Make fcdict return a dictionary of dictionaries
- Fix for sepolicy manpage
This commit is contained in:
parent
4f89c533b5
commit
544468684c
@ -250464,14 +250464,14 @@ index 4c5243a..036c418 100644
|
||||
|
||||
diff --git a/policycoreutils/semodule/genhomedircon.8 b/policycoreutils/semodule/genhomedircon.8
|
||||
new file mode 100644
|
||||
index 0000000..08e3bad
|
||||
index 0000000..2a3315b
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/semodule/genhomedircon.8
|
||||
@@ -0,0 +1,24 @@
|
||||
+.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
|
||||
+.SH NAME
|
||||
+genhomedircon \- generate SELinux file context configuration entries for user home directories
|
||||
+.SH SYNOPSIS
|
||||
+.SH DESCRIPTION
|
||||
+.B genhomedircon
|
||||
+is a script that executes
|
||||
+.B semodule
|
||||
@ -251020,7 +251020,7 @@ index b6abdf5..c05c943 100644
|
||||
Generate an additional HTML man pages for the specified domain(s).
|
||||
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
||||
index b25d3b2..9b29b39 100755
|
||||
index b25d3b2..43a8101 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy.py
|
||||
@@ -22,6 +22,8 @@
|
||||
@ -251037,7 +251037,7 @@ index b25d3b2..9b29b39 100755
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
|
||||
+usage = "sepolicy generate [-h] [-n NAME] [-p PATH] [-w [WRITEPATHS [WRITEPATHS ...]]] ["
|
||||
+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',), ' --admin_user':('-a ADMIN_DOMAIN',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
|
||||
+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',), ' --admin_user':('[-r ROLE ]',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
|
||||
+
|
||||
class CheckPath(argparse.Action):
|
||||
def __call__(self, parser, namespace, values, option_string=None):
|
||||
@ -251100,7 +251100,7 @@ index b25d3b2..9b29b39 100755
|
||||
newval = getattr(namespace, self.dest)
|
||||
if not newval:
|
||||
newval = []
|
||||
@@ -140,27 +165,65 @@ class CheckPolicyType(argparse.Action):
|
||||
@@ -140,27 +165,76 @@ class CheckPolicyType(argparse.Action):
|
||||
|
||||
class CheckUser(argparse.Action):
|
||||
def __call__(self, parser, namespace, value, option_string=None):
|
||||
@ -251115,6 +251115,17 @@ index b25d3b2..9b29b39 100755
|
||||
newval.append(value)
|
||||
setattr(namespace, self.dest, newval)
|
||||
|
||||
+class CheckRole(argparse.Action):
|
||||
+ def __call__(self, parser, namespace, value, option_string=None):
|
||||
+ newval = getattr(namespace, self.dest)
|
||||
+ if not newval:
|
||||
+ newval = []
|
||||
+ roles = sepolicy.get_all_roles()
|
||||
+ if value not in roles:
|
||||
+ raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (value, ", ".join(roles)))
|
||||
+ newval.append(value[:-2])
|
||||
+ setattr(namespace, self.dest, newval)
|
||||
+
|
||||
+class InterfaceInfo(argparse.Action):
|
||||
+ def __call__(self, parser, namespace, values, option_string=None):
|
||||
+ from sepolicy.interface import get_interface_dict
|
||||
@ -251173,7 +251184,7 @@ index b25d3b2..9b29b39 100755
|
||||
if args.list_ports:
|
||||
all_ports = []
|
||||
for i in portrecs:
|
||||
@@ -201,41 +264,41 @@ def manpage(args):
|
