* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-5
- Add sepolgen executable
This commit is contained in:
parent
b30ac013f1
commit
1734292fff
@ -2165,10 +2165,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.63/gui/Makefile
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.63/gui/Makefile
|
||||||
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.63/gui/Makefile 2009-05-22 17:07:21.000000000 -0400
|
+++ policycoreutils-2.0.63/gui/Makefile 2009-06-04 15:18:28.000000000 -0400
|
||||||
@@ -0,0 +1,38 @@
|
@@ -0,0 +1,41 @@
|
||||||
+# Installation directories.
|
+# Installation directories.
|
||||||
+PREFIX ?= ${DESTDIR}/usr
|
+PREFIX ?= ${DESTDIR}/usr
|
||||||
|
+BINDIR ?= $(PREFIX)/bin
|
||||||
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
||||||
+
|
+
|
||||||
+TARGETS= \
|
+TARGETS= \
|
||||||
@ -2193,9 +2194,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
|
|||||||
+
|
+
|
||||||
+install: all
|
+install: all
|
||||||
+ -mkdir -p $(SHAREDIR)/templates
|
+ -mkdir -p $(SHAREDIR)/templates
|
||||||
|
+ -mkdir -p $(BINDIR)
|
||||||
+ install -m 755 system-config-selinux.py $(SHAREDIR)
|
+ install -m 755 system-config-selinux.py $(SHAREDIR)
|
||||||
+ install -m 755 polgengui.py $(SHAREDIR)
|
+ install -m 755 polgengui.py $(SHAREDIR)
|
||||||
+ install -m 755 polgen.py $(SHAREDIR)
|
+ install -m 755 polgen.py $(SHAREDIR)
|
||||||
|
+ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen)
|
||||||
+ install -m 755 lockdown.py $(SHAREDIR)
|
+ install -m 755 lockdown.py $(SHAREDIR)
|
||||||
+ install -m 644 $(TARGETS) $(SHAREDIR)
|
+ install -m 644 $(TARGETS) $(SHAREDIR)
|
||||||
+ install -m 644 templates/*.py $(SHAREDIR)/templates/
|
+ install -m 644 templates/*.py $(SHAREDIR)/templates/
|
||||||
@ -6412,8 +6415,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ app.stand_alone()
|
+ app.stand_alone()
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.63/gui/polgen.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.63/gui/polgen.py
|
||||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.63/gui/polgen.py 2009-05-22 17:02:43.000000000 -0400
|
+++ policycoreutils-2.0.63/gui/polgen.py 2009-06-04 15:19:33.000000000 -0400
|
||||||
@@ -0,0 +1,1152 @@
|
@@ -0,0 +1,1177 @@
|
||||||
+#!/usr/bin/python
|
+#!/usr/bin/python
|
||||||
+#
|
+#
|
||||||
+# Copyright (C) 2007, 2008, 2009 Red Hat
|
+# Copyright (C) 2007, 2008, 2009 Red Hat
|
||||||
@ -6609,6 +6612,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.ports = ports.get_all()
|
+ self.ports = ports.get_all()
|
||||||
+
|
+
|
||||||
+ self.symbols = {}
|
+ self.symbols = {}
|
||||||
|
+ self.symbols["openlog"] = "set_use_kerberos(True)"
|
||||||
|
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
|
||||||
|
+ self.symbols["openlog"] = "set_use_syslog(True)"
|
||||||
|
+ self.symbols["krb"] = "set_use_kerberos(True)"
|
||||||
|
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
|
||||||
|
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
|
||||||
|
+ self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)"
|
||||||
+ self.symbols["__syslog_chk"] = "set_use_syslog(True)"
|
+ self.symbols["__syslog_chk"] = "set_use_syslog(True)"
|
||||||
+ self.symbols["getpwnam"] = "set_use_uid(True)"
|
+ self.symbols["getpwnam"] = "set_use_uid(True)"
|
||||||
+ self.symbols["getpwuid"] = "set_use_uid(True)"
|
+ self.symbols["getpwuid"] = "set_use_uid(True)"
|
||||||
@ -6721,6 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.use_tmp = False
|
+ self.use_tmp = False
|
||||||
+ self.use_uid = False
|
+ self.use_uid = False
|
||||||
+ self.use_syslog = False
|
+ self.use_syslog = False
|
||||||
|
+ self.use_kerberos = False
|
||||||
|
