sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
This commit is contained in:
parent
91c5cd51d5
commit
4933c11cf0
@ -333541,10 +333541,10 @@ index 0000000..57018a6
|
||||
+ sys.exit(0)
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
new file mode 100644
|
||||
index 0000000..ece5b4b
|
||||
index 0000000..212c3aa
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
@@ -0,0 +1,137 @@
|
||||
@@ -0,0 +1,155 @@
|
||||
+#!/usr/bin/python
|
||||
+
|
||||
+# Author: Thomas Liu <tliu@redhat.com>
|
||||
@ -333584,10 +333584,28 @@ index 0000000..ece5b4b
|
||||
+TRANSITION = 'transition'
|
||||
+ROLE_ALLOW = 'role_allow'
|
||||
+
|
||||
+def policy(policy_file):
|
||||
+ _policy.policy(policy_file)
|
||||
+def __get_installed_policy():
|
||||
+ i = selinux.security_policyvers()
|
||||
+ path = selinux.selinux_binary_policy_path()
|
||||
+ while i > 0:
|
||||
+ newpath = "%s.%s" % (path, i)
|
||||
+ if os.path.exists(newpath):
|
||||
+ return newpath
|
||||
+ i -= 1
|
||||
+ raise ValueError(_("No SELinux Policy installed"))
|
||||
+
|
||||
+def policy(policy_file):
|
||||
+ try:
|
||||
+ _policy.policy(policy_file)
|
||||
+ except:
|
||||
+ raise ValueError(_("Failed to read % policy file") % policy_file)
|
||||
+
|
||||
+
|
||||
+if selinux.is_selinux_enabled():
|
||||
+ policy_file = selinux.selinux_current_policy_path()
|
||||
+else:
|
||||
+ policy_file = __get_installed_policy()
|
||||
+
|
||||
+policy_file = selinux.selinux_current_policy_path()
|
||||
+policy(policy_file)
|
||||
+
|
||||
+def search(types, info = {} ):
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.13
|
||||
Release: 42%{?dist}
|
||||
Release: 43%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
|
||||
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
|
||||
|
||||
* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
|
||||
- Update Translations
|
||||
- sepolicy network -d needs to accept multiple domains
|
||||
|
Loading…
Reference in New Issue
Block a user