Apply patch from Miroslav to display proper range description in man pages g
- Should print warning on missing default label when run in recusive mode iff - Remove extra -R description, and fix recursive description
This commit is contained in:
Dan Walsh
parent
ceff76e017
commit
2a0d3b9155
@ -335141,10 +335141,10 @@ index 0000000..209568c
|
||||
+ return out
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
new file mode 100755
|
||||
index 0000000..a8db937
|
||||
index 0000000..a50ba21
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
@@ -0,0 +1,1353 @@
|
||||
@@ -0,0 +1,1363 @@
|
||||
+#! /usr/bin/python -Es
|
||||
+# Copyright (C) 2012 Red Hat
|
||||
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||
@ -335313,18 +335313,27 @@ index 0000000..a8db937
|
||||
+ return role_allows
|
||||
+
|
||||
+users = None
|
||||
+users_range = None
|
||||
+def get_all_users():
|
||||
+ global users
|
||||
+ if users:
|
||||
+ return users
|
||||
+ global users_range
|
||||
+ if users and users_range:
|
||||
+ return users, users_range
|
||||
+
|
||||
+ users = []
|
||||
+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
|
||||
+ users_range ={}
|
||||
+ allusers = []
|
||||
+ allusers_info = sepolicy.info(sepolicy.USER)
|
||||
+
|
||||
+ for d in allusers_info:
|
||||
+ allusers.append(d['name'])
|
||||
+ users_range[d['name'].split("_")[0]] = d['range']
|
||||
+
|
||||
+ for u in allusers:
|
||||
+ if u not in [ "system_u", "root", "unconfined_u" ]:
|
||||
+ users.append(u.replace("_u",""))
|
||||
+ users.sort()
|
||||
+ return users
|
||||
+ return users, users_range
|
||||
+
|
||||
+types = None
|
||||
+def _gen_types():
|
||||
@ -335627,7 +335636,8 @@ index 0000000..a8db937
|
||||
+ all_bools = get_all_bools()
|
||||
+ all_port_types = get_all_port_types()
|
||||
+ all_roles = get_all_roles()
|
||||
+ all_users = get_all_users()
|
||||
+ all_users = get_all_users()[0]
|
||||
+ all_users_range = get_all_users()[1]
|
||||
+ all_file_types = get_all_file_types()
|
||||
+ types = _gen_types()
|
||||
+ modules_dict = None
|
||||
@ -336247,7 +336257,7 @@ index 0000000..a8db937
|
||||
+
|
||||
+The SELinux user will usually login to a system with a context that looks like:
|
||||
+
|
||||
+.B %(user)s_u:%(user)s_r:%(user)s_t:s0-s0:c0.c1023
|
||||
+.B %(user)s_u:%(user)s_r:%(user)s_t:%(range)s
|
||||
+
|
||||
+Linux users are automatically assigned an SELinux users at login.
|
||||
+Login programs use the SELinux User to assign initial context to the user's shell.
|
||||
@ -336266,7 +336276,7 @@ index 0000000..a8db937
|
||||
+
|
||||
+.B semanage login -m -s %(user)s_u __default__
|
||||
+
|
||||
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
|
||||
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self.all_users_range[self.domainname]})
|
||||
+
|
||||
+ if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
|
||||
+ self.fd.write("""
|
||||
@ -339046,7 +339056,7 @@ index 0000000..1edb4fd
|
||||
+
|
||||
+setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"])
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index 4c62b41..a3ce406 100644
|
||||
index 4c62b41..a0e5415 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
+++ b/policycoreutils/setfiles/restore.c
|
||||
@@ -100,20 +100,31 @@ static int match(const char *name, struct stat *sb, char **con)
|
||||
@ -339061,7 +339071,7 @@ index 4c62b41..a3ce406 100644
|
||||
security_context_t curcon = NULL, newcon = NULL;
|
||||
+ float progress;
|
||||
+ if (match(my_file, ftsent->fts_statp, &newcon) < 0) {
|
||||
+ if ((errno == ENOENT) && (!recurse))
|
||||
+ if ((errno == ENOENT) && ((!recurse) || (r_opts->verbose)))
|
||||
+ fprintf(stderr, "%s: Warning no default label for %s\n", r_opts->progname, my_file);
|
||||
|
||||
- if (match(my_file, ftsent->fts_statp, &newcon) < 0)
|
||||
@ -339214,10 +339224,10 @@ index ac27222..57ae46a 100644
|
||||
|
||||
#endif
|
||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||
index ffbb9d1..8659294 100644
|
||||
index ffbb9d1..0acf09d 100644
|
||||
--- a/policycoreutils/setfiles/restorecon.8
|
||||
+++ b/policycoreutils/setfiles/restorecon.8
|
||||
@@ -41,28 +41,31 @@ default file context, changing the user, role, range portion as well as the type
|
||||
@@ -41,28 +41,27 @@ default file context, changing the user, role, range portion as well as the type
|
||||
.TP
|
||||
.B \-h, \-?
|
||||
display usage information and exit.
|
||||
@ -339226,12 +339236,9 @@ index ffbb9d1..8659294 100644
|
||||
.B \-i
|
||||
ignore files that do not exist.
|
||||
-.TP
|
||||
+.TP
|
||||
.B \-R, \-r
|
||||
change files and directories file labels recursively (descend directories).
|
||||
-.B \-R, \-r
|
||||
-change files and directories file labels recursively (descend directories).
|
||||
-.TP
|
||||
+.br
|
||||
+.B Note: restorecon does not report warnings on paths without default labels, when run recursively.
|
||||
+.TP
|
||||
.B \-n
|
||||
don't change any file labels (passive check).
|
||||
@ -339243,10 +339250,11 @@ index ffbb9d1..8659294 100644
|
||||
.B \-p
|
||||
-show progress by printing * every STAR_COUNT files.
|
||||
+show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.)
|
||||
+
|
||||
.TP
|
||||
.B \-R, \-r
|
||||
change files and directories file labels recursively (descend directories).
|
||||
+.br
|
||||
+.B Note: restorecon reports warnings on paths without default labels only when it is non-recursively or in verbose mode.
|
||||
.TP
|
||||
.B \-v
|
||||
show changes in file labels, if type or role are going to be changed.
|
||||
@ -339255,7 +339263,7 @@ index ffbb9d1..8659294 100644
|
||||
.B \-0
|
||||
the separator for the input items is assumed to be the null character
|
||||
(instead of the white space). The quotes and the backslash characters are
|
||||
@@ -84,7 +87,7 @@ operate recursively on directories.
|
||||
@@ -84,7 +83,7 @@ operate recursively on directories.
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.13
|
||||
Release: 44%{?dist}
|
||||
Release: 45%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -338,6 +338,11 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Mon Dec 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-45
|
||||
- Apply patch from Miroslav to display proper range description in man pages g
|
||||
- Should print warning on missing default label when run in recusive mode iff
|
||||
- Remove extra -R description, and fix recursive description
|
||||
|
||||
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
|
||||
- Additional fixes for disabled SELinux Box
|
||||
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
|
||||
|
||||
Loading…
Reference in New Issue
Block a user