rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Add back accidently dropped patches for semanage

Browse Source
This commit is contained in:
Dan Walsh 2011-12-07 09:40:36 -05:00
parent 076ffc0b0a
commit 1bb3b98779
2 changed files with 98 additions and 474 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

567
policycoreutils-rhat.patch
View File

@ -271,493 +271,114 @@ index 0000000..e2befdb
+ packages=["policycoreutils"], + packages=["policycoreutils"],
+) +)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 48d7baa..f601720 100644 index 48d7baa..2c0cfdd 100644
--- a/policycoreutils/semanage/semanage --- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage +++ b/policycoreutils/semanage/semanage
@@ -39,29 +39,21 @@ except IOError: @@ -20,6 +20,7 @@
__builtin__.__dict__['_'] = unicode # 02111-1307 USA
#
#
+import policycoreutils.default_encoding_utf8
import sys, getopt, re
import seobject
import selinux
@@ -32,7 +33,7 @@ gettext.textdomain(PROGNAME)
try:
gettext.install(PROGNAME,
localedir="/usr/share/locale",
- unicode=False,
+ unicode=True,
codeset = 'utf-8')
except IOError:
import __builtin__
@@ -283,11 +284,14 @@ Object-specific Options (see above):
equal = a
if __name__ == '__main__': if o == "--enable":
- manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"] - set_action(o)
- action = False + if disable:
- def set_action(option): + raise ValueError(_("You can't disable and enable at the same time"))
- global action
- if action:
- raise ValueError(_("%s bad option") % option)
- action = True
def usage(message = ""):
text = _("""
semanage [ -S store ] -i [ input_file | - ]
-semanage [ -S store ] -o [ output_file | - ]
-
-semanage login -{a|d|m|l|D|E} [-nsr] login_name | %groupname
-semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name
-semanage port -{a|d|m|l|D|E} [-ntr] [ -p proto ] port | port_range
-semanage interface -{a|d|m|l|D|E} [-ntr] interface_spec
-semanage module -{a|d|m} [--enable|--disable] module
-semanage node -{a|d|m|l|D|E} [-ntr] [ -p protocol ] [-M netmask] addr
-semanage fcontext -{a|d|m|l|D|E} [-efnrst] file_spec
+ +
+semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] enable = True
+semanage login -{a|d|m} [-sr] login_name | %groupname
+semanage user -{a|d|m} [-LrRP] selinux_name
+semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
+semanage interface -{a|d|m} [-tr] interface_spec
+semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
+semanage fcontext -{a|d|m} [-frst] file_spec
+semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
-semanage permissive -{d|a|l} [-n] type
-semanage dontaudit [ on | off ]
+semanage permissive -{d|a} type
Primary Options: if o == "--disable":
@@ -69,9 +61,7 @@ Primary Options:
-d, --delete Delete a OBJECT record NAME
-m, --modify Modify a OBJECT record NAME
-i, --input Input multiple semange commands in a transaction
- -o, --output Output current customizations as semange commands
-l, --list List the OBJECTS
- -E, --extract extract customizable commands
-C, --locallist List OBJECTS local customizations
-D, --deleteall Remove all OBJECTS local customizations
@@ -94,15 +84,14 @@ Object-specific Options (see above):
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
- -e, --equal Substitue source path for dest path when labeling
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
+ -T, --trans SELinux Level Translation (MLS/MCS Systems only)
+
-s, --seuser SELinux User Name
-t, --type SELinux Type for the object
-r, --range MLS/MCS Security Range (MLS/MCS Systems only)
- --enable Enable a module
- --disable Disable a module
""")
raise ValueError("%s\n%s" % (text, message))
@@ -114,25 +103,23 @@ Object-specific Options (see above):
def get_options():
valid_option={}
- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-S', '--store' ]
- valid_local=[ '-E', '--extract', '-C', '--locallist', '-D', '--deleteall']
+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
valid_option["login"] = []
- valid_option["login"] += valid_everyone + valid_local + [ '-s', '--seuser', '-r', '--range']
+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
- valid_option["user"] += valid_everyone + valid_local + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
valid_option["port"] = []
- valid_option["port"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
valid_option["interface"] = []
- valid_option["interface"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range']
+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
valid_option["node"] = []
- valid_option["node"] += valid_everyone + valid_local + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
- valid_option["module"] = []
- valid_option["module"] += valid_everyone + [ '--enable', '--disable']
+ valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
valid_option["fcontext"] = []
