diff --git a/policycoreutils-fedora.patch b/policycoreutils-fedora.patch index c8aaba7..3ba77b5 100644 --- a/policycoreutils-fedora.patch +++ b/policycoreutils-fedora.patch @@ -1,3 +1,65 @@ +diff --git policycoreutils-2.7/hll/pp/Makefile policycoreutils-2.7/hll/pp/Makefile +index 3401dcc..fc8d3c4 100644 +--- policycoreutils-2.7/hll/pp/Makefile ++++ policycoreutils-2.7/hll/pp/Makefile +@@ -1,8 +1,5 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include +-MANDIR = $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib ++PREFIX ?= /usr + LIBEXECDIR ?= $(PREFIX)/libexec + HLLDIR ?= $(LIBEXECDIR)/selinux/hll + +@@ -21,8 +18,8 @@ pp: $(PP_OBJS) + $(CC) $(CFLAGS) -c -o $@ $^ + + install: all +- -mkdir -p $(HLLDIR) +- install -m 755 pp $(HLLDIR) ++ -mkdir -p $(DESTDIR)$(HLLDIR) ++ install -m 755 pp $(DESTDIR)$(HLLDIR) + + relabel: + +diff --git policycoreutils-2.7/load_policy/Makefile policycoreutils-2.7/load_policy/Makefile +index b85833c..568d5d4 100644 +--- policycoreutils-2.7/load_policy/Makefile ++++ policycoreutils-2.7/load_policy/Makefile +@@ -1,8 +1,8 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-SBINDIR ?= $(DESTDIR)/sbin ++PREFIX ?= /usr ++SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man +-LOCALEDIR ?= /usr/share/locale ++LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" +@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) + all: $(TARGETS) + + install: all +- -mkdir -p $(SBINDIR) +- install -m 755 $(TARGETS) $(SBINDIR) +- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 +- install -m 644 load_policy.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR) ++ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/ + + clean: + -rm -f $(TARGETS) *.o +@@ -25,4 +25,4 @@ indent: + ../../scripts/Lindent $(wildcard *.[ch]) + + relabel: +- /sbin/restorecon $(SBINDIR)/load_policy ++ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy diff --git policycoreutils-2.7/load_policy/load_policy.8 policycoreutils-2.7/load_policy/load_policy.8 index 5f5550d..0810995 100644 --- policycoreutils-2.7/load_policy/load_policy.8 @@ -8,6 +70,76 @@ index 5f5550d..0810995 100644 This manual page was written by Dan Walsh . -The program was written by Stephen Smalley . +The program was written by Stephen Smalley . +diff --git policycoreutils-2.7/man/Makefile policycoreutils-2.7/man/Makefile +index 0d91cd4..8af1520 100644 +--- policycoreutils-2.7/man/Makefile ++++ policycoreutils-2.7/man/Makefile +@@ -1,12 +1,13 @@ + # Installation directories. +-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5 ++PREFIX ?= /usr ++MAN5DIR ?= $(PREFIX)/share/man/man5 + + all: + + clean: + + install: all +- mkdir -p $(MAN5DIR) +- install -m 644 man5/*.5 $(MAN5DIR) ++ mkdir -p $(DESTDIR)$(MAN5DIR) ++ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR) + + relabel: +diff --git policycoreutils-2.7/newrole/Makefile policycoreutils-2.7/newrole/Makefile +index 196af92..a1bfe1a 100644 +--- policycoreutils-2.7/newrole/Makefile ++++ policycoreutils-2.7/newrole/Makefile +@@ -1,9 +1,9 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin + MANDIR ?= $(PREFIX)/share/man +-ETCDIR ?= $(DESTDIR)/etc +-LOCALEDIR = /usr/share/locale ++ETCDIR ?= /etc ++LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale + PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) + AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) + # Enable capabilities to permit newrole to generate audit records. +@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS) + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + + install: all +- test -d $(BINDIR) || install -m 755 -d $(BINDIR) +- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d +- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 +- install -m $(MODE) newrole $(BINDIR) +- install -m 644 newrole.1 $(MANDIR)/man1/ ++ test -d $(DESTDIR)$(BINDIR) || install -m 755 -d $(DESTDIR)$(BINDIR) ++ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d ++ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1 ++ install -m $(MODE) newrole $(DESTDIR)$(BINDIR) ++ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/ + ifeq ($(PAMH), y) +- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d ++ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d + ifeq ($(LSPP_PRIV),y) +- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole ++ install -m 644 newrole-lspp.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole + else +- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole ++ install -m 644 newrole.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole + endif + endif + +@@ -82,4 +82,4 @@ indent: + ../../scripts/Lindent $(wildcard *.[ch]) + + relabel: install +- /sbin/restorecon $(BINDIR)/newrole ++ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole diff --git policycoreutils-2.7/newrole/hashtab.c policycoreutils-2.7/newrole/hashtab.c index 77ed143..24c65c4 100644 --- policycoreutils-2.7/newrole/hashtab.c @@ -30,6 +162,112 @@ index 9f737df..3790f0a 100644 /* FLASK */ +diff --git policycoreutils-2.7/po/Makefile policycoreutils-2.7/po/Makefile +index 5814861..575e143 100644 +--- policycoreutils-2.7/po/Makefile ++++ policycoreutils-2.7/po/Makefile +@@ -2,6 +2,7 @@ + # Makefile for the PO files (translation) catalog + # + ++PREFIX ?= /usr + TOP = ../.. + + # What is this package? +@@ -12,7 +13,7 @@ INSTALL_DATA = $(INSTALL) -m 644 + INSTALL_DIR = /usr/bin/install -d + + # destination directory +-INSTALL_NLS_DIR = $(DESTDIR)/usr/share/locale ++INSTALL_NLS_DIR = $(PREFIX)/share/locale + + # PO catalog handling + MSGMERGE = msgmerge +@@ -128,8 +129,8 @@ clean: + install: $(MOFILES) + @for n in $(MOFILES); do \ + l=`basename $$n .mo`; \ +- $(INSTALL_DIR) $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ +- $(INSTALL_DATA) --verbose $$n $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \ ++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ ++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \ + done + + %.mo: %.po +diff --git policycoreutils-2.7/run_init/Makefile policycoreutils-2.7/run_init/Makefile +index 921f0b0..1d5de57 100644 +--- policycoreutils-2.7/run_init/Makefile ++++ policycoreutils-2.7/run_init/Makefile +@@ -1,10 +1,10 @@ + + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man +-ETCDIR ?= $(DESTDIR)/etc +-LOCALEDIR ?= /usr/share/locale ++ETCDIR ?= /etc ++LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale + PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y) + AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) + +@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c + + + install: all +- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR) +- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 +- install -m 755 run_init $(SBINDIR) +- install -m 755 open_init_pty $(SBINDIR) +- install -m 644 run_init.8 $(MANDIR)/man8/ +- install -m 644 open_init_pty.8 $(MANDIR)/man8/ ++ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR) ++ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 ++ install -m 755 run_init $(DESTDIR)$(SBINDIR) ++ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR) ++ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/ ++ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/ + ifeq ($(PAMH), y) +- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init ++ install -m 644 run_init.pamd $(DESTDIR)$(ETCDIR)/pam.d/run_init + endif + + clean: +@@ -49,4 +49,4 @@ indent: + ../../scripts/Lindent $(wildcard *.[ch]) + + relabel: install +- /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty ++ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init $(DESTDIR)$(SBINDIR)/open_init_pty +diff --git policycoreutils-2.7/scripts/Makefile policycoreutils-2.7/scripts/Makefile +index d9e86ff..afe5dc4 100644 +--- policycoreutils-2.7/scripts/Makefile ++++ policycoreutils-2.7/scripts/Makefile +@@ -1,17 +1,16 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-SBINDIR ?