ selinux-gui-2.7/portsPage.py
@@ -40,6 +40,12 @@ from semanagePage import *
## I18N
##
PROGNAME = "policycoreutils"
+
+TYPE_COL = 0
+PROTOCOL_COL = 1
+MLS_COL = 2
+PORT_COL = 3
+
try:
import gettext
kwargs = {}

301
selinux-python-fedora.patch Normal file
View File

@ -0,0 +1,301 @@
diff --git selinux-python-2.7/semanage/semanage.8 selinux-python-2.7/semanage/semanage.8
index 0bdb90f..0cdcfcc 100644
--- selinux-python-2.7/semanage/semanage.8
+++ selinux-python-2.7/semanage/semanage.8
@@ -57,9 +57,8 @@ to SELinux user identities (which controls the initial security context
assigned to Linux users when they login and bounds their authorized role set)
as well as security context mappings for various kinds of objects, such
as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts)
-as well as the file context mapping. See the EXAMPLES section below for some
-examples of common usage. Note that the semanage login command deals with the
-mapping from Linux usernames (logins) to SELinux user identities,
+as well as the file context mapping. Note that the semanage login command deals
+with the mapping from Linux usernames (logins) to SELinux user identities,
while the semanage user command deals with the mapping from SELinux
user identities to authorized role sets. In most cases, only the
former mapping needs to be adjusted by the administrator; the latter
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
index 70fd192..af88126 100644
--- selinux-python-2.7/semanage/seobject.py
+++ selinux-python-2.7/semanage/seobject.py
@@ -386,6 +386,8 @@ class moduleRecords(semanageRecords):
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
def add(self, file, priority):
+ if not file:
+ raise ValueError(_("You did not define module."))
if not os.path.exists(file):
raise ValueError(_("Module does not exist: %s ") % file)
@@ -398,6 +400,8 @@ class moduleRecords(semanageRecords):
self.commit()
def set_enabled(self, module, enable):
+ if not module:
+ raise ValueError(_("You did not define module name."))
for m in module.split():
rc, key = semanage_module_key_create(self.sh)
if rc < 0:
@@ -416,11 +420,15 @@ class moduleRecords(semanageRecords):
self.commit()
def modify(self, file):
+ if not file:
+ raise ValueError(_("You did not define module."))
rc = semanage_module_update_file(self.sh, file)
if rc >= 0:
self.commit()
def delete(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
index 5cfc071..a10dbcd 100644
--- selinux-python-2.7/sepolicy/sepolicy/__init__.py
+++ selinux-python-2.7/sepolicy/sepolicy/__init__.py
@@ -1136,27 +1136,14 @@ def boolean_desc(boolean):
def get_os_version():
- os_version = ""
- pkg_name = "selinux-policy"
+ system_release = ""
try:
- try:
- from commands import getstatusoutput
- except ImportError:
- from subprocess import getstatusoutput
- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
- if rc == 0:
- os_version = output.split(".")[-2]
- except:
- os_version = ""
-
- if os_version[0:2] == "fc":
- os_version = "Fedora" + os_version[2:]
- elif os_version[0:2] == "el":
- os_version = "RHEL" + os_version[2:]
- else:
- os_version = ""
+ with open('/etc/system-release') as f:
+ system_release = f.readline().rstrip()
+ except IOError:
+ system_release = "Misc"
- return os_version
+ return system_release
def reinit():
diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py
index 4d84636..4772b50 100755
--- selinux-python-2.7/sepolicy/sepolicy/manpage.py
+++ selinux-python-2.7/sepolicy/sepolicy/manpage.py
@@ -125,8 +125,33 @@ def gen_domains():
domains.sort()
return domains
-types = None
+exec_types = None
+
+def _gen_exec_types():
+ global exec_types
+ if exec_types is None:
+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
+ return exec_types
+
+entry_types = None
+
+def _gen_entry_types():
+ global entry_types
+ if entry_types is None:
+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
+ return entry_types
+
+mcs_constrained_types = None
+
+def _gen_mcs_constrained_types():
+ global mcs_constrained_types
+ if mcs_constrained_types is None:
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+ return mcs_constrained_types
+
+
+types = None
def _gen_types():
global types
@@ -149,10 +174,6 @@ def prettyprint(f, trim):
manpage_domains = []
manpage_roles = []
-fedora_releases = ["Fedora17", "Fedora18"]
