sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.

This commit is contained in:
Dan Walsh 2012-12-06 09:16:30 -05:00
parent 91c5cd51d5
commit 4933c11cf0
2 changed files with 26 additions and 5 deletions

View File

@ -333541,10 +333541,10 @@ index 0000000..57018a6
+ sys.exit(0) + sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644 new file mode 100644
index 0000000..ece5b4b index 0000000..212c3aa
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -0,0 +1,137 @@ @@ -0,0 +1,155 @@
+#!/usr/bin/python +#!/usr/bin/python
+ +
+# Author: Thomas Liu <tliu@redhat.com> +# Author: Thomas Liu <tliu@redhat.com>
@ -333584,10 +333584,28 @@ index 0000000..ece5b4b
+TRANSITION = 'transition' +TRANSITION = 'transition'
+ROLE_ALLOW = 'role_allow' +ROLE_ALLOW = 'role_allow'
+ +
+def policy(policy_file): +def __get_installed_policy():
+ _policy.policy(policy_file) + i = selinux.security_policyvers()
+ path = selinux.selinux_binary_policy_path()
+ while i > 0:
+ newpath = "%s.%s" % (path, i)
+ if os.path.exists(newpath):
+ return newpath
+ i -= 1
+ raise ValueError(_("No SELinux Policy installed"))
+ +
+def policy(policy_file):
+ try:
+ _policy.policy(policy_file)
+ except:
+ raise ValueError(_("Failed to read % policy file") % policy_file)
+
+
+if selinux.is_selinux_enabled():
+ policy_file = selinux.selinux_current_policy_path() + policy_file = selinux.selinux_current_policy_path()
+else:
+ policy_file = __get_installed_policy()
+
+policy(policy_file) +policy(policy_file)
+ +
+def search(types, info = {} ): +def search(types, info = {} ):

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.13 Version: 2.1.13
Release: 42%{?dist} Release: 43%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42 * Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
- Update Translations - Update Translations
- sepolicy network -d needs to accept multiple domains - sepolicy network -d needs to accept multiple domains