= $(DESTDIR)/sbin ++PREFIX ?= /usr ++SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man +-LOCALEDIR ?= $(PREFIX)/share/locale + + .PHONY: all + all: fixfiles + + install: all +- -mkdir -p $(SBINDIR) +- install -m 755 fixfiles $(SBINDIR) +- -mkdir -p $(MANDIR)/man8 +- install -m 644 fixfiles.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 fixfiles $(DESTDIR)$(SBINDIR) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/ + + clean: + diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles index 1aa330f..7ec0396 100755 --- policycoreutils-2.7/scripts/fixfiles @@ -42,6 +280,156 @@ index 1aa330f..7ec0396 100755 FORCEFLAG="" RPMFILES="" PREFC="" +diff --git policycoreutils-2.7/secon/Makefile policycoreutils-2.7/secon/Makefile +index 8e491d7..db8ee42 100644 +--- policycoreutils-2.7/secon/Makefile ++++ policycoreutils-2.7/secon/Makefile +@@ -1,9 +1,7 @@ + # secon tool - command-line context +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin + MANDIR ?= $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib + + WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal + VERSION = $(shell cat ../VERSION) +@@ -18,13 +16,13 @@ secon: secon.o + install-nogui: install + + install: all +- install -m 755 secon $(BINDIR); ++ install -m 755 secon $(DESTDIR)$(BINDIR); + +- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1 +- install -m 644 secon.1 $(MANDIR)/man1 ++ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1 ++ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1 + + relabel: +- /sbin/restorecon $(BINDIR)/secon ++ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon + + clean: + rm -f *.o core* secon *~ *.bak +diff --git policycoreutils-2.7/semodule/Makefile policycoreutils-2.7/semodule/Makefile +index fffb43a..639d368 100644 +--- policycoreutils-2.7/semodule/Makefile ++++ policycoreutils-2.7/semodule/Makefile +@@ -1,9 +1,7 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include ++PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR = $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib + + CFLAGS ?= -Werror -Wall -W + override LDLIBS += -lsepol -lselinux -lsemanage +@@ -17,12 +15,12 @@ genhomedircon: + ln -sf semodule genhomedircon + + install: all +- -mkdir -p $(SBINDIR) +- install -m 755 semodule $(SBINDIR) +- (cd $(SBINDIR); ln -sf semodule genhomedircon) +- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 +- install -m 644 semodule.8 $(MANDIR)/man8/ +- install -m 644 genhomedircon.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 semodule $(DESTDIR)$(SBINDIR) ++ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon) ++ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/ ++ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/ + + relabel: + +diff --git policycoreutils-2.7/sestatus/Makefile policycoreutils-2.7/sestatus/Makefile +index 41ca683..274ef35 100644 +--- policycoreutils-2.7/sestatus/Makefile ++++ policycoreutils-2.7/sestatus/Makefile +@@ -1,9 +1,8 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR = $(PREFIX)/share/man +-ETCDIR ?= $(DESTDIR)/etc +-LIBDIR ?= $(PREFIX)/lib ++ETCDIR ?= /etc + + CFLAGS ?= -Werror -Wall -W + override CFLAGS += -D_FILE_OFFSET_BITS=64 +@@ -14,14 +13,14 @@ all: sestatus + sestatus: sestatus.o + + install: all +- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 +- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5 +- -mkdir -p $(SBINDIR) +- install -m 755 sestatus $(SBINDIR) +- install -m 644 sestatus.8 $(MANDIR)/man8 +- install -m 644 sestatus.conf.5 $(MANDIR)/man5 +- -mkdir -p $(ETCDIR) +- install -m 644 sestatus.conf $(ETCDIR) ++ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5 ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 sestatus $(DESTDIR)$(SBINDIR) ++ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5 ++ -mkdir -p $(DESTDIR)$(ETCDIR) ++ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR) + + clean: + rm -f sestatus *.o +diff --git policycoreutils-2.7/setfiles/Makefile policycoreutils-2.7/setfiles/Makefile +index c08e2dd..e943276 100644 +--- policycoreutils-2.7/setfiles/Makefile ++++ policycoreutils-2.7/setfiles/Makefile +@@ -1,8 +1,7 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-SBINDIR ?= $(DESTDIR)/sbin ++PREFIX ?= /usr ++SBINDIR ?= /sbin + MANDIR = $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib + AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) + + ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') +@@ -29,14 +28,14 @@ man: + @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man + + install: all +- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 +- -mkdir -p $(SBINDIR) +- install -m 755 setfiles $(SBINDIR) +- (cd $(SBINDIR) && ln -sf setfiles restorecon) +- install -m 755 restorecon_xattr $(SBINDIR) +- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8 +- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8 +- install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8 ++ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 setfiles $(DESTDIR)$(SBINDIR) ++ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon) ++ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR) ++ install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8 ++ install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8 ++ install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8 + + clean: + rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man +@@ -45,4 +44,4 @@ indent: + ../../scripts/Lindent $(wildcard *.[ch]) + + relabel: install +- $(SBINDIR)/restorecon $(SBINDIR)/setfiles $(SBINDIR)/restorecon_xattr ++ $(DESTDIR)$(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles $(DESTDIR)$(SBINDIR)/restorecon_xattr diff --git policycoreutils-2.7/setfiles/setfiles.8 policycoreutils-2.7/setfiles/setfiles.8 index 9501845..ccaaf4d 100644 --- policycoreutils-2.7/setfiles/setfiles.8 @@ -55,3 +443,39 @@ index 9501845..ccaaf4d 100644 .SH "SEE ALSO" .BR restorecon (8), +diff --git policycoreutils-2.7/setsebool/Makefile policycoreutils-2.7/setsebool/Makefile +index bc254da..47bea60 100644 +--- policycoreutils-2.7/setsebool/Makefile ++++ policycoreutils-2.7/setsebool/Makefile +@@ -1,10 +1,8 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include ++PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR = $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib +-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions ++BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions + + CFLAGS ?= -Werror -Wall -W + override LDLIBS += -lsepol -lselinux -lsemanage +@@ -17,12 +15,12 @@ all: setsebool + setsebool: $(SETSEBOOL_OBJS) + + install: all +- -mkdir -p $(SBINDIR) +- install -m 755 setsebool $(SBINDIR) +- -mkdir -p $(MANDIR)/man8 +- install -m 644 setsebool.8 $(MANDIR)/man8/ +- -mkdir -p $(BASHCOMPLETIONDIR) +- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/setsebool ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 setsebool $(DESTDIR)$(SBINDIR) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) ++ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool + + relabel: + diff --git a/policycoreutils.spec b/policycoreutils.spec index 7987383..fbc73c6 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,7 +1,7 @@ %global libauditver 2.1.3-4 -%global libsepolver 2.7-3 -%global libsemanagever 2.7-5 -%global libselinuxver 2.7-6 +%global libsepolver 2.7-5 +%global libsemanagever 2.7-10 +%global libselinuxver 2.7-12 %global sepolgenver 2.7 %global generatorsdir %{_prefix}/lib/systemd/system-generators @@ -9,7 +9,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.7 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/policycoreutils-2.7.tar.gz @@ -30,7 +30,7 @@ Source18: selinux-autorelabel.target Source19: selinux-autorelabel-generator.