-rhel_releases = ["RHEL6", "RHEL7"]
-
-
def get_alphabet_manpages(manpage_list):
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
for i in string.ascii_letters:
@@ -182,7 +203,7 @@ def convert_manpage_to_html(html_manpage, manpage):
class HTMLManPages:
"""
- Generate a HHTML Manpages on an given SELinux domains
+ Generate a HTML Manpages on an given SELinux domains
"""
def __init__(self, manpage_roles, manpage_domains, path, os_version):
@@ -190,9 +211,9 @@ class HTMLManPages:
self.manpage_domains = get_alphabet_manpages(manpage_domains)
self.os_version = os_version
self.old_path = path + "/"
- self.new_path = self.old_path + self.os_version + "/"
+ self.new_path = self.old_path
- if self.os_version in fedora_releases or rhel_releases:
+ if self.os_version:
self.__gen_html_manpages()
else:
print("SELinux HTML man pages can not be generated for this %s" % os_version)
@@ -201,7 +222,6 @@ class HTMLManPages:
def __gen_html_manpages(self):
self._write_html_manpage()
self._gen_index()
- self._gen_body()
self._gen_css()
def _write_html_manpage(self):
@@ -219,67 +239,21 @@ class HTMLManPages:
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
def _gen_index(self):
- index = self.old_path + "index.html"
- fd = open(index, 'w')
- fd.write("""
-<html>
-<head>
- <link rel=stylesheet type="text/css" href="style.css" title="style">
- <title>SELinux man pages online</title>
-</head>
-<body>
-<h1>SELinux man pages</h1>
-<br></br>
-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
-<br></br>
-<hr>
-<h3>Fedora</h3>
-<table><tr>
-<td valign="middle">
-</td>
-</tr></table>
-<pre>
-""")
- for f in fedora_releases:
- fd.write("""
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
-
- fd.write("""
-</pre>
-<hr>
-<h3>RHEL</h3>
-<table><tr>
-<td valign="middle">
-</td>
-</tr></table>
-<pre>
-""")
- for r in rhel_releases:
- fd.write("""
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
-
- fd.write("""
-</pre>
- """)
- fd.close()
- print("%s has been created") % index
-
- def _gen_body(self):
html = self.new_path + self.os_version + ".html"
fd = open(html, 'w')
fd.write("""
<html>
<head>
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
- <title>Linux man-pages online for Fedora18</title>
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
+ <title>SELinux man pages</title>
</head>
<body>
-<h1>SELinux man pages for Fedora18</h1>
+<h1>SELinux man pages for %s</h1>
<hr>
<table><tr>
<td valign="middle">
<h3>SELinux roles</h3>
-""")
+""" % self.os_version)
for letter in self.manpage_roles:
if len(self.manpage_roles[letter]):
fd.write("""
@@ -423,6 +397,9 @@ class ManPage:
self.all_file_types = sepolicy.get_all_file_types()
self.role_allows = sepolicy.get_all_role_allows()
self.types = _gen_types()
+ self.exec_types = _gen_exec_types()
+ self.entry_types = _gen_entry_types()
+ self.mcs_constrained_types = _gen_mcs_constrained_types()
if self.source_files:
self.fcpath = self.root + "file_contexts"
@@ -735,10 +712,13 @@ Default Defined Ports:""")
def _file_context(self):
flist = []
+ flist_non_exec = []
mpaths = []
for f in self.all_file_types:
if f.startswith(self.domainname):
flist.append(f)
+ if not f in self.exec_types or not f in self.entry_types:
+ flist_non_exec.append(f)
if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"]
if len(mpaths) == 0:
@@ -790,19 +770,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
- self.fd.write(r"""
+ if flist_non_exec:
+ self.fd.write(r"""
.PP
.B STANDARD FILE CONTEXT
SELinux defines the file context types for the %(domainname)s, if you wanted to
store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
.br
.B restorecon -R -v /srv/my%(domainname)s_content
Note: SELinux often uses regular expressions to specify labels that match multiple files.
-""" % {'domainname': self.domainname, "type": flist[0]})
+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
self.fd.write(r"""
.I The following file types are defined for %(domainname)s:
@@ -974,8 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
%s""" % ", ".join(paths))
def _mcs_types(self):
- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
- if self.type not in mcs_constrained_type['types']:
+ if self.type not in self.mcs_constrained_types['types']:
return
self.fd.write ("""
.SH "MCS Constrained"

