policycoreutils-2.4-18.fc24
- Improve sepolicy command line interface - Fix sandbox to propagate specified MCS/MLS Security Level. (#1279006) - Fix 'audit2allow -R' (#1280418)
This commit is contained in:
parent
70c2813895
commit
426d89c7eb
@ -654841,7 +654841,7 @@ index b306041..16eb50b 100644
|
||||
msgid "Loss of data Dialog"
|
||||
msgstr ""
|
||||
diff --git a/policycoreutils-2.4/sandbox/sandbox b/policycoreutils-2.4/sandbox/sandbox
|
||||
index 3678c5d..5109eca 100644
|
||||
index 3678c5d..163afa0 100644
|
||||
--- a/policycoreutils-2.4/sandbox/sandbox
|
||||
+++ b/policycoreutils-2.4/sandbox/sandbox
|
||||
@@ -1,4 +1,4 @@
|
||||
@ -654941,7 +654941,17 @@ index 3678c5d..5109eca 100644
|
||||
|
||||
def usage(self, message = ""):
|
||||
error_exit("%s\n%s" % (self.__parser.usage, message))
|
||||
@@ -431,8 +437,8 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||
@@ -400,9 +406,6 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||
self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level)
|
||||
self.__filecon = "%s:object_r:sandbox_file_t:%s" % (con[0], level)
|
||||
def __setup_dir(self):
|
||||
- if self.__options.level or self.__options.session:
|
||||
- return
|
||||
-
|
||||
if self.__options.homedir:
|
||||
selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
|
||||
self.__homedir = self.__options.homedir
|
||||
@@ -431,8 +434,8 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||
if self.__options.dpi:
|
||||
dpi = self.__options.dpi
|
||||
else:
|
||||
@ -654952,7 +654962,7 @@ index 3678c5d..5109eca 100644
|
||||
|
||||
xmodmapfile = self.__homedir + "/.xmodmap"
|
||||
xd = open(xmodmapfile,"w")
|
||||
@@ -492,13 +498,13 @@ if __name__ == '__main__':
|
||||
@@ -492,13 +495,13 @@ if __name__ == '__main__':
|
||||
try:
|
||||
sandbox = Sandbox()
|
||||
rc = sandbox.main()
|
||||
@ -658883,7 +658893,7 @@ index 2e67456..0c5f998 100644
|
||||
.B sepolicy generate \-\-cgi [\-n NAME] command [\-w WRITE_PATH ]
|
||||
.br
|
||||
diff --git a/policycoreutils-2.4/sepolicy/sepolicy.py b/policycoreutils-2.4/sepolicy/sepolicy.py
|
||||
index 74fb347..50c10d0 100755
|
||||
index 74fb347..ec02fb2 100755
|
||||
--- a/policycoreutils-2.4/sepolicy/sepolicy.py
|
||||
+++ b/policycoreutils-2.4/sepolicy/sepolicy.py
|
||||
@@ -1,4 +1,4 @@
|
||||
@ -659175,8 +659185,18 @@ index 74fb347..50c10d0 100755
|
||||
group.add_argument("--admin_user", dest="policytype", const=AUSER,
|
||||
action="store_const",
|
||||
help=_("Generate '%s' policy") % poltype[AUSER])
|
||||
@@ -642,12 +646,12 @@ if __name__ == '__main__':
|
||||
args = parser.parse_args()
|
||||
@@ -637,17 +641,20 @@ if __name__ == '__main__':
|
||||
|
||||
try:
|
||||
if os.path.basename(sys.argv[0]) == "sepolgen":
|
||||
- args = parser.parse_args([ "generate" ] + sys.argv[1:])
|
||||
+ parser_args = [ "generate" ] + sys.argv[1:]
|
||||
+ elif len(sys.argv) > 1:
|
||||
+ parser_args = sys.argv[1:]
|
||||
else:
|
||||
- args = parser.parse_args()
|
||||
+ parser_args = ["-h"]
|
||||
+ args = parser.parse_args(args=parser_args)
|
||||
args.func(args)
|
||||
sys.exit(0)
|
||||
- except ValueError,e:
|
||||
@ -659192,7 +659212,7 @@ index 74fb347..50c10d0 100755
|
||||
+ print("Out")
|
||||
sys.exit(0)
|
||||
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
|
||||
index 679725d..2e1bfec 100644
|
||||
index 679725d..b540180 100644
|
||||
--- a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
|
||||
+++ b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
|
||||
@@ -1,25 +1,30 @@
|
||||
@ -659353,7 +659373,7 @@ index 679725d..2e1bfec 100644
|
||||
+ fd.close()
|
||||
+ modules = modules[0].split(" ")[:-1]
|
||||
+ for m in modules:
|
||||
+ mod_temp.append(m[:-3])
|
||||
+ mod_temp.append(m)
|
||||
+ all_modules.extend(mod_temp)
|
||||
+ mod_temp = []
|
||||
+ except:
|
||||
@ -661522,7 +661542,7 @@ index 5ca87b9..4437d9e 100644
|
||||
|
||||
def confirmation_close(self, button, *args):
|
||||
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/interface.py b/policycoreutils-2.4/sepolicy/sepolicy/interface.py
|
||||
index bbabb3b..29370ee 100644
|
||||
index bbabb3b..cc1260e 100644
|
||||
--- a/policycoreutils-2.4/sepolicy/sepolicy/interface.py
|
||||
+++ b/policycoreutils-2.4/sepolicy/sepolicy/interface.py
|
||||
@@ -1,4 +1,4 @@
|
||||
@ -661586,7 +661606,7 @@ index bbabb3b..29370ee 100644
|
||||
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
|
||||
sys.exit(1)
|
||||
else:
|
||||
@@ -115,12 +119,20 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
@@ -115,12 +119,19 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
global interface_dict
|
||||
import os
|
||||
import xml.etree.ElementTree
|
||||
@ -661598,16 +661618,15 @@ index bbabb3b..29370ee 100644
|
||||
interface_dict = {}
|
||||
param_list = []
|
||||
|
||||
+ if get_all_modules_from_mod_lst():
|
||||
+ active_modules = get_all_modules_from_mod_lst()
|
||||
+ else:
|
||||
+ if active_modules is None:
|
||||
+ print((_("Using only non-base modules.")))