- valid_option["fcontext"] += valid_everyone + valid_local + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
- valid_option["dontaudit"] = [ '-S', '--store' ]
+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["translation"] = []
+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone + valid_local + [ '--on', "--off", "-1", "-0", "-F", "--file"]
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
valid_option["permissive"] = []
valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
return valid_option
@@ -184,8 +171,6 @@ Object-specific Options (see above):
return ret
def process_args(argv):
- global action
- action = False
serange = ""
port = ""
proto = ""
@@ -193,6 +178,7 @@ Object-specific Options (see above):
selevel = ""
setype = ""
ftype = ""
+ setrans = ""
roles = ""
seuser = ""
prefix = "user"
@@ -202,17 +188,11 @@ Object-specific Options (see above):
modify = False
delete = False
deleteall = False
- enable = False
- extract = False
- disable = False
list = False
locallist = False
use_file = False
store = ""
- equal = ""
-
- if len(argv) == 0:
- return
+
object = argv[0]
option_dict=get_options()
if object not in option_dict.keys():
@@ -220,81 +200,59 @@ Object-specific Options (see above):
args = argv[1:]
- try:
- gopts, cmds = getopt.getopt(args,
- '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
- ['add',
- 'delete',
- 'deleteall',
- 'enable',
- 'equal=',
- 'extract',
- 'disable',
- 'ftype=',
- 'file',
- 'help',
- 'input=',
- 'list',
- 'modify',
- 'noheading',
- 'localist',
- 'off',
- 'on',
- 'proto=',
- 'seuser=',
- 'store=',
- 'range=',
- 'locallist=',
- 'level=',
- 'roles=',
- 'type=',
- 'prefix=',
- 'mask='
- ])
- except getopt.error, error:
- usage(_("Options Error %s ") % error.msg)
-
+ gopts, cmds = getopt.getopt(args,
+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
+ ['add',
+ 'delete',
+ 'deleteall',
+ 'ftype=',
+ 'file',
+ 'help',
+ 'input=',
+ 'list',
+ 'modify',
+ 'noheading',
+ 'localist',
+ 'off',
+ 'on',
+ 'proto=',
+ 'seuser=',
+ 'store=',
+ 'range=',
+ 'locallist=',
+ 'level=',
+ 'roles=',
+ 'type=',
+ 'trans=',
+ 'prefix=',
+ 'mask='
+ ])
for o, a in gopts:
if o not in option_dict[object]:
sys.stderr.write(_("%s not valid for %s objects\n") % ( o, object) );
- return
for o,a in gopts:
if o == "-a" or o == "--add":
- set_action(o) - set_action(o)
+ if modify or delete: + if enable:
+ raise ValueError(_("%s bad option") % o) + raise ValueError(_("You can't disable and enable at the same time"))
add = True disable = True
if o == "-d" or o == "--delete":
- set_action(o)
+ if modify or add:
+ raise ValueError(_("%s bad option") % o)
delete = True
-
if o == "-D" or o == "--deleteall":
- set_action(o)
+ if modify:
+ raise ValueError(_("%s bad option") % o)
deleteall = True
-
- if o == "-E" or o == "--extract":
- set_action(o)
- extract = True
-
if o == "-f" or o == "--ftype":
ftype=a
- if o == "-e" or o == "--equal":
- equal = a
-
- if o == "--enable":
- set_action(o)
- enable = True
-
- if o == "--disable":
- set_action(o)
- disable = True
-
if o == "-F" or o == "--file": if o == "-F" or o == "--file":
use_file = True @@ -504,31 +508,36 @@ Object-specific Options (see above):
if len(sys.argv) < 3:
if o == "-h" or o == "--help":
- raise usage()
+ raise ValueError(_("%s bad option") % o)
if o == "-n" or o == "--noheading":
heading = False
@@ -303,7 +261,8 @@ Object-specific Options (see above):
locallist = True
if o == "-m"or o == "--modify":
- set_action(o)
+ if delete or add:
+ raise ValueError(_("%s bad option") % o)
modify = True
if o == "-S" or o == '--store':
@@ -336,13 +295,13 @@ Object-specific Options (see above):
if o == "-t" or o == "--type":
setype = a
- if o == "--on" or o == "-1":
- value = "on"
- modify = True
+ if o == "-T" or o == "--trans":
+ setrans = a
- if o == "--off" or o == "-0":
- value = "off"
- modify = True
+ if o == "--on" or o == "-1":
+ value = "on"
+ if o == "--off" or o == "-0":
+ value = "off"
if object == "login":
OBJECT = seobject.loginRecords(store)
@@ -364,12 +323,10 @@ Object-specific Options (see above):
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
- if use_file:
- modify = True
-
- if object == "module":
- OBJECT = seobject.moduleRecords(store)
-
+
+ if object == "translation":
+ OBJECT = seobject.setransRecords()
+
if object == "permissive":
OBJECT = seobject.permissiveRecords(store)
@@ -384,98 +341,64 @@ Object-specific Options (see above):
OBJECT.deleteall()
return
- if extract:
- for i in OBJECT.customized():
- print "%s %s" % (object, str(i))
- return
-
if len(cmds) != 1:
- raise ValueError(_("bad option"))
+ raise ValueError(_("%s bad option") % o)
target = cmds[0]
- if object == "dontaudit":
- OBJECT = seobject.dontauditClass(store)
- OBJECT.toggle(target)
- return
-
if add:
if object == "login":
OBJECT.add(target, seuser, serange)
- return
+
+ if object == "translation":
+ OBJECT.add(target, setrans)
if object == "user":
