rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-5

Browse Source 
- Fixes for multiple transactions
This commit is contained in:
Daniel J Walsh 2008-08-08 21:04:55 +00:00
parent b0592a727f
commit 51c06b5513
2 changed files with 155 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

242
policycoreutils-rhat.patch
View File

@ -328,7 +328,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
- sys.exit(0)
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.54/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-08-05 09:58:26.000000000 -0400
+++ policycoreutils-2.0.54/semanage/seobject.py 2008-08-07 10:57:22.000000000 -0400
+++ policycoreutils-2.0.54/semanage/seobject.py 2008-08-08 17:02:42.000000000 -0400
@@ -26,7 +26,6 @@
PROGNAME="policycoreutils"
import sepolgen.module as module
@ -412,11 +412,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
+ else:
+ self.sh=get_handle(store)
+ self.transaction = False
+
+ def deleteall(self):
+ raise ValueError(_("Not yet implemented"))
- rc = semanage_connect(self.sh)
+ def deleteall(self):
+ raise ValueError(_("Not yet implemented"))
+
+ def begin(self):
+ if self.transaction:
+ return
@ -512,32 +512,95 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -387,7 +387,6 @@
@@ -387,153 +387,145 @@
if sename == "":
sename = "user_u"
- try:
(rc,k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
@@ -425,115 +424,108 @@
if rc < 0:
raise ValueError(_("Could not set SELinux user for %s") % name)
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if exists:
- raise ValueError(_("Login mapping for %s is already defined") % name)
- if name[0] == '%':
- try:
- grp.getgrnam(name[1:])
- except:
- raise ValueError(_("Linux Group %s does not exist") % name[1:])
- else:
- try:
- pwd.getpwnam(name)
- except:
- raise ValueError(_("Linux User %s does not exist") % name)
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+ if exists:
+ raise ValueError(_("Login mapping for %s is already defined") % name)
+ if name[0] == '%':
+ try:
+ grp.getgrnam(name[1:])
+ except:
+ raise ValueError(_("Linux Group %s does not exist") % name[1:])
+ else:
+ try:
+ pwd.getpwnam(name)
+ except:
+ raise ValueError(_("Linux User %s does not exist") % name)
- (rc,u) = semanage_seuser_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create login mapping for %s") % name)
+ (rc,u) = semanage_seuser_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create login mapping for %s") % name)
- rc = semanage_seuser_set_name(self.sh, u, name)
- if rc < 0:
- raise ValueError(_("Could not set name for %s") % name)
+ rc = semanage_seuser_set_name(self.sh, u, name)
+ if rc < 0:
+ raise ValueError(_("Could not set name for %s") % name)
- if serange != "":
- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
- if rc < 0:
- raise ValueError(_("Could not set MLS range for %s") % name)
+ if serange != "":
+ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set MLS range for %s") % name)
- rc = semanage_seuser_set_sename(self.sh, u, sename)
- if rc < 0:
- raise ValueError(_("Could not set SELinux user for %s") % name)
+ rc = semanage_seuser_set_sename(self.sh, u, sename)
+ if rc < 0:
+ raise ValueError(_("Could not set SELinux user for %s") % name)
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
-
rc = semanage_seuser_modify_local(self.sh, k, u)
if rc < 0:
raise ValueError(_("Could not add login mapping for %s") % name)
+ rc = semanage_seuser_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not add login mapping for %s") % name)
- rc = semanage_commit(self.sh)
- rc = semanage_seuser_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not add login mapping for %s") % name)
+ semanage_seuser_key_free(k)
+ semanage_seuser_free(u)
+
- rc = semanage_commit(self.sh)
- if rc < 0:
- raise ValueError(_("Could not add login mapping for %s") % name)
+ def add(self, name, sename, serange):
+ try:
+ self.begin()
@ -723,12 +786,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
- (rc,exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if exists:
- raise ValueError(_("SELinux user %s is already defined") % name)
+ if len(roles) < 1:
+ raise ValueError(_("You must add at least one role for %s") % name)
+
@ -736,39 +793,45 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
- (rc,u) = semanage_user_create(self.sh)
- (rc,exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not create SELinux user for %s") % name)
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if exists:
- raise ValueError(_("SELinux user %s is already defined") % name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if exists:
+ raise ValueError(_("SELinux user %s is already defined") % name)
- rc = semanage_user_set_name(self.sh, u, name)
- (rc,u) = semanage_user_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not set name for %s") % name)
- raise ValueError(_("Could not create SELinux user for %s") % name)
+ (rc,u) = semanage_user_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create SELinux user for %s") % name)
- rc = semanage_user_set_name(self.sh, u, name)
- if rc < 0:
- raise ValueError(_("Could not set name for %s") % name)
