From 16444033da5e0c59d9f774e0a4f206e1735ec252 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 6 Nov 2012 06:12:01 -0500 Subject: [PATCH] Fix semanage booleans -l, move more boolean_dict handling into sepolicy - Update translations - Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name - Fix kill function call should indicate signal_perms not kill capability - Error out cleanly in system-config-selinux, if it can not contact XServer --- policycoreutils-rhat.patch | 81 ++++++++++++++++++++++++++------------ policycoreutils.spec | 3 +- 2 files changed, 58 insertions(+), 26 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index f47b02d..223f9ad 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -335089,7 +335089,7 @@ index 63b11dd..28a9022 100644 .TP .I \-P, \-\-prefix diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py -index ad7dc8c..0a1485e 100644 +index ad7dc8c..f2b8721 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -24,17 +24,18 @@ @@ -335097,7 +335097,7 @@ index ad7dc8c..0a1485e 100644 from semanage import *; PROGNAME = "policycoreutils" +import sepolicy -+from sepolicy import booleans_dict ++from sepolicy import boolean_desc, boolean_category import sepolgen.module as module from IPy import IP @@ -335116,7 +335116,7 @@ index ad7dc8c..0a1485e 100644 import syslog -@@ -123,33 +124,6 @@ class nulllogger: +@@ -123,39 +124,6 @@ class nulllogger: def commit(self,success): pass @@ -335147,10 +335147,16 @@ index ad7dc8c..0a1485e 100644 - #print _("Failed to translate booleans.\n%s") % e - pass - - def boolean_desc(boolean): - if boolean in booleans_dict: - return _(booleans_dict[boolean][2]) -@@ -384,13 +358,7 @@ class permissiveRecords(semanageRecords): +-def boolean_desc(boolean): +- if boolean in booleans_dict: +- return _(booleans_dict[boolean][2]) +- else: +- return boolean +- + def validate_level(raw): + sensitivity = "s[0-9]*" + category = "c[0-9]*" +@@ -384,13 +352,7 @@ class permissiveRecords(semanageRecords): return l def list(self, heading = 1, locallist = 0): @@ -335165,7 +335171,7 @@ index ad7dc8c..0a1485e 100644 if len(all) == 0: return -@@ -493,7 +461,9 @@ class loginRecords(semanageRecords): +@@ -493,7 +455,9 @@ class loginRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: @@ -335176,7 +335182,7 @@ index ad7dc8c..0a1485e 100644 if name[0] == '%': try: grp.getgrnam(name[1:]) -@@ -738,7 +708,8 @@ class seluserRecords(semanageRecords): +@@ -738,7 +702,8 @@ class seluserRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: @@ -335186,7 +335192,7 @@ index ad7dc8c..0a1485e 100644 (rc, u) = semanage_user_create(self.sh) if rc < 0: -@@ -958,6 +929,8 @@ class seluserRecords(semanageRecords): +@@ -958,6 +923,8 @@ class seluserRecords(semanageRecords): print "%-15s %s" % (k, ddict[k][3]) class portRecords(semanageRecords): @@ -335195,7 +335201,7 @@ index ad7dc8c..0a1485e 100644 def __init__(self, store = ""): semanageRecords.__init__(self, store) -@@ -997,6 +970,9 @@ class portRecords(semanageRecords): +@@ -997,6 +964,9 @@ class portRecords(semanageRecords): if type == "": raise ValueError(_("Type is required")) @@ -335205,7 +335211,7 @@ index ad7dc8c..0a1485e 100644 ( k, proto_d, low, high ) = self.__genkey(port, proto) (rc, exists) = semanage_port_exists(self.sh, k) -@@ -1056,6 +1032,9 @@ class portRecords(semanageRecords): +@@ -1056,6 +1026,9 @@ class portRecords(semanageRecords): else: raise ValueError(_("Requires setype")) @@ -335215,7 +335221,7 @@ index ad7dc8c..0a1485e 100644 ( k, proto_d, low, high ) = self.__genkey(port, proto) (rc, exists) = semanage_port_exists(self.sh, k) -@@ -1213,6 +1192,8 @@ class portRecords(semanageRecords): +@@ -1213,6 +1186,8 @@ class portRecords(semanageRecords): print rec class nodeRecords(semanageRecords): @@ -335224,7 +335230,7 @@ index ad7dc8c..0a1485e 100644 def __init__(self, store = ""): semanageRecords.