policycoreutils-3.4-7
- Rebase on upstream f56a72ac9e86 - sepolicy: fix sepolicy manpage -w - sandbox: add -R option to alternate XDG_RUNTIME_DIR - Remove dependency on the Python module distutils
This commit is contained in:
parent
f63d7fa68f
commit
577b79db7e
@ -0,0 +1,36 @@
|
|||||||
|
From dd98fa322766760c4e1f029cf19d2515a583304f Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Fri, 20 May 2022 15:16:10 +0200
|
||||||
|
Subject: [PATCH] libselinux: declare return value of context_str(3) const
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
context_str(3) returns a string representation of the given context.
|
||||||
|
This string is owned by the context and free'd on context_free(3).
|
||||||
|
Declare it const, as already done in the man page, since it must not be
|
||||||
|
free'd by the caller.
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||||
|
---
|
||||||
|
policycoreutils/newrole/newrole.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
|
||||||
|
index ae37d7253761..c2afa37e0ac3 100644
|
||||||
|
--- a/policycoreutils/newrole/newrole.c
|
||||||
|
+++ b/policycoreutils/newrole/newrole.c
|
||||||
|
@@ -842,7 +842,7 @@ static int parse_command_line_arguments(int argc, char **argv, char *ttyn,
|
||||||
|
char *type_ptr = NULL; /* stores malloc'd data from get_default_type */
|
||||||
|
char *level_s = NULL; /* level spec'd by user in argv[] */
|
||||||
|
char *range_ptr = NULL;
|
||||||
|
- char *new_con = NULL;
|
||||||
|
+ const char *new_con = NULL;
|
||||||
|
char *tty_con = NULL;
|
||||||
|
context_t context = NULL; /* manipulatable form of new_context */
|
||||||
|
const struct option long_options[] = {
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 71a2f14767c0ec70c23ecce43d7cbc5404c95552 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
|
||||||
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
|
||||||
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 7 +++++--
|
|
||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index 3e61e333193f..82338aeeef32 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -737,10 +737,13 @@ Default Defined Ports:""")
|
|
||||||
|
|
||||||
def _file_context(self):
|
|
||||||
flist = []
|
|
||||||
+ flist_non_exec = []
|
|
||||||
mpaths = []
|
|
||||||
for f in self.all_file_types:
|
|
||||||
if f.startswith(self.domainname):
|
|
||||||
flist.append(f)
|
|
||||||
+ if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
|
||||||
+ flist_non_exec.append(f)
|
|
||||||
if f in self.fcdict:
|
|
||||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
|
||||||
if len(mpaths) == 0:
|
|
||||||
@@ -799,12 +802,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
|
||||||
SELinux defines the file context types for the %(domainname)s, if you wanted to
|
|
||||||
store files with these types in a diffent paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk.
|
|
||||||
|
|
||||||
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
|
|
||||||
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
|
|
||||||
.br
|
|
||||||
.B restorecon -R -v /srv/my%(domainname)s_content
|
|
||||||
|
|
||||||
Note: SELinux often uses regular expressions to specify labels that match multiple files.
|
|
||||||
-""" % {'domainname': self.domainname, "type": flist[0]})
|
|
||||||
+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
|
|
||||||
|
|
||||||
self.fd.write(r"""
|
|
||||||
.I The following file types are defined for %(domainname)s:
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
49
0002-semodule-avoid-toctou-on-output-module.patch
Normal file
49
0002-semodule-avoid-toctou-on-output-module.patch
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
From 6d02b2fa29954e239721907e1fce238f25ea4f2f Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Fri, 20 May 2022 15:19:52 +0200
|
||||||
|
Subject: [PATCH] semodule: avoid toctou on output module
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Do not check for file existence and open afterwards, open with the
|
||||||
|
exclusive flag (supported in Glibc and musl 0.9.6 and also standardized
|
||||||
|
in C11).
|
||||||
|
|
||||||
|
Found by GitHub CodeQL.
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||||
|
---
|
||||||
|
policycoreutils/semodule/semodule.c | 13 +++++--------
|
||||||
|
1 file changed, 5 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
||||||
|
index 1ed8e69054e0..48bc28dd0973 100644
|
||||||
|
--- a/policycoreutils/semodule/semodule.c
|
||||||
|
+++ b/policycoreutils/semodule/semodule.c
|
||||||
|
@@ -550,15 +550,12 @@ int main(int argc, char *argv[])
|
||||||
|
goto cleanup_extract;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (access(output_path, F_OK) == 0) {
|
||||||
|
- fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
|
||||||
|
- result = -1;
|
||||||
|
- goto cleanup_extract;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- output_fd = fopen(output_path, "w");
|
||||||
|
+ output_fd = fopen(output_path, "wx");
|
||||||
|
if (output_fd == NULL) {
|
||||||
|
- fprintf(stderr, "%s: Unable to open %s\n", argv[0], output_path);
|
||||||
|
+ if (errno == EEXIST)
|
||||||
|
+ fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
|
||||||
|
+ else
|
||||||
|
+ fprintf(stderr, "%s: Unable to open %s: %s\n", argv[0], output_path, strerror(errno));
|
||||||
|
result = -1;
|
||||||
|
goto cleanup_extract;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From d55a06c002641dce1301b9b5639bd8e206460724 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Mon, 12 May 2014 14:11:22 +0200
|
|
||||||
Subject: [PATCH] If there is no executable we don't want to print a part of
|
|
||||||
STANDARD FILE CONTEXT
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index 82338aeeef32..ec8aa1cb94a2 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -795,7 +795,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
|
||||||
.PP
|
|
||||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
|
||||||
|
|
||||||
- self.fd.write(r"""
|
|
||||||
+ if flist_non_exec:
|
|
||||||
+ self.fd.write(r"""
|
|
||||||
.PP
|
|
||||||
.B STANDARD FILE CONTEXT
|
|
||||||
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 4a53c0c3ee0edba37ba8e62064175c4928f761a8 Mon Sep 17 00:00:00 2001
|
From abaf812c3877f6b595eb8643582eacef2dd4df3f Mon Sep 17 00:00:00 2001
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Date: Mon, 30 May 2022 14:20:21 +0200
|
Date: Mon, 30 May 2022 14:20:21 +0200
|
||||||
Subject: [PATCH] python: Split "semanage import" into two transactions
|
Subject: [PATCH] python: Split "semanage import" into two transactions
|
||||||
@ -18,10 +18,10 @@ Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|||||||
1 file changed, 19 insertions(+), 2 deletions(-)
|
1 file changed, 19 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
index f45061a601f9..4e8d64d6863a 100644
|
index 8f4e44a7a9cd..1d8281281d05 100644
|
||||||
--- a/python/semanage/semanage
|
--- a/python/semanage/semanage
|
||||||
+++ b/python/semanage/semanage
|
+++ b/python/semanage/semanage
|
||||||
@@ -853,10 +853,29 @@ def handleImport(args):
|
@@ -852,10 +852,29 @@ def handleImport(args):
|
||||||
trans = seobject.semanageRecords(args)
|
trans = seobject.semanageRecords(args)
|
||||||
trans.start()
|
trans.start()
|
||||||
|
|
||||||
@ -51,7 +51,7 @@ index f45061a601f9..4e8d64d6863a 100644
|
|||||||
try:
|
try:
|
||||||
commandParser = createCommandParser()
|
commandParser = createCommandParser()
|
||||||
args = commandParser.parse_args(mkargv(l))
|
args = commandParser.parse_args(mkargv(l))
|
||||||
@@ -870,8 +889,6 @@ def handleImport(args):
|
@@ -869,8 +888,6 @@ def handleImport(args):
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
@ -61,5 +61,5 @@ index f45061a601f9..4e8d64d6863a 100644
|
|||||||
def setupImportParser(subparsers):
|
def setupImportParser(subparsers):
|
||||||
importParser = subparsers.add_parser('import', help=_('Import local customizations'))
|
importParser = subparsers.add_parser('import', help=_('Import local customizations'))
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
50
0004-python-audit2allow-close-file-stream-on-error.patch
Normal file
50
0004-python-audit2allow-close-file-stream-on-error.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
From c14a86af9a2304175e54897634f808b42345325b Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Fri, 20 May 2022 14:51:07 +0200
|
||||||
|
Subject: [PATCH] python/audit2allow: close file stream on error
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
sepolgen-ifgen-attr-helper.c: In function ‘load_policy’:
|
||||||
|
sepolgen-ifgen-attr-helper.c:196:17: warning: leak of FILE ‘fp’ [CWE-775] [-Wanalyzer-file-leak]
|
||||||
|
196 | fprintf(stderr, "Out of memory!\n");
|
||||||
|
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
python/audit2allow/sepolgen-ifgen-attr-helper.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||||
|
index 6f3ba96260de..5e6cffc1887d 100644
|
||||||
|
--- a/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||||
|
+++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||||
|
@@ -194,12 +194,14 @@ static policydb_t *load_policy(const char *filename)
|
||||||
|
policydb = malloc(sizeof(policydb_t));
|
||||||
|
if (policydb == NULL) {
|
||||||
|
fprintf(stderr, "Out of memory!\n");
|
||||||
|
+ fclose(fp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (policydb_init(policydb)) {
|
||||||
|
fprintf(stderr, "Out of memory!\n");
|
||||||
|
free(policydb);
|
||||||
|
+ fclose(fp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -208,6 +210,7 @@ static policydb_t *load_policy(const char *filename)
|
||||||
|
fprintf(stderr,
|
||||||
|
"error(s) encountered while parsing configuration\n");
|
||||||
|
free(policydb);
|
||||||
|
+ fclose(fp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,27 +0,0 @@
|
|||||||
From 1747f59fece8183772e5591ce5b5feb5f421f602 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Fri, 20 Feb 2015 16:42:01 +0100
|
|
||||||
Subject: [PATCH] We want to remove the trailing newline for
|
|
||||||
/etc/system_release.