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# HEAD https://github.com/fedora-selinux/selinux/commit/c5e8255a66a4ee88ec4a01dfa431acb323531b7 +# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261eb # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do # ./make-fedora-selinux-patch.sh $i # done @@ -111,20 +111,20 @@ mkdir -p %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_mandir}/man8 %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/ -make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-python-%{version} PYTHON=%{__python2} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C selinux-python-%{version} PYTHON=%{__python2} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install # Systemd @@ -167,10 +167,10 @@ install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/ ln -s ../selinux-autorelabel-mark.service %{buildroot}/%{_unitdir}/basic.target.wants/ # change /usr/bin/python3? to /usr/bin/python2 in policycoreutils-python/python2-policycoreutils -pathfix.py -i "%{__python2} -Es" -p %{buildroot}%{python2_sitelib} %{buildroot}%{python2_sitearch} +pathfix.py -i "%{__python2} -Es" -p %{buildroot}%{python2_sitelib} # change /usr/bin/python to %%{__python3} in policycoreutils-python3 -pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} +pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib} # change /usr/bin/python to %%{__python3} in policycoreutils-python-utils pathfix.py -i "%{__python3} -Es" -p \ @@ -260,9 +260,9 @@ The python3-policycoreutils package contains the interfaces that can be used by python 3 in an SELinux environment. %files -n python3-policycoreutils -%{python3_sitearch}/seobject.py* -%{python3_sitearch}/__pycache__ -%{python3_sitearch}/sepolgen +%{python3_sitelib}/seobject.py* +%{python3_sitelib}/__pycache__ +%{python3_sitelib}/sepolgen %dir %{python3_sitelib}/sepolicy %{python3_sitelib}/sepolicy/templates %dir %{python3_sitelib}/sepolicy/help @@ -300,8 +300,8 @@ The policycoreutils-python package contains the management tools use to manage an SELinux environment. %files -n python2-policycoreutils -%{python2_sitearch}/seobject.py* -%{python2_sitearch}/sepolgen +%{python2_sitelib}/seobject.py* +%{python2_sitelib}/sepolgen %dir %{python2_sitelib}/sepolicy %{python2_sitelib}/sepolicy/templates %{python2_sitelib}/sepolicy/__init__.py* @@ -492,6 +492,18 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Tue Mar 13 2018 Petr Lautrbach - 2.7-15 +- sepolicy: Fix translated strings with parameters +- sepolicy: Support non-MLS policy +- sepolicy: Initialize policy.ports as a dict in generate.py +- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name +- Minor update for bash completion +- semodule_package: fix semodule_unpackage man page +- gui/semanagePage: Close "edit" and "add" dialogues when successfull +- gui/fcontextPage: Set default object class in addDialog\ +- sepolgen: fix typo in PolicyGenerator +- build: follow standard semantics for DESTDIR and PREFIX + * Mon Feb 26 2018 Petr Lautrbach - 2.7-14 - Use Fedora RPM build flags (#1548740) diff --git a/restorecond-fedora.patch b/restorecond-fedora.patch index 5e07eac..09b008c 100644 --- a/restorecond-fedora.patch +++ b/restorecond-fedora.patch @@ -1,3 +1,60 @@ +diff --git restorecond-2.7/Makefile restorecond-2.7/Makefile +index ada94ae..25be18d 100644 +--- restorecond-2.7/Makefile ++++ restorecond-2.7/Makefile +@@ -1,13 +1,12 @@ + PKG_CONFIG ?= pkg-config + + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin +-LIBDIR ?= $(PREFIX)/lib + MANDIR = $(PREFIX)/share/man +-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart +-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services +-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd ++AUTOSTARTDIR = /etc/xdg/autostart ++DBUSSERVICEDIR = $(PREFIX)/share/dbus-1/services ++SYSTEMDDIR ?= $(PREFIX)/lib/systemd + + autostart_DATA = sealertauto.desktop + INITDIR ?= $(DESTDIR)/etc/rc.d/init.d +@@ -39,23 +38,23 @@ restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + + install: all +- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 +- -mkdir -p $(SBINDIR) +- install -m 755 restorecond $(SBINDIR) +- install -m 644 restorecond.8 $(MANDIR)/man8 ++ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 restorecond $(DESTDIR)$(SBINDIR) ++ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8 + -mkdir -p $(INITDIR) + install -m 755 restorecond.init $(INITDIR)/restorecond + -mkdir -p $(SELINUXDIR) + install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf + install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf +- -mkdir -p $(AUTOSTARTDIR) +- install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop +- -mkdir -p $(DBUSSERVICEDIR) +- install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service +- -mkdir -p $(SYSTEMDDIR)/system +- install -m 644 restorecond.service $(SYSTEMDDIR)/system/ ++ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR) ++ install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop ++ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR) ++ install -m 600 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service ++ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system ++ install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/ + relabel: install +- /sbin/restorecon $(SBINDIR)/restorecond ++ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond + + clean: + -rm -f restorecond *.o *~ diff --git restorecond-2.7/restorecond.c restorecond-2.7/restorecond.c index f379db1..6fbbd35 100644 --- restorecond-2.7/restorecond.c diff --git a/selinux-dbus-fedora.patch b/selinux-dbus-fedora.patch index b8634de..a4982c4 100644 --- a/selinux-dbus-fedora.patch +++ b/selinux-dbus-fedora.patch @@ -1,3 +1,32 @@ +diff --git selinux-dbus-2.7/Makefile selinux-dbus-2.7/Makefile +index 9a6cc90..53143af 100644 +--- selinux-dbus-2.7/Makefile ++++ selinux-dbus-2.7/Makefile +@@ -1,3 +1,5 @@ ++PREFIX ?= /usr ++ + all: + + clean: +@@ -5,12 +7,12 @@ clean: + install: + -mkdir -p $(DESTDIR)/etc/dbus-1/system.d/ + install -m 644 org.selinux.conf $(DESTDIR)/etc/dbus-1/system.d/ +- -mkdir -p $(DESTDIR)/usr/share/dbus-1/system-services +- install -m 644 org.selinux.service $(DESTDIR)/usr/share/dbus-1/system-services +- -mkdir -p $(DESTDIR)/usr/share/polkit-1/actions/ +- install -m 644 org.selinux.policy $(DESTDIR)/usr/share/polkit-1/actions/ +- -mkdir -p $(DESTDIR)/usr/share/system-config-selinux +- install -m 755 selinux_server.py $(DESTDIR)/usr/share/system-config-selinux ++ -mkdir -p $(DESTDIR)$(PREFIX)/share/dbus-1/system-services ++ install -m 644 org.selinux.service $(DESTDIR)$(PREFIX)/share/dbus-1/system-services ++ -mkdir -p $(DESTDIR)$(PREFIX)/share/polkit-1/actions/ ++ install -m 644 org.selinux.policy $(DESTDIR)$(PREFIX)/share/polkit-1/actions/ ++ -mkdir -p $(DESTDIR)$(PREFIX)/share/system-config-selinux ++ install -m 755 selinux_server.py $(DESTDIR)$(PREFIX)/share/system-config-selinux + + relabel: + diff --git selinux-dbus-2.7/org.selinux.conf selinux-dbus-2.7/org.selinux.conf index a350978..1ae079d 100644 --- selinux-dbus-2.7/org.selinux.conf diff --git a/selinux-gui-fedora.patch b/selinux-gui-fedora.patch index edb52be..a9554e5 100644 --- a/selinux-gui-fedora.patch +++ b/selinux-gui-fedora.patch @@ -1,8 +1,15 @@ diff --git selinux-gui-2.7/Makefile selinux-gui-2.7/Makefile -index 4fc2c1a..ff0fd00 100644 +index 4fc2c1a..a72e58c 100644 --- selinux-gui-2.7/Makefile +++ selinux-gui-2.7/Makefile -@@ -11,14 +11,13 @@ domainsPage.py \ +@@ -1,5 +1,5 @@ + # Installation directories. +-PREFIX ?= ${DESTDIR}/usr ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin + SHAREDIR ?= $(PREFIX)/share/system-config-selinux + DATADIR ?