13
selinux-sandbox-fedora.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git selinux-sandbox-2.7/sandboxX.sh selinux-sandbox-2.7/sandboxX.sh
index eaa500d..4774528 100644
--- selinux-sandbox-2.7/sandboxX.sh
+++ selinux-sandbox-2.7/sandboxX.sh
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
</openbox_config>
EOF
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
cat > ~/seremote << __EOF
#!/bin/sh

0
sepolgen-fedora.patch
View File

9
sources
View File

@ -1,3 +1,8 @@
SHA512 (policycoreutils_man_ru2.tar.bz2) = 7272801da169b8d7dd3f8b7e368a63a4fbb7ae94599f9384bc450d142e6b2a3805ab542d650cbe9c8978c2d8e5c56ef4c11f361abfefeaf184ec3a4b0d2afb4c
SHA512 (policycoreutils-2.6.tar.gz) = ba289060bc348f9315bce84a5e5daf145600274289fdd2206edc10bb0ee03f9b02a9e40e9c118809961ddfe7844dee7d8952d8c9a239af7282f4fc1614c21e9d
SHA512 (sepolgen-2.6.tar.gz) = b04d0b78416dde4857888f94bad1f6f83909cb4f9fb50519778ec8a50662be38ccac19f5fc6db269754cb63668c5324258ba4a4cb79440789b759ad5eb6148c0
SHA512 (policycoreutils-2.7.tar.gz) = ce97d659f72058fd23d8dab8db98fc7c0003806a636c521fa15da465d7358d40ccc8e3eaa9675f00a9b0b8aaa1465d3fb650bc0ebbbf00164e121230673256fb
SHA512 (selinux-python-2.7.tar.gz) = df8645e7ac9ca568f0c9d81c42b93d0abadc43c22f14d38451ab262b52132cfb7abd7742e3a00ab9c153f95dd5b23b3a496d84875debcd9787f75d940eb45c28
SHA512 (selinux-gui-2.7.tar.gz) = 55bfa4216dabc1711324d03c6e0b2034ab04e72d32921adbeee89b08eea7b1f558a5eeaa14b8ad1bdcffcfe10efa9cb692dc783b4f0c21fe2e3e3063c20e0b7f
SHA512 (selinux-sandbox-2.7.tar.gz) = 3f994dc296d150f3307d20e3295ad565fd86f78701ec4601493f2f4b1c91a8aa68a9ec8b6418fd9bacb9e9d32b6798cdc7e1eabc26f9b6c306affad3261ffb8a
SHA512 (selinux-dbus-2.7.tar.gz) = 73f6731af302573cf7b20b93e7bc6da677dfd57342b097888537fd6383157c72b0fb047a4f586614fd968e8ed7f0f2b517f0abdf44dd6107aa428b7a39f93f9e
SHA512 (semodule-utils-2.7.tar.gz) = 5c7c2a2224949f50c1119edba90d937363e22af52a38f06525e957b29f5310a3e3444d03980b2f808ce995de0f9fc0a9dca8b6167bbfde29c1a33b9bc786d3c8
SHA512 (restorecond-2.7.tar.gz) = c81950e4f748a729c8951b13a4075ab1003530f8ada7a9d3fbe6428f76070df4819a37daaab557b63fc234aa8c8320ec41757fbdb24b76fa2c11747bde0038ad