Add --root/-r flag to sepolicy manpage,

- This allows us to generate man pages on the fly in the selinux-policy build
2013-02-20 16:48:51 +01:00 · 2013-02-20 16:48:51 +01:00 · 3234f310f1
commit 3234f310f1
parent 68cfa786ad
2 changed files with 259 additions and 12 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1335,11 +1335,144 @@ index 0000000..3ecf3eb
 +++ b/policycoreutils/sepolicy/sepolgen.8
@@ -0,0 +1 @@
 +.so man8/sepolicy-generate.8
 diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
 index 82fea52..29f9428 100644
 --- a/policycoreutils/sepolicy/sepolicy-bash-completion.sh
 +++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
@@ -81,7 +81,7 @@ _sepolicy () {
                [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
                [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize  -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newtype -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
                [interface]='-h --help -a --list_admin" -u --list_user -l --list'
 -               [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
 +               [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web -r --root'
                [network]='-h --help -d --domain -l --list -p --port -t --type '
                [transition]='-h --help -s --source -t --target'
         )
@@ -156,6 +156,10 @@ _sepolicy () {
             if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
                 COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
                 return 0
 +            elif test "$prev" = "-r" || test "$prev" = "--root" ; then
 +                COMPREPLY=( $( compgen -d -- "$cur") )
 +                compopt -o filenames
 +                return 0
             elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
                 return 0
             elif test "$prev" = "-p" || test "$prev" = "--path" ; then
 diff --git a/policycoreutils/sepolicy/sepolicy-manpage.8 b/policycoreutils/sepolicy/sepolicy-manpage.8
 index b6abdf5..c05c943 100644
 --- a/policycoreutils/sepolicy/sepolicy-manpage.8
 +++ b/policycoreutils/sepolicy/sepolicy-manpage.8
@@ -5,7 +5,7 @@ sepolicy-manpage \- Generate a man page based on the installed SELinux Policy
 .SH "SYNOPSIS"
 .br
 -.B sepolicy manpage [\-w] [\-h] [\-p PATH ]  [\-a | \-d ]
 +.B sepolicy manpage [\-w] [\-h] [\-p PATH ] [\-r ROOTDIR ] [\-a | \-d ]
 .SH "DESCRIPTION"
 Use sepolicy manpage to generate manpages based on SELinux Policy.
@@ -24,6 +24,9 @@ Display help message
 .I                \-p, \-\-path
 Specify the directory to store the created man pages. (Default to /tmp)
 .TP
 +.I                \-r, \-\-root
 +Specify alternate root directory to generate man pages from. (Default to /)
 +.TP
 .I                \-w, \-\-web
 Generate an additional HTML man pages for the specified domain(s).
 diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
-index b25d3b2..e120959 100755
+index b25d3b2..7a15d88 100755
 --- a/policycoreutils/sepolicy/sepolicy.py
 +++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -461,7 +461,10 @@ if __name__ == '__main__':
+@@ -22,6 +22,8 @@
 #
 #
 import os, sys
 +import selinux
 +import sepolicy
 from sepolicy import get_os_version
 import argparse
 import gettext
@@ -198,44 +200,44 @@ def network(args):
                 _print_net(d, net, "name_bind")
 def manpage(args):
 -    from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
 +    from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains, get_all_domains
     path = args.path
 -    if args.policy:
 -        for f in ( "policy.xml", "file_context", "file_context.homedirs"):
 -            if not os.path.exists(path + f):
 -                raise ValueError("manpage creation with alternate policy requires the %s file exist" % (path + f))
 -
 +    if not args.policy and args.root != "/":
 +        sepolicy.policy(sepolicy.get_installed_policy(args.root))
 +        
     if args.all:
         test_domains = gen_domains()
     else:
         test_domains = args.domain
     for domain in test_domains:
 -        m = ManPage(domain, path, args.web)
 +        m = ManPage(domain, path, args.root, args.web)
         print m.get_man_page_path()
     if args.web:
         HTMLManPages(manpage_roles, manpage_domains, path, args.os)