||||
@@ -201,41 +275,41 @@ def manpage(args):
|
||||
from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
|
||||
|
||||
path = args.path
|
||||
@ -251238,7 +251249,7 @@ index b25d3b2..9b29b39 100755
|
||||
|
||||
def gen_network_args(parser):
|
||||
net = parser.add_parser("network",
|
||||
@@ -283,7 +346,6 @@ def gen_communicate_args(parser):
|
||||
@@ -283,7 +357,6 @@ def gen_communicate_args(parser):
|
||||
comm.set_defaults(func=communicate)
|
||||
|
||||
def booleans(args):
|
||||
@ -251246,7 +251257,7 @@ index b25d3b2..9b29b39 100755
|
||||
from sepolicy import boolean_desc
|
||||
if args.all:
|
||||
rc, args.booleans = selinux.security_get_boolean_names()
|
||||
@@ -300,6 +362,7 @@ def gen_booleans_args(parser):
|
||||
@@ -300,6 +373,7 @@ def gen_booleans_args(parser):
|
||||
action="store_true",
|
||||
help=_("get all booleans descriptions"))
|
||||
group.add_argument("-b", "--boolean", dest="booleans", nargs="+",
|
||||
@ -251254,7 +251265,7 @@ index b25d3b2..9b29b39 100755
|
||||
help=_("boolean to get description"))
|
||||
bools.set_defaults(func=booleans)
|
||||
|
||||
@@ -319,22 +382,49 @@ def gen_transition_args(parser):
|
||||
@@ -319,22 +393,49 @@ def gen_transition_args(parser):
|
||||
help=_("target process domain"))
|
||||
trans.set_defaults(func=transition)
|
||||
|
||||
@ -251313,7 +251324,7 @@ index b25d3b2..9b29b39 100755
|
||||
if not args.command:
|
||||
raise ValueError(_("Command required for this type of policy"))
|
||||
cmd = os.path.realpath(args.command)
|
||||
@@ -346,8 +436,18 @@ def generate(args):
|
||||
@@ -346,8 +447,18 @@ def generate(args):
|
||||
mypolicy.set_program(cmd)
|
||||
|
||||
if args.types:
|
||||
@ -251332,7 +251343,15 @@ index b25d3b2..9b29b39 100755
|
||||
for p in args.writepaths:
|
||||
if os.path.isdir(p):
|
||||
mypolicy.add_dir(p)
|
||||
@@ -366,20 +466,34 @@ def generate(args):
|
||||
@@ -355,6 +466,7 @@ def generate(args):
|
||||
mypolicy.add_file(p)
|
||||
|
||||
mypolicy.set_transition_users(args.user)
|
||||
+ mypolicy.set_admin_roles(args.role)
|
||||
mypolicy.set_admin_domains(args.admin_domain)
|
||||
mypolicy.set_existing_domains(args.domain)
|
||||
|
||||
@@ -366,20 +478,34 @@ def generate(args):
|
||||
def gen_interface_args(parser):
|
||||
itf = parser.add_parser("interface",
|
||||
help=_('List SELinux Policy interfaces'))
|
||||
@ -251370,7 +251389,17 @@ index b25d3b2..9b29b39 100755
|
||||
help=_('Generate SELinux Policy module template'))
|
||||
pol.add_argument("-d", "--domain", dest="domain", default=[],
|
||||
action=CheckDomain, nargs="*",
|
||||
@@ -397,53 +511,57 @@ def gen_generate_args(parser):
|
||||
@@ -387,6 +513,9 @@ def gen_generate_args(parser):
|
||||
pol.add_argument("-u", "--user", dest="user", default=[],
|
||||
action=CheckUser,
|
||||
help=_("Enter SELinux user(s) which will transition to this domain"))
|
||||
+ pol.add_argument("-r", "--role", dest="role", default=[],
|
||||
+ action=CheckRole,
|
||||
+ help=_("Enter SELinux role(s) to which this domain will transition"))
|
||||
pol.add_argument("-a", "--admin", dest="admin_domain",default=[],
|
||||
action=CheckAdmin,
|
||||
help=_("Enter domain(s) that this confined admin will administrate"))
