rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix semanage booleans -l, move more boolean_dict handling into sepolicy

Browse Source 
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
This commit is contained in:
Dan Walsh 2012-11-06 06:12:01 -05:00
parent 321b3f2caa
commit 16444033da
2 changed files with 58 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
policycoreutils-rhat.patch
View File

@ -335089,7 +335089,7 @@ index 63b11dd..28a9022 100644
.TP .TP
.I \-P, \-\-prefix .I \-P, \-\-prefix
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index ad7dc8c..0a1485e 100644 index ad7dc8c..f2b8721 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py
@@ -24,17 +24,18 @@ @@ -24,17 +24,18 @@
@ -335097,7 +335097,7 @@ index ad7dc8c..0a1485e 100644
from semanage import *; from semanage import *;
PROGNAME = "policycoreutils" PROGNAME = "policycoreutils"
+import sepolicy +import sepolicy
+from sepolicy import booleans_dict +from sepolicy import boolean_desc, boolean_category
import sepolgen.module as module import sepolgen.module as module
from IPy import IP from IPy import IP
@ -335116,7 +335116,7 @@ index ad7dc8c..0a1485e 100644
import syslog import syslog
@@ -123,33 +124,6 @@ class nulllogger: @@ -123,39 +124,6 @@ class nulllogger:
def commit(self,success): def commit(self,success):
pass pass
@ -335147,10 +335147,16 @@ index ad7dc8c..0a1485e 100644
- #print _("Failed to translate booleans.\n%s") % e - #print _("Failed to translate booleans.\n%s") % e
- pass - pass
- -
def boolean_desc(boolean): -def boolean_desc(boolean):
if boolean in booleans_dict: - if boolean in booleans_dict:
return _(booleans_dict[boolean][2]) - return _(booleans_dict[boolean][2])
@@ -384,13 +358,7 @@ class permissiveRecords(semanageRecords): - else:
- return boolean
-
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -384,13 +352,7 @@ class permissiveRecords(semanageRecords):
return l return l
def list(self, heading = 1, locallist = 0): def list(self, heading = 1, locallist = 0):
@ -335165,7 +335171,7 @@ index ad7dc8c..0a1485e 100644
if len(all) == 0: if len(all) == 0:
return return
@@ -493,7 +461,9 @@ class loginRecords(semanageRecords): @@ -493,7 +455,9 @@ class loginRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name) raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists: if exists:
@ -335176,7 +335182,7 @@ index ad7dc8c..0a1485e 100644
if name[0] == '%': if name[0] == '%':
try: try:
grp.getgrnam(name[1:]) grp.getgrnam(name[1:])
@@ -738,7 +708,8 @@ class seluserRecords(semanageRecords): @@ -738,7 +702,8 @@ class seluserRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name) raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists: if exists:
@ -335186,7 +335192,7 @@ index ad7dc8c..0a1485e 100644
(rc, u) = semanage_user_create(self.sh) (rc, u) = semanage_user_create(self.sh)
if rc < 0: if rc < 0:
@@ -958,6 +929,8 @@ class seluserRecords(semanageRecords): @@ -958,6 +923,8 @@ class seluserRecords(semanageRecords):
print "%-15s %s" % (k, ddict[k][3]) print "%-15s %s" % (k, ddict[k][3])
class portRecords(semanageRecords): class portRecords(semanageRecords):
@ -335195,7 +335201,7 @@ index ad7dc8c..0a1485e 100644
def __init__(self, store = ""): def __init__(self, store = ""):
semanageRecords.__init__(self, store) semanageRecords.__init__(self, store)
@@ -997,6 +970,9 @@ class portRecords(semanageRecords): @@ -997,6 +964,9 @@ class portRecords(semanageRecords):
if type == "": if type == "":
raise ValueError(_("Type is required")) raise ValueError(_("Type is required"))
@ -335205,7 +335211,7 @@ index ad7dc8c..0a1485e 100644
( k, proto_d, low, high ) = self.__genkey(port, proto) ( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k) (rc, exists) = semanage_port_exists(self.sh, k)
