rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Simplication of sepolicy-manpage web functionality (#1193552)

Browse Source 
system_release is no longer hardcoded and it creates only index.html and html man pages in the directory for the system release.
This commit is contained in:
Petr Lautrbach 2015-02-24 17:02:35 +01:00
parent 93602ec85a
commit 15238906cb
2 changed files with 93 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

189
policycoreutils-rhat.patch
View File

@ -658646,7 +658646,7 @@ index 74fb347..adb6ca5 100755
+ print("Out")
sys.exit(0)
diff --git a/policycoreutils-2.3/sepolicy/sepolicy/__init__.py b/policycoreutils-2.3/sepolicy/sepolicy/__init__.py
index 679725d..075da91 100644
index 679725d..d3dc4be 100644
--- a/policycoreutils-2.3/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils-2.3/sepolicy/sepolicy/__init__.py
@@ -3,23 +3,27 @@
@ -659028,9 +659028,13 @@ index 679725d..075da91 100644
pass
return booleans_dict
@@ -844,19 +937,23 @@ def get_os_version():
os_version = ""
pkg_name = "selinux-policy"
@@ -841,24 +934,14 @@ def boolean_desc(boolean):
return "Allow %s to %s" % (desc[0], " ".join(desc[1:]))
def get_os_version():
- os_version = ""
- pkg_name = "selinux-policy"
+ system_release = ""
try:
- import commands
- rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
@ -659038,33 +659042,24 @@ index 679725d..075da91 100644
- os_version = output.split(".")[-2]
- except:
- os_version = ""
+ import subprocess
+ output = subprocess.check_output("rpm -q '%s'" % pkg_name,
+ stderr=subprocess.STDOUT,
+ shell=True)
+ try:
+ os_version = str(output).split(".")[-2]
+ if os_version[0:2] == "fc":
+ os_version = "Fedora"+os_version[2:]
+ elif os_version[0:2] == "el":
+ os_version = "RHEL"+os_version[2:]
+ else:
+ os_version = "Misc"
+ except IndexError:
+ os_version = "Misc"
-
- if os_version[0:2] == "fc":
- os_version = "Fedora"+os_version[2:]
- elif os_version[0:2] == "el":
- os_version = "RHEL"+os_version[2:]
- else:
- os_version = ""
+ except subprocess.CalledProcessError:
+ os_version = "Misc"
+ with open('/etc/system-release') as f:
+ system_release = f.readline().rstrip()
+ except IOError:
+ system_release = "Misc"
return os_version
- return os_version
+ return system_release
@@ -871,7 +968,7 @@ def reinit():
def reinit():
global all_attributes
@@ -871,7 +954,7 @@ def reinit():
global file_types
global local_files
global methods
@ -661118,7 +661113,7 @@ index bbabb3b..b17f6af 100644
os.remove(v)
diff --git a/policycoreutils-2.3/sepolicy/sepolicy/manpage.py b/policycoreutils-2.3/sepolicy/sepolicy/manpage.py
index ba15b2c..04f9799 100755
index ba15b2c..2316f50 100755
--- a/policycoreutils-2.3/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils-2.3/sepolicy/sepolicy/manpage.py
@@ -30,103 +30,111 @@ import selinux
@ -661310,14 +661305,13 @@ index ba15b2c..04f9799 100755
def prettyprint(f,trim):
return " ".join(f[:-len(trim)].split("_"))
@@ -135,72 +143,78 @@ def prettyprint(f,trim):
@@ -135,150 +143,106 @@ def prettyprint(f,trim):
manpage_domains = []
manpage_roles = []
-fedora_releases = ["Fedora17","Fedora18"]
+fedora_releases = ["Fedora17","Fedora18","Fedora19","Fedora20","Fedora21","Fedora22"]
rhel_releases = ["RHEL6","RHEL7"]
-rhel_releases = ["RHEL6","RHEL7"]
-
def get_alphabet_manpages(manpage_list):
- alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
- for i in string.ascii_letters:
@ -661409,9 +661403,9 @@ index ba15b2c..04f9799 100755
+ self.manpage_domains = get_alphabet_manpages(manpage_domains)
+ self.os_version = os_version
+ self.old_path = path + "/"