|
||||
+ active_modules = get_all_modules()
|
||||
+
|
||||
xml_path = """<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
|
||||
<policy>
|
||||
<layer name="admin">
|
||||
@@ -138,17 +150,18 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
@@ -138,17 +149,18 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
tree = xml.etree.ElementTree.fromstring(xml_path)
|
||||
for l in tree.findall("layer"):
|
||||
for m in l.findall("module"):
|
||||
@ -661637,7 +661656,7 @@ index bbabb3b..29370ee 100644
|
||||
pass
|
||||
return interface_dict
|
||||
|
||||
@@ -159,7 +172,7 @@ def get_interface_format_text(interface,path = "/usr/share/selinux/devel/policy.
|
||||
@@ -159,7 +171,7 @@ def get_interface_format_text(interface,path = "/usr/share/selinux/devel/policy.
|
||||
return interface_text
|
||||
|
||||
def get_interface_compile_format_text(interfaces_dict, interface):
|
||||
@ -661646,7 +661665,7 @@ index bbabb3b..29370ee 100644
|
||||
param_tmp = []
|
||||
for i in interfaces_dict[interface][0]:
|
||||
param_tmp.append(test_module.dict_values[i])
|
||||
@@ -168,7 +181,7 @@ def get_interface_compile_format_text(interfaces_dict, interface):
|
||||
@@ -168,7 +180,7 @@ def get_interface_compile_format_text(interfaces_dict, interface):
|
||||
return interface_text
|
||||
|
||||
def generate_compile_te(interface, idict, name="compiletest"):
|
||||
@ -661655,7 +661674,7 @@ index bbabb3b..29370ee 100644
|
||||
te = ""
|
||||
te += re.sub("TEMPLATETYPE", name, test_module.te_test_module )
|
||||
te += get_interface_compile_format_text(idict,interface)
|
||||
@@ -177,39 +190,45 @@ def generate_compile_te(interface, idict, name="compiletest"):
|
||||
@@ -177,39 +189,45 @@ def generate_compile_te(interface, idict, name="compiletest"):
|
||||
|
||||
def get_xml_file(if_file):
|
||||
""" Returns xml format of interfaces for given .if policy file"""
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.4
|
||||
Release: 17%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
|
||||
Source3: system-config-selinux.png
|
||||
Source4: sepolicy-icons.tgz
|
||||
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/e4cbbd53b5639def20ae09f3db44afa4691c7460
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/ea4e1e35ce8a9150128484f8da20087fc01c71bb
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: sepolgen-rhat.patch
|
||||
Patch100: policycoreutils-fix-semanage-python3.patch
|
||||
@ -404,6 +404,11 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Mon Nov 16 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-18
|
||||
- Improve sepolicy command line interface
|
||||
- Fix sandbox to propagate specified MCS/MLS Security Level. (#1279006)
|
||||
- Fix 'audit2allow -R' (#1280418)
|
||||
|
||||
* Thu Nov 12 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-17
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
|
||||
|
||||
|
@ -977,10 +977,10 @@ index 739452d..7a83aee 100644
|
||||
comment = refpolicy.Comment()
|
||||
comment.lines.append("============= ROLES ==============")
|
||||
diff --git a/sepolgen-1.2.2/src/sepolgen/policygen.py b/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||
index 5f38577..89366df 100644
|
||||
index 5f38577..ebcfcf2 100644
|
||||
--- a/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||
+++ b/sepolgen-1.2.2/src/sepolgen/policygen.py
|
||||
@@ -24,17 +24,20 @@ classes and algorithms for the generation of SELinux policy.
