From 25eeaeed66938b6134d76f7eb827cd38bec169d1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 2 Jan 2006 13:08:02 +0000 Subject: [PATCH] * Tue Dec 27 2005 Dan Walsh 1.29.2-9 - Fixes for semanage, patch from Ivan and added a test script --- policycoreutils-rhat.patch | 393 ++++++++++++++++++++++++++++++------- policycoreutils.spec | 4 +- 2 files changed, 325 insertions(+), 72 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index b942574..f67076d 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -226,6 +226,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policyco .SH "SEE ALSO" .TP chcon(1), selinux(8) +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.2/scripts/fixfiles +--- nsapolicycoreutils/scripts/fixfiles 2005-10-13 13:51:22.000000000 -0400 ++++ policycoreutils-1.29.2/scripts/fixfiles 2005-12-30 08:17:05.000000000 -0500 +@@ -62,8 +62,8 @@ + TEMPFILE=`mktemp ${FC}.XXXXXXXXXX` + test -z "$TEMPFILE" && exit + PREFCTEMPFILE=`mktemp ${PREFC}.XXXXXXXXXX` +- sed -r -e 's,:s0, ,g' $PREFC > ${PREFCTEMPFILE} +- sed -r -e 's,:s0, ,g' $FC | \ ++ sed -r -e 's,:s0, ,g' $PREFC | sort -u > ${PREFCTEMPFILE} ++ sed -r -e 's,:s0, ,g' $FC | sort -u | \ + /usr/bin/diff -b ${PREFCTEMPFILE} - | \ + grep '^[<>]'|cut -c3-| grep ^/ | \ + egrep -v '(^/home|^/root|^/tmp|^/dev)' |\ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon --- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500 +++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-27 08:54:19.000000000 -0500 @@ -680,8 +694,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.co +s0:c3=NDA_Yoyodyne diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500 -+++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 10:04:46.000000000 -0500 -@@ -24,22 +24,27 @@ ++++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 15:13:34.000000000 -0500 +@@ -24,22 +24,33 @@ from semanage import *; class loginRecords: def __init__(self): @@ -701,6 +715,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy + sename = "user_u" + + (rc,k) = semanage_seuser_key_create(self.sh, name) ++ if rc != 0: ++ raise ValueError("Could not create a key for %s" % name) ++ + (rc,exists) = semanage_seuser_exists(self.sh, k) if exists: raise ValueError("SELinux User %s mapping already defined" % name) @@ -712,10 +729,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - (rc,u)= semanage_seuser_create(self.sh) + (rc,u) = semanage_seuser_create(self.sh) ++ if rc != 0: ++ raise ValueError("Could not create seuser for %s" % name) ++ semanage_seuser_set_name(self.sh, u, name) semanage_seuser_set_mlsrange(self.sh, u, serange) semanage_seuser_set_sename(self.sh, u, sename) -@@ -48,12 +53,13 @@ +@@ -48,13 +59,22 @@ if semanage_commit(self.sh) != 0: raise ValueError("Failed to add SELinux user mapping") @@ -723,18 +743,28 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - (rc,k)=semanage_seuser_key_create(self.sh, name) - (rc,u)= semanage_seuser_query(self.sh, k) - if rc !=0 : +- raise ValueError("SELinux user %s mapping is not defined." % name) +- if sename == "" and serange=="": + def modify(self, name, sename = "", serange = ""): + (rc,k) = semanage_seuser_key_create(self.sh, name) -+ (rc,exists) = semanage_seuser_exists(self.sh, k) -+ if not exists: - raise ValueError("SELinux user %s mapping is not defined." % name) -- if sename == "" and serange=="": -+ (rc,u) = semanage_seuser_query(self.sh, k) ++ if rc != 0: ++ raise ValueError("Could not create a key for %s" % name) ++ + if sename == "" and serange == "": raise ValueError("Requires, seuser or serange") ++ ++ (rc,exists) = semanage_seuser_exists(self.sh, k) ++ if exists: ++ (rc,u) = semanage_seuser_query(self.sh, k) ++ if rc != 0: ++ raise ValueError("Could not query seuser for %s" % name) ++ else: ++ raise ValueError("SELinux user %s mapping is not defined." % name) ++ if serange != "": semanage_seuser_set_mlsrange(self.sh, u, serange) -@@ -66,9 +72,9 @@ + if sename != "": +@@ -66,78 +86,107 @@ def delete(self, name): @@ -742,20 +772,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - (rc,exists)= semanage_seuser_exists(self.sh, k) - if rc !