rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Make fcdict return a dictionary of dictionaries

Browse Source 
- Fix for sepolicy manpage
This commit is contained in:
Dan Walsh 2013-06-18 14:38:47 -04:00
parent 4f89c533b5
commit 544468684c
2 changed files with 212 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

265
policycoreutils-rhat.patch
View File

@ -250464,14 +250464,14 @@ index 4c5243a..036c418 100644
diff --git a/policycoreutils/semodule/genhomedircon.8 b/policycoreutils/semodule/genhomedircon.8
new file mode 100644
index 0000000..08e3bad
index 0000000..2a3315b
--- /dev/null
+++ b/policycoreutils/semodule/genhomedircon.8
@@ -0,0 +1,24 @@
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
+.SH NAME
+genhomedircon \- generate SELinux file context configuration entries for user home directories
+.SH SYNOPSIS
+.SH DESCRIPTION
+.B genhomedircon
+is a script that executes
+.B semodule
@ -251020,7 +251020,7 @@ index b6abdf5..c05c943 100644
Generate an additional HTML man pages for the specified domain(s).
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
index b25d3b2..9b29b39 100755
index b25d3b2..43a8101 100755
--- a/policycoreutils/sepolicy/sepolicy.py
+++ b/policycoreutils/sepolicy/sepolicy.py
@@ -22,6 +22,8 @@
@ -251037,7 +251037,7 @@ index b25d3b2..9b29b39 100755
__builtin__.__dict__['_'] = unicode
+usage = "sepolicy generate [-h] [-n NAME] [-p PATH] [-w [WRITEPATHS [WRITEPATHS ...]]] ["
+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',), ' --admin_user':('-a ADMIN_DOMAIN',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',), ' --admin_user':('[-r ROLE ]',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
+
class CheckPath(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
@ -251100,7 +251100,7 @@ index b25d3b2..9b29b39 100755
newval = getattr(namespace, self.dest)
if not newval:
newval = []
@@ -140,27 +165,65 @@ class CheckPolicyType(argparse.Action):
@@ -140,27 +165,76 @@ class CheckPolicyType(argparse.Action):
class CheckUser(argparse.Action):
def __call__(self, parser, namespace, value, option_string=None):
@ -251115,6 +251115,17 @@ index b25d3b2..9b29b39 100755
newval.append(value)
setattr(namespace, self.dest, newval)
+class CheckRole(argparse.Action):
+ def __call__(self, parser, namespace, value, option_string=None):
+ newval = getattr(namespace, self.dest)
+ if not newval:
+ newval = []
+ roles = sepolicy.get_all_roles()
+ if value not in roles:
+ raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (value, ", ".join(roles)))
+ newval.append(value[:-2])
+ setattr(namespace, self.dest, newval)
+
+class InterfaceInfo(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None):
+ from sepolicy.interface import get_interface_dict
@ -251173,7 +251184,7 @@ index b25d3b2..9b29b39 100755
if args.list_ports:
all_ports = []
for i in portrecs:
@@ -201,41 +264,41 @@ def manpage(args):
@@ -201,41 +275,41 @@ def manpage(args):
from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
path = args.path
@ -251238,7 +251249,7 @@ index b25d3b2..9b29b39 100755
def gen_network_args(parser):
net = parser.add_parser("network",
@@ -283,7 +346,6 @@ def gen_communicate_args(parser):
@@ -283,7 +357,6 @@ def gen_communicate_args(parser):
comm.set_defaults(func=communicate)
def booleans(args):
@ -251246,7 +251257,7 @@ index b25d3b2..9b29b39 100755
from sepolicy import boolean_desc
if args.all:
rc, args.booleans = selinux.security_get_boolean_names()
@@ -300,6 +362,7 @@ def gen_booleans_args(parser):
@@ -300,6 +373,7 @@ def gen_booleans_args(parser):
action="store_true",
help=_("get all booleans descriptions"))
group.add_argument("-b", "--boolean", dest="booleans", nargs="+",
@ -251254,7 +251265,7 @@ index b25d3b2..9b29b39 100755
help=_("boolean to get description"))
bools.set_defaults(func=booleans)
@@ -319,22 +382,49 @@ def gen_transition_args(parser):