|
||||
@@ -24,17 +24,18 @@ classes and algorithms for the generation of SELinux policy.
|
||||
import itertools
|
||||
import textwrap
|
||||
|
||||
@ -1001,12 +1001,10 @@ index 5f38577..89366df 100644
|
||||
+from . import interfaces
|
||||
+from . import matching
|
||||
+from . import util
|
||||
+if util.PY3:
|
||||
+ from .util import cmp
|
||||
# Constants for the level of explanation from the generation
|
||||
# routines
|
||||
NO_EXPLANATION = 0
|
||||
@@ -81,8 +84,9 @@ class PolicyGenerator:
|
||||
@@ -81,8 +82,9 @@ class PolicyGenerator:
|
||||
self.module = refpolicy.Module()
|
||||
|
||||
self.dontaudit = False
|
||||
@ -1017,7 +1015,7 @@ index 5f38577..89366df 100644
|
||||
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
||||
"""Set whether reference policy interfaces are generated.
|
||||
|
||||
@@ -152,6 +156,18 @@ class PolicyGenerator:
|
||||
@@ -152,6 +154,18 @@ class PolicyGenerator:
|
||||
"""Return the generated module"""
|
||||
return self.module
|
||||
|
||||
@ -1036,7 +1034,7 @@ index 5f38577..89366df 100644
|
||||
def __add_allow_rules(self, avs):
|
||||
for av in avs:
|
||||
rule = refpolicy.AVRule(av)
|
||||
@@ -160,6 +176,34 @@ class PolicyGenerator:
|
||||
@@ -160,6 +174,34 @@ class PolicyGenerator:
|
||||
rule.comment = ""
|
||||
if self.explain:
|
||||
rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
|
||||
@ -1071,7 +1069,7 @@ index 5f38577..89366df 100644
|
||||
if av.type == audit2why.ALLOW:
|
||||
rule.comment += "\n#!!!! This avc is allowed in the current policy"
|
||||
if av.type == audit2why.DONTAUDIT:
|
||||
@@ -167,14 +211,14 @@ class PolicyGenerator:
|
||||
@@ -167,14 +209,14 @@ class PolicyGenerator:
|
||||
|
||||
if av.type == audit2why.BOOLEAN:
|
||||
if len(av.data) > 1:
|
||||
@ -1088,7 +1086,7 @@ index 5f38577..89366df 100644
|
||||
for reason in av.data[1:]:
|
||||
rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
|
||||
|
||||
@@ -186,7 +230,7 @@ class PolicyGenerator:
|
||||
@@ -186,7 +228,7 @@ class PolicyGenerator:
|
||||
self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
|
||||
types=[]
|
||||
|
||||
@ -1097,7 +1095,24 @@ index 5f38577..89366df 100644
|
||||
if i not in self.domains:
|
||||
types.append(i)
|
||||
if len(types) == 1:
|
||||
@@ -296,7 +340,7 @@ def call_interface(interface, av):
|
||||
@@ -275,15 +317,12 @@ def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
|
||||
explain_interfaces()
|
||||
return s
|
||||
|
||||
-def param_comp(a, b):
|
||||
- return cmp(b.num, a.num)
|
||||
-
|
||||
def call_interface(interface, av):
|
||||
params = []
|
||||
args = []
|
||||
|
||||
params.extend(interface.params.values())
|
||||
- params.sort(param_comp)
|
||||
+ params.sort(key=lambda param: param.num, reverse=True)
|
||||
|
||||
ifcall = refpolicy.InterfaceCall()
|
||||
ifcall.ifname = interface.name
|
||||
@@ -296,7 +335,7 @@ def call_interface(interface, av):
|
||||
elif params[i].type == refpolicy.OBJ_CLASS:
|
||||
ifcall.args.append(av.obj_class)
|
||||
else:
|
||||
@ -1106,6 +1121,15 @@ index 5f38577..89366df 100644
|
||||
assert(0)
|
||||
|
||||
assert(len(ifcall.args) > 0)
|
||||
@@ -318,7 +357,7 @@ class InterfaceGenerator:
|
||||
for x in ifs.interfaces.values():
|
||||
params = []
|
||||
params.extend(x.params.values())
|
||||
- params.sort(param_comp)
|
||||
+ params.sort(key=lambda param: param.num, reverse=True)
|
||||
for i in range(len(params)):
|
||||
# Check that the paramater position matches
|
||||
# the number (e.g., $1 is the first arg). This
|
||||
diff --git a/sepolgen-1.2.2/src/sepolgen/refparser.py b/sepolgen-1.2.2/src/sepolgen/refparser.py
|
||||
index b453a29..f5ff19c 100644
|
||||
--- a/sepolgen-1.2.2/src/sepolgen/refparser.py
|
||||
|
Loading…
Reference in New Issue
Block a user