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/__init__.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index 9447812b7450..aa8beda313c8 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -1228,7 +1228,7 @@ def get_os_version():
|
|
||||||
system_release = ""
|
|
||||||
try:
|
|
||||||
with open('/etc/system-release') as f:
|
|
||||||
- system_release = f.readline()
|
|
||||||
+ system_release = f.readline().rstrip()
|
|
||||||
except IOError:
|
|
||||||
system_release = "Misc"
|
|
||||||
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From ff2aba6d202f49749cbb19a84bf0e1cdae54c5e9 Mon Sep 17 00:00:00 2001
|
From 344463076b2a91e1d2c7f5cc3835dc1a53a05e88 Mon Sep 17 00:00:00 2001
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Date: Fri, 24 Jun 2022 16:24:25 +0200
|
Date: Fri, 24 Jun 2022 16:24:25 +0200
|
||||||
Subject: [PATCH] gettext: handle unsupported languages properly
|
Subject: [PATCH] gettext: handle unsupported languages properly
|
||||||
@ -218,7 +218,7 @@ index e779fcc6ebd7..952cb8187599 100755
|
|||||||
import builtins
|
import builtins
|
||||||
builtins.__dict__['_'] = str
|
builtins.__dict__['_'] = str
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
index 8f4e44a7a9cd..f45061a601f9 100644
|
index 1d8281281d05..4e8d64d6863a 100644
|
||||||
--- a/python/semanage/semanage
|
--- a/python/semanage/semanage
|
||||||
+++ b/python/semanage/semanage
|
+++ b/python/semanage/semanage
|
||||||
@@ -38,7 +38,8 @@ try:
|
@@ -38,7 +38,8 @@ try:
|
||||||
@ -275,7 +275,7 @@ index 7ebe0efa88a1..c7a70e094b0c 100755
|
|||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
index 95520f9bc35d..6bde1971fd7c 100644
|
index 7208234b4a4a..9c3caa05b80b 100644
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
@@ -31,7 +31,8 @@ try:
|
@@ -31,7 +31,8 @@ try:
|
||||||
@ -289,7 +289,7 @@ index 95520f9bc35d..6bde1971fd7c 100644
|
|||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||||
index 3e8b9f9c291d..eff3a8973917 100644
|
index 67189fc36b99..3717d5d4ed78 100644
|
||||||
--- a/python/sepolicy/sepolicy/generate.py
|
--- a/python/sepolicy/sepolicy/generate.py
|
||||||
+++ b/python/sepolicy/sepolicy/generate.py
|
+++ b/python/sepolicy/sepolicy/generate.py
|
||||||
@@ -56,7 +56,8 @@ try:
|
@@ -56,7 +56,8 @@ try:
|
||||||
@ -331,7 +331,7 @@ index 599f97fdc6e7..43f86443f2c8 100644
|
|||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||||
index 3ef444a12561..53cc504149c9 100644
|
index cd5709fb07df..789621e136da 100644
|
||||||
--- a/sandbox/sandbox
|
--- a/sandbox/sandbox
|
||||||
+++ b/sandbox/sandbox
|
+++ b/sandbox/sandbox
|
||||||
@@ -45,7 +45,8 @@ try:
|
@@ -45,7 +45,8 @@ try:
|
||||||
@ -345,5 +345,5 @@ index 3ef444a12561..53cc504149c9 100644
|
|||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From 0bd28bc715034c644405d3c03f160d69ae710500 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Fri, 20 Feb 2015 16:42:53 +0100
|
|
||||||
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index c632d05dbb1b..3ae2f42b2fdf 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -222,7 +222,7 @@ class HTMLManPages:
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<link rel=stylesheet type="text/css" href="style.css" title="style">
|
|
||||||
- <title>SELinux man pages online</title>
|
|
||||||
+ <title>SELinux man pages</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>SELinux man pages for %s</h1>
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From afafe02fa9b6b7fdcce883c5e873d46b9d811d66 Mon Sep 17 00:00:00 2001
|
From 8cc529af51e8aa68a167ce78cf92687604f98619 Mon Sep 17 00:00:00 2001
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||||
Date: Wed, 8 Jun 2022 19:09:54 +0200
|
Date: Wed, 8 Jun 2022 19:09:54 +0200
|
||||||
Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh
|
Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh
|
||||||
@ -40,7 +40,7 @@ index d1735d216276..c56e580f27b8 100644
|
|||||||
.B \-D, \-\-disable_dontaudit
|
.B \-D, \-\-disable_dontaudit
|
||||||
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
||||||
index 1ed8e69054e0..ec0794866daa 100644
|
index 48bc28dd0973..ebe062bf4c6c 100644
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
--- a/policycoreutils/semodule/semodule.c
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
+++ b/policycoreutils/semodule/semodule.c
|
||||||
@@ -150,9 +150,12 @@ static void usage(char *progname)
|
@@ -150,9 +150,12 @@ static void usage(char *progname)
|
||||||
@ -78,5 +78,5 @@ index 1ed8e69054e0..ec0794866daa 100644
|
|||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
--
|
--
|
||||||
2.36.1
|
2.38.1
|
||||||
|
|
57
0007-python-remove-IOError-in-certain-cases.patch
Normal file
57
0007-python-remove-IOError-in-certain-cases.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
From ebb4a170c024d4bf0d2773b93d916e77a87393d9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Elijah Conners <business@elijahpepe.com>
|
||||||
|
Date: Wed, 15 Jun 2022 22:13:31 -0700
|
||||||
|
Subject: [PATCH] python: remove IOError in certain cases
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
In certain cases, IOError caused the much more general exception OSError
|
||||||
|
to be unreachable.
|
||||||
|
|
||||||
|
Signed-off-by: Elijah Conners <business@elijahpepe.com>
|
||||||
|
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
---
|
||||||
|
python/semanage/semanage | 7 ++-----
|
||||||
|
sandbox/sandbox | 2 --
|
||||||
|
2 files changed, 2 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
|
index 4e8d64d6863a..10ab3fa67d7f 100644
|
||||||
|
--- a/python/semanage/semanage
|
||||||
|
+++ b/python/semanage/semanage
|
||||||
|
@@ -971,8 +971,8 @@ def do_parser():
|
||||||
|
devnull = os.open(os.devnull, os.O_WRONLY)
|
||||||
|
os.dup2(devnull, sys.stdout.fileno())
|
||||||
|
sys.exit(1)
|
||||||
|
- except IOError as e:
|
||||||
|
- sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
|
||||||
|
+ except OSError as e:
|
||||||
|
+ sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[1]))
|
||||||
|
sys.exit(1)
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
sys.exit(0)
|
||||||
|
@@ -982,9 +982,6 @@ def do_parser():
|
||||||
|
except KeyError as e:
|
||||||
|
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[0]))
|
||||||
|
sys.exit(1)
|
||||||
|
- except OSError as e:
|
||||||
|
- sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[1]))
|
||||||
|
- sys.exit(1)
|
||||||
|
except RuntimeError as e:
|
||||||
|
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, e.args[0]))
|
||||||
|
sys.exit(1)
|
||||||
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||||
|
index 789621e136da..ffac70232875 100644
|
||||||
|
--- a/sandbox/sandbox
|
||||||
|
+++ b/sandbox/sandbox
|
||||||
|
@@ -534,8 +534,6 @@ if __name__ == '__main__':
|
||||||
|
error_exit(error.args[0])
|
||||||
|
except KeyError as error:
|
||||||
|
error_exit(_("Invalid value %s") % error.args[0])
|
||||||
|
- except IOError as error:
|
||||||
|
- error_exit(error)
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
rc = 0
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,39 @@
|
|||||||
|
From b5b3afbaed29895d37f6160cc0847ef5de7538ed Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Mon, 8 Aug 2022 19:36:20 +0200
|
||||||
|
Subject: [PATCH] restorecond: use strict function prototype for definition
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Clang 15 starts to complain about non strict function definitions:
|
||||||
|
|
||||||
|
user.c:172:10: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
|
||||||
|
int start() {
|
||||||
|
^
|
||||||
|
void
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
restorecond/user.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/restorecond/user.c b/restorecond/user.c
|
||||||
|
index 47b86823ff79..3ae3ebbb7230 100644
|
||||||
|
--- a/restorecond/user.c
|
||||||
|
+++ b/restorecond/user.c
|
||||||
|
@@ -169,7 +169,7 @@ io_channel_callback
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int start() {
|
||||||
|
+int start(void) {
|
||||||
|
#ifdef HAVE_DBUS
|
||||||
|
GDBusConnection *bus;
|
||||||
|
GError *err = NULL;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
56
0009-Ignore-egg-info-directories-and-clean-them.patch
Normal file
56
0009-Ignore-egg-info-directories-and-clean-them.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
From c2d58b378b3cf350d042a7b657e2b7f5861c5f26 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||||
|
Date: Mon, 8 Aug 2022 19:36:55 +0200
|
||||||
|
Subject: [PATCH] Ignore egg-info directories and clean them
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Test .gitignore and make clean distclean
|
||||||
|
error: missing .gitignore entry for libselinux/src/selinux.egg-info/
|
||||||
|
error: missing .gitignore entry for python/sepolicy/sepolicy.egg-info/
|
||||||
|
Error: Process completed with exit code 1.
|
||||||
|
|
||||||
|
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/PKG-INFO
|
||||||
|
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/SOURCES.txt
|
||||||
|
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/dependency_links.txt
|
||||||
|
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/top_level.txt
|
||||||
|
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/PKG-INFO
|
||||||
|
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/SOURCES.txt
|
||||||
|
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/dependency_links.txt
|
||||||
|
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/top_level.txt
|
||||||
|
Error: Process completed with exit code 1.
|
||||||
|
|
||||||
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
python/sepolicy/.gitignore | 1 +
|
||||||
|
python/sepolicy/Makefile | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/.gitignore b/python/sepolicy/.gitignore
|
||||||
|
index 3186c860ec0d..32fb47f92a9d 100644
|
||||||
|
--- a/python/sepolicy/.gitignore
|
||||||
|
+++ b/python/sepolicy/.gitignore
|
||||||
|
@@ -1,3 +1,4 @@
|
||||||
|
build
|
||||||
|
tmp
|
||||||
|
*.bak
|
||||||
|
+sepolicy.egg-info/
|
||||||
|
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
|
||||||
|
index 3361be4ef0bc..d983e409e5e6 100644
|
||||||
|
--- a/python/sepolicy/Makefile
|
||||||
|
+++ b/python/sepolicy/Makefile
|
||||||
|
@@ -18,7 +18,7 @@ python-build:
|
||||||
|
|
||||||
|
clean:
|
||||||
|
$(PYTHON) setup.py clean
|
||||||
|
- -rm -rf build *~ \#* *pyc .#*
|
||||||
|
+ -rm -rf build *~ \#* *pyc .#* sepolicy.egg-info/
|
||||||
|
|
||||||
|
sepolgen:
|
||||||
|
ln -sf sepolicy sepolgen
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
68
0011-docs-provide-a-top-level-LICENSE-file.patch
Normal file
68
0011-docs-provide-a-top-level-LICENSE-file.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
From a0a216ff7d86004ddc36d516377f0a6ffe88076c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paul Moore <paul@paul-moore.com>
|
||||||
|
Date: Fri, 30 Sep 2022 17:44:12 -0400
|
||||||
|
Subject: [PATCH] docs: provide a top level LICENSE file
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Provide a top level LICENSE file explaining how multiple the SELinux
|
||||||
|
userspace is released under multiple different licenses. Also ensure
|
||||||
|
that all the different license files share a consistent file name,
|
||||||
|
LICENSE, to make it easier for people to identify the license files.
|
||||||
|
|
||||||
|
This is to help meet the OpenSSF Best Practices requirements.
