Upgrade to policycoreutils upstream
* sandbox: Maintain the LANG environment into the sandbox * audit2allow: use audit2why internally * fixfiles: label /root but not /var/lib/BackupPC * semanage: update local boolean settings is dealing with localstore * semanage: missing modify=True * semanage: set modified correctly * restorecond: make restorecond dbuss-able * restorecon: Always check return code on asprintf * restorecond: make restorecond -u exit when terminal closes * sandbox: introduce package name and language stuff * semodule_package: remove semodule_unpackage on clean * fix sandbox Makefile to support DESTDIR * semanage: Add -o description to the semanage man page * make use of the new realpath_not_final function * setfiles: close /proc/mounts file when finished * semodule: Document semodule -p in man page * setfiles: fix use before initialized * restorecond: Add .local/share as a directory to watch Upgrade to sepolgen upstream * Ignore permissive qualifier if found in an interface * Return name field in avc data
This commit is contained in:
parent
2392ca1483
commit
2c4e323ce5
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
|||||||
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
||||||
index 24e308e..1b0a8e5 100644
|
index 898fbc3..631bab5 100644
|
||||||
--- a/sepolgen/src/sepolgen/audit.py
|
--- a/sepolgen/src/sepolgen/audit.py
|
||||||
+++ b/sepolgen/src/sepolgen/audit.py
|
+++ b/sepolgen/src/sepolgen/audit.py
|
||||||
@@ -68,6 +68,17 @@ def get_dmesg_msgs():
|
@@ -68,6 +68,17 @@ def get_dmesg_msgs():
|
||||||
@ -30,11 +30,8 @@ index 24e308e..1b0a8e5 100644
|
|||||||
|
|
||||||
class AVCMessage(AuditMessage):
|
class AVCMessage(AuditMessage):
|
||||||
"""AVC message representing an access denial or granted message.
|
"""AVC message representing an access denial or granted message.
|
||||||
@@ -165,8 +179,11 @@ class AVCMessage(AuditMessage):
|
@@ -168,6 +182,8 @@ class AVCMessage(AuditMessage):
|
||||||
self.comm = ""
|
self.name = ""
|
||||||
self.exe = ""
|
|
||||||
self.path = ""
|
|
||||||
+ self.name = ""
|
|
||||||
self.accesses = []
|
self.accesses = []
|
||||||
self.denial = True
|
self.denial = True
|
||||||
+ self.type = audit2why.TERULE
|
+ self.type = audit2why.TERULE
|
||||||
@ -42,12 +39,7 @@ index 24e308e..1b0a8e5 100644
|
|||||||
|
|
||||||
def __parse_access(self, recs, start):
|
def __parse_access(self, recs, start):
|
||||||
# This is kind of sucky - the access that is in a space separated
|
# This is kind of sucky - the access that is in a space separated
|
||||||
@@ -223,10 +240,36 @@ class AVCMessage(AuditMessage):
|
@@ -229,7 +245,31 @@ class AVCMessage(AuditMessage):
|
||||||
self.comm = fields[1][1:-1]
|
|
||||||
elif fields[0] == "exe":
|
|
||||||
self.exe = fields[1][1:-1]
|
|
||||||
+ elif fields[0] == "name":
|
|
||||||
+ self.name = fields[1][1:-1]
|
|
||||||
|
|
||||||
if not found_src or not found_tgt or not found_class or not found_access:
|
if not found_src or not found_tgt or not found_class or not found_access:
|
||||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||||
@ -80,7 +72,7 @@ index 24e308e..1b0a8e5 100644
|
|||||||
class PolicyLoadMessage(AuditMessage):
|
class PolicyLoadMessage(AuditMessage):
|
||||||
"""Audit message indicating that the policy was reloaded."""
|
"""Audit message indicating that the policy was reloaded."""
|
||||||
def __init__(self, message):
|
def __init__(self, message):
|
||||||
@@ -469,10 +512,10 @@ class AuditParser:
|
@@ -472,10 +512,10 @@ class AuditParser:
|
||||||
if avc_filter:
|
if avc_filter:
|
||||||
if avc_filter.filter(avc):
|
if avc_filter.filter(avc):
|
||||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||||
@ -126,7 +118,7 @@ index 1a9a3e5..d56dd92 100644
|
|||||||
def __iter__(self):
|
def __iter__(self):
|
||||||
return iter(self.children)
|
return iter(self.children)
|
||||||
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
|
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
|
||||||
index 0e6b502..6ce892c 100644
|
index 0e6b502..4882999 100644
|
||||||
--- a/sepolgen/src/sepolgen/policygen.py
|
--- a/sepolgen/src/sepolgen/policygen.py
|
||||||
+++ b/sepolgen/src/sepolgen/policygen.py
|
+++ b/sepolgen/src/sepolgen/policygen.py
|
||||||
@@ -29,6 +29,8 @@ import objectmodel
|
@@ -29,6 +29,8 @@ import objectmodel
|
||||||
@ -189,42 +181,3 @@ index 0e6b502..6ce892c 100644
|
|||||||
self.module.children.append(rule)
|
self.module.children.append(rule)
|
||||||
|
|
||||||
|
|
||||||
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
|
|
||||||
index 1a2eec8..955784d 100644
|
|
||||||
--- a/sepolgen/src/sepolgen/refparser.py
|
|
||||||
