Reorginize sepolicy so all get_all functions are in main module
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
This commit is contained in:
parent
14f88c192c
commit
205e3429b9
@ -96,7 +96,7 @@ index 1464971..b5abbb9 100644
|
|||||||
clean:
|
clean:
|
||||||
|
|
||||||
diff --git a/policycoreutils/gui/domainsPage.py b/policycoreutils/gui/domainsPage.py
|
diff --git a/policycoreutils/gui/domainsPage.py b/policycoreutils/gui/domainsPage.py
|
||||||
index 03451b6..91c88a8 100644
|
index 03451b6..6af1e9a 100644
|
||||||
--- a/policycoreutils/gui/domainsPage.py
|
--- a/policycoreutils/gui/domainsPage.py
|
||||||
+++ b/policycoreutils/gui/domainsPage.py
|
+++ b/policycoreutils/gui/domainsPage.py
|
||||||
@@ -26,7 +26,7 @@ import sys
|
@@ -26,7 +26,7 @@ import sys
|
||||||
@ -104,7 +104,7 @@ index 03451b6..91c88a8 100644
|
|||||||
import selinux
|
import selinux
|
||||||
from semanagePage import *;
|
from semanagePage import *;
|
||||||
-import polgen
|
-import polgen
|
||||||
+from sepolicy.generate import get_all_domains
|
+from sepolicy import get_all_entrypoint_domains
|
||||||
|
|
||||||
##
|
##
|
||||||
## I18N
|
## I18N
|
||||||
@ -113,7 +113,7 @@ index 03451b6..91c88a8 100644
|
|||||||
self.enforcing_button = xml.get_widget("enforcingButton")
|
self.enforcing_button = xml.get_widget("enforcingButton")
|
||||||
|
|
||||||
- self.domains=polgen.get_all_domains()
|
- self.domains=polgen.get_all_domains()
|
||||||
+ self.domains=get_all_domains()
|
+ self.domains=get_all_entrypoint_domains()
|
||||||
self.load()
|
self.load()
|
||||||
|
|
||||||
def get_modules(self):
|
def get_modules(self):
|
||||||
@ -336583,14 +336583,15 @@ index 4ba51bf..6673f00 100644
|
|||||||
+"services."
|
+"services."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf
|
diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf
|
||||||
index f133755..cfe851e 100644
|
index f133755..c64e747 100644
|
||||||
--- a/policycoreutils/restorecond/restorecond.conf
|
--- a/policycoreutils/restorecond/restorecond.conf
|
||||||
+++ b/policycoreutils/restorecond/restorecond.conf
|
+++ b/policycoreutils/restorecond/restorecond.conf
|
||||||
@@ -1,7 +1,6 @@
|
@@ -1,7 +1,7 @@
|
||||||
/etc/services
|
/etc/services
|
||||||
/etc/resolv.conf
|
/etc/resolv.conf
|
||||||
/etc/samba/secrets.tdb
|
/etc/samba/secrets.tdb
|
||||||
-/etc/mtab*
|
-/etc/mtab*
|
||||||
|
+/etc/updatedb.conf
|
||||||
/var/run/utmp
|
/var/run/utmp
|
||||||
/var/log/wtmp
|
/var/log/wtmp
|
||||||
/root/*
|
/root/*
|
||||||
@ -336836,18 +336837,47 @@ index e08088e..201a988 100644
|
|||||||
install: all
|
install: all
|
||||||
-mkdir -p $(BINDIR)
|
-mkdir -p $(BINDIR)
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||||
index 989b1ae..23ab94d 100755
|
index 989b1ae..6901e4d 100755
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
--- a/policycoreutils/scripts/fixfiles
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
+++ b/policycoreutils/scripts/fixfiles
|
||||||
@@ -114,6 +114,7 @@ exclude_dirs() {
|
@@ -103,7 +103,7 @@ exclude_dirs_from_relabelling() {
|
||||||
|
|
||||||
|
exclude_dirs() {
|
||||||
|
exclude=
|
||||||
|
- for i in /var/lib/BackupPC /home /tmp /dev; do
|
||||||
|
+ for i in /sys /proc /dev /run /mnt /var/tmp /var/lib/BackupPC /home /tmp /dev; do
|
||||||
|
[ -e $i ] && exclude="$exclude -e $i";
|
||||||
|
done
|
||||||
|
exclude="$exclude `exclude_dirs_from_relabelling`"
|
||||||
|
@@ -114,6 +114,9 @@ exclude_dirs() {
|
||||||
# Set global Variables
|
# Set global Variables
|
||||||
#
|
#
|
||||||
fullFlag=0
|
fullFlag=0
|
||||||
|
+BOOTTIME=""
|
||||||
|
+FORCEFLAG=""
|
||||||
+VERBOSE="-p"
|
+VERBOSE="-p"
|
||||||
FORCEFLAG=""
|
FORCEFLAG=""
|
||||||
DIRS=""
|
DIRS=""
|
||||||
RPMILES=""
|
RPMILES=""
|
||||||
@@ -176,7 +177,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
@@ -144,6 +147,17 @@ if [ -n $LOGFILE ]; then
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
#
|
||||||
|
+# Find files newer then the passed in date and fix the label
|
||||||
|
+#
|
||||||
|
+newer() {
|
||||||
|
+ DATE=$1
|
||||||
|
+ for m in `echo $FILESYSTEMSRW`; do
|
||||||
|
+ find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${VERBOSE} -i -0 -f -
|
||||||
|
+ done;
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
# Compare PREVious File Context to currently installed File Context and
|
||||||
|
# run restorecon on all files affected by the differences.
|
||||||
|
#
|
||||||
|
@@ -176,7 +190,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
||||||
esac; \
|
esac; \
|
||||||
fi; \
|
fi; \
|
||||||
done | \
|
done | \
|
||||||
@ -336856,8 +336886,14 @@ index 989b1ae..23ab94d 100755
|
|||||||
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
|
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@@ -206,12 +207,12 @@ if [ ! -z "$PREFC" ]; then
|
@@ -204,14 +218,18 @@ if [ ! -z "$PREFC" ]; then
|
||||||
|
diff_filecontext $*
|
||||||
|
exit $?
