rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Cleanup errors found by pychecker

Browse Source 
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
This commit is contained in:
Dan Walsh 2013-10-16 15:20:12 -04:00
parent 8f0685b998
commit 256317fccc
2 changed files with 395 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

466
policycoreutils-rhat.patch
View File

@ -680134,7 +680134,7 @@ index 28a9022..90b142e 100644
+usage: semanage [-h] +usage: semanage [-h]
+ +
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 85bc37f..c78b6ef 100644 index 85bc37f..70bbaed 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
@ -680144,6 +680144,15 @@ index 85bc37f..c78b6ef 100644
# see file 'COPYING' for use and warranty information # see file 'COPYING' for use and warranty information
# #
# semanage is a tool for managing SELinux configuration files # semanage is a tool for managing SELinux configuration files
@@ -21,7 +21,7 @@
#
#
-import pwd, grp, string, selinux, tempfile, os, re, sys, stat
+import pwd, grp, string, selinux, os, re, sys, stat
from semanage import *;
PROGNAME = "policycoreutils"
import sepolicy
@@ -32,32 +32,47 @@ from IPy import IP @@ -32,32 +32,47 @@ from IPy import IP
import gettext import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@ -680153,10 +680162,10 @@ index 85bc37f..c78b6ef 100644
-except IOError: -except IOError:
- import __builtin__ - import __builtin__
- __builtin__.__dict__['_'] = unicode - __builtin__.__dict__['_'] = unicode
+
+import gettext
+translation=gettext.translation(PROGNAME, localedir = "/usr/share/locale", fallback=True) +translation=gettext.translation(PROGNAME, localedir = "/usr/share/locale", fallback=True)
+_=translation.ugettext +_=translation.ugettext
+
+is_mls_enabled = True
import syslog import syslog
@ -680207,20 +680216,28 @@ index 85bc37f..c78b6ef 100644
if sename != "": if sename != "":
message += " sename=" + sename message += " sename=" + sename
if oldsename != "": if oldsename != "":
@@ -270,6 +285,12 @@ class moduleRecords(semanageRecords): @@ -270,21 +285,31 @@ class moduleRecords(semanageRecords):
l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod))) l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod)))
return l return l
- def list(self, heading = 1, locallist = 0):
- all = self.get_all()
- if len(all) == 0:
+ def customized(self): + def customized(self):
+ all = self.get_all() + ALL = self.get_all()
+ if len(all) == 0: + if len(ALL) == 0:
+ return + return
+ return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, all)) + return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, ALL))
+ +
def list(self, heading = 1, locallist = 0): + def list(self, heading = True, locallist = False):
all = self.get_all() + ALL = self.get_all()
if len(all) == 0: + if len(ALL) == 0:
@@ -281,10 +302,14 @@ class moduleRecords(semanageRecords): return
if heading:
print "\n%-25s%-10s\n" % (_("Modules Name"), _("Version"))
- for t in all:
+ for t in ALL:
if t[2] == 0: if t[2] == 0:
disabled = _("Disabled") disabled = _("Disabled")
else: else:
@ -680235,6 +680252,15 @@ index 85bc37f..c78b6ef 100644
rc = semanage_module_install_file(self.sh, file); rc = semanage_module_install_file(self.sh, file);
if rc >= 0: if rc >= 0:
self.commit() self.commit()
@@ -312,7 +337,7 @@ class moduleRecords(semanageRecords):
self.commit()
def modify(self, file):
- rc = semanage_module_update_file(self.sh, file);
+ rc = semanage_module_upgrade_file(self.sh, file);
if rc >= 0:
self.commit()
@@ -324,6 +349,11 @@ class moduleRecords(semanageRecords): @@ -324,6 +349,11 @@ class moduleRecords(semanageRecords):
self.commit() self.commit()
@ -680247,6 +680273,83 @@ index 85bc37f..c78b6ef 100644
class dontauditClass(semanageRecords): class dontauditClass(semanageRecords):
def __init__(self, store): def __init__(self, store):
semanageRecords.__init__(self, store) semanageRecords.__init__(self, store)
@@ -332,7 +362,7 @@ class dontauditClass(semanageRecords):
if dontaudit not in [ "on", "off" ]:
raise ValueError(_("dontaudit requires either 'on' or 'off'"))
self.begin()
- rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
+ semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
self.commit()
class permissiveRecords(semanageRecords):
@@ -352,26 +382,27 @@ class permissiveRecords(semanageRecords):
l.append(name.split("permissive_")[1])
return l
- def list(self, heading = 1, locallist = 0):
- all = map(lambda y: y["name"], filter(lambda x: x["permissive"], sepolicy.info(sepolicy.TYPE)))
- if len(all) == 0:
+ def list(self, heading = True, locallist = False):
+ ALL = map(lambda y: y["name"], filter(lambda x: x["permissive"], sepolicy.info(sepolicy.TYPE)))
+ if len(ALL) == 0:
return
- if heading:
- print "\n%-25s\n" % (_("Builtin Permissive Types"))
customized = self.get_all()
- for t in all:
- if t not in customized:
- print t
-
- if len(customized) == 0:
- return
-
if heading:
print "\n%-25s\n" % (_("Customized Permissive Types"))
for t in customized:
print t
+ if locallist:
+ return
+
+ if heading:
+ print "\n%-25s\n" % (_("Builtin Permissive Types"))
+
+ for t in ALL:
+ if t not in customized:
+ print t
+
def add(self, type):
import glob
try:
@@ -427,8 +458,7 @@ permissive %s;
def deleteall(self):
l = self.get_all()
if len(l) > 0:
- all = " ".join(l)
- self.delete(all)
+ self.delete(" ".join(l))
class loginRecords(semanageRecords):
def __init__(self, store = ""):
@@ -444,14 +474,14 @@ class loginRecords(semanageRecords):
sename = "user_u"
userrec = seluserRecords()
- range, (rc, oldserole) = userrec.get(self.oldsename)
- range, (rc, serole) = userrec.get(sename)
+ RANGE, (rc, oldserole) = userrec.get(self.oldsename)
+ RANGE, (rc, serole) = userrec.get(sename)
if is_mls_enabled == 1:
if serange != "":
serange = untranslate(serange)
else:
- serange = range
+ serange = RANGE
(rc, k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
@@ -461,7 +491,9 @@ class loginRecords(semanageRecords): @@ -461,7 +491,9 @@ class loginRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name) raise ValueError(_("Could not check if login mapping for %s is defined") % name)
@ -680258,6 +680361,63 @@ index 85bc37f..c78b6ef 100644
if name[0] == '%': if name[0] == '%':
try: try:
grp.getgrnam(name[1:]) grp.getgrnam(name[1:])
@@ -513,17 +545,17 @@ class loginRecords(semanageRecords):
raise ValueError(_("Requires seuser or serange"))
userrec = seluserRecords()
- range, (rc, oldserole) = userrec.get(self.oldsename)
+ RANGE, (rc, oldserole) = userrec.get(self.oldsename)
if sename != "":
- range, (rc, serole) = userrec.get(sename)
+ RANGE, (rc, serole) = userrec.get(sename)
else:
serole=oldserole
if serange != "":
self.serange=serange
else:
- self.serange=range
+ self.serange=RANGE
(rc, k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
@@ -569,7 +601,7 @@ class loginRecords(semanageRecords):
def __delete(self, name):
rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
userrec = seluserRecords()
- range, (rc, oldserole) = userrec.get(self.oldsename)
+ RANGE, (rc, oldserole) = userrec.get(self.oldsename)
(rc, k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
@@ -594,7 +626,7 @@ class loginRecords(semanageRecords):
semanage_seuser_key_free(k)
rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
- range, (rc, serole) = userrec.get(self.sename)
+ RANGE, (rc, serole) = userrec.get(self.sename)
self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
@@ -637,7 +669,7 @@ class loginRecords(semanageRecords):
pass
return ddict
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
ddict = {}
if locallist:
(rc, self.ulist) = semanage_seuser_list_local(self.sh)
@@ -660,7 +692,7 @@ class loginRecords(semanageRecords):
l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
return l
- def list(self,heading = 1, locallist = 0):
+ def list(self,heading = True, locallist = False):
ddict = self.get_all(locallist)
ldict = self.get_all_logins()
lkeys = ldict.keys()
@@ -731,7 +763,8 @@ class seluserRecords(semanageRecords): @@ -731,7 +763,8 @@ class seluserRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name) raise ValueError(_("Could not check if SELinux user %s is defined") % name)
@ -680282,11 +680442,28 @@ index 85bc37f..c78b6ef 100644
rc = semanage_user_set_prefix(self.sh, u, prefix) rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0: if rc < 0:
- raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) - raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
+ raise ValueError(_("Could not add prefix %(ROLE)s for %(PREFIX)s") % {"ROLE":r, "PREFIX": prefix)) + raise ValueError(_("Could not add prefix %(ROLE)s for %(PREFIX)s") % {"ROLE":r, "PREFIX": prefix})
(rc, key) = semanage_user_key_extract(self.sh,u) (rc, key) = semanage_user_key_extract(self.sh,u)
if rc < 0: if rc < 0:
raise ValueError(_("Could not extract key for %s") % name) raise ValueError(_("Could not extract key for %s") % name)
@@ -928,7 +961,7 @@ class seluserRecords(semanageRecords): @@ -770,7 +803,6 @@ class seluserRecords(semanageRecords):
self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange)
def add(self, name, roles, selevel, serange, prefix):