__init__(self,store) self.protocol = ["ipv4", "ipv6"] -@@ -1252,7 +1233,10 @@ class nodeRecords(semanageRecords): +@@ -1252,7 +1227,10 @@ class nodeRecords(semanageRecords): serange = untranslate(serange) if ctype == "": @@ -335236,7 +335242,7 @@ index ad7dc8c..0a1485e 100644 (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) if rc < 0: -@@ -1262,7 +1246,8 @@ class nodeRecords(semanageRecords): +@@ -1262,7 +1240,8 @@ class nodeRecords(semanageRecords): (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -335246,7 +335252,7 @@ index ad7dc8c..0a1485e 100644 (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1318,6 +1303,9 @@ class nodeRecords(semanageRecords): +@@ -1318,6 +1297,9 @@ class nodeRecords(semanageRecords): if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) @@ -335256,7 +335262,7 @@ index ad7dc8c..0a1485e 100644 (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) if rc < 0: raise ValueError(_("Could not create key for %s") % addr) -@@ -1460,7 +1448,8 @@ class interfaceRecords(semanageRecords): +@@ -1460,7 +1442,8 @@ class interfaceRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -335266,7 +335272,7 @@ index ad7dc8c..0a1485e 100644 (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1625,6 +1614,9 @@ class interfaceRecords(semanageRecords): +@@ -1625,6 +1608,9 @@ class interfaceRecords(semanageRecords): print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2]) class fcontextRecords(semanageRecords): @@ -335276,7 +335282,7 @@ index ad7dc8c..0a1485e 100644 def __init__(self, store = ""): semanageRecords.__init__(self, store) self.equiv = {} -@@ -1739,6 +1731,9 @@ class fcontextRecords(semanageRecords): +@@ -1739,6 +1725,9 @@ class fcontextRecords(semanageRecords): if type == "": raise ValueError(_("SELinux Type is required")) @@ -335286,7 +335292,7 @@ index ad7dc8c..0a1485e 100644 (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create key for %s") % target) -@@ -1753,7 +1748,8 @@ class fcontextRecords(semanageRecords): +@@ -1753,7 +1742,8 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -335296,7 +335302,7 @@ index ad7dc8c..0a1485e 100644 (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1794,6 +1790,9 @@ class fcontextRecords(semanageRecords): +@@ -1794,6 +1784,9 @@ class fcontextRecords(semanageRecords): def __modify(self, target, setype, ftype, serange, seuser): if serange == "" and setype == "" and seuser == "": raise ValueError(_("Requires setype, serange or seuser")) @@ -335306,7 +335312,7 @@ index ad7dc8c..0a1485e 100644 self.validate(target) (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -@@ -1999,6 +1998,8 @@ class booleanRecords(semanageRecords): +@@ -1999,6 +1992,8 @@ class booleanRecords(semanageRecords): self.modify_local = False def __mod(self, name, value): @@ -335315,7 +335321,7 @@ index ad7dc8c..0a1485e 100644 (rc, k) = semanage_bool_key_create(self.sh, name) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) -@@ -2028,8 +2029,6 @@ class booleanRecords(semanageRecords): +@@ -2028,8 +2023,6 @@ class booleanRecords(semanageRecords): semanage_bool_free(b) def modify(self, name, value = None, use_file = False): @@ -335324,6 +335330,18 @@ index ad7dc8c..0a1485e 100644 self.begin() if use_file: fd = open(name) +@@ -2120,10 +2113,7 @@ class booleanRecords(semanageRecords): + + def get_category(self, name): + name = selinux.selinux_boolean_sub(name) +- if name in booleans_dict: +- return _(booleans_dict[name][0]) +- else: +- return _("unknown") ++ return boolean_category(name) + + def customized(self): + l = [] diff --git a/policycoreutils/sepolicy/.gitignore b/policycoreutils/sepolicy/.gitignore new file mode 100644 index 0000000..378eac2 @@ -338224,10 +338242,10 @@ index 0000000..eee20af + sys.exit(0) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py new file mode 100644 -index 0000000..5df16bb +index 0000000..247d0fb --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/__init__.py -@@ -0,0 +1,110 @@ +@@ -0,0 +1,123 @@ +#!/usr/bin/env python + +# Author: Thomas Liu @@ -338319,6 +338337,19 @@ index 0000000..5df16bb + pass + return booleans_dict + ++def boolean_category(boolean): ++ if boolean in self.booleans_dict: ++ return _(self.booleans_dict[boolean][0]) ++ else: ++ return _("unknown") ++ ++def boolean_desc(boolean): ++ booleans_dict = gen_bool_dict() ++ if boolean in booleans_dict: ++ return _(booleans_dict[boolean][2]) ++ else: ++ return boolean ++ +def get_os_version(): + os_version = "" + pkg_name = "selinux-policy" diff --git a/policycoreutils.spec b/policycoreutils.spec index 5744e19..a53e9f5 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.13 -Release: 25%{?dist} +Release: 26%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -329,6 +329,7 @@ The policycoreutils-restorecond package contains the restorecond service. %changelog * Mon Nov 5 2012 Dan Walsh - 2.1.12-26 +- Fix semanage booleans -l, move more boolean_dict handling into sepolicy - Update translations - Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name - Fix kill function call should indicate signal_perms not kill capability