+ self.manage_krb5_rcache = False
|
||||||
+ self.use_pam = False
|
+ self.use_pam = False
|
||||||
+ self.use_dbus = False
|
+ self.use_dbus = False
|
||||||
+ self.use_audit = False
|
+ self.use_audit = False
|
||||||
@ -6810,6 +6822,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+
|
+
|
||||||
+ self.use_syslog = val
|
+ self.use_syslog = val
|
||||||
+
|
+
|
||||||
|
+ def set_use_kerberos(self, val):
|
||||||
|
+ if val != True and val != False:
|
||||||
|
+ raise ValueError(_("use_kerberos must be a boolean value "))
|
||||||
|
+
|
||||||
|
+ self.use_kerberos = val
|
||||||
|
+
|
||||||
|
+ def set_manage_krb5_rcache(self, val):
|
||||||
|
+ if val != True and val != False:
|
||||||
|
+ raise ValueError(_("manage_krb5_rcache must be a boolean value "))
|
||||||
|
+
|
||||||
|
+ self.manage_krb5_rcache = val
|
||||||
|
+
|
||||||
+ def set_use_pam(self, val):
|
+ def set_use_pam(self, val):
|
||||||
+ self.use_pam = val == True
|
+ self.use_pam = val == True
|
||||||
+
|
+
|
||||||
@ -6849,6 +6873,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ else:
|
+ else:
|
||||||
+ return ""
|
+ return ""
|
||||||
+
|
+
|
||||||
|
+ def generate_kerberos_rules(self):
|
||||||
|
+ if self.use_kerberos:
|
||||||
|
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
|
||||||
|
+ else:
|
||||||
|
+ return ""
|
||||||
|
+
|
||||||
|
+ def generate_manage_krb5_rcache_rules(self):
|
||||||
|
+ if self.use_manage_krb5_rcache:
|
||||||
|
+ return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules)
|
||||||
|
+ else:
|
||||||
|
+ return ""
|
||||||
|
+
|
||||||
+ def generate_pam_rules(self):
|
+ def generate_pam_rules(self):
|
||||||
+ newte =""
|
+ newte =""
|
||||||
+ if self.use_pam:
|
+ if self.use_pam:
|
||||||
@ -7252,6 +7288,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ newte += self.generate_roles_rules()
|
+ newte += self.generate_roles_rules()
|
||||||
+ newte += self.generate_transition_rules()
|
+ newte += self.generate_transition_rules()
|
||||||
+ newte += self.generate_admin_rules()
|
+ newte += self.generate_admin_rules()
|
||||||
|
+ newte += self.generate_kerberos_rules()
|
||||||
|
+ newte += self.generate_manage_krb5_rcache_rules()
|
||||||
+ return newte
|
+ return newte
|
||||||
+
|
+
|
||||||
+ def generate_fc(self):
|
+ def generate_fc(self):
|
||||||
@ -7489,7 +7527,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ return rec
|
+ return rec
|
||||||
+
|
+
|
||||||
+def gen_symbols(cmd):
|
+def gen_symbols(cmd):
|
||||||
+ fd = os.popen("nm /usr/lib/debug%s.debug | grep U" % cmd)
|
+ fd = os.popen("nm -D %s | grep U" % cmd)
|
||||||
+ rec = fd.read().split()
|
+ rec = fd.read().split()
|
||||||
+ fd.close()
|
+ fd.close()
|
||||||
+ return rec
|
+ return rec
|
||||||
@ -7498,7 +7536,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ print _("""
|
+ print _("""
|
||||||
+%s
|
+%s
|
||||||
+
|
+
|
||||||
+polgen [ -m ] [ -t type ] command
|
+polgen [ -m ] [ -t type ] executable
|
||||||
+valid Types:
|
+valid Types:
|
||||||
+""") % msg
|
+""") % msg
|
||||||
+ keys=poltype.keys()
|
+ keys=poltype.keys()
|
||||||
@ -7549,16 +7587,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
|
+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
|
||||||
+
|
+
|
||||||
+ symbols = gen_symbols(cmd)
|
+ symbols = gen_symbols(cmd)
|
||||||
+ if len(symbols) == 0:
|
|
||||||
+ print """
|
|
||||||
+%s attempts to scan the debuginfo file for symbols to generate
|
|
||||||
+additional policy rules, which is missing for %s
|
|
||||||
+
|
|
||||||
+debuginfo-install RPMPACKAGE
|
|
||||||
+
|
|
||||||
+Will install %s with symbols. Then rerun this tool tool generate additional
|
|
||||||
+rules.