 def gen_manpage_args(parser):
 -        man = parser.add_parser("manpage",
 -                                   help=_('Generate SELinux man pages'))
 -
 -        man.add_argument("-p", "--path", dest="path", default="/tmp",
 -                         help=_("path in which the generated SELinux man pages will be stored"))
 -        man.add_argument("-o", "--os", dest="os", default=get_os_version(),
 -                         help=_("name of the OS for man pages"))
 -        man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
 -                                help=_("Generate HTML man pages structure for selected SELinux man page"))
 -        group = man.add_mutually_exclusive_group(required=True)
 -        group.add_argument("-a", "--all", dest="all", default=False,
 -                           action="store_true",
 -                           help=_("All domains"))
 -        group.add_argument("-d", "--domain", nargs="+",
 -                           action=CheckDomain,
 -                           help=_("Domain name(s) of man pages to be created"))
 -        man.set_defaults(func=manpage)
 +    man = parser.add_parser("manpage",
 +                            help=_('Generate SELinux man pages'))
 +
 +    man.add_argument("-p", "--path", dest="path", default="/tmp",
 +                     help=_("path in which the generated SELinux man pages will be stored"))
 +    man.add_argument("-o", "--os", dest="os", default=get_os_version(),
 +                     help=_("name of the OS for man pages"))
 +    man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
 +                     help=_("Generate HTML man pages structure for selected SELinux man page"))
 +    man.add_argument("-r", "--root", dest="root", default="/",
 +                     help=_("Alternate root directory, defaults to /"))
 +    group = man.add_mutually_exclusive_group(required=True)
 +    group.add_argument("-a", "--all", dest="all", default=False,
 +                       action="store_true",
 +                       help=_("All domains"))
 +    group.add_argument("-d", "--domain", nargs="+",
 +                       action=CheckDomain,
 +                       help=_("Domain name(s) of man pages to be created"))
 +    man.set_defaults(func=manpage)
 def gen_network_args(parser):
         net = parser.add_parser("network",
@@ -283,7 +285,6 @@ def gen_communicate_args(parser):
     comm.set_defaults(func=communicate)
 def booleans(args):
 -    import selinux
     from sepolicy import boolean_desc
     if args.all:
         rc, args.booleans = selinux.security_get_boolean_names()
@@ -461,7 +462,10 @@ if __name__ == '__main__':
     gen_transition_args(subparsers)
     try:
@ -1352,13 +1485,14 @@ index b25d3b2..e120959 100755
         sys.exit(0)
     except ValueError,e:
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..1d77fa9 100644
+index 5e7415c..10abeec 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -37,6 +37,27 @@ CLASS = 'class'
+@@ -37,9 +37,30 @@ CLASS = 'class'
 TRANSITION = 'transition'
 ROLE_ALLOW = 'role_allow'
 -def __get_installed_policy():
 +def info(setype, name=None):
 +    dict_list = _policy.info(setype, name)
 +    return dict_list
@ -1380,10 +1514,47 @@ index 5e7415c..1d77fa9 100644
 +        dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
 +    return dict_list
 +
- def __get_installed_policy():
+def get_installed_policy(root = "/"):
     try:
-         path = selinux.selinux_binary_policy_path()
+-        path = selinux.selinux_binary_policy_path()
-@@ -145,43 +166,19 @@ def policy(policy_file):
+        path = root + selinux.selinux_binary_policy_path()
         policies = glob.glob ("%s.*" % path )
         policies.sort()
         return policies[-1]
@@ -85,7 +106,7 @@ all_domains = None
 def get_all_domains():
 	global all_domains
 	if not all_domains:
 -		all_domains = info(ATTRIBUTE,"domain")[0]["types"]
 +            all_domains = info(ATTRIBUTE,"domain")[0]["types"]
 	return all_domains
 roles = None
@@ -139,49 +160,43 @@ def get_all_attributes():
 	return all_attributes
 def policy(policy_file):
 +    global all_domains
 +    global all_attributes
 +    global bools
 +    global all_types
 +    global role_allows
 +    global users
 +    global roles
 +    global file_types
 +    global port_types
 +    all_domains = None