|
||||||
fi
|
fi
|
||||||
|
+if [ ! -z "$BOOTTIME" ]; then
|
||||||
|
+ newer $BOOTTIME
|
||||||
|
+ exit $?
|
||||||
|
+fi
|
||||||
if [ ! -z "$RPMFILES" ]; then
|
if [ ! -z "$RPMFILES" ]; then
|
||||||
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||||
- rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 | cat >> $LOGFILE
|
- rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 | cat >> $LOGFILE
|
||||||
@ -336871,7 +336907,7 @@ index 989b1ae..23ab94d 100755
|
|||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
||||||
@@ -235,7 +236,7 @@ FC=$TEMPFCFILE
|
@@ -235,7 +253,7 @@ FC=$TEMPFCFILE
|
||||||
fi
|
fi
|
||||||
if [ -n "${FILESYSTEMSRW}" ]; then
|
if [ -n "${FILESYSTEMSRW}" ]; then
|
||||||
echo "Relabeling `echo ${FILESYSTEMSRW}`"
|
echo "Relabeling `echo ${FILESYSTEMSRW}`"
|
||||||
@ -336880,7 +336916,7 @@ index 989b1ae..23ab94d 100755
|
|||||||
else
|
else
|
||||||
echo >&2 "fixfiles: No suitable file systems found"
|
echo >&2 "fixfiles: No suitable file systems found"
|
||||||
fi
|
fi
|
||||||
@@ -286,12 +287,12 @@ process() {
|
@@ -286,12 +304,16 @@ process() {
|
||||||
# Make sure they specified one of the three valid commands
|
# Make sure they specified one of the three valid commands
|
||||||
#
|
#
|
||||||
case "$1" in
|
case "$1" in
|
||||||
@ -336891,17 +336927,25 @@ index 989b1ae..23ab94d 100755
|
|||||||
relabel) relabel;;
|
relabel) relabel;;
|
||||||
onboot)
|
onboot)
|
||||||
- touch /.autorelabel
|
- touch /.autorelabel
|
||||||
+ echo $FORCEFLAG > /.autorelabel
|
+ > /.autorelabel
|
||||||
|
+ [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
||||||
|
+ [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
||||||
|
+ # Force full relabel if / does not have a label on it
|
||||||
|
+ getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
|
||||||
echo "System will relabel on next boot"
|
echo "System will relabel on next boot"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@@ -317,11 +318,14 @@ if [ $# = 0 ]; then
|
@@ -317,11 +339,18 @@ if [ $# = 0 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# See how we were called.
|
# See how we were called.
|
||||||
-while getopts "C:FfR:l:" i; do
|
-while getopts "C:FfR:l:" i; do
|
||||||
+while getopts "C:FfR:l:v" i; do
|
+while getopts "N:BC:FfR:l:v" i; do
|
||||||
case "$i" in
|
case "$i" in
|
||||||
|
+ B)
|
||||||
|
+ BOOTTIME=`/bin/who -b | awk '{print $3}'`
|
||||||
|
+ echo $BOOTTIME
|
||||||
|
+ ;;
|
||||||
f)
|
f)
|
||||||
fullFlag=1
|
fullFlag=1
|
||||||
;;
|
;;
|
||||||
@ -336911,6 +336955,16 @@ index 989b1ae..23ab94d 100755
|
|||||||
R)
|
R)
|
||||||
RPMFILES=$OPTARG
|
RPMFILES=$OPTARG
|
||||||
;;
|
;;
|
||||||
|
@@ -334,6 +363,9 @@ while getopts "C:FfR:l:" i; do
|
||||||
|
F)
|
||||||
|
FORCEFLAG="-F"
|
||||||
|
;;
|
||||||
|
+ N)
|
||||||
|
+ BOOTTIME=$OPTARG
|
||||||
|
+ ;;
|
||||||
|
*)
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
||||||
index 0b4cbaa..9ab7334 100644
|
index 0b4cbaa..9ab7334 100644
|
||||||
--- a/policycoreutils/scripts/fixfiles.8
|
--- a/policycoreutils/scripts/fixfiles.8
|
||||||
@ -340156,7 +340210,7 @@ index 0000000..4693bb4
|
|||||||
+}
|
+}
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..28b6767
|
index 0000000..82fea52
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||||
@@ -0,0 +1,190 @@
|
@@ -0,0 +1,190 @@
|
||||||
@ -340207,6 +340261,9 @@ index 0000000..28b6767
|
|||||||
+__get_all_user_domains () {
|
+__get_all_user_domains () {
|
||||||
+ seinfo -auserdomain -x 2> /dev/null | tail -n +2
|
+ seinfo -auserdomain -x 2> /dev/null | tail -n +2
|
||||||
+}
|
+}
|
||||||
|
+__get_all_users () {
|
||||||
|
+ seinfo -u 2> /dev/null | tail -n +2
|
||||||
|
+}
|
||||||
+__get_all_classes () {
|
+__get_all_classes () {
|
||||||
+ seinfo -c 2> /dev/null | tail -n +2
|
+ seinfo -c 2> /dev/null | tail -n +2
|
||||||
+}
|
+}
|
||||||
@ -340219,9 +340276,6 @@ index 0000000..28b6767
|
|||||||
+__get_all_domains () {
|
+__get_all_domains () {
|
||||||
+ seinfo -adomain -x 2>/dev/null | sed 's/_t$//g'
|
+ seinfo -adomain -x 2>/dev/null | sed 's/_t$//g'
|
||||||
+}
|
+}
|
||||||
+__get_all_generate_types () {
|
|
||||||
+ seinfo -agenerate_type -x 2>/dev/null | tail -n +2
|
|
||||||
+}
|
|
||||||
+_sepolicy () {
|
+_sepolicy () {
|
||||||
+ local command=${COMP_WORDS[1]}
|
+ local command=${COMP_WORDS[1]}
|
||||||
+ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
|
+ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
|
||||||
@ -340241,7 +340295,7 @@ index 0000000..28b6767
|
|||||||
+ local -A OPTS=(
|
+ local -A OPTS=(
|
||||||
+ [booleans]='-h --help -p --path -a -all -b --boolean'
|
+ [booleans]='-h --help -p --path -a -all -b --boolean'
|
||||||
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
|
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
|
||||||
+ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newuser -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
|
+ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newtype -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
|
||||||
+ [interface]='-h --help -a --list_admin" -u --list_user -l --list'
|
+ [interface]='-h --help -a --list_admin" -u --list_user -l --list'
|
||||||
+ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
|
+ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
|
||||||
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
|
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
|
||||||
@ -340302,7 +340356,7 @@ index 0000000..28b6767
|
|||||||
+ COMPREPLY=( $(compgen -W "$( __get_all_admin_interaces ) " -- "$cur") )
|
+ COMPREPLY=( $(compgen -W "$( __get_all_admin_interaces ) " -- "$cur") )
|
||||||
+ return 0
|
+ return 0
|
||||||
+ elif [ "$prev" = "--user" -o "$prev" = "-u" ]; then
|
+ elif [ "$prev" = "--user" -o "$prev" = "-u" ]; then
|
||||||
+ COMPREPLY=( $(compgen -W "$( __get_all_user_domains ) " -- "$cur") )
|
+ COMPREPLY=( $(compgen -W "$( __get_all_users ) " -- "$cur") )
|
||||||
+ return 0
|
+ return 0
|
||||||
+ elif [[ "$cur" == "$verb" || "$cur" == "" || "$cur" == -* ]]; then
|
+ elif [[ "$cur" == "$verb" || "$cur" == "" || "$cur" == -* ]]; then
|
||||||
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
||||||
@ -340793,10 +340847,10 @@ index 0000000..0748ca9
|
|||||||
+selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8)
|
+selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
||||||
new file mode 100755
|
new file mode 100755
|
||||||
index 0000000..154369d
|
index 0000000..b25d3b2
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy.py
|
+++ b/policycoreutils/sepolicy/sepolicy.py
|
||||||
@@ -0,0 +1,470 @@
|
@@ -0,0 +1,471 @@
|
||||||
+#! /usr/bin/python -Es
|
+#! /usr/bin/python -Es
|
||||||
+# Copyright (C) 2012 Red Hat
|
+# Copyright (C) 2012 Red Hat
|
||||||
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||||
@ -340863,7 +340917,7 @@ index 0000000..154369d
|
|||||||
+
|
+
|
||||||
+ if isinstance(values,str):
|
+ if isinstance(values,str):
|
||||||
+ if values not in domains:
|
+ if values not in domains:
|
||||||
+ raise ValueError("%s must be an SELinux process domain" % values)
|
+ raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (values, ", ".join(domains)))
|
||||||
+ setattr(namespace, self.dest, values)
|
+ setattr(namespace, self.dest, values)
|
||||||
+ else:
|
+ else:
|
||||||
+ newval = getattr(namespace, self.dest)
|
+ newval = getattr(namespace, self.dest)
|
||||||
@ -340872,7 +340926,7 @@ index 0000000..154369d
|
|||||||
+
|
+
|
||||||
+ for v in values:
|
+ for v in values:
|
||||||
+ if v not in domains:
|
+ if v not in domains:
|
||||||
+ raise ValueError("%s must be an SELinux process domain" % values)
|
+ raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(domains)))
|
||||||
+ newval.append(v)
|
+ newval.append(v)
|
||||||
+ setattr(namespace, self.dest, newval)
|
+ setattr(namespace, self.dest, newval)
|
||||||
+
|
+
|
||||||
@ -340884,7 +340938,8 @@ index 0000000..154369d
|
|||||||
+ if not all_classes:
|
+ if not all_classes:
|
||||||
+ all_classes = map(lambda x: x['name'], sepolicy.info(sepolicy.TCLASS))
|
+ all_classes = map(lambda x: x['name'], sepolicy.info(sepolicy.TCLASS))
|
||||||
+ if values not in all_classes:
|
+ if values not in all_classes:
|
||||||
+ raise ValueError("%s must be an SELinux process domain" % values)
|
+ raise ValueError("%s must be an SELinux class:\nValid classes: %s" % (values, ", ".join(all_classes)))
|
||||||
|
+
|
||||||
+ setattr(namespace, self.dest, values)
|
+ setattr(namespace, self.dest, values)
|
||||||
+
|
+
|
||||||
+class CheckAdmin(argparse.Action):
|
+class CheckAdmin(argparse.Action):
|
||||||
@ -340895,7 +340950,7 @@ index 0000000..154369d
|
|||||||
+ newval = []
|
