rpms/policycoreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Apply patch from Miroslav to display proper range description in man pages g

Browse Source 
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
This commit is contained in:
Dan Walsh 2012-12-10 11:02:46 -05:00
parent ceff76e017
commit 2a0d3b9155
2 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
policycoreutils-rhat.patch
View File

@ -335141,10 +335141,10 @@ index 0000000..209568c
+ return out + return out
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
new file mode 100755 new file mode 100755
index 0000000..a8db937 index 0000000..a50ba21
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -0,0 +1,1353 @@ @@ -0,0 +1,1363 @@
+#! /usr/bin/python -Es +#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat +# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh@redhat.com> +# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -335313,18 +335313,27 @@ index 0000000..a8db937
+ return role_allows + return role_allows
+ +
+users = None +users = None
+users_range = None
+def get_all_users(): +def get_all_users():
+ global users + global users
+ if users: + global users_range
+ return users + if users and users_range:
+ return users, users_range
+ +
+ users = [] + users = []
+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER)) + users_range ={}
+ allusers = []
+ allusers_info = sepolicy.info(sepolicy.USER)
+
+ for d in allusers_info:
+ allusers.append(d['name'])
+ users_range[d['name'].split("_")[0]] = d['range']
+
+ for u in allusers: + for u in allusers:
+ if u not in [ "system_u", "root", "unconfined_u" ]: + if u not in [ "system_u", "root", "unconfined_u" ]:
+ users.append(u.replace("_u","")) + users.append(u.replace("_u",""))
+ users.sort() + users.sort()
+ return users + return users, users_range
+ +
+types = None +types = None
+def _gen_types(): +def _gen_types():
@ -335627,7 +335636,8 @@ index 0000000..a8db937
+ all_bools = get_all_bools() + all_bools = get_all_bools()
+ all_port_types = get_all_port_types() + all_port_types = get_all_port_types()
+ all_roles = get_all_roles() + all_roles = get_all_roles()
+ all_users = get_all_users() + all_users = get_all_users()[0]
+ all_users_range = get_all_users()[1]
+ all_file_types = get_all_file_types() + all_file_types = get_all_file_types()
+ types = _gen_types() + types = _gen_types()
+ modules_dict = None + modules_dict = None
@ -336247,7 +336257,7 @@ index 0000000..a8db937
+ +
+The SELinux user will usually login to a system with a context that looks like: +The SELinux user will usually login to a system with a context that looks like:
+ +
+.B %(user)s_u:%(user)s_r:%(user)s_t:s0-s0:c0.c1023 +.B %(user)s_u:%(user)s_r:%(user)s_t:%(range)s
+ +
+Linux users are automatically assigned an SELinux users at login. +Linux users are automatically assigned an SELinux users at login.
+Login programs use the SELinux User to assign initial context to the user's shell. +Login programs use the SELinux User to assign initial context to the user's shell.
@ -336266,7 +336276,7 @@ index 0000000..a8db937
+ +
+.B semanage login -m -s %(user)s_u __default__ +.B semanage login -m -s %(user)s_u __default__
+ +
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname}) +""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self.all_users_range[self.domainname]})
+ +
+ if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes: + if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
+ self.fd.write(""" + self.fd.write("""
@ -339046,7 +339056,7 @@ index 0000000..1edb4fd
+ +
+setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"]) +setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"])
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 4c62b41..a3ce406 100644 index 4c62b41..a0e5415 100644
--- a/policycoreutils/setfiles/restore.c --- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c
@@ -100,20 +100,31 @@ static int match(const char *name, struct stat *sb, char **con) @@ -100,20 +100,31 @@ static int match(const char *name, struct stat *sb, char **con)
@ -339061,7 +339071,7 @@ index 4c62b41..a3ce406 100644
security_context_t curcon = NULL, newcon = NULL; security_context_t curcon = NULL, newcon = NULL;
+ float progress; + float progress;
+ if (match(my_file, ftsent->fts_statp, &newcon) < 0) { + if (match(my_file, ftsent->fts_statp, &newcon) < 0) {
+ if ((errno == ENOENT) && (!recurse)) + if ((errno == ENOENT) && ((!recurse) || (r_opts->verbose)))
+ fprintf(stderr, "%s: Warning no default label for %s\n", r_opts->progname, my_file); + fprintf(stderr, "%s: Warning no default label for %s\n", r_opts->progname, my_file);
- if (match(my_file, ftsent->fts_statp, &newcon) < 0) - if (match(my_file, ftsent->fts_statp, &newcon) < 0)
@ -339214,10 +339224,10 @@ index ac27222..57ae46a 100644
#endif #endif
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index ffbb9d1..8659294 100644 index ffbb9d1..0acf09d 100644
--- a/policycoreutils/setfiles/restorecon.8 --- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8
@@ -41,28 +41,31 @@ default file context, changing the user, role, range portion as well as the type @@ -41,28 +41,27 @@ default file context, changing the user, role, range portion as well as the type
.TP .TP
.B \-h, \-? .B \-h, \-?
display usage information and exit. display usage information and exit.
@ -339226,12 +339236,9 @@ index ffbb9d1..8659294 100644
.B \-i .B \-i
ignore files that do not exist. ignore files that do not exist.
-.TP -.TP
+.TP -.B \-R, \-r
.B \-R, \-r -change files and directories file labels recursively (descend directories).
change files and directories file labels recursively (descend directories).
-.TP -.TP
+.br
+.B Note: restorecon does not report warnings on paths without default labels, when run recursively.
+.TP +.TP
.B \-n .B \-n
don't change any file labels (passive check). don't change any file labels (passive check).
@ -339243,10 +339250,11 @@ index ffbb9d1..8659294 100644
.B \-p .B \-p
-show progress by printing * every STAR_COUNT files. -show progress by printing * every STAR_COUNT files.
+show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.) +show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.)
+
.TP .TP
.B \-R, \-r .B \-R, \-r
change files and directories file labels recursively (descend directories). change files and directories file labels recursively (descend directories).
+.br
+.B Note: restorecon reports warnings on paths without default labels only when it is non-recursively or in verbose mode.
.TP .TP
.B \-v .B \-v
show changes in file labels, if type or role are going to be changed. show changes in file labels, if type or role are going to be changed.
@ -339255,7 +339263,7 @@ index ffbb9d1..8659294 100644
.B \-0 .B \-0
the separator for the input items is assumed to be the null character the separator for the input items is assumed to be the null character
(instead of the white space). The quotes and the backslash characters are (instead of the white space). The quotes and the backslash characters are
@@ -84,7 +87,7 @@ operate recursively on directories. @@ -84,7 +83,7 @@ operate recursively on directories.
.SH "AUTHOR" .SH "AUTHOR"
This man page was written by Dan Walsh <dwalsh@redhat.com>. This man page was written by Dan Walsh <dwalsh@redhat.com>.

7
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.13 Version: 2.1.13
Release: 44%{?dist} Release: 45%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -338,6 +338,11 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Mon Dec 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-45
- Apply patch from Miroslav to display proper range description in man pages g
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44 * Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
- Additional fixes for disabled SELinux Box - Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config - system-config-selinux no longer relies on lokkit for /etc/selinux/config