+ self.new_path = self.old_path + self.os_version+"/"
+ self.new_path = self.old_path
+
+ if (self.os_version in fedora_releases) or (self.os_version in rhel_releases) or (self.os_version == "Misc"):
+ if self.os_version:
+
+ self.__gen_html_manpages()
+ else:
@ -661421,7 +661415,6 @@ index ba15b2c..04f9799 100755
+ def __gen_html_manpages(self):
+ self._write_html_manpage()
+ self._gen_index()
+ self._gen_body()
+ self._gen_css()
+
+ def _write_html_manpage(self):
@ -661440,40 +661433,49 @@ index ba15b2c..04f9799 100755
+
+
+ def _gen_index(self):
+ index = self.old_path+"index.html"
+ fd = open(index,'w')
+ html = self.new_path+"index.html"
+ fd = open(html,'w')
+ fd.write("""
<html>
<head>
<link rel=stylesheet type="text/css" href="style.css" title="style">
@@ -219,11 +233,11 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
</tr></table>
<pre>
""")
- <link rel=stylesheet type="text/css" href="style.css" title="style">
- <title>SELinux man pages online</title>
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
+ <title>SELinux man pages</title>
</head>
<body>
-<h1>SELinux man pages</h1>
-<br></br>
-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
-<br></br>
-<hr>
-<h3>Fedora</h3>
-<table><tr>
-<td valign="middle">
-</td>
-</tr></table>
-<pre>
-""")
- for f in fedora_releases:
- fd.write("""
+ for f in fedora_releases:
+ fd.write("""
<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f,f,f,f))
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f,f,f,f))
-
- fd.write("""
+ fd.write("""
</pre>
<hr>
<h3>RHEL</h3>
@@ -233,24 +247,24 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
</tr></table>
<pre>
""")
-</pre>
-<hr>
-<h3>RHEL</h3>
-<table><tr>
-<td valign="middle">
-</td>
-</tr></table>
-<pre>
-""")
- for r in rhel_releases:
- fd.write("""
+ for r in rhel_releases:
+ fd.write("""
<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r,r,r,r))
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r,r,r,r))
-
- fd.write("""
+ fd.write("""
</pre>
-</pre>
- """)
- fd.close()
- print("%s has been created") % index
@ -661482,30 +661484,23 @@ index ba15b2c..04f9799 100755
- html = self.new_path+self.os_version+".html"
- fd = open(html,'w')
- fd.write("""
+ """)
+ fd.close()
+ print(("%s has been created") % index)
+
+ def _gen_body(self):
+ html = self.new_path+self.os_version+".html"
+ fd = open(html,'w')
+ fd.write("""
<html>
<head>
-<html>
-<head>
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
- <title>Linux man-pages online for Fedora18</title>
+ <link rel=stylesheet type="text/css" href="../style.css" title="style">
+ <title>Linux man-pages online for Fedora</title>
</head>
<body>
<h1>SELinux man pages for Fedora18</h1>
@@ -259,26 +273,26 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
-</head>
-<body>
-<h1>SELinux man pages for Fedora18</h1>
+<h1>SELinux man pages for %s</h1>
<hr>
<table><tr>
<td valign="middle">
<h3>SELinux roles</h3>
""")
-""")
- for letter in self.manpage_roles:
- if len(self.manpage_roles[letter]):
- fd.write("""
+""" % self.os_version)
+ for letter in self.manpage_roles:
+ if len(self.manpage_roles[letter]):
+ fd.write("""
@ -661540,7 +661535,7 @@ index ba15b2c..04f9799 100755
</pre>
<hr>
<table><tr>
@@ -286,38 +300,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
@@ -286,38 +250,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
<h3>SELinux domains</h3>"""
% rolename_body)
@ -661599,7 +661594,7 @@ index ba15b2c..04f9799 100755
html, body {
background-color: #fcfcfc;
font-family: arial, sans-serif;
@@ -326,9 +340,9 @@ html, body {
@@ -326,9 +290,9 @@ html, body {
}