|
||||||
|
|
||||||
|
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
||||||
|
---
|
||||||
|
dbus/{COPYING => LICENSE} | 0
|
||||||
|
gui/{COPYING => LICENSE} | 0
|
||||||
|
policycoreutils/{COPYING => LICENSE} | 0
|
||||||
|
python/{COPYING => LICENSE} | 0
|
||||||
|
python/sepolgen/{COPYING => LICENSE} | 0
|
||||||
|
restorecond/{COPYING => LICENSE} | 0
|
||||||
|
sandbox/{COPYING => LICENSE} | 0
|
||||||
|
semodule-utils/{COPYING => LICENSE} | 0
|
||||||
|
8 files changed, 0 insertions(+), 0 deletions(-)
|
||||||
|
rename dbus/{COPYING => LICENSE} (100%)
|
||||||
|
rename gui/{COPYING => LICENSE} (100%)
|
||||||
|
rename policycoreutils/{COPYING => LICENSE} (100%)
|
||||||
|
rename python/{COPYING => LICENSE} (100%)
|
||||||
|
rename python/sepolgen/{COPYING => LICENSE} (100%)
|
||||||
|
rename restorecond/{COPYING => LICENSE} (100%)
|
||||||
|
rename sandbox/{COPYING => LICENSE} (100%)
|
||||||
|
rename semodule-utils/{COPYING => LICENSE} (100%)
|
||||||
|
|
||||||
|
diff --git a/dbus/COPYING b/dbus/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from dbus/COPYING
|
||||||
|
rename to dbus/LICENSE
|
||||||
|
diff --git a/gui/COPYING b/gui/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from gui/COPYING
|
||||||
|
rename to gui/LICENSE
|
||||||
|
diff --git a/policycoreutils/COPYING b/policycoreutils/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from policycoreutils/COPYING
|
||||||
|
rename to policycoreutils/LICENSE
|
||||||
|
diff --git a/python/COPYING b/python/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from python/COPYING
|
||||||
|
rename to python/LICENSE
|
||||||
|
diff --git a/python/sepolgen/COPYING b/python/sepolgen/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from python/sepolgen/COPYING
|
||||||
|
rename to python/sepolgen/LICENSE
|
||||||
|
diff --git a/restorecond/COPYING b/restorecond/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from restorecond/COPYING
|
||||||
|
rename to restorecond/LICENSE
|
||||||
|
diff --git a/sandbox/COPYING b/sandbox/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from sandbox/COPYING
|
||||||
|
rename to sandbox/LICENSE
|
||||||
|
diff --git a/semodule-utils/COPYING b/semodule-utils/LICENSE
|
||||||
|
similarity index 100%
|
||||||
|
rename from semodule-utils/COPYING
|
||||||
|
rename to semodule-utils/LICENSE
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,64 +0,0 @@
|
|||||||
From 3748b7eab7434698998edfcf613fe738cf19d5c9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
|
||||||
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
|
||||||
file_type_is_entrypoint(f)
|
|
||||||
Content-type: text/plain
|
|
||||||
|
|
||||||
- use direct queries
|
|
||||||
- load exec_types and entry_types only once
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
|
|
||||||
1 file changed, 20 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index 3ae2f42b2fdf..5a434bd360ae 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -127,8 +127,24 @@ def gen_domains():
|
|
||||||
domains.sort()
|
|
||||||
return domains
|
|
||||||
|
|
||||||
-types = None
|
|
||||||
|
|
||||||
+exec_types = None
|
|
||||||
+
|
|
||||||
+def _gen_exec_types():
|
|
||||||
+ global exec_types
|
|
||||||
+ if exec_types is None:
|
|
||||||
+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
|
|
||||||
+ return exec_types
|
|
||||||
+
|
|
||||||
+entry_types = None
|
|
||||||
+
|
|
||||||
+def _gen_entry_types():
|
|
||||||
+ global entry_types
|
|
||||||
+ if entry_types is None:
|
|
||||||
+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
|
|
||||||
+ return entry_types
|
|
||||||
+
|
|
||||||
+types = None
|
|
||||||
|
|
||||||
def _gen_types():
|
|
||||||
global types
|
|
||||||
@@ -374,6 +390,8 @@ class ManPage:
|
|
||||||
self.all_file_types = sepolicy.get_all_file_types()
|
|
||||||
self.role_allows = sepolicy.get_all_role_allows()
|
|
||||||
self.types = _gen_types()
|
|
||||||
+ self.exec_types = _gen_exec_types()
|
|
||||||
+ self.entry_types = _gen_entry_types()
|
|
||||||
|
|
||||||
if self.source_files:
|
|
||||||
self.fcpath = self.root + "file_contexts"
|
|
||||||
@@ -691,7 +709,7 @@ Default Defined Ports:""")
|
|
||||||
for f in self.all_file_types:
|
|
||||||
if f.startswith(self.domainname):
|
|
||||||
flist.append(f)
|
|
||||||
- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
|
||||||
+ if f not in self.exec_types or f not in self.entry_types:
|
|
||||||
flist_non_exec.append(f)
|
|
||||||
if f in self.fcdict:
|
|
||||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
38
0012-gui-Fix-export-file-chooser-dialog.patch
Normal file
38
0012-gui-Fix-export-file-chooser-dialog.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From bba6225abc6c7d8f1642d0c04c819ddc74d426c0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Tue, 11 Oct 2022 16:36:23 +0200
|
||||||
|
Subject: [PATCH] gui: Fix export file chooser dialog
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
It wasn't possible to choose a directory in filechooser dialog using
|
||||||
|
double-click - the dialog returned the directory name instead of
|
||||||
|
listing the directory.
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
Traceback (most recent call last):
|
||||||
|
File "/usr/lib/python3.10/site-packages/sepolicy/gui.py", line 2593, in on_browse_select
|
||||||
|
self.export_config(filename)
|
||||||
|
File "/usr/lib/python3.10/site-packages/sepolicy/gui.py", line 2668, in export_config
|
||||||
|
fd = open(filename, 'w')
|
||||||
|
IsADirectoryError: [Errno 21] Is a directory: '/root/Downloads'
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy/sepolicy.glade | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/sepolicy.glade b/python/sepolicy/sepolicy/sepolicy.glade
|
||||||
|
index 52407887fcfc..0724d6c8caa4 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/sepolicy.glade
|
||||||
|
+++ b/python/sepolicy/sepolicy/sepolicy.glade
|
||||||
|
@@ -168,7 +168,6 @@
|
||||||
|
<object class="GtkBox" id="filechooserdialog-vbox1">
|
||||||
|
<property name="can_focus">False</property>
|
||||||
|
<property name="orientation">vertical</property>
|
||||||
|
- <signal name="button-press-event" handler="on_choose_file" swapped="no"/>
|
||||||
|
<child internal-child="action_area">
|
||||||
|
<object class="GtkButtonBox" id="filechooserdialog-action_area1">
|
||||||
|
<property name="can_focus">False</property>
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,66 @@
|
|||||||
|
From 7238ad32a3171d82bba9b99660e55399161236fc Mon Sep 17 00:00:00 2001
|
||||||
|
From: James Carter <jwcart2@gmail.com>
|
||||||
|
Date: Wed, 19 Oct 2022 14:20:11 -0400
|
||||||
|
Subject: [PATCH] python: Do not query the local database if the fcontext is
|
||||||
|
non-local
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Vit Mojzis reports that an error message is produced when modifying
|
||||||
|
a non-local fcontext.
|
||||||
|
|
||||||
|
He gives the following example:
|
||||||
|
# semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
|
||||||
|
libsemanage.dbase_llist_query: could not query record value (No such file or directory).
|
||||||
|
|
||||||
|
When modifying an fcontext, the non-local database is checked for the
|
||||||
|
key and then, if it is not found there, the local database is checked.
|
||||||
|
If the key doesn't exist, then an error is raised. If the key exists
|
||||||
|
then the local database is queried first and, if that fails, the non-
|
||||||
|
local database is queried.
|
||||||
|
|
||||||
|
The error is from querying the local database when the fcontext is in
|
||||||
|
the non-local database.
|
||||||
|
|
||||||
|
Instead, if the fcontext is in the non-local database, just query
|
||||||
|
the non-local database. Only query the local database if the
|
||||||
|
fcontext was found in it.
|
||||||
|
|
||||||
|
Reported-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
python/semanage/seobject.py | 15 +++++++++------
|
||||||
|
1 file changed, 9 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||||
|
index 0782c082dc0c..d82da4942987 100644
|
||||||
|
--- a/python/semanage/seobject.py
|
||||||
|
+++ b/python/semanage/seobject.py
|
||||||
|
@@ -2504,16 +2504,19 @@ class fcontextRecords(semanageRecords):
|
||||||
|
(rc, exists) = semanage_fcontext_exists(self.sh, k)
|
||||||
|
if rc < 0:
|
||||||
|
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
- if not exists:
|
||||||
|
+ if exists:
|
||||||
|
+ try:
|
||||||
|
+ (rc, fcontext) = semanage_fcontext_query(self.sh, k)
|
||||||
|
+ except OSError:
|
||||||
|
+ raise ValueError(_("Could not query file context for %s") % target)
|
||||||
|
+ else:
|
||||||
|
(rc, exists) = semanage_fcontext_exists_local(self.sh, k)
|
||||||
|
+ if rc < 0:
|
||||||
|
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
if not exists:
|
||||||
|
raise ValueError(_("File context for %s is not defined") % target)
|
||||||
|
-
|
||||||
|
- try:
|
||||||
|
- (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
|
||||||
|
- except OSError:
|
||||||
|
try:
|
||||||
|
- (rc, fcontext) = semanage_fcontext_query(self.sh, k)
|
||||||
|
+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
|
||||||
|
except OSError:
|
||||||
|
raise ValueError(_("Could not query file context for %s") % target)
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From 0fb988c86b66ede7723e179699e29f00000fc57b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Thu, 13 Oct 2022 15:23:11 +0200
|
||||||
|
Subject: [PATCH] sandbox: Do not try to remove tmpdir twice if uid == 0
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
If the user is root, tmpdir is already wiped out.
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
# sandbox -T /root/tmp -- id
|
||||||
|
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:sandbox_t:s0:c696,c756
|
||||||
|
Failed to remove directory /tmp/.sandbox-root-KIlB59: No such file or directory
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
sandbox/seunshare.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
|
||||||
|
index 8917a0f9bd42..dd1d7ddbdc89 100644
|
||||||
|
--- a/sandbox/seunshare.c
|
||||||
|
+++ b/sandbox/seunshare.c
|
||||||
|
@@ -414,7 +414,7 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src,
|
||||||
|
rc++;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (rmdir(tmpdir) == -1)
|
||||||
|
+ if (pwd->pw_uid != 0 && rmdir(tmpdir) == -1)
|
||||||
|
fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno));
|
||||||
|
if ((uid_t)setfsuid(pwd->pw_uid) != 0) {
|
||||||
|
fprintf(stderr, _("unable to switch back to user after clearing tmp dir\n"));
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
245
0015-sandbox-Use-temporary-directory-for-XDG_RUNTIME_DIR.patch
Normal file
245
0015-sandbox-Use-temporary-directory-for-XDG_RUNTIME_DIR.patch
Normal file
@ -0,0 +1,245 @@
|
|||||||
|
From ecfcb1d6a8ecb914f2a7c72453c872b5f0099f4d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Thu, 13 Oct 2022 15:23:12 +0200
|
||||||
|
Subject: [PATCH] sandbox: Use temporary directory for XDG_RUNTIME_DIR
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
XDG_RUNTIME_DIR (/run/user/$UID) is used for user-specific data files
|
||||||
|
such as sockets, named pipes and so on. Therefore, it should not be
|
||||||
|
available to sandboxed processes.
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
# ls -a $XDG_RUNTIME_DIR
|
||||||
|
. .. bus pipewire-0 systemd
|
||||||
|
# sandbox -R /root/sandbox/user -- sh -c "ls -a $XDG_RUNTIME_DIR"
|
||||||
|
. ..