|
||||
@@ -397,53 +526,57 @@ def gen_generate_args(parser):
|
||||
help=argparse.SUPPRESS)
|
||||
pol.add_argument("-t", "--type", dest="types", default=[], nargs="*",
|
||||
action=CheckType,
|
||||
@ -251454,7 +251483,7 @@ index b25d3b2..9b29b39 100755
|
||||
pol.set_defaults(func=generate)
|
||||
|
||||
if __name__ == '__main__':
|
||||
@@ -461,11 +579,17 @@ if __name__ == '__main__':
|
||||
@@ -461,11 +594,17 @@ if __name__ == '__main__':
|
||||
gen_transition_args(subparsers)
|
||||
|
||||
try:
|
||||
@ -251474,7 +251503,7 @@ index b25d3b2..9b29b39 100755
|
||||
except KeyboardInterrupt:
|
||||
sys.exit(0)
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
index 5e7415c..b367e9c 100644
|
||||
index 5e7415c..8862ebb 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
@@ -7,6 +7,9 @@ import _policy
|
||||
@ -251487,7 +251516,7 @@ index 5e7415c..b367e9c 100644
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
try:
|
||||
@@ -37,9 +40,119 @@ CLASS = 'class'
|
||||
@@ -37,9 +40,134 @@ CLASS = 'class'
|
||||
TRANSITION = 'transition'
|
||||
ROLE_ALLOW = 'role_allow'
|
||||
|
||||
@ -251541,11 +251570,20 @@ index 5e7415c..b367e9c 100644
|
||||
+
|
||||
+ for f in all_writes:
|
||||
+ try:
|
||||
+ mpaths[f] = fcdict[f]
|
||||
+ mpaths[f] = fcdict[f]["regex"]
|
||||
+ except KeyError:
|
||||
+ mpaths[f] = []
|
||||
+ return mpaths
|
||||
+
|
||||
+import os, pprint, re, sys
|
||||
+def find_file(reg, path):
|
||||
+ try:
|
||||
+ pat = re.compile(r"%s$" % reg)
|
||||
+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path)))
|
||||
+ except:
|
||||
+ return []
|
||||
+
|
||||
+import os
|
||||
+fcdict=None
|
||||
+def get_fcdict(fc_path = selinux.selinux_file_context_path()):
|
||||
+ global fcdict
|
||||
@ -251561,22 +251599,28 @@ index 5e7415c..b367e9c 100644
|
||||
+ for i in fc:
|
||||
+ rec = i.split()
|
||||
+ try:
|
||||
+ if len(rec) > 2:
|
||||
+ ftype = rec[1]
|
||||
+ else:
|
||||
+ ftype = ""
|
||||
+
|
||||
+ t = rec[-1].split(":")[2]
|
||||
+ if t in fcdict:
|
||||
+ fcdict[t].append(rec[0])
|
||||
+ fcdict[t]["regex"].append(rec[0])
|
||||
+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
|
||||
+ else:
|
||||
+ fcdict[t] = [ rec[0] ]
|
||||
+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype}
|
||||
+ except:
|
||||
+ pass
|
||||
+ fcdict["logfile"] = [ "all log files" ]
|
||||
+ fcdict["user_tmp_type"] = [ "all user tmp files" ]
|
||||
+ fcdict["user_home_type"] = [ "all user home files" ]
|
||||
+ fcdict["virt_image_type"] = [ "all virtual image files" ]
|
||||
+ fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ]
|
||||
+ fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ]
|
||||
+ fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ]
|
||||
+ fcdict["file_type"] = [ "all files on the system" ]
|
||||
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
|
||||
+ fcdict["logfile"] = { "regex" : [ "all log files" ]}
|
||||
+ fcdict["user_tmp_type"] = { "regex" : [ "all user tmp files" ]}
|
||||
+ fcdict["user_home_type"] = { "regex" : [ "all user home files" ]}
|
||||
+ fcdict["virt_image_type"] = { "regex" : [ "all virtual image files" ]}
|
||||