 +    all_attributes = None
 +    bools = None 
 +    all_types = None 
 +    role_allows = None 
 +    users = None 
 +    roles = None 
 +    file_types = None 
 +    port_types = None 
     try:
         _policy.policy(policy_file)
     except:
         raise ValueError(_("Failed to read %s policy file") % policy_file)
@ -1391,7 +1562,7 @@ index 5e7415c..1d77fa9 100644
 -if not policy_file:
 -    policy_file = __get_installed_policy()
 -
-+policy_file = __get_installed_policy()
+policy_file = get_installed_policy()
 try:
     policy(policy_file)
 except ValueError, e:
@ -1429,10 +1600,15 @@ index 5e7415c..1d77fa9 100644
 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
         global booleans_dict
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..def78e9 100755
+index 25062da..da17c48 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -28,7 +28,7 @@ import string
+@@ -24,11 +24,12 @@
 #
 __all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
 +from sepolicy import network
 import string
 import argparse
 import selinux
 import sepolicy
@ -1441,7 +1617,65 @@ index 25062da..def78e9 100755
 import commands
 import sys, os, re, time
-@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+@@ -416,40 +417,33 @@ class ManPage:
     """
 	Generate a Manpage on an SELinux domain in the specified path
     """
 -    all_attributes = get_all_attributes()
 -    all_domains = get_all_domains()
 -    all_bools = get_all_bools()
 -    all_port_types = get_all_port_types()
 -    all_roles = get_all_roles()
 -    all_users = get_all_users_info()[0]
 -    all_users_range = get_all_users_info()[1]
 -    all_file_types = get_all_file_types()
 -    types = _gen_types()
     modules_dict = None
 -    domains = gen_domains()
 -    role_allows = get_all_role_allows()
     enabled_str = ["Disabled", "Enabled"]
 -    def __init__(self, domainname, path = "/tmp", html = False):
 +    def __init__(self, domainname, path = "/tmp", root="/", html = False):
 	self.html = html
 +	self.root = root
 	self.portrecs = network.portrecs
 -
 -	fcpath = path + "/file_contexts"
 -	if os.path.exists(fcpath):
 -		self.fcpath = fcpath
 -	else:
 -		self.fcpath = selinux.selinux_file_context_path()
 +	self.domains = gen_domains()
 +	self.all_domains = get_all_domains()
 +	self.all_attributes = get_all_attributes()
 +	self.all_bools = get_all_bools()
 +	self.all_port_types = get_all_port_types()
 +	self.all_roles = get_all_roles()
 +	self.all_users = get_all_users_info()[0]
 +	self.all_users_range = get_all_users_info()[1]
 +	self.all_file_types = get_all_file_types()
 +	self.role_allows = get_all_role_allows()
 +	self.types = _gen_types()
 +
 +	self.fcpath = self.root + selinux.selinux_file_context_path()
 	self.fcdict = _gen_fcdict(self.fcpath)
 	if not os.path.exists(path):
 		os.makedirs(path)
 -	self.path = path
 -	xmlpath = path + "/policy.xml"
 -	if os.path.exists(xmlpath):
 -		self.xmlpath = xmlpath
 -	else:
 -		self.xmlpath = "/usr/share/selinux/devel/policy.xml"
 +	self.path = path
 +	self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml"
 	self.booleans_dict = gen_bool_dict(self.xmlpath)
 	if domainname.endswith("_t"):
@@ -947,13 +941,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
 .B restorecon -F -R -v /var/%(domainname)s
 .pp
 .TP
@ -1458,6 +1692,14 @@ index 25062da..def78e9 100755
 """  % {'domainname':self.domainname})
 	    for b in self.anon_list:
 		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
@@ -1230,6 +1225,7 @@ The SELinux user %s_u is not able to terminal login.
 """ % self.domainname)
     def _network(self):
 +        from sepolicy import network
 	self.fd.write("""
 .SH NETWORK
 """)
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
 index 80b6d6e..07c5ee2 100644
 --- a/policycoreutils/setfiles/restorecon.8
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -326,6 +326,11 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 %changelog
 * Wed Feb 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-7
 - Add --root/-r flag to sepolicy manpage,
 - This allows us to generate man pages on the fly in the selinux-policy build
 * Mon Feb 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-6
 - Fix newrole to retain cap_audit_write when compiled with namespace, also
 do not drop capabilities when run as root.