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
sandbox/sandbox | 15 ++++++++++++++-
|
||||||
|
sandbox/sandbox.8 | 7 +++++--
|
||||||
|
sandbox/seunshare.8 | 3 +++
|
||||||
|
sandbox/seunshare.c | 45 +++++++++++++++++++++++++++++++++++----------
|
||||||
|
4 files changed, 57 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||||
|
index ffac70232875..770807345858 100644
|
||||||
|
--- a/sandbox/sandbox
|
||||||
|
+++ b/sandbox/sandbox
|
||||||
|
@@ -209,6 +209,7 @@ class Sandbox:
|
||||||
|
self.__level = None
|
||||||
|
self.__homedir = None
|
||||||
|
self.__tmpdir = None
|
||||||
|
+ self.__runuserdir = None
|
||||||
|
|
||||||
|
def __validate_mount(self):
|
||||||
|
if self.__options.level:
|
||||||
|
@@ -357,6 +358,11 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||||
|
action="callback", callback=self.__validdir,
|
||||||
|
help=_("alternate /tmp directory to use for mounting"))
|
||||||
|
|
||||||
|
+ parser.add_option("-R", "--runuserdir", dest="runuserdir",
|
||||||
|
+ type="string",
|
||||||
|
+ action="callback", callback=self.__validdir,
|
||||||
|
+ help=_("alternate XDG_RUNTIME_DIR - /run/user/$UID - directory to use for mounting"))
|
||||||
|
+
|
||||||
|
parser.add_option("-w", "--windowsize", dest="windowsize",
|
||||||
|
type="string", default=DEFAULT_WINDOWSIZE,
|
||||||
|
help="size of the sandbox window")
|
||||||
|
@@ -401,10 +407,12 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||||
|
self.__options.X_ind = True
|
||||||
|
self.__homedir = self.__options.homedir
|
||||||
|
self.__tmpdir = self.__options.tmpdir
|
||||||
|
+ self.__runuserdir = self.__options.runuserdir
|
||||||
|
else:
|
||||||
|
if self.__options.level:
|
||||||
|
self.__homedir = self.__options.homedir
|
||||||
|
self.__tmpdir = self.__options.tmpdir
|
||||||
|
+ self.__runuserdir = self.__options.runuserdir
|
||||||
|
|
||||||
|
if len(cmds) == 0:
|
||||||
|
self.usage(_("Command required"))
|
||||||
|
@@ -442,9 +450,14 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||||
|
self.__tmpdir = self.__options.tmpdir
|
||||||
|
else:
|
||||||
|
self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_tmp_")
|
||||||
|
+ if self.__options.runuserdir:
|
||||||
|
+ self.__runuserdir = self.__options.runuserdir
|
||||||
|
+ else:
|
||||||
|
+ self.__runuserdir = mkdtemp(dir="/tmp", prefix=".sandbox_runuser_")
|
||||||
|
self.__copyfiles()
|
||||||
|
selinux.chcon(self.__homedir, self.__filecon, recursive=True)
|
||||||
|
selinux.chcon(self.__tmpdir, self.__filecon, recursive=True)
|
||||||
|
+ selinux.chcon(self.__runuserdir, self.__filecon, recursive=True)
|
||||||
|
selinux.setfscreatecon(None)
|
||||||
|
|
||||||
|
def __execute(self):
|
||||||
|
@@ -453,7 +466,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||||
|
if self.__options.usecaps:
|
||||||
|
cmds.append('-C')
|
||||||
|
if self.__mount:
|
||||||
|
- cmds += ["-t", self.__tmpdir, "-h", self.__homedir]
|
||||||
|
+ cmds += ["-t", self.__tmpdir, "-h", self.__homedir, "-r", self.__runuserdir]
|
||||||
|
|
||||||
|
if self.__options.X_ind:
|
||||||
|
if self.__options.dpi:
|
||||||
|
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
||||||
|
index d83fee76f335..1ee0ecea96d1 100644
|
||||||
|
--- a/sandbox/sandbox.8
|
||||||
|
+++ b/sandbox/sandbox.8
|
||||||
|
@@ -3,11 +3,11 @@
|
||||||
|
sandbox \- Run cmd under an SELinux sandbox
|
||||||
|
.SH SYNOPSIS
|
||||||
|
.B sandbox
|
||||||
|
-[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] cmd
|
||||||
|
+[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [ \-R runuserdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] cmd
|
||||||
|
|
||||||
|
.br
|
||||||
|
.B sandbox
|
||||||
|
-[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] \-S
|
||||||
|
+[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [ \-R runuserdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] \-S
|
||||||
|
.br
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.PP
|
||||||
|
@@ -67,6 +67,9 @@ sandbox_net_client_t \- All network ports
|
||||||
|
\fB\-T\fR \fB\-\-tmpdir\fR
|
||||||
|
Use alternate temporary directory to mount on /tmp. Defaults to tmpfs. Requires \-X or \-M.
|
||||||
|
.TP
|
||||||
|
+\fB\-R\fR \fB\-\-runuserdir\fR
|
||||||
|
+Use alternate temporary directory to mount on XDG_RUNTIME_DIR (/run/user/$UID).
|
||||||
|
+.TP
|
||||||
|
\fB\-S\fR \fB\-\-session\fR
|
||||||
|
Run a full desktop session, Requires level, and home and tmpdir.
|
||||||
|
.TP
|
||||||
|
diff --git a/sandbox/seunshare.8 b/sandbox/seunshare.8
|
||||||
|
index 0da352613485..09cf7feae45d 100644
|
||||||
|
--- a/sandbox/seunshare.8
|
||||||
|
+++ b/sandbox/seunshare.8
|
||||||
|
@@ -18,6 +18,9 @@ Alternate homedir to be used by the application. Homedir must be owned by the u
|
||||||
|
\fB\-t\ tmpdir
|
||||||
|
Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user.
|
||||||
|
.TP
|
||||||
|
+\fB\-r\ runuserdir
|
||||||
|
+Use alternate temporary directory to mount on XDG_RUNTIME_DIR (/run/user/$UID). runuserdir must be owned by the user.
|
||||||
|
+.TP
|
||||||
|
\fB\-C --capabilities\fR
|
||||||
|
Allow apps executed within the namespace to use capabilities. Default is no capabilities.
|
||||||
|
.TP
|
||||||
|
diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
|
||||||
|
index dd1d7ddbdc89..1d38ea92b9ae 100644
|
||||||
|
--- a/sandbox/seunshare.c
|
||||||
|
+++ b/sandbox/seunshare.c
|
||||||
|
@@ -52,7 +52,7 @@
|
||||||
|
|
||||||
|
#define BUF_SIZE 1024
|
||||||
|
#define DEFAULT_PATH "/usr/bin:/bin"
|
||||||
|
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ")
|
||||||
|
+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -r runuserdir ] [ -Z CONTEXT ] -- executable [args] ")
|
||||||
|
|
||||||
|
static int verbose = 0;
|
||||||
|
static int child = 0;
|
||||||
|
@@ -623,15 +623,20 @@ int main(int argc, char **argv) {
|
||||||
|
char *homedir_s = NULL; /* homedir spec'd by user in argv[] */
|
||||||
|
char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */
|
||||||
|
char *tmpdir_r = NULL; /* tmpdir created by seunshare */
|
||||||
|
+ char *runuserdir_s = NULL; /* /var/run/user/UID spec'd by user in argv[] */
|
||||||
|
+ char *runuserdir_r = NULL; /* /var/run/user/UID created by seunshare */
|
||||||
|
|
||||||
|
struct stat st_curhomedir;
|
||||||
|
struct stat st_homedir;
|
||||||
|
struct stat st_tmpdir_s;
|
||||||
|
struct stat st_tmpdir_r;
|
||||||
|
+ struct stat st_runuserdir_s;
|
||||||
|
+ struct stat st_runuserdir_r;
|
||||||
|
|
||||||
|
const struct option long_options[] = {
|
||||||
|
{"homedir", 1, 0, 'h'},
|
||||||
|
{"tmpdir", 1, 0, 't'},
|
||||||
|
+ {"runuserdir", 1, 0, 'r'},
|
||||||
|
{"kill", 1, 0, 'k'},
|
||||||
|
{"verbose", 1, 0, 'v'},
|
||||||
|
{"context", 1, 0, 'Z'},
|
||||||
|
@@ -665,7 +670,7 @@ int main(int argc, char **argv) {
|
||||||
|
}
|
||||||
|
|
||||||
|
while (1) {
|
||||||
|
- clflag = getopt_long(argc, argv, "Ccvh:t:Z:", long_options, NULL);
|
||||||
|
+ clflag = getopt_long(argc, argv, "Ccvh:r:t:Z:", long_options, NULL);
|
||||||
|
if (clflag == -1)
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -679,6 +684,9 @@ int main(int argc, char **argv) {
|
||||||
|
case 'h':
|
||||||
|
homedir_s = optarg;
|
||||||
|
break;
|
||||||
|
+ case 'r':
|
||||||
|
+ runuserdir_s = optarg;
|
||||||
|
+ break;
|
||||||
|
case 'v':
|
||||||
|
verbose++;
|
||||||
|
break;
|
||||||
|
@@ -729,6 +737,10 @@ int main(int argc, char **argv) {
|
||||||
|
if (tmpdir_s && (
|
||||||
|
verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
|
||||||
|
check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
|
||||||
|
+ if (runuserdir_s && (
|
||||||
|
+ verify_directory(runuserdir_s, NULL, &st_runuserdir_s) < 0 ||
|
||||||
|
+ check_owner_uid(uid, runuserdir_s, &st_runuserdir_s))) return -1;
|
||||||
|
+
|
||||||
|
if ((uid_t)setfsuid(0) != uid) return -1;
|
||||||
|
|
||||||
|
/* create runtime tmpdir */
|
||||||
|
@@ -737,6 +749,12 @@ int main(int argc, char **argv) {
|
||||||
|
fprintf(stderr, _("Failed to create runtime temporary directory\n"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
+ /* create runtime runuserdir */
|
||||||
|
+ if (runuserdir_s && (runuserdir_r = create_tmpdir(runuserdir_s, &st_runuserdir_s,
|
||||||
|
+ &st_runuserdir_r, pwd, execcon)) == NULL) {
|
||||||
|
+ fprintf(stderr, _("Failed to create runtime $XDG_RUNTIME_DIR directory\n"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* spawn child process */
|
||||||
|
child = fork();
|
||||||
|
@@ -775,7 +793,21 @@ int main(int argc, char **argv) {
|
||||||
|
if (check_owner_uid(uid, resolved_path, &st_curhomedir) < 0)
|
||||||
|
goto childerr;
|
||||||
|
|
||||||
|
- /* mount homedir and tmpdir, in this order */
|
||||||
|
+ if ((RUNTIME_DIR = getenv("XDG_RUNTIME_DIR")) != NULL) {
|
||||||
|
+ if ((RUNTIME_DIR = strdup(RUNTIME_DIR)) == NULL) {
|
||||||
|
+ perror(_("Out of memory"));
|
||||||
|
+ goto childerr;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ if (asprintf(&RUNTIME_DIR, "/run/user/%d", uid) == -1) {
|
||||||
|
+ perror(_("Out of memory\n"));
|
||||||
|
+ goto childerr;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* mount homedir, runuserdir and tmpdir, in this order */
|
||||||
|
+ if (runuserdir_s && seunshare_mount(runuserdir_s, RUNTIME_DIR,
|
||||||
|
+ &st_runuserdir_s) != 0) goto childerr;
|
||||||
|
if (homedir_s && seunshare_mount(homedir_s, resolved_path,
|
||||||
|
&st_homedir) != 0) goto childerr;
|
||||||
|
if (tmpdir_s && seunshare_mount(tmpdir_r, "/tmp",
|
||||||
|
@@ -799,13 +831,6 @@ int main(int argc, char **argv) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((RUNTIME_DIR = getenv("XDG_RUNTIME_DIR")) != NULL) {
|
||||||
|
- if ((RUNTIME_DIR = strdup(RUNTIME_DIR)) == NULL) {
|
||||||
|
- perror(_("Out of memory"));
|
||||||
|
- goto childerr;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if ((rc = clearenv()) != 0) {
|
||||||
|
perror(_("Failed to clear environment"));
|
||||||
|
goto childerr;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,81 @@
|
|||||||
|
From c08cf24f39989cfc610a481ae3dc380b61e9ca5f Mon Sep 17 00:00:00 2001
|
||||||
|
From: James Carter <jwcart2@gmail.com>
|
||||||
|
Date: Fri, 28 Oct 2022 16:16:22 -0400
|
||||||
|
Subject: [PATCH] python: Remove dependency on the Python module distutils
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
The distutils package is deprecated and scheduled to be removed in
|
||||||
|
Python 3.12. Use the setuptools and sysconfig modules instead.