@@ -319,22 +393,49 @@ def gen_transition_args(parser):
help=_("target process domain"))
trans.set_defaults(func=transition)
@ -251313,7 +251324,7 @@ index b25d3b2..9b29b39 100755
if not args.command:
raise ValueError(_("Command required for this type of policy"))
cmd = os.path.realpath(args.command)
@@ -346,8 +436,18 @@ def generate(args):
@@ -346,8 +447,18 @@ def generate(args):
mypolicy.set_program(cmd)
if args.types:
@ -251332,7 +251343,15 @@ index b25d3b2..9b29b39 100755
for p in args.writepaths:
if os.path.isdir(p):
mypolicy.add_dir(p)
@@ -366,20 +466,34 @@ def generate(args):
@@ -355,6 +466,7 @@ def generate(args):
mypolicy.add_file(p)
mypolicy.set_transition_users(args.user)
+ mypolicy.set_admin_roles(args.role)
mypolicy.set_admin_domains(args.admin_domain)
mypolicy.set_existing_domains(args.domain)
@@ -366,20 +478,34 @@ def generate(args):
def gen_interface_args(parser):
itf = parser.add_parser("interface",
help=_('List SELinux Policy interfaces'))
@ -251370,7 +251389,17 @@ index b25d3b2..9b29b39 100755
help=_('Generate SELinux Policy module template'))
pol.add_argument("-d", "--domain", dest="domain", default=[],
action=CheckDomain, nargs="*",
@@ -397,53 +511,57 @@ def gen_generate_args(parser):
@@ -387,6 +513,9 @@ def gen_generate_args(parser):
pol.add_argument("-u", "--user", dest="user", default=[],
action=CheckUser,
help=_("Enter SELinux user(s) which will transition to this domain"))
+ pol.add_argument("-r", "--role", dest="role", default=[],
+ action=CheckRole,
+ help=_("Enter SELinux role(s) to which this domain will transition"))
pol.add_argument("-a", "--admin", dest="admin_domain",default=[],
action=CheckAdmin,
help=_("Enter domain(s) that this confined admin will administrate"))
@@ -397,53 +526,57 @@ def gen_generate_args(parser):
help=argparse.SUPPRESS)
pol.add_argument("-t", "--type", dest="types", default=[], nargs="*",
action=CheckType,
@ -251454,7 +251483,7 @@ index b25d3b2..9b29b39 100755
pol.set_defaults(func=generate)
if __name__ == '__main__':
@@ -461,11 +579,17 @@ if __name__ == '__main__':
@@ -461,11 +594,17 @@ if __name__ == '__main__':
gen_transition_args(subparsers)
try:
@ -251474,7 +251503,7 @@ index b25d3b2..9b29b39 100755
except KeyboardInterrupt:
sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index 5e7415c..b367e9c 100644
index 5e7415c..8862ebb 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -7,6 +7,9 @@ import _policy
@ -251487,7 +251516,7 @@ index 5e7415c..b367e9c 100644
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
try:
@@ -37,9 +40,119 @@ CLASS = 'class'
@@ -37,9 +40,134 @@ CLASS = 'class'
TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow'
@ -251541,11 +251570,20 @@ index 5e7415c..b367e9c 100644
+
+ for f in all_writes:
+ try:
+ mpaths[f] = fcdict[f]
+ mpaths[f] = fcdict[f]["regex"]
+ except KeyError:
+ mpaths[f] = []
+ return mpaths
+
+import os, pprint, re, sys
+def find_file(reg, path):
+ try:
+ pat = re.compile(r"%s$" % reg)
+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path)))
+ except:
+ return []
+
+import os
+fcdict=None
+def get_fcdict(fc_path = selinux.selinux_file_context_path()):
+ global fcdict
@ -251561,22 +251599,28 @@ index 5e7415c..b367e9c 100644
+ for i in fc:
+ rec = i.split()
+ try:
+ if len(rec) > 2:
+ ftype = rec[1]
+ else:
+ ftype = ""
+
+ t = rec[-1].split(":")[2]
+ if t in fcdict:
+ fcdict[t].append(rec[0])
+ fcdict[t]["regex"].append(rec[0])
+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
+ else:
+ fcdict[t] = [ rec[0] ]
+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype}
+ except:
+ pass
+ fcdict["logfile"] = [ "all log files" ]
+ fcdict["user_tmp_type"] = [ "all user tmp files" ]
+ fcdict["user_home_type"] = [ "all user home files" ]
+ fcdict["virt_image_type"] = [ "all virtual image files" ]
+ fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ]
+ fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ]
+ fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ]
+ fcdict["file_type"] = [ "all files on the system" ]
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
+ fcdict["logfile"] = { "regex" : [ "all log files" ]}
+ fcdict["user_tmp_type"] = { "regex" : [ "all user tmp files" ]}
+ fcdict["user_home_type"] = { "regex" : [ "all user home files" ]}
+ fcdict["virt_image_type"] = { "regex" : [ "all virtual image files" ]}
+ fcdict["noxattrfs"] = { "regex" : [ "all files on file systems which do not support extended attributes" ]}
+ fcdict["sandbox_tmpfs_type"] = { "regex" : [ "all sandbox content in tmpfs file systems" ]}
+ fcdict["user_tmpfs_type"] = { "regex" : [ "all user content in tmpfs file systems" ]}
+ fcdict["file_type"] = { "regex" : [ "all files on the system" ] }
+ fcdict["samba_share_t"] = { "regex" : [ "use this label for random content that will be shared using samba" ] }
+ return fcdict
+
+def get_entrypoint_types(setype):
@ -251585,7 +251629,8 @@ index 5e7415c..b367e9c 100644
+ return entrypoints
+
+def get_init_entrypoint_target(entrypoint):
+ try:
try:
- path = selinux.selinux_binary_policy_path()
+ entrypoints = map(lambda x: x['transtype'], search([TRANSITION],{'source':"init_t", 'target':entrypoint, 'class':'process'}))
+ return entrypoints[0]
+ except TypeError:
@ -251597,19 +251642,18 @@ index 5e7415c..b367e9c 100644
+ mpaths = {}
+ for f in get_entrypoint_types(setype):
+ try:
+ mpaths[f] = fcdict[f]
+ mpaths[f] = fcdict[f]["regex"]
+ except:
+ mpaths[f] = []
+ return mpaths
+
+def get_installed_policy(root = "/"):
try:
- path = selinux.selinux_binary_policy_path()
+ try:
+ path = root + selinux.selinux_binary_policy_path()
policies = glob.glob ("%s.*" % path )
policies.sort()
return policies[-1]
@@ -47,6 +160,27 @@ def __get_installed_policy():
@@ -47,6 +175,27 @@ def __get_installed_policy():
pass
raise ValueError(_("No SELinux Policy installed"))
@ -251637,7 +251681,7 @@ index 5e7415c..b367e9c 100644
all_types = None
def get_all_types():
global all_types
@@ -54,6 +188,13 @@ def get_all_types():
@@ -54,6 +203,13 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE))
return all_types
@ -251651,7 +251695,7 @@ index 5e7415c..b367e9c 100644
role_allows = None
def get_all_role_allows():
global role_allows
@@ -71,6 +212,7 @@ def get_all_role_allows():
@@ -71,6 +227,7 @@ def get_all_role_allows():
return role_allows
def get_all_entrypoint_domains():
@ -251659,7 +251703,7 @@ index 5e7415c..b367e9c 100644
all_domains = []
types=get_all_types()
types.sort()
@@ -81,11 +223,54 @@ def get_all_entrypoint_domains():
@@ -81,11 +238,54 @@ def get_all_entrypoint_domains():
all_domains.append(m[0])
return all_domains
@ -251715,7 +251759,7 @@ index 5e7415c..b367e9c 100644
return all_domains
roles = None
@@ -139,50 +324,92 @@ def get_all_attributes():
@@ -139,50 +339,92 @@ def get_all_attributes():
return all_attributes
def policy(policy_file):
@ -251833,7 +251877,7 @@ index 5e7415c..b367e9c 100644
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
global booleans_dict
if booleans_dict:
@@ -191,7 +418,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
@@ -191,7 +433,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
import re
booleans_dict = {}
try:
@ -251856,7 +251900,7 @@ index a179d95..9b9a09a 100755
tlist = []
for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
index 26f8390..ce328e6 100644
index 26f8390..a5e4b9b 100644
--- a/policycoreutils/sepolicy/sepolicy/generate.py
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
@@ -63,20 +63,6 @@ except IOError:
@ -251898,15 +251942,6 @@ index 26f8390..ce328e6 100644
line = "%s(%s_t)\n" % (method, self.name)
else:
line = """
@@ -765,7 +751,7 @@ allow %s_t %s_t:%s_socket name_%s;
return newte
- if self.type == RUSER:
