* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-5

- Add sepolgen executable
This commit is contained in:
Daniel J Walsh 2009-06-04 19:31:31 +00:00
parent b30ac013f1
commit 1734292fff
2 changed files with 64 additions and 19 deletions

View File

@ -2165,10 +2165,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
+ +
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.63/gui/Makefile diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.63/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.63/gui/Makefile 2009-05-22 17:07:21.000000000 -0400 +++ policycoreutils-2.0.63/gui/Makefile 2009-06-04 15:18:28.000000000 -0400
@@ -0,0 +1,38 @@ @@ -0,0 +1,41 @@
+# Installation directories. +# Installation directories.
+PREFIX ?= ${DESTDIR}/usr +PREFIX ?= ${DESTDIR}/usr
+BINDIR ?= $(PREFIX)/bin
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux +SHAREDIR ?= $(PREFIX)/share/system-config-selinux
+ +
+TARGETS= \ +TARGETS= \
@ -2193,9 +2194,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
+ +
+install: all +install: all
+ -mkdir -p $(SHAREDIR)/templates + -mkdir -p $(SHAREDIR)/templates
+ -mkdir -p $(BINDIR)
+ install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 755 system-config-selinux.py $(SHAREDIR)
+ install -m 755 polgengui.py $(SHAREDIR) + install -m 755 polgengui.py $(SHAREDIR)
+ install -m 755 polgen.py $(SHAREDIR) + install -m 755 polgen.py $(SHAREDIR)
+ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen)
+ install -m 755 lockdown.py $(SHAREDIR) + install -m 755 lockdown.py $(SHAREDIR)
+ install -m 644 $(TARGETS) $(SHAREDIR) + install -m 644 $(TARGETS) $(SHAREDIR)
+ install -m 644 templates/*.py $(SHAREDIR)/templates/ + install -m 644 templates/*.py $(SHAREDIR)/templates/
@ -6412,8 +6415,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone() + app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.63/gui/polgen.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.63/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.63/gui/polgen.py 2009-05-22 17:02:43.000000000 -0400 +++ policycoreutils-2.0.63/gui/polgen.py 2009-06-04 15:19:33.000000000 -0400
@@ -0,0 +1,1152 @@ @@ -0,0 +1,1177 @@
+#!/usr/bin/python +#!/usr/bin/python
+# +#
+# Copyright (C) 2007, 2008, 2009 Red Hat +# Copyright (C) 2007, 2008, 2009 Red Hat
@ -6609,6 +6612,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.ports = ports.get_all() + self.ports = ports.get_all()
+ +
+ self.symbols = {} + self.symbols = {}
+ self.symbols["openlog"] = "set_use_kerberos(True)"
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
+ self.symbols["openlog"] = "set_use_syslog(True)"
+ self.symbols["krb"] = "set_use_kerberos(True)"
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
+ self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)"
+ self.symbols["__syslog_chk"] = "set_use_syslog(True)" + self.symbols["__syslog_chk"] = "set_use_syslog(True)"
+ self.symbols["getpwnam"] = "set_use_uid(True)" + self.symbols["getpwnam"] = "set_use_uid(True)"
+ self.symbols["getpwuid"] = "set_use_uid(True)" + self.symbols["getpwuid"] = "set_use_uid(True)"
@ -6721,6 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.use_tmp = False + self.use_tmp = False
+ self.use_uid = False + self.use_uid = False
+ self.use_syslog = False + self.use_syslog = False
+ self.use_kerberos = False
+ self.manage_krb5_rcache = False
+ self.use_pam = False + self.use_pam = False
+ self.use_dbus = False + self.use_dbus = False
+ self.use_audit = False + self.use_audit = False
@ -6810,6 +6822,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ +
+ self.use_syslog = val + self.use_syslog = val
+ +
+ def set_use_kerberos(self, val):
+ if val != True and val != False:
+ raise ValueError(_("use_kerberos must be a boolean value "))
+
+ self.use_kerberos = val
+
+ def set_manage_krb5_rcache(self, val):
+ if val != True and val != False:
+ raise ValueError(_("manage_krb5_rcache must be a boolean value "))
+
+ self.manage_krb5_rcache = val
+
+ def set_use_pam(self, val): + def set_use_pam(self, val):
+ self.use_pam = val == True + self.use_pam = val == True
+ +
@ -6849,6 +6873,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ else: + else:
+ return "" + return ""
+ +
+ def generate_kerberos_rules(self):
+ if self.use_kerberos:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