+ rc = semanage_user_set_name(self.sh, u, name)
+ if rc < 0:
+ raise ValueError(_("Could not set name for %s") % name)
- for r in roles:
- rc = semanage_user_add_role(self.sh, u, r)
- if rc < 0:
- raise ValueError(_("Could not add role %s for %s") % (r, name))
+ rc = semanage_user_set_name(self.sh, u, name)
+ if rc < 0:
+ raise ValueError(_("Could not set name for %s") % name)
- if is_mls_enabled == 1:
- rc = semanage_user_set_mlsrange(self.sh, u, serange)
- if rc < 0:
- raise ValueError(_("Could not set MLS range for %s") % name)
+ for r in roles:
+ rc = semanage_user_add_role(self.sh, u, r)
+ if rc < 0:
+ raise ValueError(_("Could not add role %s for %s") % (r, name))
- if is_mls_enabled == 1:
- rc = semanage_user_set_mlsrange(self.sh, u, serange)
- if rc < 0:
- raise ValueError(_("Could not set MLS range for %s") % name)
-
- rc = semanage_user_set_mlslevel(self.sh, u, selevel)
- if rc < 0:
- raise ValueError(_("Could not set MLS level for %s") % name)
@ -843,33 +906,58 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
-
- (rc,exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if not exists:
- raise ValueError(_("SELinux user %s is not defined") % name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if not exists:
+ raise ValueError(_("SELinux user %s is not defined") % name)
-
- (rc,u) = semanage_user_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query user for %s") % name)
+ (rc,u) = semanage_user_query(self.sh, k)
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not query user for %s") % name)
+ raise ValueError(_("Could not create a key for %s") % name)
- oldserange = semanage_user_get_mlsrange(u)
- (rc, rlist) = semanage_user_get_roles(self.sh, u)
- if rc >= 0:
- oldroles = string.join(rlist, ' ');
- newroles = newroles + ' ' + oldroles;
-
-
- if serange != "":
- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
- if selevel != "":
- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
-
- if prefix != "":
- semanage_user_set_prefix(self.sh, u, prefix)
-
- if len(roles) != 0:
- for r in rlist:
- if r not in roles:
- semanage_user_del_role(u, r)
- for r in roles:
- if r not in rlist:
- semanage_user_add_role(self.sh, u, r)
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if not exists:
+ raise ValueError(_("SELinux user %s is not defined") % name)
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
+ (rc,u) = semanage_user_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query user for %s") % name)
- rc = semanage_user_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not modify SELinux user %s") % name)
+ oldserange = semanage_user_get_mlsrange(u)
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
+ if rc >= 0:
@ -893,62 +981,38 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po
+ if r not in rlist:
+ semanage_user_add_role(self.sh, u, r)
- rc = semanage_commit(self.sh)
- if rc < 0:
- raise ValueError(_("Could not modify SELinux user %s") % name)
+ rc = semanage_user_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not modify SELinux user %s") % name)
- if serange != "":
- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
- if selevel != "":
- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
-
- if prefix != "":
- semanage_user_set_prefix(self.sh, u, prefix)
-
- if len(roles) != 0:
- for r in rlist:
- if r not in roles:
- semanage_user_del_role(u, r)
- for r in roles:
- if r not in rlist:
- semanage_user_add_role(self.sh, u, r)
- except ValueError, error:
- mylog.log(0,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
- raise error
+ semanage_user_key_free(k)
+ semanage_user_free(u)
+
+ mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
- rc = semanage_user_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not modify SELinux user %s") % name)
-
- rc = semanage_commit(self.sh)
- if rc < 0:
- raise ValueError(_("Could not modify SELinux user %s") % name)
+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ try:
+ self.begin()
+ self.__modify(name, roles, selevel, serange, prefix)
+ self.commit()
except ValueError, error:
- mylog.log(0,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
+ mylog.log(0,"modify SELinux user record", name, "", " ".join(roles), serange, "", "", "")
raise error
-
- mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
-
- semanage_user_key_free(k)
- semanage_user_free(u)
- def delete(self, name):
- try:
+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
try:
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
+ self.begin()
+ self.__modify(name, roles, selevel, serange, prefix)
+ self.commit()
+
+ except ValueError, error:
+ mylog.log(0,"modify SELinux user record", name, "", " ".join(roles), serange, "", "", "")
+ raise error
+
+ def __delete(self, name):
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:

4
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.54
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,7 +192,7 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-4
* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-5
- Fixes for multiple transactions
* Wed Aug 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-2