h1, h2, h3, h4, h5, h5 {
@ -661612,7 +661607,7 @@ index ba15b2c..04f9799 100755
}
a {
@@ -374,159 +388,198 @@ pre.code {
@@ -374,159 +338,198 @@ pre.code {
}
""")
@ -661935,7 +661930,7 @@ index ba15b2c..04f9799 100755
.SH "NAME"
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
.SH "DESCRIPTION"
@@ -543,20 +596,20 @@ For example:
@@ -543,20 +546,20 @@ For example:
def _format_boolean_desc(self, b):
@ -661968,7 +661963,7 @@ index ba15b2c..04f9799 100755
.PP
If you want to %s, you must turn on the %s boolean. %s by default.
@@ -565,34 +618,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
@@ -565,34 +568,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
.EE
""" % (self._format_boolean_desc(b), b, self.enabled_str[enabled], b)
@ -662019,7 +662014,7 @@ index ba15b2c..04f9799 100755
.PP
If you want to %s for the %s, you must turn on the %s boolean.
@@ -601,12 +654,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
@@ -601,12 +604,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
.EE
""" % (self._format_boolean_desc(b),(", ".join(nsswitch_types)), b, b)
@ -662036,7 +662031,7 @@ index ba15b2c..04f9799 100755
.SH PROCESS TYPES
SELinux defines process types (domains) for each process running on the system
.PP
@@ -617,11 +670,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -617,11 +620,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
The following process types are defined for %(domainname)s:
""" % {'domainname':self.domainname})
@ -662050,7 +662045,7 @@ index ba15b2c..04f9799 100755
.PP
Note:
.B semanage permissive -a %(domainname)s_t
@@ -629,14 +682,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
@@ -629,14 +632,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
""" % {'domainname':self.domainname})
def _port_types(self):
@ -662071,7 +662066,7 @@ index ba15b2c..04f9799 100755
.SH PORT TYPES
SELinux defines port types to represent TCP and UDP ports.
.PP
@@ -650,8 +703,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -650,8 +653,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
The following port types are defined for %(domainname)s:""" % {'domainname':self.domainname})
@ -662082,7 +662077,7 @@ index ba15b2c..04f9799 100755
.EX
.TP 5
@@ -659,49 +712,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
@@ -659,49 +662,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
.TP 10
.EE
""" % p)
@ -662172,7 +662167,7 @@ index ba15b2c..04f9799 100755
.SH FILE CONTEXTS
SELinux requires files to have an extended attribute to define the file type.
.PP
@@ -712,13 +768,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -712,13 +718,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname':self.domainname})
@ -662190,7 +662185,7 @@ index ba15b2c..04f9799 100755
.PP
%(domainname)s policy stores data with multiple different file context types under the %(equiv)s directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv dirctory you would execute the following command:
.PP
@@ -728,25 +784,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -728,25 +734,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname':self.domainname, 'equiv': e, 'alt': e.split('/')[-1] })
@ -662223,7 +662218,7 @@ index ba15b2c..04f9799 100755
.EX
.PP
@@ -756,19 +813,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
@@ -756,19 +763,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
- %s
""" % ( f, sepolicy.get_description(f)))
@ -662251,7 +662246,7 @@ index ba15b2c..04f9799 100755
.PP
Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -779,19 +836,19 @@ to apply the labels.
@@ -779,19 +786,19 @@ to apply the labels.