- serole = " ".join(roles)
try:
self.begin()
self.__add( name, roles, selevel, serange, prefix)
@@ -902,7 +934,7 @@ class seluserRecords(semanageRecords):
self.mylog.commit(0)
raise error
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
ddict = {}
if locallist:
(rc, self.ulist) = semanage_user_list_local(self.sh)
@@ -928,10 +960,10 @@ class seluserRecords(semanageRecords):
keys = ddict.keys() keys = ddict.keys()
keys.sort() keys.sort()
for k in keys: for k in keys:
@ -680294,8 +680471,12 @@ index 85bc37f..c78b6ef 100644
+ l.append("-a -l %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k)) + l.append("-a -l %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
return l return l
def list(self, heading = 1, locallist = 0): - def list(self, heading = 1, locallist = 0):
@@ -982,7 +1015,7 @@ class portRecords(semanageRecords): + def list(self, heading = True, locallist = False):
ddict = self.get_all(locallist)
keys = ddict.keys()
if len(keys) == 0:
@@ -982,7 +1014,7 @@ class portRecords(semanageRecords):
(rc, k) = semanage_port_key_create(self.sh, low, high, proto_d) (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
if rc < 0: if rc < 0:
@ -680304,7 +680485,7 @@ index 85bc37f..c78b6ef 100644
return ( k, proto_d, low, high ) return ( k, proto_d, low, high )
def __add(self, port, proto, serange, type): def __add(self, port, proto, serange, type):
@@ -999,47 +1032,49 @@ class portRecords(semanageRecords): @@ -999,47 +1031,49 @@ class portRecords(semanageRecords):
raise ValueError(_("Type %s is invalid, must be a port type") % type) raise ValueError(_("Type %s is invalid, must be a port type") % type)
( k, proto_d, low, high ) = self.__genkey(port, proto) ( k, proto_d, low, high ) = self.__genkey(port, proto)
@ -680366,7 +680547,7 @@ index 85bc37f..c78b6ef 100644
semanage_context_free(con) semanage_context_free(con)
semanage_port_key_free(k) semanage_port_key_free(k)
@@ -1064,13 +1099,13 @@ class portRecords(semanageRecords): @@ -1064,13 +1098,13 @@ class portRecords(semanageRecords):
(rc, exists) = semanage_port_exists(self.sh, k) (rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0: if rc < 0:
@ -680383,7 +680564,7 @@ index 85bc37f..c78b6ef 100644
con = semanage_port_get_con(p) con = semanage_port_get_con(p)
@@ -1081,7 +1116,7 @@ class portRecords(semanageRecords): @@ -1081,7 +1115,7 @@ class portRecords(semanageRecords):
rc = semanage_port_modify_local(self.sh, k, p) rc = semanage_port_modify_local(self.sh, k, p)
if rc < 0: if rc < 0:
@ -680392,7 +680573,7 @@ index 85bc37f..c78b6ef 100644
semanage_port_key_free(k) semanage_port_key_free(k)
semanage_port_free(p) semanage_port_free(p)
@@ -1119,19 +1154,19 @@ class portRecords(semanageRecords): @@ -1119,19 +1153,19 @@ class portRecords(semanageRecords):
( k, proto_d, low, high ) = self.__genkey(port, proto) ( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k) (rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0: if rc < 0:
@ -680417,7 +680598,34 @@ index 85bc37f..c78b6ef 100644
semanage_port_key_free(k) semanage_port_key_free(k)
@@ -1274,7 +1309,8 @@ class nodeRecords(semanageRecords): @@ -1140,7 +1174,7 @@ class portRecords(semanageRecords):
self.__delete(port, proto)
self.commit()
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
ddict = {}
if locallist:
(rc, self.plist) = semanage_port_list_local(self.sh)
@@ -1162,7 +1196,7 @@ class portRecords(semanageRecords):
ddict[(low, high, proto_str)] = (ctype, level)
return ddict
- def get_all_by_type(self, locallist = 0):
+ def get_all_by_type(self, locallist = False):
ddict = {}
if locallist:
(rc, self.plist) = semanage_port_list_local(self.sh)
@@ -1200,7 +1234,7 @@ class portRecords(semanageRecords):
l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
return l
- def list(self, heading = 1, locallist = 0):
+ def list(self, heading = True, locallist = False):
ddict = self.get_all_by_type(locallist)
keys = ddict.keys()
if len(keys) == 0:
@@ -1274,7 +1308,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k) (rc, exists) = semanage_node_exists(self.sh, k)
if exists: if exists:
@ -680427,7 +680635,25 @@ index 85bc37f..c78b6ef 100644
(rc, node) = semanage_node_create(self.sh) (rc, node) = semanage_node_create(self.sh)
if rc < 0: if rc < 0:
@@ -1475,7 +1511,8 @@ class interfaceRecords(semanageRecords): @@ -1406,7 +1441,7 @@ class nodeRecords(semanageRecords):
self.__delete(semanage_node_get_addr(self.sh, node)[1], semanage_node_get_mask(self.sh, node)[1], self.protocol[semanage_node_get_proto(node)])
self.commit()
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
