Fix man page generation and public_content description

2013-02-14 10:13:51 -05:00 · 2013-02-14 10:13:51 -05:00 · 5855410892
commit 5855410892
parent 9057b25d2b
2 changed files with 97 additions and 3 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1327,10 +1327,38 @@ index b25d3b2..e120959 100755
         sys.exit(0)
     except ValueError,e:
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..37cd5dd 100644
+index 5e7415c..1d77fa9 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -145,10 +145,7 @@ def policy(policy_file):
+@@ -37,6 +37,27 @@ CLASS = 'class'
+ TRANSITION = 'transition'
+ ROLE_ALLOW = 'role_allow'
+ 
+def info(setype, name=None):
+    dict_list = _policy.info(setype, name)
+    return dict_list
+
+def search(types, info = {} ):
+    valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
+    for type in types:
+        if type not in valid_types:
+            raise ValueError("Type has to be in %s" % valid_types)
+        info[type] = True
+
+    perms = []
+    if PERMS in info:
+        perms = info[PERMS]
+        info[PERMS] = ",".join(info[PERMS])
+
+    dict_list = _policy.search(info)
+    if dict_list and len(perms) != 0:
+        dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
+    return dict_list
+
+ def __get_installed_policy():
+     try:
+         path = selinux.selinux_binary_policy_path()
+@@ -145,43 +166,19 @@ def policy(policy_file):
         raise ValueError(_("Failed to read %s policy file") % policy_file)
 
 
@ -1342,6 +1370,69 @@ index 5e7415c..37cd5dd 100644
 try:
     policy(policy_file)
 except ValueError, e:
+     if selinux.is_selinux_enabled() == 1:
+         raise e
+ 
+-def search(types, info = {} ):
+-    valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
+-    for type in types:
+-        if type not in valid_types:
+-            raise ValueError("Type has to be in %s" % valid_types)
+-        info[type] = True
+-
+-    perms = []
+-    if PERMS in info:
+-        perms = info[PERMS]
+-        info[PERMS] = ",".join(info[PERMS])
+-
+-    dict_list = _policy.search(info)
+-    if dict_list and len(perms) != 0:
+-        dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
+-    return dict_list
+-
+ def _dict_has_perms(dict, perms):
+     for perm in perms:
+         if perm not in dict[PERMS]:
+             return False
+     return True
+ 
+-def info(setype, name=None):
+-    dict_list = _policy.info(setype, name)
+-    return dict_list
+-
+ booleans_dict = None
+ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
+         global booleans_dict
+diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
+index 25062da..def78e9 100755
+--- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
+@@ -28,7 +28,7 @@ import string
+ import argparse
+ import selinux
+ import sepolicy
+-from sepolicy import network, gen_bool_dict, get_all_file_types, get_all_domains, get_all_roles, get_all_users, get_all_port_types, get_all_bools, get_all_attributes, get_all_role_allows
+from sepolicy import *
+ 
+ import commands
+ import sys, os, re, time
+@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+ .B restorecon -F -R -v /var/%(domainname)s
+ .pp
+ .TP
+-Allow %(domainname)s servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type.  This also requires the allow_%(domainname)sd_anon_write boolean to be set.
+Allow %(domainname)s servers to read and write /var/%(domainname)s/incoming by adding the public_content_rw_t type to the directory and by restoring the file type.  You also need to turn on the %(domainname)s_anon_write boolean.
+ .PP
+ .B
+ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
+ .br
+ .B restorecon -F -R -v /var/%(domainname)s/incoming
+-
+.br
+.B setsebool -P %(domainname)s_anon_write 1
+ """  % {'domainname':self.domainname})
+ 	    for b in self.anon_list:
+ 		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
 index 80b6d6e..07c5ee2 100644
 --- a/policycoreutils/setfiles/restorecon.8
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -326,6 +326,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-5
+- Fix man page generation and public_content description
+
 * Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
 - Revert some changes which are causing the wrong policy version file to be created
 - Switch sandbox to start using openbox rather then matchpbox