rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-1

Browse Source 
- Update to upstream
	* Add support for boolean files and group support for seusers from Dan Walsh.
	* Ensure that setfiles -p output is newline terminated from Russell Coker.
This commit is contained in:
Daniel J Walsh 2008-08-05 14:18:33 +00:00
parent 0fdc47a89f
commit 14f807a094
4 changed files with 49 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -185,3 +185,4 @@ policycoreutils-2.0.51.tgz
policycoreutils-2.0.52.tgz
sepolgen-1.0.13.tgz
policycoreutils-2.0.53.tgz
policycoreutils-2.0.54.tgz

404
policycoreutils-rhat.patch
View File

@ -1,49 +1,28 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.52/Makefile
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
+++ policycoreutils-2.0.52/Makefile 2008-07-29 10:39:48.000000000 -0400
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.53/Makefile
--- nsapolicycoreutils/Makefile 2008-08-05 09:58:35.000000000 -0400
+++ policycoreutils-2.0.53/Makefile 2008-08-01 07:34:03.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.52/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-29 10:39:48.000000000 -0400
@@ -210,9 +210,10 @@
}
if (fsetfilecon(fd, scontext) < 0) {
- syslog(LOG_ERR,
- "set context %s->%s failed:'%s'\n",
- filename, scontext, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR,
+ "set context %s->%s failed:'%s'\n",
+ filename, scontext, strerror(errno));
if (retcontext >= 0)
free(prev_context);
free(scontext);
@@ -225,8 +226,9 @@
if (retcontext >= 0)
free(prev_context);
} else {
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
- filename, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+ filename, strerror(errno));
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.52/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-07-02 17:19:15.000000000 -0400
+++ policycoreutils-2.0.52/semanage/semanage 2008-07-29 10:39:48.000000000 -0400
@@ -45,13 +45,13 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.53/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2008-08-05 09:58:27.000000000 -0400
+++ policycoreutils-2.0.53/restorecond/restorecond.conf 2008-08-01 10:54:17.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/services
/etc/resolv.conf
/etc/samba/secrets.tdb
/etc/mtab
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.53/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-08-05 09:58:26.000000000 -0400
+++ policycoreutils-2.0.53/semanage/semanage 2008-08-05 10:13:48.000000000 -0400
@@ -45,11 +45,11 @@
def usage(message = ""):
print _("""
semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
-semanage login -{a|d|m} [-sr] login_name
-semanage login -{a|d|m} [-sr] login_name | %groupname
-semanage user -{a|d|m} [-LrRP] selinux_name
+semanage login -{a|d|m} [-srF] login_name | login_file
+semanage user -{a|d|m} [-LrRPF] selinux_name | user_file
@ -52,20 +31,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
-semanage fcontext -{a|d|m} [-frst] file_spec
+semanage fcontext -{a|d|m} [-frstF] file_spec | fcontext_file
semanage translation -{a|d|m} [-T] level
-semanage boolean -{d|m} boolean
+semanage boolean -{d|m} [-F] boolean | boolean_file
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
Primary Options:
@@ -79,6 +79,7 @@
-l (symbolic link)
-p (named pipe)
+ -F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp)
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
@@ -102,19 +103,19 @@
@@ -103,15 +103,15 @@
valid_option={}
valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
valid_option["login"] = []
@ -84,333 +52,31 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
valid_option["permissive"] = []
valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
return valid_option
@@ -134,15 +135,16 @@
setrans = ""
@@ -136,15 +136,15 @@
roles = ""
seuser = ""
- prefix = ""
+ prefix = "user"
heading=1
- value=0
- add = 0
- modify = 0
- delete = 0
- deleteall = 0
- list = 0
- locallist = 0
prefix = "user"
- heading = True
- value = None
+ heading=1
+ value = None
+ add = False
+ modify = False
+ delete = False
+ deleteall = False
+ list = False
+ locallist = False
add = False
modify = False
delete = False
deleteall = False
list = False
locallist = False
- use_file = False
+ use_file = False
store = ""
if len(sys.argv) < 3:
usage(_("Requires 2 or more arguments"))
@@ -155,11 +157,12 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:',
['add',
'delete',
'deleteall',
'ftype=',
+ 'file',
'help',
'list',
'modify',
@@ -185,18 +188,22 @@
if o == "-a" or o == "--add":
if modify or delete:
usage()
- add = 1
+ add = True
if o == "-d" or o == "--delete":
if modify or add:
usage()
- delete = 1
+ delete = True
if o == "-D" or o == "--deleteall":
if modify:
usage()
- deleteall = 1
+ deleteall = True
if o == "-f" or o == "--ftype":
ftype=a
+
+ if o == "-F" or o == "--file":
+ use_file = True
+
if o == "-h" or o == "--help":
@@ -208,7 +208,7 @@
usage()
@@ -204,12 +211,12 @@
heading=0
if o == "-n" or o == "--noheading":
- heading = False
+ heading=0
if o == "-C" or o == "--locallist":
- locallist=1
+ locallist = True
if o == "-m"or o == "--modify":
if delete or add:
usage()
- modify = 1
+ modify = True
if o == "-S" or o == '--store':
store = a
@@ -220,7 +227,7 @@
serange = a
if o == "-l" or o == "--list":
- list = 1
+ list = True
if o == "-L" or o == '--level':
if is_mls_enabled == 0:
@@ -246,9 +253,9 @@
setrans = a
if o == "--on" or o == "-1":
- value = 1
- if o == "-off" or o == "-0":
- value = 0
+ value = "on"
+ if o == "--off" or o == "-0":
+ value = "off"
if object == "login":
OBJECT = seobject.loginRecords(store)
@@ -275,7 +282,10 @@
OBJECT = seobject.permissiveRecords(store)
if list:
- OBJECT.list(heading, locallist)
+ if object == "boolean":
+ OBJECT.list(heading, locallist, use_file)
+ else:
+ OBJECT.list(heading, locallist)
sys.exit(0);
if deleteall:
@@ -295,11 +305,9 @@
OBJECT.add(target, setrans)
if object == "user":
- rlist = roles.split()
- if len(rlist) == 0:
- raise ValueError(_("You must specify a role"))
- if prefix == "":