+ if self.type == RUSER or self.type == AUSER:
newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
for app in self.admin_domains:
@@ -875,6 +861,13 @@ allow %s_t %s_t:%s_socket name_%s;
if t.endswith(i):
newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
@ -252266,7 +252301,7 @@ index 8b063ca..c7dac62 100644
+ else:
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
index 25062da..086f2a7 100755
index 25062da..c4d8161 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -28,12 +28,12 @@ import string
@ -252304,7 +252339,47 @@ index 25062da..086f2a7 100755
if domain in domains:
continue
domains.append(domain)
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
@@ -114,39 +114,6 @@ def gen_domains():
domains.sort()
return domains
-fcdict=None
-def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
- global fcdict
- if fcdict:
- return fcdict
- fd = open(fc_path, "r")
- fc = fd.readlines()
- fd.close()
- fd = open(fc_path+".homedirs", "r")
- fc += fd.readlines()
- fd.close()
- fcdict = {}
- for i in fc:
- rec = i.split()
- try:
- t = rec[-1].split(":")[2]
- if t in fcdict:
- fcdict[t].append(rec[0])
- else:
- fcdict[t] = [ rec[0] ]
- except:
- pass
- fcdict["logfile"] = [ "all log files" ]
- fcdict["user_tmp_type"] = [ "all user tmp files" ]
- fcdict["user_home_type"] = [ "all user home files" ]
- fcdict["virt_image_type"] = [ "all virtual image files" ]
- fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ]
- fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ]
- fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ]
- fcdict["file_type"] = [ "all files on the system" ]
- fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
- return fcdict
-
types = None
def _gen_types():
global types
@@ -184,14 +151,12 @@ def get_alphabet_manpages(manpage_list):
return alphabet_manpages
def convert_manpage_to_html(html_manpage,manpage):
@ -252323,7 +252398,7 @@ index 25062da..086f2a7 100755
class HTMLManPages:
"""
@@ -416,56 +414,42 @@ class ManPage:
@@ -416,56 +381,42 @@ class ManPage:
"""
Generate a Manpage on an SELinux domain in the specified path
"""
@ -252351,6 +252426,7 @@ index 25062da..086f2a7 100755
- self.fcpath = fcpath
- else:
- self.fcpath = selinux.selinux_file_context_path()
- self.fcdict = _gen_fcdict(self.fcpath)
+ self.root = root
+ self.portrecs = gen_port_dict()[0]
+ self.domains = gen_domains()
@ -252366,7 +252442,7 @@ index 25062da..086f2a7 100755
+ self.types = _gen_types()
+
+ self.fcpath = self.root + selinux.selinux_file_context_path()
self.fcdict = _gen_fcdict(self.fcpath)
+ self.fcdict = get_fcdict(self.fcpath)
if not os.path.exists(path):
os.makedirs(path)
@ -252400,7 +252476,7 @@ index 25062da..086f2a7 100755
self.__gen_user_man_page()
if self.html:
manpage_roles.append(self.man_page_path)
@@ -483,16 +467,16 @@ class ManPage:
@@ -483,16 +434,16 @@ class ManPage:
def _gen_bools(self):
self.bools=[]
self.domainbools=[]
@ -252427,7 +252503,7 @@ index 25062da..086f2a7 100755
self.bools.sort()
self.domainbools.sort()
@@ -538,9 +522,6 @@ class ManPage:
@@ -538,9 +489,6 @@ class ManPage:
print path
def __gen_man_page(self):
@ -252437,7 +252513,7 @@ index 25062da..086f2a7 100755
self.anon_list = []
self.attributes = {}
@@ -563,22 +544,11 @@ class ManPage:
@@ -563,22 +511,11 @@ class ManPage:
def _get_ptypes(self):
for f in self.all_domains:
@ -252463,7 +252539,7 @@ index 25062da..086f2a7 100755
% {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
self.fd.write(r"""
.SH "NAME"
@@ -774,7 +744,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
@@ -774,7 +711,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
def _port_types(self):
self.ports = []
for f in self.all_port_types:
@ -252472,7 +252548,34 @@ index 25062da..086f2a7 100755
self.ports.append(f)
if len(self.ports) == 0:
@@ -923,13 +893,12 @@ to apply the labels.