+ fcdict["noxattrfs"] = { "regex" : [ "all files on file systems which do not support extended attributes" ]}
|
||||
+ fcdict["sandbox_tmpfs_type"] = { "regex" : [ "all sandbox content in tmpfs file systems" ]}
|
||||
+ fcdict["user_tmpfs_type"] = { "regex" : [ "all user content in tmpfs file systems" ]}
|
||||
+ fcdict["file_type"] = { "regex" : [ "all files on the system" ] }
|
||||
+ fcdict["samba_share_t"] = { "regex" : [ "use this label for random content that will be shared using samba" ] }
|
||||
+ return fcdict
|
||||
+
|
||||
+def get_entrypoint_types(setype):
|
||||
@ -251585,7 +251629,8 @@ index 5e7415c..b367e9c 100644
|
||||
+ return entrypoints
|
||||
+
|
||||
+def get_init_entrypoint_target(entrypoint):
|
||||
+ try:
|
||||
try:
|
||||
- path = selinux.selinux_binary_policy_path()
|
||||
+ entrypoints = map(lambda x: x['transtype'], search([TRANSITION],{'source':"init_t", 'target':entrypoint, 'class':'process'}))
|
||||
+ return entrypoints[0]
|
||||
+ except TypeError:
|
||||
@ -251597,19 +251642,18 @@ index 5e7415c..b367e9c 100644
|
||||
+ mpaths = {}
|
||||
+ for f in get_entrypoint_types(setype):
|
||||
+ try:
|
||||
+ mpaths[f] = fcdict[f]
|
||||
+ mpaths[f] = fcdict[f]["regex"]
|
||||
+ except:
|
||||
+ mpaths[f] = []
|
||||
+ return mpaths
|
||||
+
|
||||
+def get_installed_policy(root = "/"):
|
||||
try:
|
||||
- path = selinux.selinux_binary_policy_path()
|
||||
+ try:
|
||||
+ path = root + selinux.selinux_binary_policy_path()
|
||||
policies = glob.glob ("%s.*" % path )
|
||||
policies.sort()
|
||||
return policies[-1]
|
||||
@@ -47,6 +160,27 @@ def __get_installed_policy():
|
||||
@@ -47,6 +175,27 @@ def __get_installed_policy():
|
||||
pass
|
||||
raise ValueError(_("No SELinux Policy installed"))
|
||||
|
||||
@ -251637,7 +251681,7 @@ index 5e7415c..b367e9c 100644
|
||||
all_types = None
|
||||
def get_all_types():
|
||||
global all_types
|
||||
@@ -54,6 +188,13 @@ def get_all_types():
|
||||
@@ -54,6 +203,13 @@ def get_all_types():
|
||||
all_types = map(lambda x: x['name'], info(TYPE))
|
||||
return all_types
|
||||
|
||||
@ -251651,7 +251695,7 @@ index 5e7415c..b367e9c 100644
|
||||
role_allows = None
|
||||
def get_all_role_allows():
|
||||
global role_allows
|
||||
@@ -71,6 +212,7 @@ def get_all_role_allows():
|
||||
@@ -71,6 +227,7 @@ def get_all_role_allows():
|
||||
return role_allows
|
||||
|
||||
def get_all_entrypoint_domains():
|
||||
@ -251659,7 +251703,7 @@ index 5e7415c..b367e9c 100644
|
||||
all_domains = []
|
||||
types=get_all_types()
|
||||
types.sort()
|
||||
@@ -81,11 +223,54 @@ def get_all_entrypoint_domains():
|
||||
@@ -81,11 +238,54 @@ def get_all_entrypoint_domains():
|
||||
all_domains.append(m[0])
|
||||
return all_domains
|
||||
|
||||
@ -251715,7 +251759,7 @@ index 5e7415c..b367e9c 100644
|
||||
return all_domains
|
||||
|
||||
roles = None
|
||||
@@ -139,50 +324,92 @@ def get_all_attributes():
|
||||
@@ -139,50 +339,92 @@ def get_all_attributes():
|
||||
return all_attributes
|
||||
|
||||
def policy(policy_file):
|
||||
@ -251833,7 +251877,7 @@ index 5e7415c..b367e9c 100644
|
||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
global booleans_dict
|
||||
if booleans_dict:
|
||||
@@ -191,7 +418,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
@@ -191,7 +433,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
import re
|
||||
booleans_dict = {}
|
||||
try:
|
||||
@ -251856,7 +251900,7 @@ index a179d95..9b9a09a 100755
|
||||
tlist = []
|
||||
for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
index 26f8390..ce328e6 100644
|
||||
index 26f8390..a5e4b9b 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
@@ -63,20 +63,6 @@ except IOError:
|
||||
@ -251898,15 +251942,6 @@ index 26f8390..ce328e6 100644
|
||||
line = "%s(%s_t)\n" % (method, self.name)
|
||||
else:
|
||||
line = """
|
||||
@@ -765,7 +751,7 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
|
||||
return newte
|
||||
|
||||
- if self.type == RUSER:
|
||||
+ if self.type == RUSER or self.type == AUSER:
|
||||
newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
|
||||
|
||||
for app in self.admin_domains:
|
||||
@@ -875,6 +861,13 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
if t.endswith(i):
|
||||
newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
|
||||
@ -252266,7 +252301,7 @@ index 8b063ca..c7dac62 100644
|
||||
+ else:
|
||||
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
index 25062da..086f2a7 100755
|
||||
index 25062da..c4d8161 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
@@ -28,12 +28,12 @@ import string
|
||||
@ -252304,7 +252339,47 @@ index 25062da..086f2a7 100755
|
||||
if domain in domains:
|
||||
continue
|
||||
domains.append(domain)
|
||||
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
|
||||
@@ -114,39 +114,6 @@ def gen_domains():
|
||||
domains.sort()
|
||||
return domains
|
||||
|
||||
-fcdict=None
|
||||
-def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
|
||||
- global fcdict
|
||||
- if fcdict:
|
||||
- return fcdict
|
||||
- fd = open(fc_path, "r")
|
||||
- fc = fd.readlines()
|
||||
- fd.close()
|
||||
- fd = open(fc_path+".homedirs", "r")
|
||||
- fc += fd.readlines()
|
||||
- fd.close()
|
||||
- fcdict = {}
|
||||
- for i in fc:
|
||||
- rec = i.split()
|
||||
- try:
|
||||
- t = rec[-1].split(":")[2]
|
||||
- if t in fcdict:
|
||||
- fcdict[t].append(rec[0])
|
||||
- else:
|
||||
- fcdict[t] = [ rec[0] ]
|
||||
- except:
|
||||
- pass
|
||||
- fcdict["logfile"] = [ "all log files" ]
|
||||
- fcdict["user_tmp_type"] = [ "all user tmp files" ]
|
||||
- fcdict["user_home_type"] = [ "all user home files" ]
|
||||
- fcdict["virt_image_type"] = [ "all virtual image files" ]
|
||||
- fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ]
|
||||
- fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ]
|
||||
- fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ]
|
||||
- fcdict["file_type"] = [ "all files on the system" ]
|
||||
- fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
|
||||
- return fcdict
|
||||
-
|
||||
types = None
|
||||
def _gen_types():
|
||||
global types
|
||||
@@ -184,14 +151,12 @@ def get_alphabet_manpages(manpage_list):
|
||||
return alphabet_manpages
|
||||
|
||||
def convert_manpage_to_html(html_manpage,manpage):
|
||||
@ -252323,7 +252398,7 @@ index 25062da..086f2a7 100755
|
||||
|
||||
class HTMLManPages:
|
||||
"""
|
||||
@@ -416,56 +414,42 @@ class ManPage:
|
||||
@@ -416,56 +381,42 @@ class ManPage:
|
||||
"""
|
||||
Generate a Manpage on an SELinux domain in the specified path
|
||||
"""
|
||||
@ -252351,6 +252426,7 @@ index 25062da..086f2a7 100755
|
||||
- self.fcpath = fcpath
|
||||
- else:
|
||||
- self.fcpath = selinux.selinux_file_context_path()
|
||||
- self.fcdict = _gen_fcdict(self.fcpath)
|
||||
+ self.root = root
|
||||
+ self.portrecs = gen_port_dict()[0]
|
||||
+ self.domains = gen_domains()
|
||||
@ -252366,7 +252442,7 @@ index 25062da..086f2a7 100755
|
||||
+ self.types = _gen_types()
|
||||
+
|
||||
+ self.fcpath = self.root + selinux.selinux_file_context_path()
|
||||
self.fcdict = _gen_fcdict(self.fcpath)
|
||||
+ self.fcdict = get_fcdict(self.fcpath)
|
||||
|
||||
if not os.path.exists(path):
|
||||
os.makedirs(path)
|
||||
@ -252400,7 +252476,7 @@ index 25062da..086f2a7 100755
|
||||
self.__gen_user_man_page()
|
||||
if self.html:
|
||||
manpage_roles.append(self.man_page_path)
|
||||
@@ -483,16 +467,16 @@ class ManPage:
|
||||
@@ -483,16 +434,16 @@ class ManPage:
|
||||
def _gen_bools(self):
|
||||
self.bools=[]
|
||||
self.domainbools=[]
|
||||
@ -252427,7 +252503,7 @@ index 25062da..086f2a7 100755
|
||||
|
||||
self.bools.sort()
|
||||
self.domainbools.sort()
|
||||
@@ -538,9 +522,6 @@ class ManPage:
|
||||
@@ -538,9 +489,6 @@ class ManPage:
|
||||
print path
|
||||
|
||||
def __gen_man_page(self):
|
||||
@ -252437,7 +252513,7 @@ index 25062da..086f2a7 100755
|
||||
self.anon_list = []
|
||||
|
||||
self.attributes = {}
|
||||
@@ -563,22 +544,11 @@ class ManPage:
|
||||
@@ -563,22 +511,11 @@ class ManPage:
|
||||
|
||||
def _get_ptypes(self):
|
||||
for f in self.all_domains:
|
||||
@ -252463,7 +252539,7 @@ index 25062da..086f2a7 100755
|
||||
% {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
@@ -774,7 +744,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
@@ -774,7 +711,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
def _port_types(self):
|
||||
self.ports = []
|
||||
for f in self.all_port_types:
|
||||
@ -252472,7 +252548,34 @@ index 25062da..086f2a7 100755
|
||||
self.ports.append(f)
|
||||
|
||||
if len(self.ports) == 0:
|
||||
@@ -923,13 +893,12 @@ to apply the labels.
|
||||
@@ -821,7 +758,7 @@ Default Defined Ports:""")
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
if f in self.fcdict:
|
||||
- mpaths = mpaths + self.fcdict[f]
|
||||
+ mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
if len(mpaths) == 0:
|
||||
return
|
||||
mpaths.sort()
|
||||
@@ -901,14 +838,14 @@ Note: SELinux often uses regular expressions to specify labels that match multip
|
||||
|
||||
if f in self.fcdict:
|
||||
plural = ""
|
||||
- if len(self.fcdict[f]) > 1:
|
||||
+ if len(self.fcdict[f]["regex"]) > 1:
|
||||
plural = "s"
|
||||
self.fd.write("""
|
||||
.br
|
||||
.TP 5
|
||||
Path%s:
|
||||
-%s""" % (plural, self.fcdict[f][0]))
|
||||
- for x in self.fcdict[f][1:]:
|
||||
+%s""" % (plural, self.fcdict[f]["regex"][0]))
|
||||
+ for x in self.fcdict[f]["regex"][1:]:
|
||||
self.fd.write(", %s" % x)
|
||||
|
||||
self.fd.write("""
|
||||
@@ -923,13 +860,12 @@ to apply the labels.