+ newval = []
|
||||||
+ admins = get_admin()
|
+ admins = get_admin()
|
||||||
+ if values not in admins:
|
+ if values not in admins:
|
||||||
+ raise ValueError("%s must be an SELinux admin domain" % values)
|
+ raise ValueError("%s must be an SELinux admin domain:\nValid admin domains: %s" % (values, ", ".join(admins)))
|
||||||
+ newval.append(values)
|
+ newval.append(values)
|
||||||
+ setattr(namespace, self.dest, newval)
|
+ setattr(namespace, self.dest, newval)
|
||||||
+
|
+
|
||||||
@ -340918,7 +340973,7 @@ index 0000000..154369d
|
|||||||
+ newval = []
|
+ newval = []
|
||||||
+ for v in values:
|
+ for v in values:
|
||||||
+ if v not in port_types:
|
+ if v not in port_types:
|
||||||
+ raise ValueError("%s must be an SELinux port type" % values)
|
+ raise ValueError("%s must be an SELinux port type:\nValid port types: %s" % (v, ", ".join(port_types)))
|
||||||
+ newval.append(v)
|
+ newval.append(v)
|
||||||
+ setattr(namespace, self.dest, values)
|
+ setattr(namespace, self.dest, values)
|
||||||
+
|
+
|
||||||
@ -340938,13 +340993,13 @@ index 0000000..154369d
|
|||||||
+
|
+
|
||||||
+class CheckUser(argparse.Action):
|
+class CheckUser(argparse.Action):
|
||||||
+ def __call__(self, parser, namespace, value, option_string=None):
|
+ def __call__(self, parser, namespace, value, option_string=None):
|
||||||
+ from sepolicy.generate import get_all_users
|
+ from sepolicy import get_all_users
|
||||||
+ newval = getattr(namespace, self.dest)
|
+ newval = getattr(namespace, self.dest)
|
||||||
+ if not newval:
|
+ if not newval:
|
||||||
+ newval = []
|
+ newval = []
|
||||||
+ users = get_all_users()
|
+ users = get_all_users()
|
||||||
+ if value not in users:
|
+ if value not in users:
|
||||||
+ raise ValueError("%s must be an SELinux user" % value)
|
+ raise ValueError("%s must be an SELinux user:\nValid users: %s" % (value, ", ".join(users)))
|
||||||
+ newval.append(value)
|
+ newval.append(value)
|
||||||
+ setattr(namespace, self.dest, newval)
|
+ setattr(namespace, self.dest, newval)
|
||||||
+
|
+
|
||||||
@ -341179,13 +341234,13 @@ index 0000000..154369d
|
|||||||
+ from sepolicy.generate import DAEMON, get_poltype_desc, poltype, DAEMON, DBUS, INETD, CGI, SANDBOX, USER, EUSER, TUSER, XUSER, LUSER, AUSER, RUSER, NEWTYPE
|
+ from sepolicy.generate import DAEMON, get_poltype_desc, poltype, DAEMON, DBUS, INETD, CGI, SANDBOX, USER, EUSER, TUSER, XUSER, LUSER, AUSER, RUSER, NEWTYPE
|
||||||
+ pol = parser.add_parser("generate",
|
+ pol = parser.add_parser("generate",
|
||||||
+ help=_('Generate SELinux Policy module template'))
|
+ help=_('Generate SELinux Policy module template'))
|
||||||
+ pol.add_argument("-d", "--domain", dest="domain",
|
+ pol.add_argument("-d", "--domain", dest="domain", default=[],
|
||||||
+ action=CheckDomain, default=None,
|
+ action=CheckDomain, nargs="*",
|
||||||
+ help=_("Enter domain type which you will be extending"))
|
+ help=_("Enter domain type which you will be extending"))
|
||||||
+ pol.add_argument("-u", "--user", dest="user",
|
+ pol.add_argument("-u", "--user", dest="user", default=[],
|
||||||
+ action=CheckUser,
|
+ action=CheckUser,
|
||||||
+ help=_("Enter SELinux user(s) which will transition to this domain"))
|
+ help=_("Enter SELinux user(s) which will transition to this domain"))
|
||||||
+ pol.add_argument("-a", "--admin", dest="admin_domain",
|
+ pol.add_argument("-a", "--admin", dest="admin_domain",default=[],
|
||||||
+ action=CheckAdmin,
|
+ action=CheckAdmin,
|
||||||
+ help=_("Enter domain(s) that this confined admin will administrate"))
|
+ help=_("Enter domain(s) that this confined admin will administrate"))
|
||||||
+ pol.add_argument("-n", "--name", dest="name",
|
+ pol.add_argument("-n", "--name", dest="name",
|
||||||
@ -341269,10 +341324,10 @@ index 0000000..154369d
|
|||||||
+ sys.exit(0)
|
+ sys.exit(0)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..68be859
|
index 0000000..5e7415c
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
@@ -0,0 +1,159 @@
|
@@ -0,0 +1,250 @@
|
||||||
+#!/usr/bin/python
|
+#!/usr/bin/python
|
||||||
+
|
+
|
||||||
+# Author: Thomas Liu <tliu@redhat.com>
|
+# Author: Thomas Liu <tliu@redhat.com>
|
||||||
@ -341322,6 +341377,97 @@ index 0000000..68be859
|
|||||||
+ pass
|
+ pass
|
||||||
+ raise ValueError(_("No SELinux Policy installed"))
|
