sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
This commit is contained in:
parent
91c5cd51d5
commit
4933c11cf0
@ -333541,10 +333541,10 @@ index 0000000..57018a6
|
|||||||
+ sys.exit(0)
|
+ sys.exit(0)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..ece5b4b
|
index 0000000..212c3aa
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
@@ -0,0 +1,137 @@
|
@@ -0,0 +1,155 @@
|
||||||
+#!/usr/bin/python
|
+#!/usr/bin/python
|
||||||
+
|
+
|
||||||
+# Author: Thomas Liu <tliu@redhat.com>
|
+# Author: Thomas Liu <tliu@redhat.com>
|
||||||
@ -333584,10 +333584,28 @@ index 0000000..ece5b4b
|
|||||||
+TRANSITION = 'transition'
|
+TRANSITION = 'transition'
|
||||||
+ROLE_ALLOW = 'role_allow'
|
+ROLE_ALLOW = 'role_allow'
|
||||||
+
|
+
|
||||||
+def policy(policy_file):
|
+def __get_installed_policy():
|
||||||
+ _policy.policy(policy_file)
|
+ i = selinux.security_policyvers()
|
||||||
|
+ path = selinux.selinux_binary_policy_path()
|
||||||
|
+ while i > 0:
|
||||||
|
+ newpath = "%s.%s" % (path, i)
|
||||||
|
+ if os.path.exists(newpath):
|
||||||
|
+ return newpath
|
||||||
|
+ i -= 1
|
||||||
|
+ raise ValueError(_("No SELinux Policy installed"))
|
||||||
|
+
|
||||||
|
+def policy(policy_file):
|
||||||
|
+ try:
|
||||||
|
+ _policy.policy(policy_file)
|
||||||
|
+ except:
|
||||||
|
+ raise ValueError(_("Failed to read % policy file") % policy_file)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if selinux.is_selinux_enabled():
|
||||||
|
+ policy_file = selinux.selinux_current_policy_path()
|
||||||
|
+else:
|
||||||
|
+ policy_file = __get_installed_policy()
|
||||||
+
|
+
|
||||||
+policy_file = selinux.selinux_current_policy_path()
|
|
||||||
+policy(policy_file)
|
+policy(policy_file)
|
||||||
+
|
+
|
||||||
+def search(types, info = {} ):
|
+def search(types, info = {} ):
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.13
|
Version: 2.1.13
|
||||||
Release: 42%{?dist}
|
Release: 43%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
|
||||||
|
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
|
||||||
|
|
||||||
* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
|
* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
|
||||||
- Update Translations
|
- Update Translations
|
||||||
- sepolicy network -d needs to accept multiple domains
|
- sepolicy network -d needs to accept multiple domains
|
||||||
|
Loading…
Reference in New Issue
Block a user