|
|
||||||
+""" % (sys.argv[0], cmd, cmd)
|
|
||||||
+ for s in symbols:
|
+ for s in symbols:
|
||||||
+ for b in mypolicy.symbols:
|
+ for b in mypolicy.symbols:
|
||||||
+ if s.startswith(b):
|
+ if s.startswith(b):
|
||||||
@ -12212,8 +12240,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
|
|||||||
+"""
|
+"""
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.63/gui/templates/executable.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.63/gui/templates/executable.py
|
||||||
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.63/gui/templates/executable.py 2009-05-22 16:56:01.000000000 -0400
|
+++ policycoreutils-2.0.63/gui/templates/executable.py 2009-06-03 16:47:15.000000000 -0400
|
||||||
@@ -0,0 +1,363 @@
|
@@ -0,0 +1,376 @@
|
||||||
+# Copyright (C) 2007-2009 Red Hat
|
+# Copyright (C) 2007-2009 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
+#
|
+#
|
||||||
@ -12380,6 +12408,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||||||
+')
|
+')
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
|
+te_kerberos_rules="""
|
||||||
|
+optional_policy(`
|
||||||
|
+ kerberos_use(TEMPLATETYPE_t)
|
||||||
|
+')
|
||||||
|
+"""
|
||||||
|
+
|
||||||
|
+te_manage_krb5_rcache_rules="""
|
||||||
|
+optional_policy(`
|
||||||
|
+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
|
||||||
|
+ kerberos_manage_host_rcache(TEMPLATETYPE_t)
|
||||||
|
+')
|
||||||
|
+"""
|
||||||
|
+
|
||||||
+te_audit_rules="""
|
+te_audit_rules="""
|
||||||
+logging_send_audit_msgs(TEMPLATETYPE_t)
|
+logging_send_audit_msgs(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.63
|
Version: 2.0.63
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -162,6 +162,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%{_bindir}/system-config-selinux
|
%{_bindir}/system-config-selinux
|
||||||
%{_bindir}/selinux-polgengui
|
%{_bindir}/selinux-polgengui
|
||||||
|
%{_bindir}/sepolgen
|
||||||
%{_datadir}/applications/fedora-system-config-selinux.desktop
|
%{_datadir}/applications/fedora-system-config-selinux.desktop
|
||||||
%{_datadir}/applications/fedora-selinux-polgengui.desktop
|
%{_datadir}/applications/fedora-selinux-polgengui.desktop
|
||||||
%dir %{_datadir}/system-config-selinux
|
%dir %{_datadir}/system-config-selinux
|
||||||
@ -226,6 +227,9 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-5
|
||||||
|
- Add sepolgen executable
|
||||||
|
|
||||||
* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4
|
* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4
|
||||||
- Fix Sandbox option handling
|
- Fix Sandbox option handling
|
||||||
- Fix fixfiles handling of btrfs
|
- Fix fixfiles handling of btrfs
|
||||||
|
Loading…
Reference in New Issue
Block a user