ddict = {}
if locallist :
(rc, self.ilist) = semanage_node_list_local(self.sh)
@@ -1433,7 +1468,7 @@ class nodeRecords(semanageRecords):
l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2],ddict[k][2], k[0]))
return l
- def list(self, heading = 1, locallist = 0):
+ def list(self, heading = True, locallist = False):
ddict = self.get_all(locallist)
keys = ddict.keys()
if len(keys) == 0:
@@ -1475,7 +1510,8 @@ class interfaceRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface) raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists: if exists:
@ -680437,7 +680663,25 @@ index 85bc37f..c78b6ef 100644
(rc, iface) = semanage_iface_create(self.sh) (rc, iface) = semanage_iface_create(self.sh)
if rc < 0: if rc < 0:
@@ -1643,6 +1680,7 @@ class fcontextRecords(semanageRecords): @@ -1599,7 +1635,7 @@ class interfaceRecords(semanageRecords):
self.__delete(semanage_iface_get_name(i))
self.commit()
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
ddict = {}
if locallist:
(rc, self.ilist) = semanage_iface_list_local(self.sh)
@@ -1623,7 +1659,7 @@ class interfaceRecords(semanageRecords):
l.append("-a -t %s %s" % (ddict[k][2], k))
return l
- def list(self, heading = 1, locallist = 0):
+ def list(self, heading = True, locallist = False):
ddict = self.get_all(locallist)
keys = ddict.keys()
if len(keys) == 0:
@@ -1643,6 +1679,7 @@ class fcontextRecords(semanageRecords):
try: try:
valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"] valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"] valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
@ -680445,7 +680689,7 @@ index 85bc37f..c78b6ef 100644
except RuntimeError: except RuntimeError:
valid_types = [] valid_types = []
@@ -1696,6 +1734,12 @@ class fcontextRecords(semanageRecords): @@ -1696,6 +1733,12 @@ class fcontextRecords(semanageRecords):
def add_equal(self, target, substitute): def add_equal(self, target, substitute):
self.begin() self.begin()
@ -680458,7 +680702,7 @@ index 85bc37f..c78b6ef 100644
if target in self.equiv.keys(): if target in self.equiv.keys():
raise ValueError(_("Equivalence class for %s already exists") % target) raise ValueError(_("Equivalence class for %s already exists") % target)
self.validate(target) self.validate(target)
@@ -1703,7 +1747,7 @@ class fcontextRecords(semanageRecords): @@ -1703,7 +1746,7 @@ class fcontextRecords(semanageRecords):
for fdict in (self.equiv, self.equiv_dist): for fdict in (self.equiv, self.equiv_dist):
for i in fdict: for i in fdict:
if i.startswith(target + "/"): if i.startswith(target + "/"):
@ -680467,12 +680711,12 @@ index 85bc37f..c78b6ef 100644
self.equiv[target] = substitute self.equiv[target] = substitute
self.equal_ind = True self.equal_ind = True
@@ -1748,12 +1792,18 @@ class fcontextRecords(semanageRecords): @@ -1748,12 +1791,18 @@ class fcontextRecords(semanageRecords):
for i in fdict: for i in fdict:
if target.startswith(i+"/"): if target.startswith(i+"/"):
t = re.sub(i, fdict[i], target) t = re.sub(i, fdict[i], target)
- raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t)) - raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
+ raise ValueError(_("File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' instead") % {"TARGET":target, "SOURCE": i, "DEST":fdict[i], "DEST1": t)) + raise ValueError(_("File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' instead") % {"TARGET":target, "SOURCE": i, "DEST":fdict[i], "DEST1": t})
- def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"): - def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
@ -680488,7 +680732,7 @@ index 85bc37f..c78b6ef 100644
if is_mls_enabled == 1: if is_mls_enabled == 1:
serange = untranslate(serange) serange = untranslate(serange)
@@ -1777,7 +1827,8 @@ class fcontextRecords(semanageRecords): @@ -1777,7 +1826,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target) raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists: if exists:
@ -680498,7 +680742,16 @@ index 85bc37f..c78b6ef 100644
(rc, fcontext) = semanage_fcontext_create(self.sh) (rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0: if rc < 0:
@@ -1966,11 +2017,11 @@ class fcontextRecords(semanageRecords): @@ -1932,7 +1982,7 @@ class fcontextRecords(semanageRecords):
self.__delete( target, ftype)
self.commit()
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
if locallist:
(rc, self.flist) = semanage_fcontext_list_local(self.sh)
else:
@@ -1966,14 +2016,14 @@ class fcontextRecords(semanageRecords):
keys.sort() keys.sort()
for k in keys: for k in keys:
if fcon_dict[k]: if fcon_dict[k]:
@ -680511,17 +680764,30 @@ index 85bc37f..c78b6ef 100644
+ l.append("-a -e %s %s" % (self.equiv[target], target)) + l.append("-a -e %s %s" % (self.equiv[target], target))
return l return l
def list(self, heading = 1, locallist = 0 ): - def list(self, heading = 1, locallist = 0 ):
@@ -2068,7 +2119,7 @@ class booleanRecords(semanageRecords): + def list(self, heading = True, locallist = False ):
fcon_dict = self.get_all(locallist)
keys = fcon_dict.keys()
if len(keys) != 0:
@@ -2068,7 +2118,7 @@ class booleanRecords(semanageRecords):
try: try:
boolname, val = b.split("=") boolname, val = b.split("=")
except ValueError: except ValueError:
- raise ValueError(_("Bad format %s: Record %s" % ( name, b) )) - raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
+ raise ValueError(_("Bad format %(BOOLNAME)s: Record %(VALUE)s" % { "BOOLNAME": name, "VALUE": b) )) + raise ValueError(_("Bad format %(BOOLNAME)s: Record %(VALUE)s" % { "BOOLNAME": name, "VALUE": b } ))
self.__mod(boolname.strip(), val.strip()) self.__mod(boolname.strip(), val.strip())
fd.close() fd.close()
else: else:
@@ -2156,7 +2207,7 @@ class booleanRecords(semanageRecords): @@ -2118,7 +2168,7 @@ class booleanRecords(semanageRecords):
self.commit()
- def get_all(self, locallist = 0):
+ def get_all(self, locallist = False):
ddict = {}
if locallist:
(rc, self.blist) = semanage_bool_list_local(self.sh)
@@ -2156,7 +2206,7 @@ class booleanRecords(semanageRecords):
keys.sort() keys.sort()
for k in keys: for k in keys:
if ddict[k]: if ddict[k]:
@ -682556,7 +682822,7 @@ index b25d3b2..2d61ad7 100755
sys.exit(0) sys.exit(0)
+ +
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index 5e7415c..a6d9088 100644 index 5e7415c..6152424 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py --- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -1,12 +1,15 @@ @@ -1,12 +1,15 @@
@ -682576,7 +682842,7 @@ index 5e7415c..a6d9088 100644
gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME) gettext.textdomain(PROGNAME)
try: try:
@@ -37,16 +40,384 @@ CLASS = 'class' @@ -37,16 +40,385 @@ CLASS = 'class'
TRANSITION = 'transition' TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow' ROLE_ALLOW = 'role_allow'
@ -682585,19 +682851,20 @@ index 5e7415c..a6d9088 100644
+ dict_list = _policy.info(setype, name) + dict_list = _policy.info(setype, name)
+ return dict_list + return dict_list
+ +
+def search(types, info = {} ): +def search(types, info = {}):
+ seinfo = info
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] + valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
+ for type in types: + for setype in types:
+ if type not in valid_types: + if setype not in valid_types:
+ raise ValueError("Type has to be in %s" % valid_types) + raise ValueError("Type has to be in %s" % valid_types)
+ info[type] = True + seinfo[setype] = True
+ +
+ perms = [] + perms = []
+ if PERMS in info: + if PERMS in seinfo:
+ perms = info[PERMS] + perms = info[PERMS]
+ info[PERMS] = ",".join(info[PERMS]) + seinfo[PERMS] = ",".join(seinfo[PERMS])
+ +
+ dict_list = _policy.search(info) + dict_list = _policy.search(seinfo)
+ if dict_list and len(perms) != 0: + if dict_list and len(perms) != 0:
+ dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list) + dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
+ return dict_list + return dict_list
@ -682964,7 +683231,7 @@ index 5e7415c..a6d9088 100644
all_types = None all_types = None
def get_all_types(): def get_all_types():
global all_types global all_types
@@ -54,23 +425,31 @@ def get_all_types(): @@ -54,23 +426,31 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE)) all_types = map(lambda x: x['name'], info(TYPE))
return all_types return all_types
@ -683009,7 +683276,7 @@ index 5e7415c..a6d9088 100644
all_domains = [] all_domains = []
types=get_all_types() types=get_all_types()
types.sort() types.sort()
@@ -81,138 +460,366 @@ def get_all_entrypoint_domains(): @@ -81,138 +461,366 @@ def get_all_entrypoint_domains():
all_domains.append(m[0]) all_domains.append(m[0])
return all_domains return all_domains
@ -683460,7 +683727,7 @@ index 5e7415c..a6d9088 100644
def boolean_category(boolean): def boolean_category(boolean):
booleans_dict = gen_bool_dict() booleans_dict = gen_bool_dict()
@@ -233,18 +840,58 @@ def get_os_version(): @@ -233,18 +841,58 @@ def get_os_version():
os_version = "" os_version = ""
pkg_name = "selinux-policy" pkg_name = "selinux-policy"
try: try:
@ -687251,10 +687518,10 @@ index 0000000..344b3d7
+ - SELinux does not block access. + - SELinux does not block access.