|
||||||
|
|
||||||
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
||||||
|
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
---
|
||||||
|
python/semanage/Makefile | 2 +-
|
||||||
|
python/sepolgen/src/sepolgen/Makefile | 2 +-
|
||||||
|
python/sepolicy/sepolicy/gui.py | 4 ++--
|
||||||
|
python/sepolicy/setup.py | 2 +-
|
||||||
|
4 files changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
|
||||||
|
index 024e9640fed0..b53ee33db6ac 100644
|
||||||
|
--- a/python/semanage/Makefile
|
||||||
|
+++ b/python/semanage/Makefile
|
||||||
|
@@ -5,7 +5,7 @@ LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/share/man
|
||||||
|
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))")
|
||||||
|
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('purelib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
|
||||||
|
PACKAGEDIR ?= $(PYTHONLIBDIR)
|
||||||
|
BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
|
||||||
|
|
||||||
|
diff --git a/python/sepolgen/src/sepolgen/Makefile b/python/sepolgen/src/sepolgen/Makefile
|
||||||
|
index cac8def7204e..a10392273181 100644
|
||||||
|
--- a/python/sepolgen/src/sepolgen/Makefile
|
||||||
|
+++ b/python/sepolgen/src/sepolgen/Makefile
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
PREFIX ?= /usr
|
||||||
|
PYTHON ?= python3
|
||||||
|
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))")
|
||||||
|
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('purelib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
|
||||||
|
PACKAGEDIR ?= /$(PYTHONLIBDIR)/sepolgen
|
||||||
|
|
||||||
|
all:
|
||||||
|
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
|
||||||
|
index 5bdbfebade1d..335be582b668 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/gui.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/gui.py
|
||||||
|
@@ -77,7 +77,7 @@ def cmp(a, b):
|
||||||
|
return 1
|
||||||
|
return (a > b) - (a < b)
|
||||||
|
|
||||||
|
-import distutils.sysconfig
|
||||||
|
+import sysconfig
|
||||||
|
ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<"))
|
||||||
|
ADVANCED_SEARCH_LABEL = (_("Advanced Search >>"), _("Advanced Search <<"))
|
||||||
|
OUTBOUND_PAGE = 0
|
||||||
|
@@ -130,7 +130,7 @@ class SELinuxGui():
|
||||||
|
self.application = app
|
||||||
|
self.filter_txt = ""
|
||||||
|
builder = Gtk.Builder() # BUILDER OBJ
|
||||||
|
- self.code_path = distutils.sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/"
|
||||||
|
+ self.code_path = sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/"
|
||||||
|
glade_file = self.code_path + "sepolicy.glade"
|
||||||
|
builder.add_from_file(glade_file)
|
||||||
|
self.outer_notebook = builder.get_object("outer_notebook")
|
||||||
|
diff --git a/python/sepolicy/setup.py b/python/sepolicy/setup.py
|
||||||
|
index b0f9650df875..c82206647f9b 100644
|
||||||
|
--- a/python/sepolicy/setup.py
|
||||||
|
+++ b/python/sepolicy/setup.py
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
|
||||||
|
# Author: Thomas Liu <tliu@redhat.com>
|
||||||
|
# Author: Dan Walsh <dwalsh@redhat.com>
|
||||||
|
-from distutils.core import setup
|
||||||
|
+from setuptools import setup
|
||||||
|
|
||||||
|
setup(
|
||||||
|
name="sepolicy",
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
81
0017-python-Harden-tools-against-rogue-modules.patch
Normal file
81
0017-python-Harden-tools-against-rogue-modules.patch
Normal file
@ -0,0 +1,81 @@
|
|||||||
|
From 48602370acabffea96759bf66edd00ca829f5d17 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Date: Tue, 18 Oct 2022 22:36:59 +0200
|
||||||
|
Subject: [PATCH] python: Harden tools against "rogue" modules
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Python scripts present in "/usr/sbin" override regular modules.
|
||||||
|
Make sure /usr/sbin is not present in PYTHONPATH.
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
#cat > /usr/sbin/audit.py <<EOF
|
||||||
|
import sys
|
||||||
|
print("BAD GUY!", file=sys.stderr)
|
||||||
|
sys.exit(1)
|
||||||
|
EOF
|
||||||
|
#semanage boolean -l
|
||||||
|
BAD GUY!
|
||||||
|
|
||||||
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
python/audit2allow/audit2allow | 2 +-
|
||||||
|
python/audit2allow/sepolgen-ifgen | 2 +-
|
||||||
|
python/chcat/chcat | 2 +-
|
||||||
|
python/semanage/semanage | 2 +-
|
||||||
|
python/sepolicy/sepolicy.py | 2 +-
|
||||||
|
5 files changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow
|
||||||
|
index 09b06f664bc4..eafeea88aa21 100644
|
||||||
|
--- a/python/audit2allow/audit2allow
|
||||||
|
+++ b/python/audit2allow/audit2allow
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/python3 -Es
|
||||||
|
+#!/usr/bin/python3 -EsI
|
||||||
|
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
||||||
|
# Authors: Dan Walsh <dwalsh@redhat.com>
|
||||||
|
#
|
||||||
|
diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen
|
||||||
|
index b7a04c719acc..f2cc0c32f2b0 100644
|
||||||
|
--- a/python/audit2allow/sepolgen-ifgen
|
||||||
|
+++ b/python/audit2allow/sepolgen-ifgen
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/python3 -Es
|
||||||
|
+#!/usr/bin/python3 -EsI
|
||||||
|
#
|
||||||
|
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
||||||
|
#
|
||||||
|
diff --git a/python/chcat/chcat b/python/chcat/chcat
|
||||||
|
index 952cb8187599..68718ec5f102 100755
|
||||||
|
--- a/python/chcat/chcat
|
||||||
|
+++ b/python/chcat/chcat
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/python3 -Es
|
||||||
|
+#!/usr/bin/python3 -EsI
|
||||||
|
# Copyright (C) 2005 Red Hat
|
||||||
|
# see file 'COPYING' for use and warranty information
|
||||||
|
#
|
||||||
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
|
index 10ab3fa67d7f..b21d1484ab85 100644
|
||||||
|
--- a/python/semanage/semanage
|
||||||
|
+++ b/python/semanage/semanage
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/python3 -Es
|
||||||
|
+#!/usr/bin/python3 -EsI
|
||||||
|
# Copyright (C) 2012-2013 Red Hat
|
||||||
|
# AUTHOR: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
|
# AUTHOR: David Quigley <selinux@davequigley.com>
|
||||||
|
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
|
||||||
|
index c7a70e094b0c..733d40484709 100755
|
||||||
|
--- a/python/sepolicy/sepolicy.py
|
||||||
|
+++ b/python/sepolicy/sepolicy.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/python3 -Es
|
||||||
|
+#!/usr/bin/python3 -EsI
|
||||||
|
# Copyright (C) 2012 Red Hat
|
||||||
|
# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||||
|
# see file 'COPYING' for use and warranty information
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From f361ee407490bc74b43ec408b1edc70cd647d4e0 Mon Sep 17 00:00:00 2001
|
From 1b9bc42461589e49cd68727ea479cc820e55a2d7 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
||||||
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
||||||
@ -23,5 +23,5 @@ index eaa500d08143..4774528027ef 100644
|
|||||||
cat > ~/seremote << __EOF
|
cat > ~/seremote << __EOF
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
--
|
--
|
||||||
2.35.1
|
2.38.1
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From f204dd292340689c2d7ab75612b9fd81337fcbc3 Mon Sep 17 00:00:00 2001
|
From 30f3eca067ace9f73ad7612377675e5f777ea869 Mon Sep 17 00:00:00 2001
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
From: Dan Walsh <dwalsh@redhat.com>
|
||||||
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
||||||
Subject: [PATCH] Don't be verbose if you are not on a tty
|
Subject: [PATCH] Don't be verbose if you are not on a tty
|
||||||
@ -21,5 +21,5 @@ index c72ca0eb9d61..163ebcd1f232 100755
|
|||||||
THREADS=""
|
THREADS=""
|
||||||
RPMFILES=""
|
RPMFILES=""
|
||||||
--
|
--
|
||||||
2.35.1
|
2.38.1
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From d8f51aa7d299383247213b69ec7cbb68c1fa3bc4 Mon Sep 17 00:00:00 2001
|
From f2a1b0dc836ebcf2ef418cd0c85fcea949b556eb Mon Sep 17 00:00:00 2001
|
||||||
From: Masatake YAMATO <yamato@redhat.com>
|
From: Masatake YAMATO <yamato@redhat.com>
|
||||||
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
||||||
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
||||||
@ -53,10 +53,10 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha
|
|||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||||
index 43180ca6fda4..d60a08e1d72c 100644
|
index 3717d5d4ed78..eff3a8973917 100644
|
||||||
--- a/python/sepolicy/sepolicy/generate.py
|
--- a/python/sepolicy/sepolicy/generate.py
|
||||||
+++ b/python/sepolicy/sepolicy/generate.py
|
+++ b/python/sepolicy/sepolicy/generate.py
|
||||||
@@ -99,7 +99,9 @@ def get_all_ports():
|
@@ -100,7 +100,9 @@ def get_all_ports():
|
||||||
for p in sepolicy.info(sepolicy.PORT):
|
for p in sepolicy.info(sepolicy.PORT):
|
||||||
if p['type'] == "reserved_port_t" or \
|
if p['type'] == "reserved_port_t" or \
|
||||||
p['type'] == "port_t" or \
|
p['type'] == "port_t" or \
|
||||||
@ -68,5 +68,5 @@ index 43180ca6fda4..d60a08e1d72c 100644
|
|||||||
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
||||||
return dict
|
return dict
|
||||||
--
|
--
|
||||||
2.35.1
|
2.38.1
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 8054dc44cf105b959864a1424fe857fac3ba3d73 Mon Sep 17 00:00:00 2001
|
From 239f039edd2c4030d373baa31f42651075b5927b Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
||||||
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
||||||
@ -11,10 +11,10 @@ Content-type: text/plain
|
|||||||
3 files changed, 3 insertions(+), 17 deletions(-)
|
3 files changed, 3 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||||
index 16c43b51eaaa..7709a6585665 100644
|
index 770807345858..df3af9260c7f 100644
|
||||||
--- a/sandbox/sandbox
|
--- a/sandbox/sandbox
|
||||||
+++ b/sandbox/sandbox
|
+++ b/sandbox/sandbox
|
||||||
@@ -268,7 +268,7 @@ class Sandbox:
|
@@ -270,7 +270,7 @@ class Sandbox:
|
||||||
copyfile(f, "/tmp", self.__tmpdir)
|
copyfile(f, "/tmp", self.__tmpdir)
|
||||||
copyfile(f, "/var/tmp", self.__tmpdir)
|
copyfile(f, "/var/tmp", self.__tmpdir)
|
||||||
|
|
||||||
@ -23,7 +23,7 @@ index 16c43b51eaaa..7709a6585665 100644
|
|||||||
execfile = self.__homedir + "/.sandboxrc"
|
execfile = self.__homedir + "/.sandboxrc"
|
||||||
fd = open(execfile, "w+")
|
fd = open(execfile, "w+")
|
||||||
if self.__options.session:
|
if self.__options.session:
|
||||||
@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
@@ -369,7 +369,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||||
|
|
||||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||||
type="string",
|
type="string",
|
||||||
@ -33,10 +33,10 @@ index 16c43b51eaaa..7709a6585665 100644
|
|||||||
|
|
||||||
parser.add_option("-l", "--level", dest="level",
|
parser.add_option("-l", "--level", dest="level",
|
||||||
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
||||||
index d83fee76f335..90ef4951c8c2 100644
|
index 1ee0ecea96d1..775e4b231204 100644
|
||||||
--- a/sandbox/sandbox.8
|
--- a/sandbox/sandbox.8
|
||||||
+++ b/sandbox/sandbox.8
|
+++ b/sandbox/sandbox.8
|
||||||
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
@@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||||
\fB\-W\fR \fB\-\-windowmanager\fR
|
\fB\-W\fR \fB\-\-windowmanager\fR
|
||||||
Select alternative window manager to run within
|
Select alternative window manager to run within
|
||||||
.B sandbox \-X.