+ raise ValueError(_("No SELinux Policy installed"))
|
||||||
+
|
+
|
||||||
|
+all_types = None
|
||||||
|
+def get_all_types():
|
||||||
|
+ global all_types
|
||||||
|
+ if all_types == None:
|
||||||
|
+ all_types = map(lambda x: x['name'], info(TYPE))
|
||||||
|
+ return all_types
|
||||||
|
+
|
||||||
|
+role_allows = None
|
||||||
|
+def get_all_role_allows():
|
||||||
|
+ global role_allows
|
||||||
|
+ if role_allows:
|
||||||
|
+ return role_allows
|
||||||
|
+ role_allows = {}
|
||||||
|
+ for r in search([ROLE_ALLOW]):
|
||||||
|
+ if r["source"] == "system_r" or r["target"] == "system_r":
|
||||||
|
+ continue
|
||||||
|
+ if r["source"] in role_allows:
|
||||||
|
+ role_allows[r["source"]].append(r["target"])
|
||||||
|
+ else:
|
||||||
|
+ role_allows[r["source"]] = [ r["target"] ]
|
||||||
|
+
|
||||||
|
+ return role_allows
|
||||||
|
+
|
||||||
|
+def get_all_entrypoint_domains():
|
||||||
|
+ all_domains = []
|
||||||
|
+ types=get_all_types()
|
||||||
|
+ types.sort()
|
||||||
|
+ for i in types:
|
||||||
|
+ m = re.findall("(.*)%s" % "_exec_t$", i)
|
||||||
|
+ if len(m) > 0:
|
||||||
|
+ if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains:
|
||||||
|
+ all_domains.append(m[0])
|
||||||
|
+ return all_domains
|
||||||
|
+
|
||||||
|
+all_domains = None
|
||||||
|
+def get_all_domains():
|
||||||
|
+ global all_domains
|
||||||
|
+ if not all_domains:
|
||||||
|
+ all_domains = info(ATTRIBUTE,"domain")[0]["types"]
|
||||||
|
+ return all_domains
|
||||||
|
+
|
||||||
|
+roles = None
|
||||||
|
+def get_all_roles():
|
||||||
|
+ global roles
|
||||||
|
+ if roles:
|
||||||
|
+ return roles
|
||||||
|
+ roles = map(lambda x: x['name'], info(ROLE))
|
||||||
|
+ roles.remove("object_r")
|
||||||
|
+ roles.sort()
|
||||||
|
+ return roles
|
||||||
|
+
|
||||||
|
+users = None
|
||||||
|
+def get_all_users():
|
||||||
|
+ global users
|
||||||
|
+ if users:
|
||||||
|
+ return users
|
||||||
|
+ users = map(lambda x: x['name'], info(USER))
|
||||||
|
+ return users
|
||||||
|
+
|
||||||
|
+file_types = None
|
||||||
|
+def get_all_file_types():
|
||||||
|
+ global file_types
|
||||||
|
+ if file_types:
|
||||||
|
+ return file_types
|
||||||
|
+ file_types = info(ATTRIBUTE,"file_type")[0]["types"]
|
||||||
|
+ file_types.sort()
|
||||||
|
+ return file_types
|
||||||
|
+
|
||||||
|
+port_types = None
|
||||||
|
+def get_all_port_types():
|
||||||
|
+ global port_types
|
||||||
|
+ if port_types:
|
||||||
|
+ return port_types
|
||||||
|
+ port_types = info(ATTRIBUTE,"port_type")[0]["types"]
|
||||||
|
+ port_types.sort()
|
||||||
|
+ return port_types
|
||||||
|
+
|
||||||
|
+bools = None
|
||||||
|
+def get_all_bools():
|
||||||
|
+ global bools
|
||||||
|
+ if not bools:
|
||||||
|
+ bools = info(BOOLEAN)
|
||||||
|
+ return bools
|
||||||
|
+
|
||||||
|
+all_attributes = None
|
||||||
|
+def get_all_attributes():
|
||||||
|
+ global all_attributes
|
||||||
|
+ if not all_attributes:
|
||||||
|
+ all_attributes = map(lambda x: x['name'], info(ATTRIBUTE))
|
||||||
|
+ return all_attributes
|
||||||
|
+
|
||||||
+def policy(policy_file):
|
+def policy(policy_file):
|
||||||
+ try:
|
+ try:
|
||||||
+ _policy.policy(policy_file)
|
+ _policy.policy(policy_file)
|
||||||
@ -341536,10 +341682,10 @@ index 0000000..a179d95
|
|||||||
+
|
+
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..6c5e482
|
index 0000000..26f8390
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
|
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||||
@@ -0,0 +1,1378 @@
|
@@ -0,0 +1,1354 @@
|
||||||
+#!/usr/bin/python -Es
|
+#!/usr/bin/python -Es
|
||||||
+#
|
+#
|
||||||
+# Copyright (C) 2007-2012 Red Hat
|
+# Copyright (C) 2007-2012 Red Hat
|
||||||
@ -341566,6 +341712,7 @@ index 0000000..6c5e482
|
|||||||
+import os, sys, stat
|
+import os, sys, stat
|
||||||
+import re
|
+import re
|
||||||
+import sepolicy
|
+import sepolicy
|
||||||
|
+from sepolicy import get_all_types, get_all_attributes, get_all_roles
|
||||||
+import time
|
+import time
|
||||||
+import yum
|
+import yum
|
||||||
+
|
+
|
||||||
@ -341643,13 +341790,6 @@ index 0000000..6c5e482
|
|||||||
+
|
+
|
||||||
+ return nvr
|
+ return nvr
|
||||||
+
|
+
|
||||||
+all_types = None
|
|
||||||
+def get_all_types():
|
|
||||||
+ global all_types
|
|
||||||
+ if all_types == None:
|
|
||||||