+ +
diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
index 8b063ca..c7dac62 100644 index 8b063ca..53e4dc2 100644
--- a/policycoreutils/sepolicy/sepolicy/interface.py --- a/policycoreutils/sepolicy/sepolicy/interface.py
+++ b/policycoreutils/sepolicy/sepolicy/interface.py +++ b/policycoreutils/sepolicy/sepolicy/interface.py
@@ -21,15 +21,13 @@ @@ -21,15 +21,12 @@
# 02111-1307 USA # 02111-1307 USA
# #
# #
@ -687267,14 +687534,13 @@ index 8b063ca..c7dac62 100644
ADMIN_TRANSITION_INTERFACE = "_admin$" ADMIN_TRANSITION_INTERFACE = "_admin$"
USER_TRANSITION_INTERFACE = "_role$" USER_TRANSITION_INTERFACE = "_role$"
-from sepolicy.generate import get_all_types -from sepolicy.generate import get_all_types
+import selinux
-__all__ = [ 'get', 'get_admin', 'get_user' ] -__all__ = [ 'get', 'get_admin', 'get_user' ]
+__all__ = [ 'get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_user' ,'get_interface_dict', 'get_interface_format_text', 'get_interface_compile_format_text', 'get_xml_file', 'interface_compile_test' ] +__all__ = [ 'get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_user' ,'get_interface_dict', 'get_interface_format_text', 'get_interface_compile_format_text', 'get_xml_file', 'interface_compile_test' ]
## ##
## I18N ## I18N
@@ -48,34 +46,173 @@ except IOError: @@ -48,34 +45,173 @@ except IOError:
import __builtin__ import __builtin__
__builtin__.__dict__['_'] = unicode __builtin__.__dict__['_'] = unicode
@ -687297,8 +687563,8 @@ index 8b063ca..c7dac62 100644
+def get_interfaces_from_xml(path): +def get_interfaces_from_xml(path):
+ """ Get all interfaces from given xml file""" + """ Get all interfaces from given xml file"""
+ interfaces_list = [] + interfaces_list = []
+ interface_dict = get_interface_dict(path) + idict = get_interface_dict(path)
+ for k in interface_dict.keys(): + for k in idict.keys():
+ interfaces_list.append(k) + interfaces_list.append(k)
+ return interfaces_list + return interfaces_list
+ +
@ -687324,8 +687590,8 @@ index 8b063ca..c7dac62 100644
+ if path: + if path:
+ try: + try:
+ xml_path = get_xml_file(path) + xml_path = get_xml_file(path)
+ interface_dict = get_interface_dict(xml_path) + idict = get_interface_dict(xml_path)
+ for k in interface_dict.keys(): + for k in idict.keys():
+ if k.endswith("_admin"): + if k.endswith("_admin"):
+ admin_list.append(k) + admin_list.append(k)
+ except IOError, e: + except IOError, e:
@ -687351,8 +687617,8 @@ index 8b063ca..c7dac62 100644
+ if path: + if path:
+ try: + try:
+ xml_path = get_xml_file(path) + xml_path = get_xml_file(path)
+ interface_dict = get_interface_dict(xml_path) + idict = get_interface_dict(xml_path)
+ for k in interface_dict.keys(): + for k in idict.keys():
+ if k.endswith("_role"): + if k.endswith("_role"):
+ if (("%s_exec_t" % k[:-5]) in sepolicy.get_all_types()): + if (("%s_exec_t" % k[:-5]) in sepolicy.get_all_types()):
+ trans_list.append(k) + trans_list.append(k)
@ -687411,8 +687677,8 @@ index 8b063ca..c7dac62 100644
+ return interface_dict + return interface_dict
+ +
+def get_interface_format_text(interface,path = "/usr/share/selinux/devel/policy.xml"): +def get_interface_format_text(interface,path = "/usr/share/selinux/devel/policy.xml"):
+ interface_dict = get_interface_dict(path) + idict = get_interface_dict(path)
+ interface_text = "%s(%s) %s" % (interface, ", ".join(interface_dict[interface][0]), " ".join(interface_dict[interface][1].split("\n"))) + interface_text = "%s(%s) %s" % (interface, ", ".join(idict[interface][0]), " ".join(idict[interface][1].split("\n")))
+ +
+ return interface_text + return interface_text
+ +
@ -687425,11 +687691,11 @@ index 8b063ca..c7dac62 100644
+ +
+ return interface_text + return interface_text
+ +
+def generate_compile_te(interface, interface_dict, name="compiletest"): +def generate_compile_te(interface, idict, name="compiletest"):
+ from templates import test_module + from templates import test_module
+ te = "" + te = ""
