From 1bb3b98779bf9915477ff9bb465d29bcb532879a Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 7 Dec 2011 09:40:36 -0500 Subject: [PATCH] Add back accidently dropped patches for semanage --- policycoreutils-rhat.patch | 567 ++++++------------------------------- policycoreutils.spec | 5 +- 2 files changed, 98 insertions(+), 474 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index c75272a..73e48c2 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -271,493 +271,114 @@ index 0000000..e2befdb + packages=["policycoreutils"], +) diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage -index 48d7baa..f601720 100644 +index 48d7baa..2c0cfdd 100644 --- a/policycoreutils/semanage/semanage +++ b/policycoreutils/semanage/semanage -@@ -39,29 +39,21 @@ except IOError: - __builtin__.__dict__['_'] = unicode +@@ -20,6 +20,7 @@ + # 02111-1307 USA + # + # ++import policycoreutils.default_encoding_utf8 + import sys, getopt, re + import seobject + import selinux +@@ -32,7 +33,7 @@ gettext.textdomain(PROGNAME) + try: + gettext.install(PROGNAME, + localedir="/usr/share/locale", +- unicode=False, ++ unicode=True, + codeset = 'utf-8') + except IOError: + import __builtin__ +@@ -283,11 +284,14 @@ Object-specific Options (see above): + equal = a - if __name__ == '__main__': -- manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"] -- action = False -- def set_action(option): -- global action -- if action: -- raise ValueError(_("%s bad option") % option) -- action = True - - def usage(message = ""): - text = _(""" - semanage [ -S store ] -i [ input_file | - ] --semanage [ -S store ] -o [ output_file | - ] -- --semanage login -{a|d|m|l|D|E} [-nsr] login_name | %groupname --semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name --semanage port -{a|d|m|l|D|E} [-ntr] [ -p proto ] port | port_range --semanage interface -{a|d|m|l|D|E} [-ntr] interface_spec --semanage module -{a|d|m} [--enable|--disable] module --semanage node -{a|d|m|l|D|E} [-ntr] [ -p protocol ] [-M netmask] addr --semanage fcontext -{a|d|m|l|D|E} [-efnrst] file_spec + if o == "--enable": +- set_action(o) ++ if disable: ++ raise ValueError(_("You can't disable and enable at the same time")) + -+semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] -+semanage login -{a|d|m} [-sr] login_name | %groupname -+semanage user -{a|d|m} [-LrRP] selinux_name -+semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range -+semanage interface -{a|d|m} [-tr] interface_spec -+semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr -+semanage fcontext -{a|d|m} [-frst] file_spec -+semanage translation -{a|d|m} [-T] level - semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file --semanage permissive -{d|a|l} [-n] type --semanage dontaudit [ on | off ] -+semanage permissive -{d|a} type + enable = True - Primary Options: - -@@ -69,9 +61,7 @@ Primary Options: - -d, --delete Delete a OBJECT record NAME - -m, --modify Modify a OBJECT record NAME - -i, --input Input multiple semange commands in a transaction -- -o, --output Output current customizations as semange commands - -l, --list List the OBJECTS -- -E, --extract extract customizable commands - -C, --locallist List OBJECTS local customizations - -D, --deleteall Remove all OBJECTS local customizations - -@@ -94,15 +84,14 @@ Object-specific Options (see above): - -F, --file Treat target as an input file for command, change multiple settings - -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) - -M, --mask Netmask -- -e, --equal Substitue source path for dest path when labeling - -P, --prefix Prefix for home directory labeling - -L, --level Default SELinux Level (MLS/MCS Systems only) - -R, --roles SELinux Roles (ex: "sysadm_r staff_r") -+ -T, --trans SELinux Level Translation (MLS/MCS Systems only) -+ - -s, --seuser SELinux User Name - -t, --type SELinux Type for the object - -r, --range MLS/MCS Security Range (MLS/MCS Systems only) -- --enable