From 5855410892cb173528a4d9ec6719f8204bbc158f Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 14 Feb 2013 10:13:51 -0500 Subject: [PATCH] Fix man page generation and public_content description --- policycoreutils-rhat.patch | 95 +++++++++++++++++++++++++++++++++++++- policycoreutils.spec | 5 +- 2 files changed, 97 insertions(+), 3 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 2ce6e79..9c55140 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1327,10 +1327,38 @@ index b25d3b2..e120959 100755 sys.exit(0) except ValueError,e: diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index 5e7415c..37cd5dd 100644 +index 5e7415c..1d77fa9 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py -@@ -145,10 +145,7 @@ def policy(policy_file): +@@ -37,6 +37,27 @@ CLASS = 'class' + TRANSITION = 'transition' + ROLE_ALLOW = 'role_allow' + ++def info(setype, name=None): ++ dict_list = _policy.info(setype, name) ++ return dict_list ++ ++def search(types, info = {} ): ++ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] ++ for type in types: ++ if type not in valid_types: ++ raise ValueError("Type has to be in %s" % valid_types) ++ info[type] = True ++ ++ perms = [] ++ if PERMS in info: ++ perms = info[PERMS] ++ info[PERMS] = ",".join(info[PERMS]) ++ ++ dict_list = _policy.search(info) ++ if dict_list and len(perms) != 0: ++ dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list) ++ return dict_list ++ + def __get_installed_policy(): + try: + path = selinux.selinux_binary_policy_path() +@@ -145,43 +166,19 @@ def policy(policy_file): raise ValueError(_("Failed to read %s policy file") % policy_file) @@ -1342,6 +1370,69 @@ index 5e7415c..37cd5dd 100644 try: policy(policy_file) except ValueError, e: + if selinux.is_selinux_enabled() == 1: + raise e + +-def search(types, info = {} ): +- valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] +- for type in types: +- if type not in valid_types: +- raise ValueError("Type has to be in %s" % valid_types) +- info[type] = True +- +- perms = [] +- if PERMS in info: +- perms = info[PERMS] +- info[PERMS] = ",".join(info[PERMS]) +- +- dict_list = _policy.search(info) +- if dict_list and len(perms) != 0: +- dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list) +- return dict_list +- + def _dict_has_perms(dict, perms): + for perm in perms: + if perm not in dict[PERMS]: + return False + return True + +-def info(setype, name=None): +- dict_list = _policy.info(setype, name) +- return dict_list +- + booleans_dict = None + def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): + global booleans_dict +diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py +index 25062da..def78e9 100755 +--- a/policycoreutils/sepolicy/sepolicy/manpage.py ++++ b/policycoreutils/sepolicy/sepolicy/manpage.py +@@ -28,7 +28,7 @@ import string + import argparse + import selinux + import sepolicy +-from sepolicy import network, gen_bool_dict, get_all_file_types, get_all_domains, get_all_roles, get_all_users, get_all_port_types, get_all_bools, get_all_attributes, get_all_role_allows ++from sepolicy import * + + import commands + import sys, os, re, time +@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?" + .B restorecon -F -R -v /var/%(domainname)s + .pp + .TP +-Allow %(domainname)s servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_%(domainname)sd_anon_write boolean to be set. ++Allow %(domainname)s servers to read and write /var/%(domainname)s/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. You also need to turn on the %(domainname)s_anon_write boolean. + .PP + .B + semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?" + .br + .B restorecon -F -R -v /var/%(domainname)s/incoming +- ++.br ++.B setsebool -P %(domainname)s_anon_write 1 + """ % {'domainname':self.domainname}) + for b in self.anon_list: + desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:] diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 index 80b6d6e..07c5ee2 100644 --- a/policycoreutils/setfiles/restorecon.8 diff --git a/policycoreutils.spec b/policycoreutils.spec index 6f525e6..6c062a7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -326,6 +326,9 @@ The policycoreutils-restorecond package contains the restorecond service. %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Thu Feb 14 2013 Dan Walsh - 2.1.14-5 +- Fix man page generation and public_content description + * Thu Feb 14 2013 Dan Walsh - 2.1.14-4 - Revert some changes which are causing the wrong policy version file to be created - Switch sandbox to start using openbox rather then matchpbox