+ te += re.sub("TEMPLATETYPE", name, test_module.te_test_module ) + te += re.sub("TEMPLATETYPE", name, test_module.te_test_module )
+ te += get_interface_compile_format_text(interface_dict,interface) + te += get_interface_compile_format_text(idict,interface)
+ +
+ return te + return te
+ +
@ -687452,13 +687718,13 @@ index 8b063ca..c7dac62 100644
+ +
+ import commands, os + import commands, os
+ policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"} + policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"}
+ interface_dict = get_interface_dict(path) + idict = get_interface_dict(path)
+ +
+ if not (interface.split("_")[0] in exclude_interfaces or interface_dict[interface][2] in exclude_interface_type): + if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
+ print(_("Compiling %s interface" % interface)) + print(_("Compiling %s interface" % interface))
+ try: + try:
+ fd = open(policy_files['te'], "w") + fd = open(policy_files['te'], "w")
+ fd.write(generate_compile_te(interface, interface_dict)) + fd.write(generate_compile_te(interface, idict))
+ fd.close() + fd.close()
+ rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'] ) + rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'] )
+ if rc != 0: + if rc != 0:
@ -687466,7 +687732,7 @@ index 8b063ca..c7dac62 100644
+ sys.stderr.write(_("\nCompile test for %s failed.\n") % interface) + sys.stderr.write(_("\nCompile test for %s failed.\n") % interface)
+ +
+ except EnvironmentError, e: + except EnvironmentError, e:
+ sys.stderr.write(_("\nCompile test for %s has not run.\n") % interface) + sys.stderr.write(_("\nCompile test for %s has not run. %s\n") % (interface, e))
+ for v in policy_files.values(): + for v in policy_files.values():
+ if os.path.exists(v): + if os.path.exists(v):
+ os.remove(v) + os.remove(v)
@ -687958,10 +688224,15 @@ index 25062da..ba15b2c 100755
def _home_exec(self): def _home_exec(self):
permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']}) permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']})
diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
index 66efe26..6a7dab7 100755 index 66efe26..3a75d7c 100755
--- a/policycoreutils/sepolicy/sepolicy/network.py --- a/policycoreutils/sepolicy/sepolicy/network.py
+++ b/policycoreutils/sepolicy/sepolicy/network.py +++ b/policycoreutils/sepolicy/sepolicy/network.py
@@ -25,47 +25,22 @@ import sepolicy @@ -20,52 +20,26 @@
# 02111-1307 USA
#
#
-import sys
import sepolicy
search=sepolicy.search search=sepolicy.search
info=sepolicy.info info=sepolicy.info
@ -688011,7 +688282,7 @@ index 66efe26..6a7dab7 100755
for i in tlist: for i in tlist:
if i == "ephemeral_port_type": if i == "ephemeral_port_type":
if "unreserved_port_type" in tlist: if "unreserved_port_type" in tlist:
@@ -77,16 +52,18 @@ def get_network_connect(src, protocol, perm): @@ -77,16 +51,18 @@ def get_network_connect(src, protocol, perm):
if "port_t" in tlist: if "port_t" in tlist:
continue continue
if i == "port_t": if i == "port_t":
@ -688037,17 +688308,15 @@ index 66efe26..6a7dab7 100755
return d return d
diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py
new file mode 100644 new file mode 100644
index 0000000..f40924d index 0000000..c6645ef
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/sedbus.py +++ b/policycoreutils/sepolicy/sepolicy/sedbus.py
@@ -0,0 +1,60 @@ @@ -0,0 +1,58 @@
+import sys +import sys
+import dbus +import dbus
+import dbus.service +import dbus.service
+import dbus.mainloop.glib +import dbus.mainloop.glib
+import slip.dbus.service
+from slip.dbus import polkit +from slip.dbus import polkit
+import os
+ +
+class SELinuxDBus (object): +class SELinuxDBus (object):
+ def __init__ (self): + def __init__ (self):
@ -694035,17 +694304,46 @@ index 79f3997..1ff9d2c 100644
') ')
""" """
diff --git a/policycoreutils/sepolicy/sepolicy/transition.py b/policycoreutils/sepolicy/sepolicy/transition.py diff --git a/policycoreutils/sepolicy/sepolicy/transition.py b/policycoreutils/sepolicy/sepolicy/transition.py