+++ b/sepolgen/src/sepolgen/refparser.py
|
|
||||||
@@ -109,6 +109,7 @@ tokens = (
|
|
||||||
'DONTAUDIT',
|
|
||||||
'AUDITALLOW',
|
|
||||||
'NEVERALLOW',
|
|
||||||
+ 'PERMISSIVE',
|
|
||||||
'TYPE_TRANSITION',
|
|
||||||
'TYPE_CHANGE',
|
|
||||||
'TYPE_MEMBER',
|
|
||||||
@@ -170,6 +171,7 @@ reserved = {
|
|
||||||
'dontaudit' : 'DONTAUDIT',
|
|
||||||
'auditallow' : 'AUDITALLOW',
|
|
||||||
'neverallow' : 'NEVERALLOW',
|
|
||||||
+ 'permissive' : 'PERMISSIVE',
|
|
||||||
'type_transition' : 'TYPE_TRANSITION',
|
|
||||||
'type_change' : 'TYPE_CHANGE',
|
|
||||||
'type_member' : 'TYPE_MEMBER',
|
|
||||||
@@ -490,6 +492,7 @@ def p_policy_stmt(p):
|
|
||||||
| interface_call
|
|
||||||
| role_def
|
|
||||||
| role_allow
|
|
||||||
+ | permissive
|
|
||||||
| type_def
|
|
||||||
| typealias_def
|
|
||||||
| attribute_def
|
|
||||||
@@ -747,6 +750,10 @@ def p_role_allow(p):
|
|
||||||
r.tgt_roles = p[3]
|
|
||||||
p[0] = r
|
|
||||||
|
|
||||||
+def p_permissive(p):
|
|
||||||
+ 'permissive : PERMISSIVE names SEMI'
|
|
||||||
+ t.skip(1)
|
|
||||||
+
|
|
||||||
def p_avrule_def(p):
|
|
||||||
'''avrule_def : ALLOW names names COLON names names SEMI
|
|
||||||
| DONTAUDIT names names COLON names names SEMI
|
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 2.1.3-4
|
||||||
%define libsepolver 2.1.2-3
|
%define libsepolver 2.1.3-2
|
||||||
%define libsemanagever 2.1.4-1
|
%define libsemanagever 2.1.4-3
|
||||||
%define libselinuxver 2.1.5-5
|
%define libselinuxver 2.1.7-1
|
||||||
%define sepolgenver 1.1.2
|
%define sepolgenver 1.1.3
|
||||||
|
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.7
|
Version: 2.1.8
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -22,8 +22,8 @@ Source6: selinux-polgengui.desktop
|
|||||||
Source7: selinux-polgengui.console
|
Source7: selinux-polgengui.console
|
||||||
Source8: policycoreutils_man_ru2.tar.bz2
|
Source8: policycoreutils_man_ru2.tar.bz2
|
||||||
Source9: semanage-bash-completion.sh
|
Source9: semanage-bash-completion.sh
|
||||||
Patch: policycoreutils-rhat.patch
|
|
||||||
Source10: restorecond.service
|
Source10: restorecond.service
|
||||||
|
Patch: policycoreutils-rhat.patch
|
||||||
Patch1: policycoreutils-po.patch
|
Patch1: policycoreutils-po.patch
|
||||||
Patch3: policycoreutils-gui.patch
|
Patch3: policycoreutils-gui.patch
|
||||||
Patch4: policycoreutils-sepolgen.patch
|
Patch4: policycoreutils-sepolgen.patch
|
||||||
@ -352,6 +352,33 @@ fi
|
|||||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
|
||||||
|
- Upgrade to policycoreutils upstream
|
||||||
|
* sandbox: Maintain the LANG environment into the sandbox
|
||||||
|
* audit2allow: use audit2why internally
|
||||||
|
* fixfiles: label /root but not /var/lib/BackupPC
|
||||||
|
* semanage: update local boolean settings is dealing with localstore
|
||||||
|
* semanage: missing modify=True
|
||||||
|
* semanage: set modified correctly
|
||||||
|
* restorecond: make restorecond dbuss-able
|
||||||
|
* restorecon: Always check return code on asprintf
|
||||||
|
* restorecond: make restorecond -u exit when terminal closes
|
||||||
|
* sandbox: introduce package name and language stuff
|
||||||
|
* semodule_package: remove semodule_unpackage on clean
|
||||||
|
* fix sandbox Makefile to support DESTDIR
|
||||||
|
* semanage: Add -o description to the semanage man page
|
||||||
|
* make use of the new realpath_not_final function
|
||||||
|
* setfiles: close /proc/mounts file when finished
|
||||||
|
* semodule: Document semodule -p in man page
|
||||||
|
* setfiles: fix use before initialized
|
||||||
|
* restorecond: Add .local/share as a directory to watch
|
||||||
|
- Upgrade to sepolgen upstream
|
||||||
|
* Ignore permissive qualifier if found in an interface
|
||||||
|
* Return name field in avc data
|
||||||
|
|
||||||
|
* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-6
|
||||||
|
- Rebuild versus newer libsepol
|
||||||
|
|
||||||
* Fri Oct 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-5
|
* Fri Oct 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-5
|
||||||
- A couple of minor coverity fixes for a potential leaked file descriptor
|
- A couple of minor coverity fixes for a potential leaked file descriptor
|
||||||
- An an unchecked return code.
|
- An an unchecked return code.
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||||
c372e90a754ee87e1cc40b09134b8f31 sepolgen-1.1.2.tgz
|
135674afd4eecd02ef441a9fd1d2c08a policycoreutils-2.1.8.tgz
|
||||||
98688cfeab65386a0dfbd921511952ac policycoreutils-2.1.7.tgz
|
3bd4588bcf8608c6e8a18ad5a8b68971 sepolgen-1.1.3.tgz
|
||||||
|
Loading…
Reference in New Issue
Block a user