- raise ValueError(_("You must specify a prefix"))
+ rlist = []
+ if not use_file:
+ rlist = roles.split()
OBJECT.add(target, rlist, selevel, serange, prefix)
if object == "port":
@@ -317,7 +325,7 @@
if modify:
if object == "boolean":
- OBJECT.modify(target, value)
+ OBJECT.modify(target, value, use_file)
if object == "login":
OBJECT.modify(target, seuser, serange)
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.52/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-07-02 17:19:15.000000000 -0400
+++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-29 10:39:48.000000000 -0400
@@ -3,9 +3,9 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n]
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store]
.br
-.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
+.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
.br
.B semanage login \-{a|d|m} [\-sr] login_name
.br
@@ -54,6 +54,11 @@
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
.TP
+.I \-F, \-\-file
+Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
+
+Currently booleans only.
+.TP
.I \-h, \-\-help
display this message
.TP
@@ -87,6 +92,9 @@
.I \-s, \-\-seuser
SELinux user name
.TP
+.I \-S, \-\-store
+Select and alternate SELinux store to manage
+.TP
.I \-t, \-\-type
SELinux Type for the object
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.52/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-07-29 09:15:39.000000000 -0400
+++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-29 10:39:48.000000000 -0400
@@ -330,20 +330,15 @@
for name in dirs:
os.rmdir(os.path.join(root, name))
- if rc != 0:
- raise ValueError(out)
-
-
def delete(self, name):
for n in name.split():
rc = semanage_module_remove(self.sh, "permissive_%s" % n)
if rc < 0:
raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name)
- rc = semanage_commit(self.sh)
- if rc < 0:
+ rc = semanage_commit(self.sh)
+ if rc < 0:
raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name)
-
def deleteall(self):
l = self.get_all()
if len(l) > 0:
@@ -1447,54 +1442,72 @@
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+ self.dict={}
+ self.dict["TRUE"] = 1
+ self.dict["FALSE"] = 0
+ self.dict["ON"] = 1
+ self.dict["OFF"] = 0
+ self.dict["1"] = 1
+ self.dict["0"] = 0
- def modify(self, name, value = ""):
- if value == "":
- raise ValueError(_("Requires value"))
-
- (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
- (rc,exists) = semanage_bool_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if boolean %s is defined") % name)
- if not exists:
- raise ValueError(_("Boolean %s is not defined") % name)
-
- (rc,b) = semanage_bool_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query file context %s") % name)
+ def __mod(self, name, value):
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+ (rc,exists) = semanage_bool_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if boolean %s is defined") % name)
+ if not exists:
+ raise ValueError(_("Boolean %s is not defined") % name)
+
+ (rc,b) = semanage_bool_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query file context %s") % name)
- if value != "":
- nvalue = int(value)
- semanage_bool_set_value(b, nvalue)
+ if value.upper() in self.dict:
+ semanage_bool_set_value(b, self.dict[value.upper()])
else:
- raise ValueError(_("You must specify a value"))
+ raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
+
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of boolean %s") % name)
+ rc = semanage_bool_modify_local(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not modify boolean %s") % name)
+ semanage_bool_key_free(k)
+ semanage_bool_free(b)
+ def modify(self, name, value=None, use_file=False):
+
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
-
- rc = semanage_bool_set_active(self.sh, k, b)
- if rc < 0:
- raise ValueError(_("Could not set active value of boolean %s") % name)
- rc = semanage_bool_modify_local(self.sh, k, b)
- if rc < 0:
- raise ValueError(_("Could not modify boolean %s") % name)
+ if use_file:
+ fd = open(name)
+ for b in fd.read().split("\n"):
+ b = b.strip()
+ if len(b) == 0:
+ continue
+
+ try:
+ boolname, val = b.split("=")
+ except ValueError, e:
+ raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
+ self.__mod(boolname.strip(), val.strip())
+ fd.close()
+ else:
+ self.__mod(name, value)
rc = semanage_commit(self.sh)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
- semanage_bool_key_free(k)
- semanage_bool_free(b)
-
def delete(self, name):
- (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
(rc,exists) = semanage_bool_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if boolean %s is defined") % name)
@@ -1571,8 +1584,15 @@
else:
return _("unknown")
- def list(self, heading = 1, locallist = 0):
+ def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"),_("on"))
+ if use_file:
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ for k in keys:
+ if ddict[k]:
+ print "%s=%s" % (k, ddict[k][2])
+ return
if heading:
print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
ddict = self.get_all(locallist)
locallist = True

13
policycoreutils.spec
View File

@ -5,7 +5,7 @@
%define sepolgenver 1.0.13
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.53
Version: 2.0.54
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
@ -192,6 +192,17 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-1
- Update to upstream
* Add support for boolean files and group support for seusers from Dan Walsh.
* Ensure that setfiles -p output is newline terminated from Russell Coker.
* Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-3
- Allow semanage user to add group lists %groupname
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-2
- Fix help
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-1
- Update to upstream
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.

2
sources
View File

@ -1,2 +1,2 @@
b6756a012c26f414e4a5f8f438ce2188 sepolgen-1.0.13.tgz
8fe5f8b78e156f770e990fe107577d2c policycoreutils-2.0.53.tgz
b1d1bc767b4806a17d0986ab4016cf9b policycoreutils-2.0.54.tgz