= $(PREFIX)/share +@@ -11,42 +11,41 @@ domainsPage.py \ fcontextPage.py \ html_util.py \ loginsPage.py \ @@ -19,6 +26,55 @@ index 4fc2c1a..ff0fd00 100644 usersPage.py all: $(TARGETS) system-config-selinux.py polgengui.py + + install: all +- -mkdir -p $(MANDIR)/man8 +- -mkdir -p $(SHAREDIR) +- -mkdir -p $(BINDIR) +- -mkdir -p $(DATADIR)/pixmaps +- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps +- -mkdir -p $(DATADIR)/polkit-1/actions/ +- install -m 755 system-config-selinux.py $(SHAREDIR) +- install -m 755 system-config-selinux $(BINDIR) +- install -m 755 polgengui.py $(SHAREDIR) +- install -m 644 $(TARGETS) $(SHAREDIR) +- install -m 644 system-config-selinux.8 $(MANDIR)/man8 +- install -m 644 selinux-polgengui.8 $(MANDIR)/man8 +- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps +- install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps +- install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux +- install -m 644 *.desktop $(DATADIR)/system-config-selinux +- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps +- install -m 644 sepolicy_256.png $(DATADIR)/pixmaps/sepolicy.png ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(SHAREDIR) ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps ++ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps ++ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ ++ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) ++ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) ++ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) ++ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) ++ install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps ++ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps ++ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux ++ install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux ++ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps ++ install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png + for i in 16 22 32 48 256; do \ +- mkdir -p $(DESTDIR) $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ +- install -m 644 sepolicy_$${i}.png $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ ++ mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \ ++ install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ + done +- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/ ++ install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ + clean: + + indent: diff --git selinux-gui-2.7/booleansPage.py selinux-gui-2.7/booleansPage.py index a5d04bf..7849bea 100644 --- selinux-gui-2.7/booleansPage.py @@ -219,7 +275,7 @@ index 66f882a..bad5140 100644 p = store.get_value(iter, 1) == _("Permissive") self.permissive_button.set_sensitive(not p) diff --git selinux-gui-2.7/fcontextPage.py selinux-gui-2.7/fcontextPage.py -index 2e26666..a6577ef 100644 +index 2e26666..370bbee 100644 --- selinux-gui-2.7/fcontextPage.py +++ selinux-gui-2.7/fcontextPage.py @@ -16,10 +16,7 @@ @@ -288,7 +344,15 @@ index 2e26666..a6577ef 100644 def match(self, fcon_dict, k, filter): try: -@@ -192,7 +189,7 @@ class fcontextPage(semanagePage): +@@ -167,6 +164,7 @@ class fcontextPage(semanagePage): + self.fcontextEntry.set_text("") + self.fcontextEntry.set_sensitive(True) + self.fcontextFileTypeCombo.set_sensitive(True) ++ self.fcontextFileTypeCombo.set_active(0) + self.fcontextTypeEntry.set_text("") + self.fcontextMLSEntry.set_text("s0") + +@@ -192,7 +190,7 @@ class fcontextPage(semanagePage): mls = self.fcontextMLSEntry.get_text().strip() list_model = self.fcontextFileTypeCombo.get_model() it = self.fcontextFileTypeCombo.get_active_iter() @@ -2913,7 +2977,7 @@ index 0000000..aa4c70a + + diff --git selinux-gui-2.7/polgengui.py selinux-gui-2.7/polgengui.py -index 7460cce..cd73ea6 100644 +index 7460cce..1601dbe 100644 --- selinux-gui-2.7/polgengui.py +++ selinux-gui-2.7/polgengui.py @@ -22,11 +22,11 @@ @@ -3366,7 +3430,7 @@ index 7460cce..cd73ea6 100644 self.file_dialog.set_select_multiple(1) self.__add(FILE) -@@ -599,71 +604,71 @@ class childWindow: +@@ -599,87 +604,87 @@ class childWindow: self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into")) self.file_dialog.set_current_folder("/") self.file_dialog.set_select_multiple(1) @@ -3479,7 +3543,12 @@ index 7460cce..cd73ea6 100644 return self.output_entry.set_text(self.file_dialog.get_filename()) -@@ -675,11 +680,11 @@ class childWindow: + def on_name_entry_changed(self, entry, text, size, position): + if text.find(" ") >= 0: +- entry.emit_stop_by_name("insert_text") ++ entry.stop_emission_by_name("insert-text") + + def on_focus_out_event(self, entry, third): name = entry.get_text() if self.name != name: if name in self.all_types: @@ -3533,7 +3602,7 @@ index 7460cce..cd73ea6 100644 if __name__ == "__main__": signal.signal(signal.SIGINT, signal.SIG_DFL) diff --git selinux-gui-2.7/portsPage.py selinux-gui-2.7/portsPage.py -index b8fdaad..03179c5 100644 +index b8fdaad..30f5838 100644 --- selinux-gui-2.7/portsPage.py +++ selinux-gui-2.7/portsPage.py @@ -16,12 +16,8 @@ @@ -3550,20 +3619,7 @@ index b8fdaad..03179c5 100644 import seobject TYPE_COL = 0 -@@ -40,6 +36,12 @@ from semanagePage import * - ## I18N - ## - PROGNAME = "policycoreutils" -+ -+TYPE_COL = 0 -+PROTOCOL_COL = 1 -+MLS_COL = 2 -+PORT_COL = 3 -+ - try: - import gettext - kwargs = {} -@@ -62,18 +64,19 @@ class portsPage(semanagePage): +@@ -62,18 +58,19 @@ class portsPage(semanagePage): def __init__(self, xml): semanagePage.__init__(self, xml, "ports", _("Network Port")) @@ -3592,7 +3648,7 @@ index b8fdaad..03179c5 100644 liststore = self.ports_protocol_combo.get_model() iter = liststore.get_iter_first() self.ports_protocol_combo.set_active_iter(iter) -@@ -90,28 +93,28 @@ class portsPage(semanagePage): +@@ -90,28 +87,28 @@ class portsPage(semanagePage): self.group_load(filter) def init_store(self): @@ -3628,7 +3684,7 @@ index b8fdaad..03179c5 100644 col.set_sort_column_id(PORT_COL) col.set_resizable(True) self.view.append_column(col) -@@ -139,7 +142,7 @@ class portsPage(semanagePage): +@@ -139,7 +136,7 @@ class portsPage(semanagePage): continue iter = self.store.append() if k[0] == k[1]: @@ -3638,7 +3694,7 @@ index b8fdaad..03179c5 100644 rec = "%s-%s" % k[:2] self.store.set_value(iter, PORT_COL, rec) diff --git selinux-gui-2.7/semanagePage.py selinux-gui-2.7/semanagePage.py -index 27367f3..560ec07 100644 +index 27367f3..4127804 100644 --- selinux-gui-2.7/semanagePage.py +++ selinux-gui-2.7/semanagePage.py @@ -16,13 +16,8 @@ @@ -3746,7 +3802,7 @@ index 27367f3..560ec07 100644 + while self.dialog.run() == Gtk.ResponseType.OK: try: - if self.add() == False: -+ if not self.add(): ++ if self.add() is False: continue break except ValueError as e: @@ -3760,7 +3816,7 @@ index 27367f3..560ec07 100644 + while self.dialog.run() == Gtk.ResponseType.OK: try: - if self.modify() == False: -+ if not self.modify(): ++ if self.modify() is False: continue break except ValueError as e: diff --git a/selinux-python-fedora.patch b/selinux-python-fedora.patch index c0364ac..3e7036c 100644 --- a/selinux-python-fedora.patch +++ b/selinux-python-fedora.patch @@ -1,3 +1,131 @@ +diff --git selinux-python-2.7/audit2allow/Makefile selinux-python-2.7/audit2allow/Makefile +index 8db8075..513bb2b 100644 +--- selinux-python-2.7/audit2allow/Makefile ++++ selinux-python-2.7/audit2allow/Makefile +@@ -1,19 +1,23 @@ + PYTHON ?= python + + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin +-LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man +-LOCALEDIR ?= /usr/share/locale +-INCLUDEDIR ?= $(PREFIX)/include +-LIBSEPOLA ?= $(LIBDIR)/libsepol.a + + CFLAGS ?