@@ -1056,6 +1032,9 @@ class portRecords(semanageRecords): @@ -1056,6 +1026,9 @@ class portRecords(semanageRecords):
else: else:
raise ValueError(_("Requires setype")) raise ValueError(_("Requires setype"))
@ -335215,7 +335221,7 @@ index ad7dc8c..0a1485e 100644
( k, proto_d, low, high ) = self.__genkey(port, proto) ( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k) (rc, exists) = semanage_port_exists(self.sh, k)
@@ -1213,6 +1192,8 @@ class portRecords(semanageRecords): @@ -1213,6 +1186,8 @@ class portRecords(semanageRecords):
print rec print rec
class nodeRecords(semanageRecords): class nodeRecords(semanageRecords):
@ -335224,7 +335230,7 @@ index ad7dc8c..0a1485e 100644
def __init__(self, store = ""): def __init__(self, store = ""):
semanageRecords.__init__(self,store) semanageRecords.__init__(self,store)
self.protocol = ["ipv4", "ipv6"] self.protocol = ["ipv4", "ipv6"]
@@ -1252,7 +1233,10 @@ class nodeRecords(semanageRecords): @@ -1252,7 +1227,10 @@ class nodeRecords(semanageRecords):
serange = untranslate(serange) serange = untranslate(serange)
if ctype == "": if ctype == "":
@ -335236,7 +335242,7 @@ index ad7dc8c..0a1485e 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0: if rc < 0:
@@ -1262,7 +1246,8 @@ class nodeRecords(semanageRecords): @@ -1262,7 +1240,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k) (rc, exists) = semanage_node_exists(self.sh, k)
if exists: if exists:
@ -335246,7 +335252,7 @@ index ad7dc8c..0a1485e 100644
(rc, node) = semanage_node_create(self.sh) (rc, node) = semanage_node_create(self.sh)
if rc < 0: if rc < 0:
@@ -1318,6 +1303,9 @@ class nodeRecords(semanageRecords): @@ -1318,6 +1297,9 @@ class nodeRecords(semanageRecords):
if serange == "" and setype == "": if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange")) raise ValueError(_("Requires setype or serange"))
@ -335256,7 +335262,7 @@ index ad7dc8c..0a1485e 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0: if rc < 0:
raise ValueError(_("Could not create key for %s") % addr) raise ValueError(_("Could not create key for %s") % addr)
@@ -1460,7 +1448,8 @@ class interfaceRecords(semanageRecords): @@ -1460,7 +1442,8 @@ class interfaceRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface) raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists: if exists:
@ -335266,7 +335272,7 @@ index ad7dc8c..0a1485e 100644
(rc, iface) = semanage_iface_create(self.sh) (rc, iface) = semanage_iface_create(self.sh)
if rc < 0: if rc < 0:
@@ -1625,6 +1614,9 @@ class interfaceRecords(semanageRecords): @@ -1625,6 +1608,9 @@ class interfaceRecords(semanageRecords):
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2]) print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
class fcontextRecords(semanageRecords): class fcontextRecords(semanageRecords):
@ -335276,7 +335282,7 @@ index ad7dc8c..0a1485e 100644
def __init__(self, store = ""): def __init__(self, store = ""):
semanageRecords.__init__(self, store) semanageRecords.__init__(self, store)
self.equiv = {} self.equiv = {}
@@ -1739,6 +1731,9 @@ class fcontextRecords(semanageRecords): @@ -1739,6 +1725,9 @@ class fcontextRecords(semanageRecords):
if type == "": if type == "":
raise ValueError(_("SELinux Type is required")) raise ValueError(_("SELinux Type is required"))
@ -335286,7 +335292,7 @@ index ad7dc8c..0a1485e 100644
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0: if rc < 0:
raise ValueError(_("Could not create key for %s") % target) raise ValueError(_("Could not create key for %s") % target)
@@ -1753,7 +1748,8 @@ class fcontextRecords(semanageRecords): @@ -1753,7 +1742,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target) raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists: if exists:
@ -335296,7 +335302,7 @@ index ad7dc8c..0a1485e 100644
(rc, fcontext) = semanage_fcontext_create(self.sh) (rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0: if rc < 0:
@@ -1794,6 +1790,9 @@ class fcontextRecords(semanageRecords): @@ -1794,6 +1784,9 @@ class fcontextRecords(semanageRecords):
def __modify(self, target, setype, ftype, serange, seuser): def __modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "": if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser")) raise ValueError(_("Requires setype, serange or seuser"))
@ -335306,7 +335312,7 @@ index ad7dc8c..0a1485e 100644
self.validate(target) self.validate(target)
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
@@ -1999,6 +1998,8 @@ class booleanRecords(semanageRecords): @@ -1999,6 +1992,8 @@ class booleanRecords(semanageRecords):
self.modify_local = False self.modify_local = False
def __mod(self, name, value): def __mod(self, name, value):
@ -335315,7 +335321,7 @@ index ad7dc8c..0a1485e 100644
(rc, k) = semanage_bool_key_create(self.sh, name) (rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0: if rc < 0:
raise ValueError(_("Could not create a key for %s") % name) raise ValueError(_("Could not create a key for %s") % name)
@@ -2028,8 +2029,6 @@ class booleanRecords(semanageRecords): @@ -2028,8 +2023,6 @@ class booleanRecords(semanageRecords):
semanage_bool_free(b) semanage_bool_free(b)
def modify(self, name, value = None, use_file = False): def modify(self, name, value = None, use_file = False):
@ -335324,6 +335330,18 @@ index ad7dc8c..0a1485e 100644
self.begin() self.begin()
if use_file: if use_file:
fd = open(name) fd = open(name)
@@ -2120,10 +2113,7 @@ class booleanRecords(semanageRecords):
def get_category(self, name):
name = selinux.selinux_boolean_sub(name)
- if name in booleans_dict:
- return _(booleans_dict[name][0])
- else:
- return _("unknown")
+ return boolean_category(name)
def customized(self):
l = []
diff --git a/policycoreutils/sepolicy/.gitignore b/policycoreutils/sepolicy/.gitignore diff --git a/policycoreutils/sepolicy/.gitignore b/policycoreutils/sepolicy/.gitignore
new file mode 100644 new file mode 100644
index 0000000..378eac2 index 0000000..378eac2
@ -338224,10 +338242,10 @@ index 0000000..eee20af
+ sys.exit(0) + sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644 new file mode 100644
index 0000000..5df16bb index 0000000..247d0fb
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -0,0 +1,110 @@ @@ -0,0 +1,123 @@
+#!/usr/bin/env python +#!/usr/bin/env python
+ +
+# Author: Thomas Liu <tliu@redhat.com> +# Author: Thomas Liu <tliu@redhat.com>
@ -338319,6 +338337,19 @@ index 0000000..5df16bb
+ pass + pass
+ return booleans_dict + return booleans_dict
+ +
+def boolean_category(boolean):
+ if boolean in self.booleans_dict:
+ return _(self.booleans_dict[boolean][0])
+ else:
+ return _("unknown")
+
+def boolean_desc(boolean):
+ booleans_dict = gen_bool_dict()
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
+def get_os_version(): +def get_os_version():
+ os_version = "" + os_version = ""
+ pkg_name = "selinux-policy" + pkg_name = "selinux-policy"

3
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.13 Version: 2.1.13
Release: 25%{?dist} Release: 26%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -329,6 +329,7 @@ The policycoreutils-restorecond package contains the restorecond service.
%changelog %changelog
* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-26 * Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-26
- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
- Update translations - Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name - Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability - Fix kill function call should indicate signal_perms not kill capability