|
.B sandbox \-X.
|
||||||
@ -71,5 +71,5 @@ index 4774528027ef..c211ebc14549 100644
|
|||||||
export DISPLAY=:$D
|
export DISPLAY=:$D
|
||||||
cat > ~/seremote << __EOF
|
cat > ~/seremote << __EOF
|
||||||
--
|
--
|
||||||
2.35.1
|
2.38.1
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 53d085d8d6edc05886d473e412a8025b7f8d9ce4 Mon Sep 17 00:00:00 2001
|
From e5a015f1edd5e7ed87f6f4ec6ddb45637fa178ab Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
||||||
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
||||||
@ -254,10 +254,10 @@ index 910101452625..7f2daa09191b 100644
|
|||||||
, и, при условии, что НЕ установлен параметр
|
, и, при условии, что НЕ установлен параметр
|
||||||
.B \-n
|
.B \-n
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||||
index 19b59a2cc90d..bad9f37a9ac4 100644
|
index bf26e161a71d..36fe6b369548 100644
|
||||||
--- a/policycoreutils/setfiles/setfiles.8
|
--- a/policycoreutils/setfiles/setfiles.8
|
||||||
+++ b/policycoreutils/setfiles/setfiles.8
|
+++ b/policycoreutils/setfiles/setfiles.8
|
||||||
@@ -87,14 +87,14 @@ display usage information and exit.
|
@@ -95,14 +95,14 @@ display usage information and exit.
|
||||||
ignore files that do not exist.
|
ignore files that do not exist.
|
||||||
.TP
|
.TP
|
||||||
.B \-I
|
.B \-I
|
||||||
@ -275,7 +275,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644
|
|||||||
enable usage of the
|
enable usage of the
|
||||||
.IR security.sehash
|
.IR security.sehash
|
||||||
extended attribute.
|
extended attribute.
|
||||||
@@ -239,7 +239,7 @@ the
|
@@ -261,7 +261,7 @@ the
|
||||||
.B \-D
|
.B \-D
|
||||||
option to
|
option to
|
||||||
.B setfiles
|
.B setfiles
|
||||||
@ -284,7 +284,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644
|
|||||||
.B spec_file
|
.B spec_file
|
||||||
set in an extended attribute named
|
set in an extended attribute named
|
||||||
.IR security.sehash
|
.IR security.sehash
|
||||||
@@ -260,7 +260,7 @@ for further details.
|
@@ -282,7 +282,7 @@ for further details.
|
||||||
.sp
|
.sp
|
||||||
The
|
The
|
||||||
.B \-I
|
.B \-I
|
||||||
@ -294,5 +294,5 @@ index 19b59a2cc90d..bad9f37a9ac4 100644
|
|||||||
and provided the
|
and provided the
|
||||||
.B \-n
|
.B \-n
|
||||||
--
|
--
|
||||||
2.35.1
|
2.38.1
|
||||||
|
|
28
0023-python-Fix-typo-in-audit2allow.1-example.patch
Normal file
28
0023-python-Fix-typo-in-audit2allow.1-example.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 5e9f9478cc6eeaa46e0e8172a458a49e49d4e258 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Wed, 9 Nov 2022 11:53:28 +0100
|
||||||
|
Subject: [PATCH] python: Fix typo in audit2allow.1 example
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Acked-by: James Carter <jwcart2@gmail.com>
|
||||||
|
---
|
||||||
|
python/audit2allow/audit2allow.1 | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1
|
||||||
|
index c61067b33688..04ec32398011 100644
|
||||||
|
--- a/python/audit2allow/audit2allow.1
|
||||||
|
+++ b/python/audit2allow/audit2allow.1
|
||||||
|
@@ -151,7 +151,7 @@ policy_module(local, 1.0)
|
||||||
|
gen_require(`
|
||||||
|
type myapp_t;
|
||||||
|
type etc_t;
|
||||||
|
- };
|
||||||
|
+\[aq])
|
||||||
|
|
||||||
|
files_read_etc_files(myapp_t)
|
||||||
|
<review local.te and customize as desired>
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
102
0024-python-sepolicy-Fix-sepolicy-manpage-w.patch
Normal file
102
0024-python-sepolicy-Fix-sepolicy-manpage-w.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
From 762090ae1a67b040b37cc4863f1ceb0b45c66717 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Fri, 18 Nov 2022 13:51:52 +0100
|
||||||
|
Subject: [PATCH] python/sepolicy: Fix sepolicy manpage -w ...
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Commit 7494bb1298b3 ("sepolicy: generate man pages in parallel")
|
||||||
|
improved sepolicy performance but broke `sepolicy manpage -w ...` as it
|
||||||
|
didn't collect data about domains and roles from ManPage() and so
|
||||||
|
HTMLManPages() generated only empty page. This is fixed now, domains
|
||||||
|
and roles are being collected and used for HTML pages.
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy.py | 13 +++++++++++--
|
||||||
|
python/sepolicy/sepolicy/manpage.py | 12 +++++-------
|
||||||
|
2 files changed, 16 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
|
||||||
|
index 733d40484709..82ff6af2bc2d 100755
|
||||||
|
--- a/python/sepolicy/sepolicy.py
|
||||||
|
+++ b/python/sepolicy/sepolicy.py
|
||||||
|
@@ -332,9 +332,10 @@ def manpage_work(domain, path, root, source_files, web):
|
||||||
|
from sepolicy.manpage import ManPage
|
||||||
|
m = ManPage(domain, path, root, source_files, web)
|
||||||
|
print(m.get_man_page_path())
|
||||||
|
+ return (m.manpage_domains, m.manpage_roles)
|
||||||
|
|
||||||
|
def manpage(args):
|
||||||
|
- from sepolicy.manpage import HTMLManPages, manpage_domains, manpage_roles, gen_domains
|
||||||
|
+ from sepolicy.manpage import HTMLManPages, gen_domains
|
||||||
|
|
||||||
|
path = args.path
|
||||||
|
if not args.policy and args.root != "/":
|
||||||
|
@@ -347,9 +348,17 @@ def manpage(args):
|
||||||
|
else:
|
||||||
|
test_domains = args.domain
|
||||||
|
|
||||||
|
+ manpage_domains = set()
|
||||||
|
+ manpage_roles = set()
|
||||||
|
p = Pool()
|
||||||
|
+ async_results = []
|
||||||
|
for domain in test_domains:
|
||||||
|
- p.apply_async(manpage_work, [domain, path, args.root, args.source_files, args.web])
|
||||||
|
+ async_results.append(p.apply_async(manpage_work, [domain, path, args.root, args.source_files, args.web]))
|
||||||
|
+ for result in async_results:
|
||||||
|
+ domains, roles = result.get()
|
||||||
|
+ manpage_domains.update(domains)
|
||||||
|
+ manpage_roles.update(roles)
|
||||||
|
+
|
||||||
|
p.close()
|
||||||
|
p.join()
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
|
index 3e61e333193f..de72cb6cda5f 100755
|
||||||
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
|
@@ -21,7 +21,7 @@
|
||||||
|
# 02111-1307 USA
|
||||||
|
#
|
||||||
|
#
|
||||||
|
-__all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains']
|
||||||
|
+__all__ = ['ManPage', 'HTMLManPages', 'gen_domains']
|
||||||
|
|
||||||
|
import string
|
||||||
|
import selinux
|
||||||
|
@@ -147,10 +147,6 @@ def _gen_types():
|
||||||
|
def prettyprint(f, trim):
|
||||||
|
return " ".join(f[:-len(trim)].split("_"))
|
||||||
|
|
||||||
|
-# for HTML man pages
|
||||||
|
-manpage_domains = []
|
||||||
|
-manpage_roles = []
|
||||||
|
-
|
||||||
|
fedora_releases = ["Fedora17", "Fedora18"]
|
||||||
|
rhel_releases = ["RHEL6", "RHEL7"]
|
||||||
|
|
||||||
|
@@ -408,6 +404,8 @@ class ManPage:
|
||||||
|
"""
|
||||||
|
modules_dict = None
|
||||||
|
enabled_str = ["Disabled", "Enabled"]
|
||||||
|
+ manpage_domains = []
|
||||||
|
+ manpage_roles = []
|
||||||
|
|
||||||
|
def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False):
|
||||||
|
self.html = html
|
||||||
|
@@ -453,10 +451,10 @@ class ManPage:
|
||||||
|
if self.domainname + "_r" in self.all_roles:
|
||||||
|
self.__gen_user_man_page()
|
||||||
|
if self.html:
|
||||||
|
- manpage_roles.append(self.man_page_path)
|
||||||
|
+ self.manpage_roles.append(self.man_page_path)
|
||||||
|
else:
|
||||||
|
if self.html:
|
||||||
|
- manpage_domains.append(self.man_page_path)
|
||||||
|
+ self.manpage_domains.append(self.man_page_path)
|
||||||
|
self.__gen_man_page()
|
||||||
|
self.fd.close()
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,57 @@
|
|||||||
|
From fe825bf76f7a6727a3654c96e7bc55ddc7069b76 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Fri, 18 Nov 2022 13:51:53 +0100
|
||||||
|
Subject: [PATCH] python/sepolicy: Use distro module to get os version
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
distro module uses /etc/os-release file which contains operating system
|
||||||
|
identification data, see os-release(5). Given that the mechanism doesn't
|
||||||
|
use `rpm` it should be possible to generate man pages on other
|
||||||
|
distributions.