|
||||
|
||||
def _see_also(self):
|
||||
ret = ""
|
||||
@ -252488,7 +252591,7 @@ index 25062da..086f2a7 100755
|
||||
ret += ", %s_selinux(8)" % d
|
||||
self.fd.write(ret)
|
||||
|
||||
@@ -947,13 +916,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
|
||||
@@ -947,13 +883,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
|
||||
.B restorecon -F -R -v /var/%(domainname)s
|
||||
.pp
|
||||
.TP
|
||||
@ -252505,7 +252608,7 @@ index 25062da..086f2a7 100755
|
||||
""" % {'domainname':self.domainname})
|
||||
for b in self.anon_list:
|
||||
desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
|
||||
@@ -998,12 +968,11 @@ is a GUI tool available to customize SELinux policy settings.
|
||||
@@ -998,12 +935,11 @@ is a GUI tool available to customize SELinux policy settings.
|
||||
|
||||
.SH AUTHOR
|
||||
This manual page was auto-generated using
|
||||
@ -252520,7 +252623,25 @@ index 25062da..086f2a7 100755
|
||||
|
||||
if self.booltext != "":
|
||||
self.fd.write(", setsebool(8)")
|
||||
@@ -1230,6 +1199,7 @@ The SELinux user %s_u is not able to terminal login.
|
||||
@@ -1046,7 +982,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
|
||||
paths=[]
|
||||
for entrypoint in entrypoints:
|
||||
if entrypoint in self.fcdict:
|
||||
- paths += self.fcdict[entrypoint]
|
||||
+ paths += self.fcdict[entrypoint]["regex"]
|
||||
|
||||
self.fd.write("""
|
||||
%s""" % ", ".join(paths))
|
||||
@@ -1086,7 +1022,7 @@ The SELinux process type %s_t can manage files labeled with the following file t
|
||||
|
||||
""" % f)
|
||||
if f in self.fcdict:
|
||||
- for path in self.fcdict[f]:
|
||||
+ for path in self.fcdict[f]["regex"]:
|
||||
self.fd.write("""\t%s
|
||||
.br
|
||||
""" % path)
|
||||
@@ -1230,6 +1166,7 @@ The SELinux user %s_u is not able to terminal login.
|
||||
""" % self.domainname)
|
||||
|
||||
def _network(self):
|
||||
@ -252528,6 +252649,32 @@ index 25062da..086f2a7 100755
|
||||
self.fd.write("""
|
||||
.SH NETWORK
|
||||
""")
|
||||
@@ -1241,10 +1178,10 @@ The SELinux user %s_u is not able to terminal login.
|
||||
The SELinux user %s_u is able to listen on the following %s ports.
|
||||
""" % (self.domainname, net))
|
||||
for p in portdict:
|
||||
- for recs in portdict[p]:
|
||||
+ for t, ports in portdict[p]:
|
||||
self.fd.write("""
|
||||
.B %s
|
||||
-""" % recs)
|
||||
+""" % ",".join(ports))
|
||||
portdict = network.get_network_connect(self.type, "tcp", "name_connect")
|
||||
if len(portdict) > 0:
|
||||
self.fd.write("""
|
||||
@@ -1252,10 +1189,10 @@ The SELinux user %s_u is able to listen on the following %s ports.
|
||||
The SELinux user %s_u is able to connect to the following tcp ports.
|
||||
""" % (self.domainname))
|
||||
for p in portdict:
|
||||
- for recs in portdict[p]:
|
||||
+ for t, ports in portdict[p]:
|
||||
self.fd.write("""
|
||||
.B %s
|
||||
-""" % recs)
|
||||
+""" % ",".join(ports))
|
||||
|
||||
def _home_exec(self):
|
||||
permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']})
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
|
||||
index 66efe26..970f4c8 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy/network.py
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.14
|
||||
Release: 53%{?dist}
|
||||
Release: 54%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -311,6 +311,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Tue Jun 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-54
|
||||
- Make fcdict return a dictionary of dictionaries
|
||||
- Fix for sepolicy manpage
|
||||
|
||||
* Mon Jun 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-53
|
||||
- Add new man pages for each semanage subsection
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user