Fix man page generation and public_content description
This commit is contained in:
parent
9057b25d2b
commit
5855410892
@ -1327,10 +1327,38 @@ index b25d3b2..e120959 100755
|
|||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
except ValueError,e:
|
except ValueError,e:
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
index 5e7415c..37cd5dd 100644
|
index 5e7415c..1d77fa9 100644
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
@@ -145,10 +145,7 @@ def policy(policy_file):
|
@@ -37,6 +37,27 @@ CLASS = 'class'
|
||||||
|
TRANSITION = 'transition'
|
||||||
|
ROLE_ALLOW = 'role_allow'
|
||||||
|
|
||||||
|
+def info(setype, name=None):
|
||||||
|
+ dict_list = _policy.info(setype, name)
|
||||||
|
+ return dict_list
|
||||||
|
+
|
||||||
|
+def search(types, info = {} ):
|
||||||
|
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
|
||||||
|
+ for type in types:
|
||||||
|
+ if type not in valid_types:
|
||||||
|
+ raise ValueError("Type has to be in %s" % valid_types)
|
||||||
|
+ info[type] = True
|
||||||
|
+
|
||||||
|
+ perms = []
|
||||||
|
+ if PERMS in info:
|
||||||
|
+ perms = info[PERMS]
|
||||||
|
+ info[PERMS] = ",".join(info[PERMS])
|
||||||
|
+
|
||||||
|
+ dict_list = _policy.search(info)
|
||||||
|
+ if dict_list and len(perms) != 0:
|
||||||
|
+ dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
|
||||||
|
+ return dict_list
|
||||||
|
+
|
||||||
|
def __get_installed_policy():
|
||||||
|
try:
|
||||||
|
path = selinux.selinux_binary_policy_path()
|
||||||
|
@@ -145,43 +166,19 @@ def policy(policy_file):
|
||||||
raise ValueError(_("Failed to read %s policy file") % policy_file)
|
raise ValueError(_("Failed to read %s policy file") % policy_file)
|
||||||
|
|
||||||
|
|
||||||
@ -1342,6 +1370,69 @@ index 5e7415c..37cd5dd 100644
|
|||||||
try:
|
try:
|
||||||
policy(policy_file)
|
policy(policy_file)
|
||||||
except ValueError, e:
|
except ValueError, e:
|
||||||
|
if selinux.is_selinux_enabled() == 1:
|
||||||
|
raise e
|
||||||
|
|
||||||
|
-def search(types, info = {} ):
|
||||||
|
- valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
|
||||||
|
- for type in types:
|
||||||
|
- if type not in valid_types:
|
||||||
|
- raise ValueError("Type has to be in %s" % valid_types)
|
||||||
|
- info[type] = True
|
||||||
|
-
|
||||||
|
- perms = []
|
||||||
|
- if PERMS in info:
|
||||||
|
- perms = info[PERMS]
|
||||||
|
- info[PERMS] = ",".join(info[PERMS])
|
||||||
|
-
|
||||||
|
- dict_list = _policy.search(info)
|
||||||
|
- if dict_list and len(perms) != 0:
|
||||||
|
- dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
|
||||||
|
- return dict_list
|
||||||
|
-
|
||||||
|
def _dict_has_perms(dict, perms):
|
||||||
|
for perm in perms:
|
||||||
|
if perm not in dict[PERMS]:
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
|
-def info(setype, name=None):
|
||||||
|
- dict_list = _policy.info(setype, name)
|
||||||
|
- return dict_list
|
||||||
|
-
|
||||||
|
booleans_dict = None
|
||||||
|
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||||
|
global booleans_dict
|
||||||
|
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
|
index 25062da..def78e9 100755
|
||||||
|
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
|
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
|
@@ -28,7 +28,7 @@ import string
|
||||||
|
import argparse
|
||||||
|
import selinux
|
||||||
|
import sepolicy
|
||||||
|
-from sepolicy import network, gen_bool_dict, get_all_file_types, get_all_domains, get_all_roles, get_all_users, get_all_port_types, get_all_bools, get_all_attributes, get_all_role_allows
|
||||||
|
+from sepolicy import *
|
||||||
|
|
||||||
|
import commands
|
||||||
|
import sys, os, re, time
|
||||||
|
@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
|
||||||
|
.B restorecon -F -R -v /var/%(domainname)s
|
||||||
|
.pp
|
||||||
|
.TP
|
||||||
|
-Allow %(domainname)s servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_%(domainname)sd_anon_write boolean to be set.
|
||||||
|
+Allow %(domainname)s servers to read and write /var/%(domainname)s/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. You also need to turn on the %(domainname)s_anon_write boolean.
|
||||||
|
.PP
|
||||||
|
.B
|
||||||
|
semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
|
||||||
|
.br
|
||||||
|
.B restorecon -F -R -v /var/%(domainname)s/incoming
|
||||||
|
-
|
||||||
|
+.br
|
||||||
|
+.B setsebool -P %(domainname)s_anon_write 1
|
||||||
|
""" % {'domainname':self.domainname})
|
||||||
|
for b in self.anon_list:
|
||||||
|
desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
|
||||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||||
index 80b6d6e..07c5ee2 100644
|
index 80b6d6e..07c5ee2 100644
|
||||||
--- a/policycoreutils/setfiles/restorecon.8
|
--- a/policycoreutils/setfiles/restorecon.8
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.14
|
Version: 2.1.14
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -326,6 +326,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-5
|
||||||
|
- Fix man page generation and public_content description
|
||||||
|
|
||||||
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
|
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
|
||||||
- Revert some changes which are causing the wrong policy version file to be created
|
- Revert some changes which are causing the wrong policy version file to be created
|
||||||
- Switch sandbox to start using openbox rather then matchpbox
|
- Switch sandbox to start using openbox rather then matchpbox
|
||||||
|
Loading…
Reference in New Issue
Block a user