= -Werror -Wall -W + ++# If no specific libsepol.a is specified, fall back on LDFLAGS search path ++# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there ++# is no need to define a value for LDLIBS_LIBSEPOLA ++ifeq ($(LIBSEPOLA),) ++ LDLIBS_LIBSEPOLA := -l:libsepol.a ++endif ++ + all: audit2why sepolgen-ifgen-attr-helper + + sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(LIBSEPOLA) ++ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA) + + audit2why: + ln -sf audit2allow audit2why +@@ -22,14 +26,14 @@ test: all + @$(PYTHON) test_audit2allow.py -v + + install: all +- -mkdir -p $(BINDIR) +- install -m 755 audit2allow $(BINDIR) +- (cd $(BINDIR); ln -sf audit2allow audit2why) +- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR) +- install -m 755 sepolgen-ifgen $(BINDIR) +- -mkdir -p $(MANDIR)/man1 +- install -m 644 audit2allow.1 $(MANDIR)/man1/ +- install -m 644 audit2why.1 $(MANDIR)/man1/ ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 audit2allow $(DESTDIR)$(BINDIR) ++ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why) ++ install -m 755 sepolgen-ifgen-attr-helper $(DESTDIR)$(BINDIR) ++ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man1 ++ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/ ++ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/ + + clean: + rm -f *~ *.o sepolgen-ifgen-attr-helper +diff --git selinux-python-2.7/chcat/Makefile selinux-python-2.7/chcat/Makefile +index 0fd12d6..290b9a6 100644 +--- selinux-python-2.7/chcat/Makefile ++++ selinux-python-2.7/chcat/Makefile +@@ -1,17 +1,16 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin + MANDIR ?= $(PREFIX)/share/man +-LOCALEDIR ?= $(PREFIX)/share/locale + + .PHONY: all + all: chcat + + install: all +- -mkdir -p $(BINDIR) +- install -m 755 chcat $(BINDIR) +- -mkdir -p $(MANDIR)/man8 +- install -m 644 chcat.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 chcat $(DESTDIR)$(BINDIR) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/ + + clean: + +diff --git selinux-python-2.7/semanage/Makefile selinux-python-2.7/semanage/Makefile +index 132162b..5fc1998 100644 +--- selinux-python-2.7/semanage/Makefile ++++ selinux-python-2.7/semanage/Makefile +@@ -1,13 +1,12 @@ + PYTHON ?= python + + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-LIBDIR ?= $(PREFIX)/lib ++PREFIX ?= /usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR = $(PREFIX)/share/man +-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))") +-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR) +-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions ++PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))") ++PACKAGEDIR ?= $(PYTHONLIBDIR) ++BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions + + TARGETS=semanage + +@@ -16,14 +15,14 @@ BASHCOMPLETIONS=semanage-bash-completion.sh + all: $(TARGETS) + + install: all +- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8 +- -mkdir -p $(SBINDIR) +- install -m 755 semanage $(SBINDIR) +- install -m 644 *.8 $(MANDIR)/man8 +- test -d $(PACKAGEDIR) || install -m 755 -d $(PACKAGEDIR) +- install -m 755 seobject.py $(PACKAGEDIR) +- -mkdir -p $(BASHCOMPLETIONDIR) +- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage ++ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 755 semanage $(DESTDIR)$(SBINDIR) ++ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 ++ test -d $(DESTDIR)/$(PACKAGEDIR) || install -m 755 -d $(DESTDIR)/$(PACKAGEDIR) ++ install -m 755 seobject.py $(DESTDIR)/$(PACKAGEDIR) ++ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) ++ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage + + test: + @$(PYTHON) test-semanage.py -a diff --git selinux-python-2.7/semanage/semanage selinux-python-2.7/semanage/semanage index 313537c..8d8a086 100644 --- selinux-python-2.7/semanage/semanage @@ -265,6 +393,19 @@ index 313537c..8d8a086 100644 trans.finish() +diff --git selinux-python-2.7/semanage/semanage-bash-completion.sh selinux-python-2.7/semanage/semanage-bash-completion.sh +index 6b53292..2d811c9 100644 +--- selinux-python-2.7/semanage/semanage-bash-completion.sh ++++ selinux-python-2.7/semanage/semanage-bash-completion.sh +@@ -59,7 +59,7 @@ __get_export_opts () { echo '$ALL_OPTS --f --output_file' ; } + __get_boolean_opts () { echo '$ALL_OPTS --on -off -1 -0' ; } + __get_user_opts () { echo '$ALL_OPTS $MANAGED_OPTS -L --level -r --range -R --role '; } + __get_login_opts () { echo '$ALL_OPTS $MANAGED_OPTS -s --seuser -r --range'; } +-__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t -type -r --range -p --proto'; } ++__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -r --range -p --proto'; } + __get_interface_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type '; } + __get_node_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -M --mask -p --proto'; } + __get_fcontext_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -e --equal -f --ftype '; } diff --git selinux-python-2.7/semanage/semanage.8 selinux-python-2.7/semanage/semanage.8 index 0bdb90f..0cdcfcc 100644 --- selinux-python-2.7/semanage/semanage.8 @@ -282,15 +423,14 @@ index 0bdb90f..0cdcfcc 100644 user identities to authorized role sets. In most cases, only the former mapping needs to be adjusted by the administrator; the latter diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py -index 70fd192..dca9506 100644 +index 70fd192..ac310ea 100644 --- selinux-python-2.7/semanage/seobject.py +++ selinux-python-2.7/semanage/seobject.py -@@ -238,20 +238,31 @@ class semanageRecords: +@@ -238,20 +238,30 @@ class semanageRecords: transaction = False handle = None store = None + args = None -+ noreload = False - def __init__(self, store): + def __init__(self, args = None): @@ -322,7 +462,7 @@ index 70fd192..dca9506 100644 def get_handle(self, store): global is_mls_enabled -@@ -312,7 +323,8 @@ class semanageRecords: +@@ -312,7 +322,8 @@ class semanageRecords: if semanageRecords.transaction: return @@ -332,7 +472,7 @@ index 70fd192..dca9506 100644 rc = semanage_commit(self.sh) if rc < 0: self.mylog.commit(0) -@@ -328,8 +340,8 @@ class semanageRecords: +@@ -328,8 +339,8 @@ class semanageRecords: class moduleRecords(semanageRecords): @@ -343,41 +483,19 @@ index 70fd192..dca9506 100644 def get_all(self): l = [] -@@ -386,6 +398,8 @@ class moduleRecords(semanageRecords): - print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled)) - - def add(self, file, priority): -+ if not file: -+ raise ValueError(_("You did not define module.")) - if not os.path.exists(file): - raise ValueError(_("Module does not exist: %s ") % file) - -@@ -398,6 +412,8 @@ class moduleRecords(semanageRecords): - self.commit() - - def set_enabled(self, module, enable): -+ if not module: -+ raise ValueError(_("You did not define module name.")) - for m in module.split(): - rc, key = semanage_module_key_create(self.sh) - if rc < 0: -@@ -416,11 +432,15 @@ class moduleRecords(semanageRecords): +@@ -415,11 +426,6 @@ class moduleRecords(semanageRecords): + raise ValueError(_("Could not disable module %s") % m) self.commit() - def modify(self, file): -+ if not file: -+ raise ValueError(_("You did not define module.")) - rc = semanage_module_update_file(self.sh, file) - if rc >= 0: - self.commit() - +- def modify(self, file): +- rc = semanage_module_update_file(self.sh, file) +- if rc >= 0: +- self.commit() +- def delete(self, module, priority): -+ if not module: -+ raise ValueError(_("You did not define module name.")) rc = semanage_set_default_priority(self.sh, priority) if rc < 0: - raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) -@@ -440,8 +460,8 @@ class moduleRecords(semanageRecords): +@@ -440,8 +446,8 @@ class moduleRecords(semanageRecords): class dontauditClass(semanageRecords): @@ -388,7 +506,7 @@ index 70fd192..dca9506 100644 def toggle(self, dontaudit): if dontaudit not in ["on", "off"]: -@@ -453,8 +473,8 @@ class dontauditClass(semanageRecords): +@@ -453,8 +459,8 @@ class dontauditClass(semanageRecords): class permissiveRecords(semanageRecords): @@ -399,7 +517,7 @@ index 70fd192..dca9506 100644 def get_all(self): l = [] -@@ -522,8 +542,8 @@ class permissiveRecords(semanageRecords): +@@ -522,8 +528,8 @@ class permissiveRecords(semanageRecords): class loginRecords(semanageRecords): @@ -410,7 +528,7 @@ index 70fd192..dca9506 100644 self.oldsename = None self.oldserange = None self.sename = None -@@ -534,7 +554,7 @@ class loginRecords(semanageRecords): +@@ -534,7 +540,7 @@ class loginRecords(semanageRecords): if sename == "": sename = "user_u" @@ -419,7 +537,7 @@ index 70fd192..dca9506 100644 range, (rc, oldserole) = userrec.get(self.oldsename) range, (rc, serole) = userrec.get(sename) -@@ -603,7 +623,7 @@ class loginRecords(semanageRecords): +@@ -603,7 +609,7 @@ class loginRecords(semanageRecords): if sename == "" and serange == "": raise ValueError(_("Requires seuser or serange")) @@ -428,7 +546,7 @@ index 70fd192..dca9506 100644 range, (rc, oldserole) = userrec.get(self.oldsename) if sename != "": -@@ -660,7 +680,7 @@ class loginRecords(semanageRecords): +@@ -660,7 +666,7 @@ class loginRecords(semanageRecords): def __delete(self, name): rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name) @@ -437,7 +555,7 @@ index 70fd192..dca9506 100644 range, (rc, oldserole) = userrec.get(self.oldsename) (rc, k) = semanage_seuser_key_create(self.sh, name) -@@ -779,8 +799,8 @@ class loginRecords(semanageRecords): +@@ -779,8 +785,8 @@ class loginRecords(semanageRecords): class seluserRecords(semanageRecords): @@ -448,7 +566,7 @@ index 70fd192..dca9506 100644 def get(self, name): (rc, k) = semanage_user_key_create(self.sh, name) -@@ -1042,8 +1062,8 @@ class portRecords(semanageRecords): +@@ -1042,8 +1048,8 @@ class portRecords(semanageRecords): except RuntimeError: valid_types = [] @@ -459,7 +577,7 @@ index 70fd192..dca9506 100644 def __genkey(self, port, proto): if proto == "tcp": -@@ -1317,8 +1337,8 @@ class ibpkeyRecords(semanageRecords): +@@ -1317,8 +1323,8 @@ class ibpkeyRecords(semanageRecords): except: valid_types = [] @@ -470,7 +588,7 @@ index 70fd192..dca9506 100644 def __genkey(self, pkey, subnet_prefix): if subnet_prefix == "": -@@ -1540,9 +1560,8 @@ class ibpkeyRecords(semanageRecords): +@@ -1540,9 +1546,8 @@ class ibpkeyRecords(semanageRecords): def customized(self): l = [] ddict = self.get_all(True) @@ -482,7 +600,7 @@ index 70fd192..dca9506 100644 if k[0] == k[1]: l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0])) else: -@@ -1554,11 +1573,10 @@ class ibpkeyRecords(semanageRecords): +@@ -1554,11 +1559,10 @@ class ibpkeyRecords(semanageRecords): keys = ddict.keys() if len(keys) == 0: return @@ -495,7 +613,7 @@ index 70fd192..dca9506 100644 rec = "%-30s %-18s " % i rec += "%s" % ddict[i][0] for p in ddict[i][1:]: -@@ -1572,8 +1590,8 @@ class ibendportRecords(semanageRecords): +@@ -1572,8 +1576,8 @@ class ibendportRecords(semanageRecords): except: valid_types = [] @@ -506,7 +624,7 @@ index 70fd192..dca9506 100644 def __genkey(self, ibendport, ibdev_name): if ibdev_name == "": -@@ -1782,10 +1800,9 @@ class ibendportRecords(semanageRecords): +@@ -1782,10 +1786,9 @@ class ibendportRecords(semanageRecords): def customized(self): l = [] ddict = self.get_all(True) @@ -520,7 +638,7 @@ index 70fd192..dca9506 100644 return l def list(self, heading=1, locallist=0): -@@ -1793,11 +1810,10 @@ class ibendportRecords(semanageRecords): +@@ -1793,11 +1796,10 @@ class ibendportRecords(semanageRecords): keys = ddict.keys() if len(keys) == 0: return @@ -533,7 +651,7 @@ index 70fd192..dca9506 100644 rec = "%-30s %-18s " % i rec += "%s" % ddict[i][0] for p in ddict[i][1:]: -@@ -1810,8 +1826,8 @@ class nodeRecords(semanageRecords): +@@ -1810,8 +1812,8 @@ class nodeRecords(semanageRecords): except RuntimeError: valid_types = [] @@ -544,7 +662,7 @@ index 70fd192..dca9506 100644 self.protocol = ["ipv4", "ipv6"] def validate(self, addr, mask, protocol): -@@ -2046,8 +2062,8 @@ class nodeRecords(semanageRecords): +@@ -2046,8 +2048,8 @@ class nodeRecords(semanageRecords): class interfaceRecords(semanageRecords): @@ -555,7 +673,7 @@ index 70fd192..dca9506 100644 def __add(self, interface, serange, ctype): if is_mls_enabled == 1: -@@ -2243,8 +2259,8 @@ class fcontextRecords(semanageRecords): +@@ -2243,8 +2245,8 @@ class fcontextRecords(semanageRecords): except RuntimeError: valid_types = [] @@ -566,7 +684,7 @@ index 70fd192..dca9506 100644 self.equiv = {} self.equiv_dist = {} self.equal_ind = False -@@ -2566,10 +2582,15 @@ class fcontextRecords(semanageRecords): +@@ -2566,10 +2568,15 @@ class fcontextRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not list file contexts")) @@ -582,7 +700,7 @@ index 70fd192..dca9506 100644 self.flist += fclocal ddict = {} -@@ -2627,8 +2648,8 @@ class fcontextRecords(semanageRecords): +@@ -2627,8 +2634,8 @@ class fcontextRecords(semanageRecords): class booleanRecords(semanageRecords): @@ -593,6 +711,104 @@ index 70fd192..dca9506 100644 self.dict = {} self.dict["TRUE"] = 1 self.dict["FALSE"] = 0 +diff --git selinux-python-2.7/sepolgen/src/sepolgen/Makefile selinux-python-2.7/sepolgen/src/sepolgen/Makefile +index d3aa771..c75809a 100644 +--- selinux-python-2.7/sepolgen/src/sepolgen/Makefile ++++ selinux-python-2.7/sepolgen/src/sepolgen/Makefile +@@ -1,12 +1,13 @@ ++PREFIX ?= /usr + PYTHON ?= python +-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))") +-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen ++PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))") ++PACKAGEDIR ?= /$(PYTHONLIBDIR)/sepolgen + + all: + + install: all +- -mkdir -p $(PACKAGEDIR) +- install -m 644 *.py $(PACKAGEDIR) ++ -mkdir -p $(DESTDIR)$(PACKAGEDIR) ++ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR) + + clean: + rm -f parser.out parsetab.py +diff --git selinux-python-2.7/sepolgen/src/sepolgen/policygen.py selinux-python-2.7/sepolgen/src/sepolgen/policygen.py +index 34c8401..ee664fb 100644 +--- selinux-python-2.7/sepolgen/src/sepolgen/policygen.py ++++ selinux-python-2.7/sepolgen/src/sepolgen/policygen.py +@@ -77,7 +77,7 @@ class PolicyGenerator: + self.explain = NO_EXPLANATION + self.gen_requires = False + if module: +- self.moduel = module ++ self.module = module + else: + self.module = refpolicy.Module() + +diff --git selinux-python-2.7/sepolgen/src/share/Makefile selinux-python-2.7/sepolgen/src/share/Makefile +index abf5e45..1a7133c 100644 +--- selinux-python-2.7/sepolgen/src/share/Makefile ++++ selinux-python-2.7/sepolgen/src/share/Makefile +@@ -1,10 +1,10 @@ +-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen ++SHAREDIR ?= /var/lib/sepolgen + + all: + + install: all +- -mkdir -p $(SHAREDIR) +- install -m 644 perm_map $(SHAREDIR) ++ -mkdir -p $(DESTDIR)$(SHAREDIR) ++ install -m 644 perm_map $(DESTDIR)$(SHAREDIR) + + clean: +- rm -f *~ +\ No newline at end of file ++ rm -f *~ +diff --git selinux-python-2.7/sepolicy/Makefile selinux-python-2.7/sepolicy/Makefile +index 5a56e6c..fb8a132 100644 +--- selinux-python-2.7/sepolicy/Makefile ++++ selinux-python-2.7/sepolicy/Makefile +@@ -1,14 +1,10 @@ + PYTHON ?= python + + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-LIBDIR ?= $(PREFIX)/lib ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin +-DATADIR ?= $(PREFIX)/share + MANDIR ?= $(PREFIX)/share/man +-LOCALEDIR ?= /usr/share/locale +-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions +-SHAREDIR ?= $(PREFIX)/share/sandbox ++BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions + CFLAGS ?