+ all_types = map(lambda x: x['name'], sepolicy.info(sepolicy.TYPE))
|
|
||||||
+ return all_types
|
|
||||||
+
|
|
||||||
+def get_all_ports():
|
+def get_all_ports():
|
||||||
+ dict = {}
|
+ dict = {}
|
||||||
+ for p in sepolicy.info(sepolicy.PORT):
|
+ for p in sepolicy.info(sepolicy.PORT):
|
||||||
@ -341660,28 +341800,6 @@ index 0000000..6c5e482
|
|||||||
+ dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range'])
|
+ dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range'])
|
||||||
+ return dict
|
+ return dict
|
||||||
+
|
+
|
||||||
+def get_all_roles():
|
|
||||||
+ roles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
|
|
||||||
+ roles.remove("object_r")
|
|
||||||
+ roles.sort()
|
|
||||||
+ return roles
|
|
||||||
+
|
|
||||||
+def get_all_attributes():
|
|
||||||
+ attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
|
|
||||||
+ attributes.sort()
|
|
||||||
+ return attributes
|
|
||||||
+
|
|
||||||
+def get_all_domains():
|
|
||||||
+ all_domains = []
|
|
||||||
+ types=get_all_types()
|
|
||||||
+ types.sort()
|
|
||||||
+ for i in types:
|
|
||||||
+ m = re.findall("(.*)%s" % "_exec_t$", i)
|
|
||||||
+ if len(m) > 0:
|
|
||||||
+ if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains:
|
|
||||||
+ all_domains.append(m[0])
|
|
||||||
+ return all_domains
|
|
||||||
+
|
|
||||||
+def get_all_users():
|
+def get_all_users():
|
||||||
+ users = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
|
+ users = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
|
||||||
+ users.remove("system_u")
|
+ users.remove("system_u")
|
||||||
@ -341770,6 +341888,7 @@ index 0000000..6c5e482
|
|||||||
+ self.rpms = []
|
+ self.rpms = []
|
||||||
+ self.ports = []
|
+ self.ports = []
|
||||||
+ self.all_roles = get_all_roles()
|
+ self.all_roles = get_all_roles()
|
||||||
|
+ self.types = []
|
||||||
+
|
+
|
||||||
+ if type not in poltype:
|
+ if type not in poltype:
|
||||||
+ raise ValueError(_("You must enter a valid policy type"))
|
+ raise ValueError(_("You must enter a valid policy type"))
|
||||||
@ -342436,10 +342555,13 @@ index 0000000..6c5e482
|
|||||||
+
|
+
|
||||||
+ def generate_new_types(self):
|
+ def generate_new_types(self):
|
||||||
+ newte = ""
|
+ newte = ""
|
||||||
|
+ if len(self.types) == 0:
|
||||||
|
+ raise ValueError(_("Type field required"))
|
||||||
|
+
|
||||||
+ for t in self.types:
|
+ for t in self.types:
|
||||||
+ for i in self.DEFAULT_EXT:
|
+ for i in self.DEFAULT_EXT:
|
||||||
+ if t.endswith(i):
|
+ if t.endswith(i):
|
||||||
+ newte += re.sub("TEMPLATETYPE", t[:len(i)], self.DEFAULT_EXT[i].te_types)
|
+ newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
|
||||||
+ break
|
+ break
|
||||||
+ return newte
|
+ return newte
|
||||||
+
|
+
|
||||||
@ -342644,8 +342766,8 @@ index 0000000..6c5e482
|
|||||||
+ newfc = ""
|
+ newfc = ""
|
||||||
+ fclist = []
|
+ fclist = []
|
||||||
+ if self.type in USERS + [ SANDBOX ]:
|
+ if self.type in USERS + [ SANDBOX ]:
|
||||||
+ return re.sub("EXECUTABLE", self.program, executable.fc_user)
|
+ return executable.fc_user
|
||||||
+ if self.type != NEWTYPE and self.program:
|
+ if self.type != NEWTYPE and not self.program:
|
||||||
+ raise ValueError(_("You must enter the executable path for your confined process"))
|
+ raise ValueError(_("You must enter the executable path for your confined process"))
|
||||||
+
|
+
|
||||||
+ if self.program:
|
+ if self.program:
|
||||||
@ -343007,10 +343129,10 @@ index 0000000..8b063ca
|
|||||||
+ return trans_list
|
+ return trans_list
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
new file mode 100755
|
new file mode 100755
|
||||||
index 0000000..a321faa
|
index 0000000..25062da
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
@@ -0,0 +1,1432 @@
|
@@ -0,0 +1,1365 @@
|
||||||
+#! /usr/bin/python -Es
|
+#! /usr/bin/python -Es
|
||||||
+# Copyright (C) 2012-2013 Red Hat
|
+# Copyright (C) 2012-2013 Red Hat
|
||||||
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||||
@ -343041,7 +343163,7 @@ index 0000000..a321faa
|
|||||||
+import argparse
|
+import argparse
|
||||||
+import selinux
|
+import selinux
|
||||||
+import sepolicy
|
+import sepolicy
|
||||||
+from sepolicy import network, gen_bool_dict
|
+from sepolicy import network, gen_bool_dict, get_all_file_types, get_all_domains, get_all_roles, get_all_users, get_all_port_types, get_all_bools, get_all_attributes, get_all_role_allows