Enable a module -- --disable Disable a module - """) - raise ValueError("%s\n%s" % (text, message)) - -@@ -114,25 +103,23 @@ Object-specific Options (see above): - - def get_options(): - valid_option={} -- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-S', '--store' ] -- valid_local=[ '-E', '--extract', '-C', '--locallist', '-D', '--deleteall'] -+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ] - valid_option["login"] = [] -- valid_option["login"] += valid_everyone + valid_local + [ '-s', '--seuser', '-r', '--range'] -+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] - valid_option["user"] = [] -- valid_option["user"] += valid_everyone + valid_local + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ] -+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ] - valid_option["port"] = [] -- valid_option["port"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-p', '--proto' ] -+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ] - valid_option["interface"] = [] -- valid_option["interface"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range'] -+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] - valid_option["node"] = [] -- valid_option["node"] += valid_everyone + valid_local + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol'] -- valid_option["module"] = [] -- valid_option["module"] += valid_everyone + [ '--enable', '--disable'] -+ valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol'] - valid_option["fcontext"] = [] -- valid_option["fcontext"] += valid_everyone + valid_local + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] -- valid_option["dontaudit"] = [ '-S', '--store' ] -+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] -+ valid_option["translation"] = [] -+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] - valid_option["boolean"] = [] -- valid_option["boolean"] += valid_everyone + valid_local + [ '--on', "--off", "-1", "-0", "-F", "--file"] -+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] - valid_option["permissive"] = [] - valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ] - return valid_option -@@ -184,8 +171,6 @@ Object-specific Options (see above): - return ret - - def process_args(argv): -- global action -- action = False - serange = "" - port = "" - proto = "" -@@ -193,6 +178,7 @@ Object-specific Options (see above): - selevel = "" - setype = "" - ftype = "" -+ setrans = "" - roles = "" - seuser = "" - prefix = "user" -@@ -202,17 +188,11 @@ Object-specific Options (see above): - modify = False - delete = False - deleteall = False -- enable = False -- extract = False -- disable = False - list = False - locallist = False - use_file = False - store = "" -- equal = "" -- -- if len(argv) == 0: -- return -+ - object = argv[0] - option_dict=get_options() - if object not in option_dict.keys(): -@@ -220,81 +200,59 @@ Object-specific Options (see above): - - args = argv[1:] - -- try: -- gopts, cmds = getopt.getopt(args, -- '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:', -- ['add', -- 'delete', -- 'deleteall', -- 'enable', -- 'equal=', -- 'extract', -- 'disable', -- 'ftype=', -- 'file', -- 'help', -- 'input=', -- 'list', -- 'modify', -- 'noheading', -- 'localist', -- 'off', -- 'on', -- 'proto=', -- 'seuser=', -- 'store=', -- 'range=', -- 'locallist=', -- 'level=', -- 'roles=', -- 'type=', -- 'prefix=', -- 'mask=' -- ]) -- except getopt.error, error: -- usage(_("Options Error %s ") % error.msg) -- -+ gopts, cmds = getopt.getopt(args, -+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:', -+ ['add', -+ 'delete', -+ 'deleteall', -+ 'ftype=', -+ 'file', -+ 'help', -+ 'input=', -+ 'list', -+ 'modify', -+ 'noheading', -+ 'localist', -+ 'off', -+ 'on', -+ 'proto=', -+ 'seuser=', -+ 'store=', -+ 'range=', -+ 'locallist=', -+ 'level=', -+ 'roles=', -+ 'type=', -+ 'trans=', -+ 'prefix=', -+ 'mask=' -+ ]) - for o, a in gopts: - if o not in option_dict[object]: - sys.stderr.write(_("%s not valid for %s objects\n") % ( o, object) ); -- return - - for o,a in gopts: - if o == "-a" or o == "--add": + if o == "--disable": - set_action(o) -+ if modify or delete: -+ raise ValueError(_("%s bad option") % o) - add = True - - if o == "-d" or o == "--delete": -- set_action(o) -+ if modify or add: -+ raise ValueError(_("%s bad option") % o) - delete = True -- - if o == "-D" or o == "--deleteall": -- set_action(o) -+ if modify: -+ raise ValueError(_("%s bad option") % o) - deleteall = True -- -- if o == "-E" or o == "--extract": -- set_action(o) -- extract = True -- - if o == "-f" or o == "--ftype": - ftype=a ++ if enable: ++ raise ValueError(_("You can't disable and enable at the same time")) + disable = True -- if o == "-e" or o == "--equal": -- equal = a -- -- if o == "--enable": -- set_action(o) -- enable = True -- -- if o == "--disable": -- set_action(o) -- disable = True -- if o == "-F" or o == "--file": - use_file = True - - if o == "-h" or o == "--help": -- raise usage() -+ raise ValueError(_("%s bad option") % o) - - if o == "-n" or o == "--noheading": - heading = False -@@ -303,7 +261,8 @@ Object-specific Options (see above): - locallist = True - - if o == "-m"or o == "--modify": -- set_action(o) -+ if delete or add: -+ raise ValueError(_("%s bad option") % o) - modify = True - - if o == "-S" or o == '--store': -@@ -336,13 +295,13 @@ Object-specific Options (see above): - if o == "-t" or o == "--type": - setype = a - -- if o == "--on" or o == "-1": -- value = "on" -- modify = True -+ if o == "-T" or o == "--trans": -+ setrans = a - -- if o == "--off" or o == "-0": -- value = "off" -- modify = True -+ if o == "--on" or o == "-1": -+ value = "on" -+ if o == "--off" or o == "-0": -+ value = "off" - - if object == "login": - OBJECT = seobject.loginRecords(store) -@@ -364,12 +323,10 @@ Object-specific Options (see above): - - if object == "boolean": - OBJECT = seobject.booleanRecords(store) -- if use_file: -- modify = True -- -- if object == "module": -- OBJECT = seobject.moduleRecords(store) -- -+ -+ if object == "translation": -+ OBJECT = seobject.setransRecords() -+ - if object == "permissive": - OBJECT = seobject.permissiveRecords(store) - -@@ -384,98 +341,64 @@ Object-specific Options (see above): - OBJECT.deleteall() - return - -- if extract: -- for i in OBJECT.customized(): -- print "%s %s" % (object, str(i)) -- return -- - if len(cmds) != 1: -- raise ValueError(_("bad option")) -+ raise ValueError(_("%s bad option") % o) - - target = cmds[0] - -- if object == "dontaudit": -- OBJECT = seobject.dontauditClass(store) -- OBJECT.toggle(target) -- return -- - if add: - if object == "login": - OBJECT.add(target, seuser, serange) -- return -+ -+ if object == "translation": -+ OBJECT.add(target, setrans) - - if object == "user": - OBJECT.add(target, roles.split(), selevel, serange, prefix) -- return - - if object == "port": - OBJECT.add(target, proto, serange, setype) -- return - - if object == "interface": - OBJECT.add(target, serange, setype) -- return -- -- if object == "module": -- OBJECT.add(target) -- return - - if object == "node": - OBJECT.add(target, mask, proto, serange, setype) -- return - - if object == "fcontext": -- if equal == "": -- OBJECT.add(target, setype, ftype, serange, seuser) -- else: -- OBJECT.add_equal(target, equal) -- return -- -+ OBJECT.add(target, setype, ftype, serange, seuser) - if object == "permissive": - OBJECT.add(target) -- return - -+ return -+ - if modify: - if object == "boolean": -- OBJECT.modify(target, value, use_file) -- return -+ OBJECT.modify(target, value, use_file) - - if object == "login": - OBJECT.modify(target, seuser, serange) -- return -+ -+ if object == "translation": -+ OBJECT.modify(target, setrans) - - if object == "user": - rlist = roles.split() - OBJECT.modify(target, rlist, selevel, serange, prefix) -- return -- -- if object == "module": -- if enable: -- OBJECT.enable(target) -- elif disable: -- OBJECT.disable(target) -- else: -- OBJECT.modify(target) -- return - - if object == "port": - OBJECT.modify(target, proto, serange, setype) -- return - - if object == "interface": - OBJECT.modify(target, serange, setype) -- return - - if object == "node": - OBJECT.modify(target, mask, proto, serange, setype) -- return - - if object == "fcontext": -- if equal == "": -- OBJECT.modify(target, setype, ftype, serange, seuser) -- else: -- OBJECT.modify_equal(target, equal) -- return -+ OBJECT.modify(target, setype, ftype, serange, seuser) -+ -+ return - - if delete: - if object == "port": -@@ -489,15 +412,15 @@ Object-specific Options (see above): - - else: - OBJECT.delete(target) -+ - return - -- raise ValueError(_("Invalid command: semanage %s") % " ".join(argv)) -+ raise ValueError(_("Invalid command") % " ".join(argv)) - - # - # - # - try: -- output = None - input = None - store = "" - -@@ -505,7 +428,7 @@ Object-specific Options (see above): +@@ -504,31 +508,36 @@ Object-specific Options (see above): + if len(sys.argv) < 3: usage(_("Requires 2 or more arguments")) - gopts, cmds = getopt.getopt(sys.argv[1:], +- gopts, cmds = getopt.getopt(sys.argv[1:], - '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:', -+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:', - ['add', - 'delete', - 'deleteall', -@@ -519,7 +442,6 @@ Object-specific Options (see above): - 'localist', - 'off', - 'on', +- ['add', +- 'delete', +- 'deleteall', +- 'ftype=', +- 'file', +- 'help', +- 'input=', +- 'list', +- 'modify', +- 'noheading', +- 'localist', +- 'off', +- 'on', - 'output=', - 'proto=', - 'seuser=', - 'store=', -@@ -527,6 +449,7 @@ Object-specific Options (see above): - 'level=', - 'roles=', - 'type=', -+ 'trans=', - 'prefix=' - ]) +- 'proto=', +- 'seuser=', +- 'store=', +- 'range=', +- 'level=', +- 'roles=', +- 'type=', +- 'prefix=' +- ]) ++ try: ++ gopts, cmds = getopt.getopt(sys.argv[1:], ++ '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:', ++ ['add', ++ 'delete', ++ 'deleteall', ++ 'ftype=', ++ 'file', ++ 'help', ++ 'input=', ++ 'list', ++ 'modify', ++ 'noheading', ++ 'localist', ++ 'off', ++ 'on', ++ 'output=', ++ 'proto=', ++ 'seuser=', ++ 'store=', ++ 'range=', ++ 'level=', ++ 'roles=', ++ 'type=', ++ 'trans=', ++ 'prefix=' ++ ]) ++ except getopt.error, error: ++ usage(_("Options Error %s ") % error.msg) ++ for o, a in gopts: -@@ -534,16 +457,6 @@ Object-specific Options (see above): + if o == "-S" or o == '--store': store = a - if o == "-i" or o == '--input': - input = a -- if o == "-o" or o == '--output': -- output = a -- -- if output != None: -- if output != "-": -- sys.stdout = open(output, 'w') -- for i in manageditems: -- print "%s -D" % i -- process_args([i, "-E"]) -- sys.exit(0) - - if input != None: - if input == "-": -@@ -566,7 +479,3 @@ Object-specific Options (see above): - errorExit(_("Invalid value %s") % error.args[0]) - except IOError, error: - errorExit(error.args[1]) -- except OSError, error: -- errorExit(error.args[1]) -- except RuntimeError, error: -- errorExit(error.args[0]) +@@ -558,8 +567,6 @@ Object-specific Options (see above): + else: + process_args(sys.argv[1:]) + +- except getopt.error, error: +- usage(_("Options Error %s ") % error.msg) + except ValueError, error: + errorExit(error.args[0]) + except KeyError, error: diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index 2628645..e5b6303 100644 --- a/policycoreutils/semanage/seobject.py diff --git a/policycoreutils.spec b/policycoreutils.spec index 0cfb00a..7b96aae 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.9 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -355,6 +355,9 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Wed Dec 7 2011 Dan Walsh - 2.1.9-2 +- Add back accidently dropped patches for semanage + * Tue Dec 6 2011 Dan Walsh - 2.1.9-1 - Upgrade to upstream * sandbox: move sandbox.conf.5 to just sandbox.5