@@ -821,7 +758,7 @@ Default Defined Ports:""")
if f.startswith(self.domainname):
flist.append(f)
if f in self.fcdict:
- mpaths = mpaths + self.fcdict[f]
+ mpaths = mpaths + self.fcdict[f]["regex"]
if len(mpaths) == 0:
return
mpaths.sort()
@@ -901,14 +838,14 @@ Note: SELinux often uses regular expressions to specify labels that match multip
if f in self.fcdict:
plural = ""
- if len(self.fcdict[f]) > 1:
+ if len(self.fcdict[f]["regex"]) > 1:
plural = "s"
self.fd.write("""
.br
.TP 5
Path%s:
-%s""" % (plural, self.fcdict[f][0]))
- for x in self.fcdict[f][1:]:
+%s""" % (plural, self.fcdict[f]["regex"][0]))
+ for x in self.fcdict[f]["regex"][1:]:
self.fd.write(", %s" % x)
self.fd.write("""
@@ -923,13 +860,12 @@ to apply the labels.
def _see_also(self):
ret = ""
@ -252488,7 +252591,7 @@ index 25062da..086f2a7 100755
ret += ", %s_selinux(8)" % d
self.fd.write(ret)
@@ -947,13 +916,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
@@ -947,13 +883,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
.B restorecon -F -R -v /var/%(domainname)s
.pp
.TP
@ -252505,7 +252608,7 @@ index 25062da..086f2a7 100755
""" % {'domainname':self.domainname})
for b in self.anon_list:
desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
@@ -998,12 +968,11 @@ is a GUI tool available to customize SELinux policy settings.
@@ -998,12 +935,11 @@ is a GUI tool available to customize SELinux policy settings.
.SH AUTHOR
This manual page was auto-generated using
@ -252520,7 +252623,25 @@ index 25062da..086f2a7 100755
if self.booltext != "":
self.fd.write(", setsebool(8)")
@@ -1230,6 +1199,7 @@ The SELinux user %s_u is not able to terminal login.
@@ -1046,7 +982,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
paths=[]
for entrypoint in entrypoints:
if entrypoint in self.fcdict:
- paths += self.fcdict[entrypoint]
+ paths += self.fcdict[entrypoint]["regex"]
self.fd.write("""
%s""" % ", ".join(paths))
@@ -1086,7 +1022,7 @@ The SELinux process type %s_t can manage files labeled with the following file t
""" % f)
if f in self.fcdict:
- for path in self.fcdict[f]:
+ for path in self.fcdict[f]["regex"]:
self.fd.write("""\t%s
.br
""" % path)
@@ -1230,6 +1166,7 @@ The SELinux user %s_u is not able to terminal login.
""" % self.domainname)
def _network(self):
@ -252528,6 +252649,32 @@ index 25062da..086f2a7 100755
self.fd.write("""
.SH NETWORK
""")
@@ -1241,10 +1178,10 @@ The SELinux user %s_u is not able to terminal login.
The SELinux user %s_u is able to listen on the following %s ports.
""" % (self.domainname, net))
for p in portdict:
- for recs in portdict[p]:
+ for t, ports in portdict[p]:
self.fd.write("""
.B %s
-""" % recs)
+""" % ",".join(ports))
portdict = network.get_network_connect(self.type, "tcp", "name_connect")
if len(portdict) > 0:
self.fd.write("""
@@ -1252,10 +1189,10 @@ The SELinux user %s_u is able to listen on the following %s ports.
The SELinux user %s_u is able to connect to the following tcp ports.
""" % (self.domainname))
for p in portdict:
- for recs in portdict[p]:
+ for t, ports in portdict[p]:
self.fd.write("""
.B %s
-""" % recs)
+""" % ",".join(ports))
def _home_exec(self):
permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']})
diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
index 66efe26..970f4c8 100755
--- a/policycoreutils/sepolicy/sepolicy/network.py

8
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
Release: 53%{?dist}
Release: 54%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -54,7 +54,7 @@ to switch roles.
%setup -q -a 1
%patch -p2 -b .rhat
%patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
%patch2 -p1 -b .semanage
%patch2 -p1 -b .semanage
%build
cp %{SOURCE3} gui/
@ -311,6 +311,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Tue Jun 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-54
- Make fcdict return a dictionary of dictionaries
- Fix for sepolicy manpage
* Mon Jun 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-53
- Add new man pages for each semanage subsection