|
||||||
+
|
+
|
||||||
+import commands
|
+import commands
|
||||||
+import sys, os, re, time
|
+import sys, os, re, time
|
||||||
@ -343074,12 +343196,28 @@ index 0000000..a321faa
|
|||||||
+ pass
|
+ pass
|
||||||
+ return modules_dict
|
+ return modules_dict
|
||||||
+
|
+
|
||||||
+all_attributes = None
|
+users = None
|
||||||
+def get_all_attributes():
|
+users_range = None
|
||||||
+ global all_attributes
|
+def get_all_users_info():
|
||||||
+ if not all_attributes:
|
+ global users
|
||||||
+ all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
|
+ global users_range
|
||||||
+ return all_attributes
|
+ if users and users_range:
|
||||||
|
+ return users, users_range
|
||||||
|
+
|
||||||
|
+ users = []
|
||||||
|
+ users_range ={}
|
||||||
|
+ allusers = []
|
||||||
|
+ allusers_info = info(USER)
|
||||||
|
+
|
||||||
|
+ for d in allusers_info:
|
||||||
|
+ allusers.append(d['name'])
|
||||||
|
+ users_range[d['name'].split("_")[0]] = d['range']
|
||||||
|
+
|
||||||
|
+ for u in allusers:
|
||||||
|
+ if u not in [ "system_u", "root", "unconfined_u" ]:
|
||||||
|
+ users.append(u.replace("_u",""))
|
||||||
|
+ users.sort()
|
||||||
|
+ return users, users_range
|
||||||
+
|
+
|
||||||
+all_entrypoints = None
|
+all_entrypoints = None
|
||||||
+def get_entrypoints():
|
+def get_entrypoints():
|
||||||
@ -343088,25 +343226,6 @@ index 0000000..a321faa
|
|||||||
+ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
|
+ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
|
||||||
+ return all_entrypoints
|
+ return all_entrypoints
|
||||||
+
|
+
|
||||||
+all_domains = None
|
|
||||||
+def get_all_domains():
|
|
||||||
+ global all_domains
|
|
||||||
+ if not all_domains:
|
|
||||||
+ all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
|
|
||||||
+ return all_domains
|
|
||||||
+
|
|
||||||
+roles = None
|
|
||||||
+def get_all_roles():
|
|
||||||
+ global roles
|
|
||||||
+ if roles:
|
|
||||||
+ return roles
|
|
||||||
+ roles = []
|
|
||||||
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
|
|
||||||
+ for r in allroles:
|
|
||||||
+ if r not in [ "system_r", "object_r" ]:
|
|
||||||
+ roles.append(r[:-2])
|
|
||||||
+ return roles
|
|
||||||
+
|
|
||||||
+domains = None
|
+domains = None
|
||||||
+def gen_domains():
|
+def gen_domains():
|
||||||
+ global domains
|
+ global domains
|
||||||
@ -343123,9 +343242,9 @@ index 0000000..a321faa
|
|||||||
+ domains.append(domain)
|
+ domains.append(domain)
|
||||||
+
|
+
|
||||||
+ for role in get_all_roles():
|
+ for role in get_all_roles():
|
||||||
+ if role in domains:
|
+ if role[:-2] in domains or role == "system_r":
|
||||||
+ continue
|
+ continue
|
||||||
+ domains.append(role)
|
+ domains.append(role[:-2])
|
||||||
+
|
+
|
||||||
+ domains.sort()
|
+ domains.sort()
|
||||||
+ return domains
|
+ return domains
|
||||||
@ -343163,45 +343282,6 @@ index 0000000..a321faa
|
|||||||
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
|
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
|
||||||
+ return fcdict
|
+ return fcdict
|
||||||
+
|
+
|
||||||
+role_allows = None
|
|
||||||
+def get_all_role_allows():
|
|
||||||
+ global role_allows
|
|
||||||
+ if role_allows:
|
|
||||||
+ return role_allows
|
|
||||||
+ role_allows = {}
|
|
||||||
+ for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
|
|
||||||
+ if r["source"] == "system_r" or r["target"] == "system_r":
|
|
||||||
+ continue
|
|
||||||
+ if r["source"] in role_allows:
|
|
||||||
+ role_allows[r["source"]].append(r["target"])
|
|
||||||
+ else:
|
|
||||||
+ role_allows[r["source"]] = [ r["target"] ]
|
|
||||||
+
|
|
||||||
+ return role_allows
|
|
||||||
+
|
|
||||||
+users = None
|
|
||||||
+users_range = None
|
|
||||||
+def get_all_users():
|
|
||||||
+ global users
|
|
||||||
+ global users_range
|
|
||||||
+ if users and users_range:
|
|
||||||
+ return users, users_range
|
|
||||||
+
|
|
||||||
+ users = []
|
|
||||||
+ users_range ={}
|
|
||||||
+ allusers = []
|
|
||||||
+ allusers_info = sepolicy.info(sepolicy.USER)
|
|
||||||
+
|
|
||||||
+ for d in allusers_info:
|
|
||||||
+ allusers.append(d['name'])
|
|
||||||
+ users_range[d['name'].split("_")[0]] = d['range']
|
|
||||||
+
|
|
||||||
+ for u in allusers:
|
|
||||||
+ if u not in [ "system_u", "root", "unconfined_u" ]:
|
|