= -Wall -Werror -Wextra -W + override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared + +@@ -30,13 +26,13 @@ test: + @$(PYTHON) test_sepolicy.py -v + + install: +- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` +- [ -d $(BINDIR) ] || mkdir -p $(BINDIR) +- install -m 755 sepolicy.py $(BINDIR)/sepolicy +- (cd $(BINDIR); ln -sf sepolicy sepolgen) +- -mkdir -p $(MANDIR)/man8 +- install -m 644 *.8 $(MANDIR)/man8 +- -mkdir -p $(BASHCOMPLETIONDIR) +- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/sepolicy ++ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` ++ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy ++ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) ++ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy + + relabel: diff --git selinux-python-2.7/sepolicy/sepolicy.8 selinux-python-2.7/sepolicy/sepolicy.8 index 7900586..09d2b24 100644 --- selinux-python-2.7/sepolicy/sepolicy.8 @@ -777,10 +993,16 @@ index 5cfc071..24e3526 100644 def reinit(): diff --git selinux-python-2.7/sepolicy/sepolicy/generate.py selinux-python-2.7/sepolicy/sepolicy/generate.py -index d68f96e..31aa968 100644 +index d68f96e..f814e27 100644 --- selinux-python-2.7/sepolicy/sepolicy/generate.py +++ selinux-python-2.7/sepolicy/sepolicy/generate.py -@@ -110,7 +110,7 @@ def get_all_ports(): +@@ -105,12 +105,12 @@ def get_all_ports(): + p['type'] == "port_t" or \ + p['type'] == "hi_reserved_port_t": + continue +- dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p['range']) ++ dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) + return dict def get_all_users(): @@ -789,6 +1011,23 @@ index d68f96e..31aa968 100644 users.remove("system_u") users.remove("root") users.sort() +@@ -191,14 +191,14 @@ def verify_ports(ports): + temp.append(p) + return temp + except ValueError: +- raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port)) ++ raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d ") % max_port) + + + class policy: + + def __init__(self, name, type): + self.rpms = [] +- self.ports = [] ++ self.ports = {} + self.all_roles = get_all_roles() + self.types = [] + @@ -459,25 +459,25 @@ class policy: self.out_udp = [all, False, False, verify_ports(ports)] @@ -820,9 +1059,18 @@ index d68f96e..31aa968 100644 self.manage_krb5_rcache = val diff --git selinux-python-2.7/sepolicy/sepolicy/gui.py selinux-python-2.7/sepolicy/sepolicy/gui.py -index 007c94a..6562aa8 100644 +index 007c94a..537d516 100644 --- selinux-python-2.7/sepolicy/sepolicy/gui.py +++ selinux-python-2.7/sepolicy/sepolicy/gui.py +@@ -500,7 +500,7 @@ class SELinuxGui(): + self.all_domains.sort(key=str.lower) + + if app and app not in self.all_domains: +- self.error(_("%s is not a valid domain" % app)) ++ self.error(_("%s is not a valid domain") % app) + self.quit() + + loading_gui.show() @@ -907,8 +907,8 @@ class SELinuxGui(): if "object_r" in roles: roles.remove("object_r") @@ -834,6 +1082,41 @@ index 007c94a..6562aa8 100644 self.user_liststore.set_value(iter, 4, True) self.ready_mouse() +@@ -1056,21 +1056,21 @@ class SELinuxGui(): + self.application_files_initialize(app) + self.transitions_files_initialize(app) + +- self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app)) +- self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app)) +- self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app)) +- self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app)) +- self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app)) +- self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app)) +- self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app)) +- self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app)) +- self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app)) +- self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app)) +- self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app)) ++ self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain.") % app) ++ self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write.") % app) ++ self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect.") % app) ++ self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen.") % app) ++ self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'.") % app) ++ self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'.") % app) ++ self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'.") % app) ++ self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to.") % app) ++ self.transitions_into_tab.set_label(_("Application Transitions Into '%s'") % app) ++ self.transitions_from_tab.set_label(_("Application Transitions From '%s'") % app) ++ self.transitions_file_tab.set_label(_("File Transitions From '%s'") % app) + self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app) + self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app) +- self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label." % app)) +- self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app)) ++ self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label.") % app) ++ self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'.") % app) + + self.application = app + self.applications_selection_button.set_label(self.application) @@ -1755,14 +1755,14 @@ class SELinuxGui(): if self.login_mls_entry.get_text() == "": for u in sepolicy.get_selinux_users(): @@ -922,8 +1205,27 @@ index 007c94a..6562aa8 100644 if k in "fcontext-equiv": for f in self.cur_dict[k]: +diff --git selinux-python-2.7/sepolicy/sepolicy/interface.py selinux-python-2.7/sepolicy/sepolicy/interface.py +index c64122e..18374dc 100644 +--- selinux-python-2.7/sepolicy/sepolicy/interface.py ++++ selinux-python-2.7/sepolicy/sepolicy/interface.py +@@ -220,7 +220,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" + idict = get_interface_dict(path) + + if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type): +- print(_("Compiling %s interface" % interface)) ++ print(_("Compiling %s interface") % interface) + try: + fd = open(policy_files['te'], "w") + fd.write(generate_compile_te(interface, idict)) +@@ -237,4 +237,4 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml" + os.remove(v) + + else: +- sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface)) ++ sys.stderr.write(_("\nCompiling of %s interface is not supported.") % interface) diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py -index 4d84636..b463165 100755 +index 4d84636..8121e5c 100755 --- selinux-python-2.7/sepolicy/sepolicy/manpage.py +++ selinux-python-2.7/sepolicy/sepolicy/manpage.py @@ -84,7 +84,8 @@ def get_all_users_info(): @@ -936,7 +1238,7 @@ index 4d84636..b463165 100755 for u in allusers: if u not in ["system_u", "root", "unconfined_u"]: -@@ -125,8 +126,36 @@ def gen_domains(): +@@ -125,8 +126,33 @@ def gen_domains(): domains.sort() return domains @@ -963,10 +1265,7 @@ index 4d84636..b463165 100755 +def _gen_mcs_constrained_types(): + global mcs_constrained_types + if mcs_constrained_types is None: -+ try: -+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -+ except StopIteration: -+ mcs_constrained_types = [] ++ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) + return mcs_constrained_types + + @@ -974,7 +1273,7 @@ index 4d84636..b463165 100755 def _gen_types(): global types -@@ -149,10 +178,6 @@ def prettyprint(f, trim): +@@ -149,10 +175,6 @@ def prettyprint(f, trim): manpage_domains = [] manpage_roles = [] @@ -985,7 +1284,7 @@ index 4d84636..b463165 100755 def get_alphabet_manpages(manpage_list): alphabet_manpages = dict.fromkeys(string.ascii_letters, []) for i in string.ascii_letters: -@@ -182,7 +207,7 @@ def convert_manpage_to_html(html_manpage, manpage): +@@ -182,7 +204,7 @@ def convert_manpage_to_html(html_manpage, manpage): class HTMLManPages: """ @@ -994,7 +1293,7 @@ index 4d84636..b463165 100755 """ def __init__(self, manpage_roles, manpage_domains, path, os_version): -@@ -190,9 +215,9 @@ class HTMLManPages: +@@ -190,9 +212,9 @@ class HTMLManPages: self.manpage_domains = get_alphabet_manpages(manpage_domains) self.os_version = os_version self.old_path = path + "/" @@ -1006,7 +1305,7 @@ index 4d84636..b463165 100755 self.