=0 : + (rc,k) = semanage_seuser_key_create(self.sh, name) ++ if rc != 0: ++ raise ValueError("Could not create a key for %s" % name) ++ + (rc,exists) = semanage_seuser_exists(self.sh, k) + if not exists: raise ValueError("SELinux user %s mapping is not defined." % name) semanage_begin_transaction(self.sh) semanage_seuser_del(self.sh, k) -@@ -79,25 +85,29 @@ - print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") + if semanage_commit(self.sh) != 0: + raise ValueError("SELinux User %s mapping not defined" % name) + +- def list(self): +- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") ++ def list(self,heading=1): ++ if heading: ++ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) for idx in range(self.usize): - u=semanage_seuser_by_idx(self.ulist, idx) - name=semanage_seuser_get_name(u) +- + u = semanage_seuser_by_idx(self.ulist, idx) + name = semanage_seuser_get_name(u) - print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) class seluserRecords: @@ -772,20 +811,39 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy def add(self, name, roles, selevel, serange): - (rc,k)=semanage_user_key_create(self.sh, name) - (rc,exists)= semanage_user_exists(self.sh, k) +- if exists: +- raise ValueError("Seuser %s already defined" % name) +- (rc,u)= semanage_user_create(self.sh) + if serange == "": + serange = "s0" + if selevel == "": + selevel = "s0" ++ + (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc,exists) = semanage_user_exists(self.sh, k) - if exists: - raise ValueError("Seuser %s already defined" % name) -- (rc,u)= semanage_user_create(self.sh) ++ if rc != 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ (rc,exists) = semanage_user_exists_local(self.sh, k) ++ if not exists: ++ (rc,exists) = semanage_user_exists(self.sh, k) ++ if not exists: ++ raise ValueError("SELinux user %s is already defined." % name) ++ + (rc,u) = semanage_user_create(self.sh) ++ if rc != 0: ++ raise ValueError("Could not create login mapping for %s" % name) ++ semanage_user_set_name(self.sh, u, name) for r in roles: semanage_user_add_role(self.sh, u, r) -@@ -109,17 +119,13 @@ + semanage_user_set_mlsrange(self.sh, u, serange) + semanage_user_set_mlslevel(self.sh, u, selevel) + (rc,key) = semanage_user_key_extract(self.sh,u) ++ if rc != 0: ++ raise ValueError("Could not extract key for %s" % name) ++ + semanage_begin_transaction(self.sh) + semanage_user_add_local(self.sh, k, u) if semanage_commit(self.sh) != 0: raise ValueError("Failed to add SELinux user") @@ -794,21 +852,35 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - def modify(self, name, roles=[], selevel="", serange=""): - (rc,k)=semanage_user_key_create(self.sh, name) - (rc,exists)= semanage_user_exists(self.sh, k) -+ def modify(self, name, roles = [], selevel = "", serange = ""): -+ (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: - raise ValueError("user %s is not defined" % name) +- if not exists: +- raise ValueError("user %s is not defined" % name) - (rc,u)= semanage_user_query(self.sh, k) - if rc !=0 : - raise ValueError("User %s is not defined." % name) - if len(roles) == 0 and serange=="" and selevel=="": -+ (rc,u) = semanage_user_query(self.sh, k) ++ def modify(self, name, roles = [], selevel = "", serange = ""): + if len(roles) == 0 and serange == "" and selevel == "": raise ValueError("Requires, roles, level or range") ++ ++ (rc,k) = semanage_user_key_create(self.sh, name) ++ if rc != 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ (rc,exists) = semanage_user_exists_local(self.sh, k) ++ if exists: ++ (rc,u) = semanage_user_query_local(self.sh, k) ++ else: ++ (rc,exists) = semanage_user_exists(self.sh, k) ++ if exists: ++ (rc,u) = semanage_user_query(self.sh, k) ++ else: ++ raise ValueError("SELinux user %s mapping is not defined." % name) ++ if rc != 0: ++ raise ValueError("Could not query user for %s" % name) ++ if serange != "": semanage_user_set_mlsrange(self.sh, u, serange) -@@ -127,17 +133,15 @@ + if selevel != "": semanage_user_set_mlslevel(self.sh, u, selevel) if len(roles) != 0: for r in roles: @@ -824,12 +896,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - (rc,k)=semanage_user_key_create(self.sh, name) - (rc,exists)= semanage_user_exists(self.sh, k) + (rc,k) = semanage_user_key_create(self.sh, name) -+ (rc,exists) = semanage_user_exists(self.sh, k) ++ if rc != 0: ++ raise ValueError("Could not crpppeate a key for %s" % name) ++ ++ (rc,exists) = semanage_user_exists_local(self.sh, k) if not exists: raise ValueError("user %s is not defined" % name) semanage_begin_transaction(self.sh) -@@ -150,31 +154,30 @@ - print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") +@@ -145,86 +194,183 @@ + if semanage_commit(self.sh) != 0: + raise ValueError("Login User %s not defined" % name) + +- def list(self): +- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") +- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") ++ def list(self, heading=1): ++ if heading: ++ print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") ++ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") (status, self.ulist, self.usize) = semanage_user_list(self.sh) for idx in range(self.usize): - u=semanage_user_by_idx(self.ulist, idx) @@ -858,52 +942,175 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy if self.semanaged: semanage_connect(self.sh) - def add(self, name, type): +- def add(self, name, type): - (rc,k)=semanage_port_key_create(self.sh, name) - (rc,exists)= semanage_port_exists(self.sh, k) -+ (rc,k) = semanage_port_key_create(self.sh, name) ++ def __genkey(self, port, proto): ++ if proto == "tcp": ++ proto_d=SEMANAGE_PROTO_TCP ++ else: ++ if proto == "udp": ++ proto_d=SEMANAGE_PROTO_UDP ++ else: ++ raise ValueError("Protocol udp or tcp is required") ++ if port == "": ++ raise ValueError("Port is required") ++ ++ ports=port.split("-") ++ if len(ports) == 1: ++ low=string.atoi(ports[0]) ++ high=string.atoi(ports[0]) ++ else: ++ low=string.atoi(ports[0]) ++ high=string.atoi(ports[1]) ++ ++ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) ++ if rc != 0: ++ raise ValueError("Could not create a key for %s/%s" % (proto, port)) ++ return ( k, proto_d, low, high ) ++ ++ def add(self, port, proto, serange, type): ++ if serange == "": ++ serange="s0" ++ ++ if type == "": ++ raise ValueError("Type is required") ++ ++ ( k, proto_d, low, high ) = self.__genkey(port, proto) ++ + (rc,exists) = semanage_port_exists(self.sh, k) ++ if exists: ++ raise ValueError("Port %s/%s already defined" % (proto, port)) ++ ++ (rc,exists) = semanage_port_exists_local(self.sh, k) if exists: - raise ValueError("User %s already defined" % name) +- raise ValueError("User %s already defined" % name) - (rc,u)= semanage_port_create(self.sh) -+ (rc,u) = semanage_port_create(self.sh) - semanage_port_set_name(self.sh, u, name) - semanage_port_set_mlsrange(self.sh, u, serange) - semanage_port_set_sename(self.sh, u, sename) -@@ -184,11 +187,11 @@ +- semanage_port_set_name(self.sh, u, name) +- semanage_port_set_mlsrange(self.sh, u, serange) +- semanage_port_set_sename(self.sh, u, sename) ++ raise ValueError("Port %s/%s already defined locally" % (proto, port)) ++ ++ (rc,p) = semanage_port_create(self.sh) ++ if rc != 0: ++ raise ValueError("Could not create port for %s/%s" % (proto, port)) ++ ++ semanage_port_set_proto(p, proto_d) ++ semanage_port_set_range(p, low, high) ++ (rc, con) = semanage_context_create(self.sh) ++ if rc != 0: ++ raise ValueError("Could not create context for %s/%s" % (proto, port)) ++ ++ semanage_context_set_user(self.sh, con, "system_u") ++ semanage_context_set_role(self.sh, con, "object_r") ++ semanage_context_set_type(self.sh, con, type) ++ semanage_context_set_mls(self.sh, con, serange) ++ semanage_port_set_con(p, con) + semanage_begin_transaction(self.sh) +- semanage_port_add(self.sh, k, u) ++ semanage_port_add_local(self.sh, k, p) + if semanage_commit(self.sh) != 0: raise ValueError("Failed to add port") - def modify(self, name, type): +- def modify(self, name, type): - (rc,k)=semanage_port_key_create(self.sh, name) - (rc,u)= semanage_port_query(self.sh, k) - if rc !