index 5850622..1688c97 100755 index 5850622..11834c7 100755
--- a/policycoreutils/sepolicy/sepolicy/transition.py --- a/policycoreutils/sepolicy/sepolicy/transition.py
+++ b/policycoreutils/sepolicy/sepolicy/transition.py +++ b/policycoreutils/sepolicy/sepolicy/transition.py
@@ -60,12 +60,18 @@ class setrans: @@ -20,10 +20,9 @@
# 02111-1307 USA
#
#
-import sepolicy, sys
+import sepolicy
search=sepolicy.search
info=sepolicy.info
-_failedlist = []
__all__ = [ 'setrans', ]
def out(self, name, seen=[], header=""): def _entrypoint(src):
@@ -32,11 +31,11 @@ def _entrypoint(src):
def _get_trans(src):
- foundstr = ""
return search([sepolicy.TRANSITION],{sepolicy.SOURCE:src, sepolicy.CLASS:"process"})
class setrans:
def __init__(self, source, dest=None):
+ self.seen = []
self.sdict = {}
self.source=source
self.dest=dest
@@ -58,19 +57,25 @@ class setrans:
for s in self.sdict[source]["child"]:
self._process(s)
- def out(self, name, seen=[], header=""):
+ def out(self, name, header=""):
buf = "" buf = ""
+ boolean_text="" - if name in seen:
if name in seen: + if name in self.seen:
return buf return buf
seen.append(name) - seen.append(name)
+ self.seen.append(name)
- for t in self.sdict[name]["map"]: - for t in self.sdict[name]["map"]:
- buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"]) - buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"])
@ -694059,6 +694357,13 @@ index 5850622..1688c97 100755
if "child" in self.sdict[name]: if "child" in self.sdict[name]:
for x in self.sdict[name]["child"]: for x in self.sdict[name]["child"]:
- buf+= self.out(x, seen, "%s%s ... " % (header, name))
+ buf+= self.out(x, "%s%s ... " % (header, name))
return buf
def output(self):
+ self.seen = []
print self.out(self.source)
diff --git a/policycoreutils/sepolicy/setup.py b/policycoreutils/sepolicy/setup.py diff --git a/policycoreutils/sepolicy/setup.py b/policycoreutils/sepolicy/setup.py
index 1edb4fd..d8e2d64 100644 index 1edb4fd..d8e2d64 100644
--- a/policycoreutils/sepolicy/setup.py --- a/policycoreutils/sepolicy/setup.py
@ -694238,7 +694543,7 @@ index 4b44b3c..98f4f7d 100644
LDLIBS = -lselinux -lsepol -L$(LIBDIR) LDLIBS = -lselinux -lsepol -L$(LIBDIR)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index a0e5415..7fe4166 100644 index a0e5415..2a7cfa3 100644
--- a/policycoreutils/setfiles/restore.c --- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c
@@ -118,7 +118,7 @@ static int restore(FTSENT *ftsent, int recurse) @@ -118,7 +118,7 @@ static int restore(FTSENT *ftsent, int recurse)
@ -694250,6 +694555,15 @@ index a0e5415..7fe4166 100644
} else { } else {
if (r_opts->nfile > 0) { if (r_opts->nfile > 0) {
progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100; progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100;
@@ -375,7 +375,7 @@ int process_glob(char *name, int recurse) {
size_t i = 0;
int errors;
memset(&globbuf, 0, sizeof(globbuf));
- errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK, NULL, &globbuf);
+ errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK | GLOB_BRACE, NULL, &globbuf);
if (errors)
return errors;
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
index 57ae46a..406594b 100644 index 57ae46a..406594b 100644
--- a/policycoreutils/setfiles/restore.h --- a/policycoreutils/setfiles/restore.h

6
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.14 Version: 2.1.14
Release: 87%{?dist} Release: 88%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -344,6 +344,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-88
- Cleanup errors found by pychecker
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
* Fri Oct 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-87 * Fri Oct 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-87
- sepolicy gui - sepolicy gui
- mgrepl fixes for users and login - mgrepl fixes for users and login