__gen_html_manpages() else: print("SELinux HTML man pages can not be generated for this %s" % os_version) -@@ -201,7 +226,6 @@ class HTMLManPages: +@@ -201,7 +223,6 @@ class HTMLManPages: def __gen_html_manpages(self): self._write_html_manpage() self._gen_index() @@ -1014,7 +1313,7 @@ index 4d84636..b463165 100755 self._gen_css() def _write_html_manpage(self): -@@ -219,67 +243,21 @@ class HTMLManPages: +@@ -219,67 +240,21 @@ class HTMLManPages: convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) def _gen_index(self): @@ -1086,7 +1385,7 @@ index 4d84636..b463165 100755 for letter in self.manpage_roles: if len(self.manpage_roles[letter]): fd.write(""" -@@ -423,6 +401,9 @@ class ManPage: +@@ -423,6 +398,9 @@ class ManPage: self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() @@ -1096,7 +1395,7 @@ index 4d84636..b463165 100755 if self.source_files: self.fcpath = self.root + "file_contexts" -@@ -735,10 +716,13 @@ Default Defined Ports:""") +@@ -735,10 +713,13 @@ Default Defined Ports:""") def _file_context(self): flist = [] @@ -1110,7 +1409,7 @@ index 4d84636..b463165 100755 if f in self.fcdict: mpaths = mpaths + self.fcdict[f]["regex"] if len(mpaths) == 0: -@@ -790,19 +774,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d +@@ -790,19 +771,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d .PP """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) @@ -1134,7 +1433,7 @@ index 4d84636..b463165 100755 self.fd.write(r""" .I The following file types are defined for %(domainname)s: -@@ -921,8 +906,7 @@ This manual page was auto-generated using +@@ -921,8 +903,7 @@ This manual page was auto-generated using .B "sepolicy manpage". .SH "SEE ALSO" @@ -1144,7 +1443,7 @@ index 4d84636..b463165 100755 if self.booltext != "": self.fd.write(", setsebool(8)") -@@ -974,8 +958,7 @@ All executeables with the default executable label, usually stored in /usr/bin a +@@ -974,8 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a %s""" % ", ".join(paths)) def _mcs_types(self): diff --git a/selinux-sandbox-fedora.patch b/selinux-sandbox-fedora.patch index b8fcfc3..6296834 100644 --- a/selinux-sandbox-fedora.patch +++ b/selinux-sandbox-fedora.patch @@ -1,3 +1,58 @@ +diff --git selinux-sandbox-2.7/Makefile selinux-sandbox-2.7/Makefile +index 05c3d65..49c1d3f 100644 +--- selinux-sandbox-2.7/Makefile ++++ selinux-sandbox-2.7/Makefile +@@ -1,13 +1,11 @@ + PYTHON ?= python + + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig +-LIBDIR ?= $(PREFIX)/lib ++PREFIX ?= /usr ++SYSCONFDIR ?= /etc/sysconfig + BINDIR ?= $(PREFIX)/bin + SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man +-LOCALEDIR ?= /usr/share/locale + SHAREDIR ?= $(PREFIX)/share/sandbox + override CFLAGS += -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W + override LDLIBS += -lselinux -lcap-ng +@@ -18,20 +16,20 @@ all: sandbox seunshare sandboxX.sh start + seunshare: $(SEUNSHARE_OBJS) + + install: all +- -mkdir -p $(BINDIR) +- install -m 755 sandbox $(BINDIR) +- -mkdir -p $(MANDIR)/man8 +- install -m 644 sandbox.8 $(MANDIR)/man8/ +- install -m 644 seunshare.8 $(MANDIR)/man8/ +- -mkdir -p $(MANDIR)/man5 +- install -m 644 sandbox.5 $(MANDIR)/man5/ +- -mkdir -p $(SBINDIR) +- install -m 4755 seunshare $(SBINDIR)/ +- -mkdir -p $(SHAREDIR) +- install -m 755 sandboxX.sh $(SHAREDIR) +- install -m 755 start $(SHAREDIR) +- -mkdir -p $(SYSCONFDIR) +- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 sandbox $(DESTDIR)$(BINDIR) ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/ ++ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(MANDIR)/man5 ++ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/ ++ -mkdir -p $(DESTDIR)$(SBINDIR) ++ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/ ++ -mkdir -p $(DESTDIR)$(SHAREDIR) ++ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR) ++ install -m 755 start $(DESTDIR)$(SHAREDIR) ++ -mkdir -p $(DESTDIR)$(SYSCONFDIR) ++ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox + + test: + @$(PYTHON) test_sandbox.py -v diff --git selinux-sandbox-2.7/sandboxX.sh selinux-sandbox-2.7/sandboxX.sh index eaa500d..4774528 100644 --- selinux-sandbox-2.7/sandboxX.sh diff --git a/semodule-utils-fedora.patch b/semodule-utils-fedora.patch index 236a2cf..e6dd4df 100644 --- a/semodule-utils-fedora.patch +++ b/semodule-utils-fedora.patch @@ -8,3 +8,118 @@ index 6bf4aee..e0a6579 100644 all install relabel clean indent: @for subdir in $(SUBDIRS); do \ +diff --git semodule-utils-2.7/semodule_expand/Makefile semodule-utils-2.7/semodule_expand/Makefile +index 072f213..f1a1c8f 100644 +--- semodule-utils-2.7/semodule_expand/Makefile ++++ semodule-utils-2.7/semodule_expand/Makefile +@@ -1,8 +1,6 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin +-LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W +@@ -13,10 +11,10 @@ all: semodule_expand + semodule_expand: semodule_expand.o + + install: all +- -mkdir -p $(BINDIR) +- install -m 755 semodule_expand $(BINDIR) +- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 +- install -m 644 semodule_expand.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 semodule_expand $(DESTDIR)$(BINDIR) ++ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/ + + relabel: + +diff --git semodule-utils-2.7/semodule_link/Makefile semodule-utils-2.7/semodule_link/Makefile +index cc4687b..692cb02 100644 +--- semodule-utils-2.7/semodule_link/Makefile ++++ semodule-utils-2.7/semodule_link/Makefile +@@ -1,9 +1,7 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin + MANDIR ?= $(PREFIX)/share/man +-LIBDIR ?= $(PREFIX)/lib + + CFLAGS ?= -Werror -Wall -W + override LDLIBS += -lsepol +@@ -13,10 +11,10 @@ all: semodule_link + semodule_link: semodule_link.o + + install: all +- -mkdir -p $(BINDIR) +- install -m 755 semodule_link $(BINDIR) +- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 +- install -m 644 semodule_link.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 semodule_link $(DESTDIR)$(BINDIR) ++ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/ + + relabel: + +diff --git semodule-utils-2.7/semodule_package/Makefile semodule-utils-2.7/semodule_package/Makefile +index 96dd7c4..da17026 100644 +--- semodule-utils-2.7/semodule_package/Makefile ++++ semodule-utils-2.7/semodule_package/Makefile +@@ -1,8 +1,6 @@ + # Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-INCLUDEDIR ?= $(PREFIX)/include ++PREFIX ?= /usr + BINDIR ?= $(PREFIX)/bin +-LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man + + CFLAGS ?= -Werror -Wall -W +@@ -13,12 +11,12 @@ all: semodule_package semodule_unpackage + semodule_package: semodule_package.o + + install: all +- -mkdir -p $(BINDIR) +- install -m 755 semodule_package $(BINDIR) +- install -m 755 semodule_unpackage $(BINDIR) +- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 +- install -m 644 semodule_package.8 $(MANDIR)/man8/ +- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/ ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ install -m 755 semodule_package $(DESTDIR)$(BINDIR) ++ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR) ++ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/ ++ install -m 644 semodule_unpackage.8 $(DESTDIR)$(MANDIR)/man8/ + + relabel: + +diff --git semodule-utils-2.7/semodule_package/semodule_unpackage.8 semodule-utils-2.7/semodule_package/semodule_unpackage.8 +index d6e1be0..5c92bf5 100644 +--- semodule-utils-2.7/semodule_package/semodule_unpackage.8 ++++ semodule-utils-2.7/semodule_package/semodule_unpackage.8 +@@ -1,14 +1,14 @@ + .TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA + .SH NAME +-semodule_unpackage \- Extract policy module and file context file from an SELinux policy module unpackage. ++semodule_unpackage \- Extract policy module and file context file from an SELinux policy module package. + + .SH SYNOPSIS +-.B semodule_unpackage [] ++.B semodule_unpackage ppfile modfile [fcfile] + .br + .SH DESCRIPTION + .PP +-semodule_unpackage is the tool used to extract the SELinux policy module +- and file context file from an SELinux Policy Package. ++semodule_unpackage is a tool used to extract SELinux policy module ++file and file context file from an SELinux Policy Package. + + .SH EXAMPLE + .nf