=0 : -+ (rc,k) = semanage_port_key_create(self.sh, name) -+ (rc,u) = semanage_port_query(self.sh, k) -+ if rc != 0 : - raise ValueError("User %s is not defined." % name) +- raise ValueError("User %s is not defined." % name) - if sename == "" and serange=="": -+ if sename == "" and serange == "": - raise ValueError("Requires, port or serange") +- raise ValueError("Requires, port or serange") ++ def modify(self, port, proto, serange, setype): ++ if serange == "" and setype == "": ++ raise ValueError("Requires, setype or serange") ++ ++ ( k, proto_d, low, high ) = self.__genkey(port, proto) ++ ++ (rc,exists) = semanage_port_exists_local(self.sh, k) ++ if exists: ++ (rc,p) = semanage_port_query_local(self.sh, k) ++ (rc,exists) = semanage_port_exists(self.sh, k) ++ if exists: ++ (rc,p) = semanage_port_query(self.sh, k) ++ else: ++ raise ValueError("port %s/%s is not defined." % (proto,port)) ++ ++ if rc != 0: ++ raise ValueError("Could not query port for %s/%s" % (proto, port)) ++ ++ con = semanage_port_get_con(p) ++ semanage_context_set_mls(self.sh, con, serange) if serange != "": - semanage_port_set_mlsrange(self.sh, u, serange) -@@ -200,7 +203,7 @@ +- semanage_port_set_mlsrange(self.sh, u, serange) +- if sename != "": +- semanage_port_set_sename(self.sh, u, sename) ++ semanage_context_set_mls(self.sh, con, serange) ++ if setype != "": ++ semanage_context_set_type(self.sh, con, setype) ++ semanage_port_set_con(p, con) + semanage_begin_transaction(self.sh) +- semanage_port_modify(self.sh, k, u) ++ semanage_port_modify_local(self.sh, k, p) + if semanage_commit(self.sh) != 0: raise ValueError("Failed to add port") - def delete(self, name): +- def delete(self, name): - (rc,k)=semanage_port_key_create(self.sh, name) -+ (rc,k) = semanage_port_key_create(self.sh, name) ++ def delete(self, port, proto): ++ ( k, proto_d, low, high ) = self.__genkey(port, proto) ++ (rc,exists) = semanage_port_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("port %s/%s is not defined localy." % (proto,port)) ++ semanage_begin_transaction(self.sh) - semanage_port_del(self.sh, k) +- semanage_port_del(self.sh, k) ++ semanage_port_del_local(self.sh, k) if semanage_commit(self.sh) != 0: -@@ -210,13 +213,13 @@ +- raise ValueError("Port %s not defined" % name) ++ raise ValueError("Port %s/%s not defined" % (proto,port)) + +- def list(self): ++ def list(self, heading=1): (status, self.plist, self.psize) = semanage_port_list(self.sh) - print "%-25s %s\n" % ("SELinux Port Name", "Port Number") +- print "%-25s %s\n" % ("SELinux Port Name", "Port Number") ++ if heading: ++ print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") ++ dict={} ++ for idx in range(self.psize): ++ u = semanage_port_by_idx(self.plist, idx) ++ con = semanage_port_get_con(u) ++ name = semanage_context_get_type(con) ++ proto=semanage_port_get_proto_str(u) ++ low=semanage_port_get_low(u) ++ high = semanage_port_get_high(u) ++ if (name, proto) not in dict.keys(): ++ dict[(name,proto)]=[] ++ if low == high: ++ dict[(name,proto)].append("%d" % low) ++ else: ++ dict[(name,proto)].append("%d-%d" % (low, high)) ++ (status, self.plist, self.psize) = semanage_port_list_local(self.sh) for idx in range(self.psize): - u=semanage_port_by_idx(self.plist, idx) - name=semanage_port_get_name(u) +- print "%20s %d" % ( name, semanage_port_get_number(u)) + u = semanage_port_by_idx(self.plist, idx) -+ name = semanage_port_get_name(u) - print "%20s %d" % ( name, semanage_port_get_number(u)) ++ con = semanage_port_get_con(u) ++ name = semanage_context_get_type(con) ++ proto=semanage_port_get_proto_str(u) ++ low=semanage_port_get_low(u) ++ high = semanage_port_get_high(u) ++ if (name, proto) not in dict.keys(): ++ dict[(name,proto)]=[] ++ if low == high: ++ dict[(name,proto)].append("%d" % low) ++ else: ++ dict[(name,proto)].append("%d-%d" % (low, high)) ++ for i in dict.keys(): ++ rec = "%-30s %-8s " % i ++ rec += "%s" % dict[i][0] ++ for p in dict[i][1:]: ++ rec += ", %s" % p ++ print rec if __name__ == '__main__': @@ -912,7 +1119,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy print '\ semanage user [-admsRrh] SELINUX_USER\n\ semanage login [-admsrh] LOGIN_NAME\n\ -@@ -245,26 +248,26 @@ +-semanage port [-admth] SELINUX_PORT_NAME\n\ ++semanage port [-admth] PORT | PORTRANGE\n\ + -a, --add Add a OBJECT record NAME\n\ + -d, --delete Delete a OBJECT record NAME\n\ + -h, --help display this message\n\ + -l, --list List the OBJECTS\n\ ++ -n, --noheading Do not print heading when listing OBJECTS\n\ + -m, --modify Modify a OBJECT record NAME\n\ + -r, --range MLS/MCS Security Range\n\ + -R, --roles SELinux Roles (Separate by spaces)\n\ +@@ -245,33 +391,40 @@ # # try: @@ -932,9 +1149,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy + input = sys.stdin + output = sys.stdout + serange = "" ++ port = "" ++ proto = "" + selevel = "" ++ setype = "" + roles = "" + seuser = "" ++ heading=1 + + add = 0 + modify = 0 @@ -951,9 +1172,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - args=sys.argv[2:] + args = sys.argv[2:] gopts, cmds = getopt.getopt(args, - 'adlhms:R:r:t:v', +- 'adlhms:R:r:t:v', ++ 'adlhmnp:P:s:R:r:t:v', ['add', -@@ -282,46 +285,46 @@ + 'delete', + 'help', + 'list', + 'modify', ++ 'noheading', ++ 'port=', ++ 'proto=', + 'seuser=', + 'range=', + 'roles=', +@@ -282,88 +435,95 @@ if o == "-a" or o == "--add": if modify or delete: usage() @@ -968,6 +1200,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy if o == "-h" or o == "--help": usage() ++ if o == "-n" or o == "--nohead": ++ heading=0 ++ if o == "-m"or o == "--modify": if delete or add: usage() @@ -977,6 +1212,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy if o == "-r" or o == '--range': - serange=a + serange = a ++ ++ if o == "-P" or o == '--proto': ++ proto = a if o == "-R" or o == '--roles': - roles=a @@ -984,7 +1222,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy if o == "-t" or o == "--type": - type=a -+ type = a ++ setype = a if o == "-l" or o == "--list": - list=1 @@ -1011,53 +1249,68 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy + OBJECT = portRecords() if list: - OBJECT.list() -@@ -330,21 +333,22 @@ +- OBJECT.list() ++ OBJECT.list(heading) + sys.exit(0); + if len(cmds) != 1: usage() - name=cmds[0] -+ name = cmds[0] ++ target = cmds[0] if add: if object == "login": - OBJECT.add(name, seuser, serange) +- OBJECT.add(name, seuser, serange) ++ OBJECT.add(target, seuser, serange) if object == "user": - rlist=roles.split() - print rlist +- OBJECT.add(name, rlist, selevel, serange) + rlist = roles.split() + if len(rlist) == 0: + raise ValueError("You must specify a role") -+ - OBJECT.add(name, rlist, selevel, serange) ++ OBJECT.add(target, rlist, selevel, serange) if object == "port": - OBJECT.add(name, type) +- OBJECT.add(name, type) ++ OBJECT.add(target, proto, serange, setype) - OBJECT.list() sys.exit(0); if modify: -@@ -352,14 +356,12 @@ - OBJECT.modify(name, seuser, serange) + if object == "login": +- OBJECT.modify(name, seuser, serange) ++ OBJECT.modify(target, seuser, serange) if object == "user": - rlist=roles.split() - print rlist +- OBJECT.modify(name, rlist, selevel, serange) + rlist = roles.split() - OBJECT.modify(name, rlist, selevel, serange) ++ OBJECT.modify(target, rlist, selevel, serange) if object == "port": - OBJECT.modify(name, type) +- OBJECT.modify(name, type) ++ OBJECT.modify(target, proto, serange, setype) sys.exit(0); - OBJECT.list() sys.exit(0); if delete: +- OBJECT.delete(name) ++ if object == "port": ++ OBJECT.delete(target, proto) ++ else: ++ OBJECT.delete(target) + sys.exit(0); + usage() + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test --- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 10:07:15.000000000 -0500 ++++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 14:40:02.000000000 -0500 @@ -0,0 +1,67 @@ +#!/bin/sh -x +# @@ -1123,6 +1376,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_ +# +#******************** semanage SELinux ports test ************************ +#" -+#semanage port -l -+#semanage port -a httpd_port_t -+#semanage port -d httpd_port_t ++semanage port -l ++semanage port -a -P tcp 123456 ++semanage port -d -P tcp 123456 diff --git a/policycoreutils.spec b/policycoreutils.spec index a3256d1..512d633 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,5 +1,5 @@ -%define libsepolver 1.11.1-1 -%define libsemanagever 1.5.3-1 +%define libsepolver 1.11.1-2 +%define libsemanagever 1.5.3-3 %define libselinuxver 1.29.2-1 Summary: SELinux policy core utilities. Name: policycoreutils