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy/__init__.py | 25 ++++++-------------------
|
||||||
|
1 file changed, 6 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
|
index 9c3caa05b80b..baa4c8e62e97 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
|
@@ -1226,27 +1226,14 @@ def boolean_desc(boolean):
|
||||||
|
|
||||||
|
|
||||||
|
def get_os_version():
|
||||||
|
- os_version = ""
|
||||||
|
- pkg_name = "selinux-policy"
|
||||||
|
+ system_release = ""
|
||||||
|
try:
|
||||||
|
- try:
|
||||||
|
- from commands import getstatusoutput
|
||||||
|
- except ImportError:
|
||||||
|
- from subprocess import getstatusoutput
|
||||||
|
- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
|
||||||
|
- if rc == 0:
|
||||||
|
- os_version = output.split(".")[-2]
|
||||||
|
- except:
|
||||||
|
- os_version = ""
|
||||||
|
-
|
||||||
|
- if os_version[0:2] == "fc":
|
||||||
|
- os_version = "Fedora" + os_version[2:]
|
||||||
|
- elif os_version[0:2] == "el":
|
||||||
|
- os_version = "RHEL" + os_version[2:]
|
||||||
|
- else:
|
||||||
|
- os_version = ""
|
||||||
|
+ import distro
|
||||||
|
+ system_release = distro.name(pretty=True)
|
||||||
|
+ except IOError:
|
||||||
|
+ system_release = "Misc"
|
||||||
|
|
||||||
|
- return os_version
|
||||||
|
+ return system_release
|
||||||
|
|
||||||
|
|
||||||
|
def reinit():
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,70 +1,31 @@
|
|||||||
From b180f7679c5e09535416f47d48afd0c0738f5fa9 Mon Sep 17 00:00:00 2001
|
From 1fad73e62fdda5290e3939464df09796fca6871d Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
Date: Thu, 19 Feb 2015 17:45:15 +0100
|
Date: Fri, 18 Nov 2022 13:51:55 +0100
|
||||||
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
Subject: [PATCH] python/sepolicy: Simplify generation of man pages
|
||||||
system_release is no longer hardcoded and it creates only index.html and html
|
|
||||||
man pages in the directory for the system release.
|
|
||||||
Content-type: text/plain
|
Content-type: text/plain
|
||||||
|
|
||||||
|
And do not hardcode Fedora and RHEL versions.
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
---
|
---
|
||||||
python/sepolicy/sepolicy/__init__.py | 25 +++--------
|
python/sepolicy/sepolicy/manpage.py | 71 ++++-------------------------
|
||||||
python/sepolicy/sepolicy/manpage.py | 65 +++-------------------------
|
1 file changed, 8 insertions(+), 63 deletions(-)
|
||||||
2 files changed, 13 insertions(+), 77 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index 203ca25f4210..9447812b7450 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -1225,27 +1225,14 @@ def boolean_desc(boolean):
|
|
||||||
|
|
||||||
|
|
||||||
def get_os_version():
|
|
||||||
- os_version = ""
|
|
||||||
- pkg_name = "selinux-policy"
|
|
||||||
+ system_release = ""
|
|
||||||
try:
|
|
||||||
- try:
|
|
||||||
- from commands import getstatusoutput
|
|
||||||
- except ImportError:
|
|
||||||
- from subprocess import getstatusoutput
|
|
||||||
- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
|
|
||||||
- if rc == 0:
|
|
||||||
- os_version = output.split(".")[-2]
|
|
||||||
- except:
|
|
||||||
- os_version = ""
|
|
||||||
-
|
|
||||||
- if os_version[0:2] == "fc":
|
|
||||||
- os_version = "Fedora" + os_version[2:]
|
|
||||||
- elif os_version[0:2] == "el":
|
|
||||||
- os_version = "RHEL" + os_version[2:]
|
|
||||||
- else:
|
|
||||||
- os_version = ""
|
|
||||||
+ with open('/etc/system-release') as f:
|
|
||||||
+ system_release = f.readline()
|
|
||||||
+ except IOError:
|
|
||||||
+ system_release = "Misc"
|
|
||||||
|
|
||||||
- return os_version
|
|
||||||
+ return system_release
|
|
||||||
|
|
||||||
|
|
||||||
def reinit():
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
index ec8aa1cb94a2..c632d05dbb1b 100755
|
index de72cb6cda5f..edeb3b77e759 100755
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
@@ -151,10 +151,6 @@ def prettyprint(f, trim):
|
@@ -147,9 +147,6 @@ def _gen_types():
|
||||||
manpage_domains = []
|
def prettyprint(f, trim):
|
||||||
manpage_roles = []
|
return " ".join(f[:-len(trim)].split("_"))
|
||||||
|
|
||||||
-fedora_releases = ["Fedora17", "Fedora18"]
|
-fedora_releases = ["Fedora17", "Fedora18"]
|
||||||
-rhel_releases = ["RHEL6", "RHEL7"]
|
-rhel_releases = ["RHEL6", "RHEL7"]
|
||||||
-
|
-
|
||||||
-
|
|
||||||
def get_alphabet_manpages(manpage_list):
|
def get_alphabet_manpages(manpage_list):
|
||||||
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
|
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
|
||||||
for i in string.ascii_letters:
|
@@ -180,7 +177,7 @@ def convert_manpage_to_html(html_manpage, manpage):
|
||||||
@@ -184,7 +180,7 @@ def convert_manpage_to_html(html_manpage, manpage):
|
|
||||||
class HTMLManPages:
|
class HTMLManPages:
|
||||||
|
|
||||||
"""
|
"""
|
||||||
@ -73,19 +34,20 @@ index ec8aa1cb94a2..c632d05dbb1b 100755
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
||||||
@@ -192,9 +188,9 @@ class HTMLManPages:
|
@@ -188,18 +185,12 @@ class HTMLManPages:
|
||||||
self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
||||||
self.os_version = os_version
|
self.os_version = os_version
|
||||||
self.old_path = path + "/"
|
self.old_path = path + "/"
|
||||||
- self.new_path = self.old_path + self.os_version + "/"
|
- self.new_path = self.old_path + self.os_version + "/"
|
||||||
+ self.new_path = self.old_path
|
-
|
||||||
|
|
||||||
- if self.os_version in fedora_releases or self.os_version in rhel_releases:
|
- if self.os_version in fedora_releases or self.os_version in rhel_releases:
|
||||||
+ if self.os_version:
|
- self.__gen_html_manpages()
|
||||||
self.__gen_html_manpages()
|
- else:
|
||||||
else:
|
- print("SELinux HTML man pages can not be generated for this %s" % os_version)
|
||||||
print("SELinux HTML man pages can not be generated for this %s" % os_version)
|
- exit(1)
|
||||||
@@ -203,7 +199,6 @@ class HTMLManPages:
|
+ self.new_path = self.old_path
|
||||||
|
+ self.__gen_html_manpages()
|
||||||
|
|
||||||
def __gen_html_manpages(self):
|
def __gen_html_manpages(self):
|
||||||
self._write_html_manpage()
|
self._write_html_manpage()
|
||||||
self._gen_index()
|
self._gen_index()
|
||||||
@ -93,7 +55,7 @@ index ec8aa1cb94a2..c632d05dbb1b 100755
|
|||||||
self._gen_css()
|
self._gen_css()
|
||||||
|
|
||||||
def _write_html_manpage(self):
|
def _write_html_manpage(self):
|
||||||
@@ -221,67 +216,21 @@ class HTMLManPages:
|
@@ -217,67 +208,21 @@ class HTMLManPages:
|
||||||
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
|
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
|
||||||
|
|
||||||
def _gen_index(self):
|
def _gen_index(self):
|
||||||
@ -143,7 +105,8 @@ index ec8aa1cb94a2..c632d05dbb1b 100755
|
|||||||
- print("%s has been created" % index)
|
- print("%s has been created" % index)
|
||||||
-
|
-
|
||||||
- def _gen_body(self):
|
- def _gen_body(self):
|
||||||
html = self.new_path + self.os_version + ".html"
|
- html = self.new_path + self.os_version + ".html"
|
||||||
|
+ html = self.new_path + "index.html"
|
||||||
fd = open(html, 'w')
|
fd = open(html, 'w')
|
||||||
fd.write("""
|
fd.write("""
|
||||||
<html>
|
<html>
|
||||||
@ -151,7 +114,7 @@ index ec8aa1cb94a2..c632d05dbb1b 100755
|
|||||||
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
|
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
|
||||||
- <title>Linux man-pages online for Fedora18</title>
|
- <title>Linux man-pages online for Fedora18</title>
|
||||||
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
|
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
|
||||||
+ <title>SELinux man pages online</title>
|
+ <title>SELinux man pages</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
-<h1>SELinux man pages for Fedora18</h1>
|
-<h1>SELinux man pages for Fedora18</h1>
|
||||||
@ -166,5 +129,5 @@ index ec8aa1cb94a2..c632d05dbb1b 100755
|
|||||||
if len(self.manpage_roles[letter]):
|
if len(self.manpage_roles[letter]):
|
||||||
fd.write("""
|
fd.write("""
|
||||||
--
|
--
|
||||||
2.35.1
|
2.38.1
|
||||||
|
|
160
0027-Fix-E275-missing-whitespace-after-keyword.patch
Normal file
160
0027-Fix-E275-missing-whitespace-after-keyword.patch
Normal file
@ -0,0 +1,160 @@
|
|||||||
|
From 3fb03f54d0dad5119cdd3e1d2b13370b8296040b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 21 Nov 2022 11:39:32 +0100
|
||||||
|
Subject: [PATCH] Fix E275 missing whitespace after keyword
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
./gui/polgengui.py:484:18: E275 missing whitespace after keyword
|
||||||
|
./gui/polgengui.py:530:18: E275 missing whitespace after keyword
|
||||||
|
./python/sepolgen/src/sepolgen/policygen.py:327:19: E275 missing whitespace after keyword
|
||||||
|
./python/sepolgen/src/sepolgen/policygen.py:329:11: E275 missing whitespace after keyword
|
||||||
|
./python/sepolicy/sepolicy/__init__.py:453:15: E275 missing whitespace after keyword
|
||||||
|
./python/sepolicy/sepolicy/generate.py:1351:28: E275 missing whitespace after keyword
|
||||||
|
./python/sepolicy/sepolicy/generate.py:1353:28: E275 missing whitespace after keyword
|
||||||
|
./python/sepolicy/sepolicy/gui.py:638:24: E275 missing whitespace after keyword
|
||||||
|
./python/sepolicy/sepolicy/gui.py:863:23: E275 missing whitespace after keyword
|
||||||
|
./python/sepolicy/sepolicy/gui.py:2177:16: E275 missing whitespace after keyword
|
||||||
|
./sandbox/sandbox:114:7: E275 missing whitespace after keyword
|
||||||
|
./sandbox/sandbox:134:11: E275 missing whitespace after keyword
|
||||||
|
./sandbox/sandbox:136:7: E275 missing whitespace after keyword
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
---
|
||||||
|
gui/polgengui.py | 4 ++--
|
||||||
|
python/sepolgen/src/sepolgen/policygen.py | 4 ++--
|
||||||
|
python/sepolicy/sepolicy/__init__.py | 4 ++--
|
||||||
|
python/sepolicy/sepolicy/generate.py | 4 ++--
|
||||||
|
python/sepolicy/sepolicy/gui.py | 6 +++---
|
||||||
|
sandbox/sandbox | 6 +++---
|
||||||
|
6 files changed, 14 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gui/polgengui.py b/gui/polgengui.py
|
||||||
|
index 7a3ecd50c91c..16116ba68b61 100644
|
||||||
|
--- a/gui/polgengui.py
|
||||||
|
+++ b/gui/polgengui.py
|
||||||
|
@@ -481,7 +481,7 @@ class childWindow:
|
||||||
|
my_policy = sepolicy.generate.policy(self.get_name(), self.get_type())
|
||||||
|
|
||||||
|
iter = self.boolean_store.get_iter_first()
|
||||||
|
- while(iter):
|
||||||
|