""")
def _see_also(self):
@ -662282,7 +662277,7 @@ index ba15b2c..04f9799 100755
.SH SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
.TP
@@ -812,9 +869,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
@@ -812,9 +819,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
.br
.B setsebool -P %(domainname)s_anon_write 1
""" % {'domainname':self.domainname})
@ -662295,7 +662290,7 @@ index ba15b2c..04f9799 100755
.PP
If you want to %s, you must turn on the %s boolean.
@@ -824,7 +881,7 @@ If you want to %s, you must turn on the %s boolean.
@@ -824,7 +831,7 @@ If you want to %s, you must turn on the %s boolean.
""" % (desc, b, b))
def _footer(self):
@ -662304,7 +662299,7 @@ index ba15b2c..04f9799 100755
.SH "COMMANDS"
.B semanage fcontext
can also be used to manipulate default file context mappings.
@@ -836,19 +893,19 @@ can also be used to manipulate whether or not a process type is permissive.
@@ -836,19 +843,19 @@ can also be used to manipulate whether or not a process type is permissive.
can also be used to enable/disable/install/remove policy modules.
""")
@ -662329,7 +662324,7 @@ index ba15b2c..04f9799 100755
.PP
.B system-config-selinux
is a GUI tool available to customize SELinux policy settings.
@@ -861,102 +918,102 @@ This manual page was auto-generated using
@@ -861,102 +868,102 @@ This manual page was auto-generated using
selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
""" % (self.domainname))
@ -662495,7 +662490,7 @@ index ba15b2c..04f9799 100755
.SH "NAME"
%(user)s_u \- \fB%(desc)s\fP - Security Enhanced Linux Policy
@@ -989,22 +1046,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
@@ -989,22 +996,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self._get_users_range()})
@ -662526,7 +662521,7 @@ index ba15b2c..04f9799 100755
The SELinux user %(user)s can execute sudo.
You can set up sudo to allow %(user)s to transition to an administrative domain:
@@ -1012,14 +1069,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
@@ -1012,14 +1019,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
Add one or more of the following record to sudoers using visudo.
""" % { 'user':self.domainname } )
@ -662544,7 +662539,7 @@ index ba15b2c..04f9799 100755
You might also need to add one or more of these new roles to your SELinux user record.
List the SELinux roles your SELinux user can reach by executing:
@@ -1033,104 +1090,104 @@ Modify the roles list and add %(user)s_r to this list.
@@ -1033,104 +1040,104 @@ Modify the roles list and add %(user)s_r to this list.
For more details you can see semanage man page.
""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
@ -662691,7 +662686,7 @@ index ba15b2c..04f9799 100755
.SH TRANSITIONS
Three things can happen when %(type)s attempts to execute a program.
@@ -1143,7 +1200,7 @@ Three things can happen when %(type)s attempts to execute a program.
@@ -1143,7 +1150,7 @@ Three things can happen when %(type)s attempts to execute a program.
Execute the following to see the types that the SELinux user %(type)s can execute without transitioning:
@ -662700,7 +662695,7 @@ index ba15b2c..04f9799 100755
.TP
@@ -1151,15 +1208,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
@@ -1151,15 +1158,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
Execute the following to see the types that the SELinux user %(type)s can execute and transition:
@ -662721,7 +662716,7 @@ index ba15b2c..04f9799 100755
.SH "NAME"
%(user)s_r \- \fB%(desc)s\fP - Security Enhanced Linux Policy
@@ -1201,21 +1258,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
@@ -1201,21 +1208,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
.B $ semanage user -m -R 'staff_r system_r %(user)s_r' staff_u
""" % {'desc': self.desc, 'user':self.domainname})

1
policycoreutils.spec
View File

@ -18,6 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
# https://github.com/fedora-selinux/selinux/commit/2f23ca54e96a0c1465fbfb0f83196beca0fedccf
Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch
Obsoletes: policycoreutils < 2.0.61-2