+ else:
+ return ""
+
+ def generate_manage_krb5_rcache_rules(self):
+ if self.use_manage_krb5_rcache:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules)
+ else:
+ return ""
+
+ def generate_pam_rules(self): + def generate_pam_rules(self):
+ newte ="" + newte =""
+ if self.use_pam: + if self.use_pam:
@ -7252,6 +7288,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ newte += self.generate_roles_rules() + newte += self.generate_roles_rules()
+ newte += self.generate_transition_rules() + newte += self.generate_transition_rules()
+ newte += self.generate_admin_rules() + newte += self.generate_admin_rules()
+ newte += self.generate_kerberos_rules()
+ newte += self.generate_manage_krb5_rcache_rules()
+ return newte + return newte
+ +
+ def generate_fc(self): + def generate_fc(self):
@ -7489,7 +7527,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return rec + return rec
+ +
+def gen_symbols(cmd): +def gen_symbols(cmd):
+ fd = os.popen("nm /usr/lib/debug%s.debug | grep U" % cmd) + fd = os.popen("nm -D %s | grep U" % cmd)
+ rec = fd.read().split() + rec = fd.read().split()
+ fd.close() + fd.close()
+ return rec + return rec
@ -7498,7 +7536,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ print _(""" + print _("""
+%s +%s
+ +
+polgen [ -m ] [ -t type ] command +polgen [ -m ] [ -t type ] executable
+valid Types: +valid Types:
+""") % msg +""") % msg
+ keys=poltype.keys() + keys=poltype.keys()
@ -7549,16 +7587,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name) + mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
+ +
+ symbols = gen_symbols(cmd) + symbols = gen_symbols(cmd)
+ if len(symbols) == 0:
+ print """
+%s attempts to scan the debuginfo file for symbols to generate
+additional policy rules, which is missing for %s
+
+debuginfo-install RPMPACKAGE
+
+Will install %s with symbols. Then rerun this tool tool generate additional
+rules.
+""" % (sys.argv[0], cmd, cmd)
+ for s in symbols: + for s in symbols:
+ for b in mypolicy.symbols: + for b in mypolicy.symbols:
+ if s.startswith(b): + if s.startswith(b):
@ -12212,8 +12240,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
+""" +"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.63/gui/templates/executable.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.63/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.63/gui/templates/executable.py 2009-05-22 16:56:01.000000000 -0400 +++ policycoreutils-2.0.63/gui/templates/executable.py 2009-06-03 16:47:15.000000000 -0400
@@ -0,0 +1,363 @@ @@ -0,0 +1,376 @@
+# Copyright (C) 2007-2009 Red Hat +# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information +# see file 'COPYING' for use and warranty information
+# +#
@ -12380,6 +12408,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+') +')
+""" +"""
+ +
+te_kerberos_rules="""
+optional_policy(`
+ kerberos_use(TEMPLATETYPE_t)
+')
+"""
+
+te_manage_krb5_rcache_rules="""
+optional_policy(`
+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
+ kerberos_manage_host_rcache(TEMPLATETYPE_t)
+')
+"""
+
+te_audit_rules=""" +te_audit_rules="""
+logging_send_audit_msgs(TEMPLATETYPE_t) +logging_send_audit_msgs(TEMPLATETYPE_t)
+""" +"""

View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.0.63 Version: 2.0.63
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -162,6 +162,7 @@ system-config-selinux is a utility for managing the SELinux environment
%defattr(-,root,root) %defattr(-,root,root)
%{_bindir}/system-config-selinux %{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui %{_bindir}/selinux-polgengui
%{_bindir}/sepolgen
%{_datadir}/applications/fedora-system-config-selinux.desktop %{_datadir}/applications/fedora-system-config-selinux.desktop
%{_datadir}/applications/fedora-selinux-polgengui.desktop %{_datadir}/applications/fedora-selinux-polgengui.desktop
%dir %{_datadir}/system-config-selinux %dir %{_datadir}/system-config-selinux
@ -226,6 +227,9 @@ else
fi fi
%changelog %changelog
* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-5
- Add sepolgen executable
* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4 * Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4
- Fix Sandbox option handling - Fix Sandbox option handling
- Fix fixfiles handling of btrfs - Fix fixfiles handling of btrfs