+ while iter:
|
||||||
|
my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
|
||||||
|
iter = self.boolean_store.iter_next(iter)
|
||||||
|
|
||||||
|
@@ -527,7 +527,7 @@ class childWindow:
|
||||||
|
my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
|
||||||
|
|
||||||
|
iter = self.store.get_iter_first()
|
||||||
|
- while(iter):
|
||||||
|
+ while iter:
|
||||||
|
if self.store.get_value(iter, 1) == FILE:
|
||||||
|
my_policy.add_file(self.store.get_value(iter, 0))
|
||||||
|
else:
|
||||||
|
diff --git a/python/sepolgen/src/sepolgen/policygen.py b/python/sepolgen/src/sepolgen/policygen.py
|
||||||
|
index 8f0ce26e4dc7..183b41a93d50 100644
|
||||||
|
--- a/python/sepolgen/src/sepolgen/policygen.py
|
||||||
|
+++ b/python/sepolgen/src/sepolgen/policygen.py
|
||||||
|
@@ -324,9 +324,9 @@ def call_interface(interface, av):
|
||||||
|
ifcall.args.append(av.obj_class)
|
||||||
|
else:
|
||||||
|
print(params[i].type)
|
||||||
|
- assert(0)
|
||||||
|
+ assert 0
|
||||||
|
|
||||||
|
- assert(len(ifcall.args) > 0)
|
||||||
|
+ assert len(ifcall.args) > 0
|
||||||
|
|
||||||
|
return ifcall
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||||
|
index baa4c8e62e97..68907a4f9759 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/__init__.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||||
|
@@ -450,9 +450,9 @@ def get_conditionals(src, dest, tclass, perm):
|
||||||
|
tlist.append(tdict)
|
||||||
|
tdict = {}
|
||||||
|
except KeyError:
|
||||||
|
- return(tlist)
|
||||||
|
+ return tlist
|
||||||
|
|
||||||
|
- return (tlist)
|
||||||
|
+ return tlist
|
||||||
|
|
||||||
|
|
||||||
|
def get_conditionals_format_text(cond):
|
||||||
|
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||||
|
index eff3a8973917..36a3ea1196b1 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/generate.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/generate.py
|
||||||
|
@@ -1348,9 +1348,9 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||||
|
if len(temp_dirs) != 0:
|
||||||
|
for i in temp_dirs:
|
||||||
|
if i in self.dirs.keys():
|
||||||
|
- del(self.dirs[i])
|
||||||
|
+ del self.dirs[i]
|
||||||
|
elif i in self.files.keys():
|
||||||
|
- del(self.files[i])
|
||||||
|
+ del self.files[i]
|
||||||
|
else:
|
||||||
|
continue
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
|
||||||
|
index 335be582b668..c8f33f522a2d 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/gui.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/gui.py
|
||||||
|
@@ -635,7 +635,7 @@ class SELinuxGui():
|
||||||
|
for k in self.cur_dict:
|
||||||
|
for j in self.cur_dict[k]:
|
||||||
|
if i == ctr:
|
||||||
|
- del(self.cur_dict[k][j])
|
||||||
|
+ del self.cur_dict[k][j]
|
||||||
|
return
|
||||||
|
i += 1
|
||||||
|
|
||||||
|
@@ -860,7 +860,7 @@ class SELinuxGui():
|
||||||
|
if val is True or val is False or val is None:
|
||||||
|
continue
|
||||||
|
# Returns true if filter_txt exists within the val
|
||||||
|
- if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1):
|
||||||
|
+ if val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1:
|
||||||
|
return True
|
||||||
|
except (AttributeError, TypeError):
|
||||||
|
pass
|
||||||
|
@@ -2174,7 +2174,7 @@ class SELinuxGui():
|
||||||
|
model.set_value(iter, 0, not model.get_value(iter, 0))
|
||||||
|
active = model.get_value(iter, 0)
|
||||||
|
if name in self.cur_dict["boolean"]:
|
||||||
|
- del(self.cur_dict["boolean"][name])
|
||||||
|
+ del self.cur_dict["boolean"][name]
|
||||||
|
else:
|
||||||
|
self.cur_dict["boolean"][name] = {"active": active}
|
||||||
|
self.new_updates()
|
||||||
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||||
|
index df3af9260c7f..a32a33ea3cf6 100644
|
||||||
|
--- a/sandbox/sandbox
|
||||||
|
+++ b/sandbox/sandbox
|
||||||
|
@@ -111,7 +111,7 @@ def copyfile(file, srcdir, dest):
|
||||||
|
|
||||||
|
def savefile(new, orig, X_ind):
|
||||||
|
copy = False
|
||||||
|
- if(X_ind):
|
||||||
|
+ if X_ind:
|
||||||
|
import gi
|
||||||
|
gi.require_version('Gtk', '3.0')
|
||||||
|
from gi.repository import Gtk
|
||||||
|
@@ -131,9 +131,9 @@ def savefile(new, orig, X_ind):
|
||||||
|
except NameError:
|
||||||
|
pass
|
||||||
|
ans = input(_("Do you want to save changes to '%s' (y/N): ") % orig)
|
||||||
|
- if(re.match(_("[yY]"), ans)):
|
||||||
|
+ if re.match(_("[yY]"), ans):
|
||||||
|
copy = True
|
||||||
|
- if(copy):
|
||||||
|
+ if copy:
|
||||||
|
shutil.copy2(new, orig)
|
||||||
|
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
%global libauditver 3.0
|
%global libauditver 3.0
|
||||||
%global libsepolver 3.4-1
|
%global libsepolver 3.4-4
|
||||||
%global libsemanagever 3.4-1
|
%global libsemanagever 3.4-6
|
||||||
%global libselinuxver 3.4-1
|
%global libselinuxver 3.4-6
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
|
|
||||||
@ -11,7 +11,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 3.4
|
Version: 3.4
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/selinux-3.4.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/selinux-3.4.tar.gz
|
||||||
@ -31,20 +31,33 @@ Source23: sandbox-po.tgz
|
|||||||
# $ git format-patch -N 3.4 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
# $ git format-patch -N 3.4 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||||
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
||||||
# Patch list start
|
# Patch list start
|
||||||
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
Patch0001: 0001-libselinux-declare-return-value-of-context_str-3-con.patch
|
||||||
Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
Patch0002: 0002-semodule-avoid-toctou-on-output-module.patch
|
||||||
Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
Patch0003: 0003-python-Split-semanage-import-into-two-transactions.patch
|
||||||
Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
Patch0004: 0004-python-audit2allow-close-file-stream-on-error.patch
|
||||||
Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
Patch0005: 0005-gettext-handle-unsupported-languages-properly.patch
|
||||||
Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch
|
Patch0006: 0006-semodule-rename-rebuild-if-modules-changed-to-refres.patch
|
||||||
Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
Patch0007: 0007-python-remove-IOError-in-certain-cases.patch
|
||||||
Patch0008: 0008-sepolicy-generate-Handle-more-reserved-port-types.patch
|
Patch0008: 0008-restorecond-use-strict-function-prototype-for-defini.patch
|
||||||
Patch0009: 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
Patch0009: 0009-Ignore-egg-info-directories-and-clean-them.patch
|
||||||
Patch0010: 0010-Use-SHA-2-instead-of-SHA-1.patch
|
# Patch0010: 0010-Update-translations.patch
|
||||||
Patch0011: 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
Patch0011: 0011-docs-provide-a-top-level-LICENSE-file.patch
|
||||||
Patch0012: 0012-gettext-handle-unsupported-languages-properly.patch
|
Patch0012: 0012-gui-Fix-export-file-chooser-dialog.patch
|
||||||
Patch0013: 0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch
|
Patch0013: 0013-python-Do-not-query-the-local-database-if-the-fconte.patch
|
||||||
Patch0014: 0014-python-Split-semanage-import-into-two-transactions.patch
|
Patch0014: 0014-sandbox-Do-not-try-to-remove-tmpdir-twice-if-uid-0.patch
|
||||||
|
Patch0015: 0015-sandbox-Use-temporary-directory-for-XDG_RUNTIME_DIR.patch
|
||||||
|
Patch0016: 0016-python-Remove-dependency-on-the-Python-module-distut.patch
|
||||||
|
Patch0017: 0017-python-Harden-tools-against-rogue-modules.patch
|
||||||
|
Patch0018: 0018-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||||
|
Patch0019: 0019-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
||||||
|
Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||||
|
Patch0021: 0021-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||||
|
Patch0022: 0022-Use-SHA-2-instead-of-SHA-1.patch
|
||||||
|
Patch0023: 0023-python-Fix-typo-in-audit2allow.1-example.patch
|
||||||
|
Patch0024: 0024-python-sepolicy-Fix-sepolicy-manpage-w.patch
|
||||||
|
Patch0025: 0025-python-sepolicy-Use-distro-module-to-get-os-version.patch
|
||||||
|
Patch0026: 0026-python-sepolicy-Simplify-generation-of-man-pages.patch
|
||||||
|
Patch0027: 0027-Fix-E275-missing-whitespace-after-keyword.patch
|
||||||
# Patch list end
|
# Patch list end
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
@ -57,7 +70,7 @@ Provides: /sbin/restorecon
|
|||||||
BuildRequires: gcc make
|
BuildRequires: gcc make
|
||||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel python3-setuptools
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
BuildRequires: git-core
|
BuildRequires: git-core
|
||||||
Requires: util-linux grep gawk diffutils rpm sed
|
Requires: util-linux grep gawk diffutils rpm sed
|
||||||
@ -432,7 +445,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%dir %{_datadir}/bash-completion
|
%dir %{_datadir}/bash-completion
|
||||||
%{_datadir}/bash-completion/completions/setsebool
|
%{_datadir}/bash-completion/completions/setsebool
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license policycoreutils/COPYING
|
%license policycoreutils/LICENSE
|
||||||
%doc %{_usr}/share/doc/%{name}
|
%doc %{_usr}/share/doc/%{name}
|
||||||
|
|
||||||
%package restorecond
|
%package restorecond
|
||||||
@ -454,7 +467,7 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_mandir}/ru/man8/restorecond.8*
|
%{_mandir}/ru/man8/restorecond.8*
|
||||||
|
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license policycoreutils/COPYING
|
%license policycoreutils/LICENSE
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%systemd_post selinux-autorelabel-mark.service
|
%systemd_post selinux-autorelabel-mark.service
|
||||||
@ -472,6 +485,12 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-7
|
||||||
|
- Rebase on upstream f56a72ac9e86
|
||||||
|
- sepolicy: fix sepolicy manpage -w
|
||||||
|
- sandbox: add -R option to alternate XDG_RUNTIME_DIR
|
||||||
|
- Remove dependency on the Python module distutils
|
||||||
|
|
||||||
* Tue Aug 2 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-6
|
* Tue Aug 2 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-6
|
||||||
- Run autorelabel in parallel by default
|
- Run autorelabel in parallel by default
|
||||||
https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel
|
https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel
|
||||||
|
Loading…
Reference in New Issue
Block a user