||||||
+ users.append(u.replace("_u",""))
|
|
||||||
+ users.sort()
|
|
||||||
+ return users, users_range
|
|
||||||
+
|
|
||||||
+types = None
|
+types = None
|
||||||
+def _gen_types():
|
+def _gen_types():
|
||||||
+ global types
|
+ global types
|
||||||
@ -343216,31 +343296,6 @@ index 0000000..a321faa
|
|||||||
+ types[rec["name"]] = []
|
+ types[rec["name"]] = []
|
||||||
+ return types
|
+ return types
|
||||||
+
|
+
|
||||||
+file_types = None
|
|
||||||
+def get_all_file_types():
|
|
||||||
+ global file_types
|
|
||||||
+ if file_types:
|
|
||||||
+ return file_types
|
|
||||||
+ file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
|
|
||||||
+ file_types.sort()
|
|
||||||
+ return file_types
|
|
||||||
+
|
|
||||||
+port_types = None
|
|
||||||
+def get_all_port_types():
|
|
||||||
+ global port_types
|
|
||||||
+ if port_types:
|
|
||||||
+ return port_types
|
|
||||||
+ port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
|
|
||||||
+ port_types.sort()
|
|
||||||
+ return port_types
|
|
||||||
+
|
|
||||||
+bools = None
|
|
||||||
+def get_all_bools():
|
|
||||||
+ global bools
|
|
||||||
+ if not bools:
|
|
||||||
+ bools = sepolicy.info(sepolicy.BOOLEAN)
|
|
||||||
+ return bools
|
|
||||||
+
|
|
||||||
+def prettyprint(f,trim):
|
+def prettyprint(f,trim):
|
||||||
+ return " ".join(f[:-len(trim)].split("_"))
|
+ return " ".join(f[:-len(trim)].split("_"))
|
||||||
+
|
+
|
||||||
@ -343501,8 +343556,8 @@ index 0000000..a321faa
|
|||||||
+ all_bools = get_all_bools()
|
+ all_bools = get_all_bools()
|
||||||
+ all_port_types = get_all_port_types()
|
+ all_port_types = get_all_port_types()
|
||||||
+ all_roles = get_all_roles()
|
+ all_roles = get_all_roles()
|
||||||
+ all_users = get_all_users()[0]
|
+ all_users = get_all_users_info()[0]
|
||||||
+ all_users_range = get_all_users()[1]
|
+ all_users_range = get_all_users_info()[1]
|
||||||
+ all_file_types = get_all_file_types()
|
+ all_file_types = get_all_file_types()
|
||||||
+ types = _gen_types()
|
+ types = _gen_types()
|
||||||
+ modules_dict = None
|
+ modules_dict = None
|
||||||
@ -343545,7 +343600,7 @@ index 0000000..a321faa
|
|||||||
+ self._gen_bools()
|
+ self._gen_bools()
|
||||||
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
|
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
|
||||||
+ self.fd = open(self.man_page_path, 'w')
|
+ self.fd = open(self.man_page_path, 'w')
|
||||||
+ if domainname in self.all_roles:
|
+ if domainname + "_r" in self.all_roles:
|
||||||
+ self.__gen_user_man_page()
|
+ self.__gen_user_man_page()
|
||||||
+ if self.html:
|
+ if self.html:
|
||||||
+ manpage_roles.append(self.man_page_path)
|
+ manpage_roles.append(self.man_page_path)
|
||||||
@ -344756,7 +344811,7 @@ index 0000000..dcf445e
|
|||||||
+"""
|
+"""
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/templates/executable.py b/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/templates/executable.py b/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..092a53e
|
index 0000000..4b9534d
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
+++ b/policycoreutils/sepolicy/sepolicy/templates/executable.py
|
||||||
@@ -0,0 +1,454 @@
|
@@ -0,0 +1,454 @@
|
||||||
@ -345208,7 +345263,7 @@ index 0000000..092a53e
|
|||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+fc_user="""\
|
+fc_user="""\
|
||||||
+# Users do not have file context, leave blank
|
+# No file context, leave blank
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+fc_initscript="""\
|
+fc_initscript="""\
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.13
|
Version: 2.1.13
|
||||||
Release: 57%{?dist}
|
Release: 58%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -338,6 +338,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-58
|
||||||
|
- Reorginize sepolicy so all get_all functions are in main module
|
||||||
|
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
|
||||||
|
|
||||||
* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
|
* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
|
||||||
- Update to latest patches from eparis/Upstream
|
- Update to latest patches from eparis/Upstream
|
||||||
- fixfiles onboot will write any flags handed to it to /.autorelabel.
|
- fixfiles onboot will write any flags handed to it to /.autorelabel.
|
||||||
|
Loading…
Reference in New Issue
Block a user