OBJECT.add(target, roles.split(), selevel, serange, prefix)
- return
if object == "port":
OBJECT.add(target, proto, serange, setype)
- return
if object == "interface":
OBJECT.add(target, serange, setype)
- return
-
- if object == "module":
- OBJECT.add(target)
- return
if object == "node":
OBJECT.add(target, mask, proto, serange, setype)
- return
if object == "fcontext":
- if equal == "":
- OBJECT.add(target, setype, ftype, serange, seuser)
- else:
- OBJECT.add_equal(target, equal)
- return
-
+ OBJECT.add(target, setype, ftype, serange, seuser)
if object == "permissive":
OBJECT.add(target)
- return
+ return
+
if modify:
if object == "boolean":
- OBJECT.modify(target, value, use_file)
- return
+ OBJECT.modify(target, value, use_file)
if object == "login":
OBJECT.modify(target, seuser, serange)
- return
+
+ if object == "translation":
+ OBJECT.modify(target, setrans)
if object == "user":
rlist = roles.split()
OBJECT.modify(target, rlist, selevel, serange, prefix)
- return
-
- if object == "module":
- if enable:
- OBJECT.enable(target)
- elif disable:
- OBJECT.disable(target)
- else:
- OBJECT.modify(target)
- return
if object == "port":
OBJECT.modify(target, proto, serange, setype)
- return
if object == "interface":
OBJECT.modify(target, serange, setype)
- return
if object == "node":
OBJECT.modify(target, mask, proto, serange, setype)
- return
if object == "fcontext":
- if equal == "":
- OBJECT.modify(target, setype, ftype, serange, seuser)
- else:
- OBJECT.modify_equal(target, equal)
- return
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+
+ return
if delete:
if object == "port":
@@ -489,15 +412,15 @@ Object-specific Options (see above):
else:
OBJECT.delete(target)
+
return
- raise ValueError(_("Invalid command: semanage %s") % " ".join(argv))
+ raise ValueError(_("Invalid command") % " ".join(argv))
#
#
#
try:
- output = None
input = None
store = ""
@@ -505,7 +428,7 @@ Object-specific Options (see above):
usage(_("Requires 2 or more arguments")) usage(_("Requires 2 or more arguments"))
gopts, cmds = getopt.getopt(sys.argv[1:], - gopts, cmds = getopt.getopt(sys.argv[1:],
- '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:', - '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:', - ['add',
['add', - 'delete',
'delete', - 'deleteall',
'deleteall', - 'ftype=',
@@ -519,7 +442,6 @@ Object-specific Options (see above): - 'file',
'localist', - 'help',
'off', - 'input=',
'on', - 'list',
- 'modify',
- 'noheading',
- 'localist',
- 'off',
- 'on',
- 'output=', - 'output=',
'proto=', - 'proto=',
'seuser=', - 'seuser=',
'store=', - 'store=',
@@ -527,6 +449,7 @@ Object-specific Options (see above): - 'range=',
'level=', - 'level=',
'roles=', - 'roles=',
'type=', - 'type=',
+ 'trans=', - 'prefix='
'prefix=' - ])
]) + try:
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+ '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
+ 'deleteall',
+ 'ftype=',
+ 'file',
+ 'help',
+ 'input=',
+ 'list',
+ 'modify',
+ 'noheading',
+ 'localist',
+ 'off',
+ 'on',
+ 'output=',
+ 'proto=',
+ 'seuser=',
+ 'store=',
+ 'range=',
+ 'level=',
+ 'roles=',
+ 'type=',
+ 'trans=',
+ 'prefix='
+ ])
+ except getopt.error, error:
+ usage(_("Options Error %s ") % error.msg)
+
for o, a in gopts: for o, a in gopts:
@@ -534,16 +457,6 @@ Object-specific Options (see above): if o == "-S" or o == '--store':
store = a store = a
if o == "-i" or o == '--input': @@ -558,8 +567,6 @@ Object-specific Options (see above):
input = a else:
- if o == "-o" or o == '--output': process_args(sys.argv[1:])
- output = a
- - except getopt.error, error:
- if output != None: - usage(_("Options Error %s ") % error.msg)
- if output != "-": except ValueError, error:
- sys.stdout = open(output, 'w') errorExit(error.args[0])
- for i in manageditems: except KeyError, error:
- print "%s -D" % i
- process_args([i, "-E"])
- sys.exit(0)
if input != None:
if input == "-":
@@ -566,7 +479,3 @@ Object-specific Options (see above):
errorExit(_("Invalid value %s") % error.args[0])
except IOError, error:
errorExit(error.args[1])
- except OSError, error:
- errorExit(error.args[1])
- except RuntimeError, error:
- errorExit(error.args[0])
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 2628645..e5b6303 100644 index 2628645..e5b6303 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py

5
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.9 Version: 2.1.9
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -355,6 +355,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Wed Dec 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2
- Add back accidently dropped patches for semanage
* Tue Dec 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1 * Tue Dec 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
- Upgrade to upstream - Upgrade to upstream
* sandbox: move sandbox.conf.5 to just sandbox.5 * sandbox: move sandbox.conf.5 to just sandbox.5