Fix man page generation and public_content description

This commit is contained in:
Dan Walsh 2013-02-14 10:13:51 -05:00
parent 9057b25d2b
commit 5855410892
2 changed files with 97 additions and 3 deletions

View File

@ -1327,10 +1327,38 @@ index b25d3b2..e120959 100755
sys.exit(0) sys.exit(0)
except ValueError,e: except ValueError,e:
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index 5e7415c..37cd5dd 100644 index 5e7415c..1d77fa9 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py --- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -145,10 +145,7 @@ def policy(policy_file): @@ -37,6 +37,27 @@ CLASS = 'class'
TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow'
+def info(setype, name=None):
+ dict_list = _policy.info(setype, name)
+ return dict_list
+
+def search(types, info = {} ):
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
+ for type in types:
+ if type not in valid_types:
+ raise ValueError("Type has to be in %s" % valid_types)
+ info[type] = True
+
+ perms = []
+ if PERMS in info:
+ perms = info[PERMS]
+ info[PERMS] = ",".join(info[PERMS])
+
+ dict_list = _policy.search(info)
+ if dict_list and len(perms) != 0:
+ dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
+ return dict_list
+
def __get_installed_policy():
try:
path = selinux.selinux_binary_policy_path()
@@ -145,43 +166,19 @@ def policy(policy_file):
raise ValueError(_("Failed to read %s policy file") % policy_file) raise ValueError(_("Failed to read %s policy file") % policy_file)
@ -1342,6 +1370,69 @@ index 5e7415c..37cd5dd 100644
try: try:
policy(policy_file) policy(policy_file)
except ValueError, e: except ValueError, e:
if selinux.is_selinux_enabled() == 1:
raise e
-def search(types, info = {} ):
- valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
- for type in types:
- if type not in valid_types:
- raise ValueError("Type has to be in %s" % valid_types)
- info[type] = True
-
- perms = []
- if PERMS in info:
- perms = info[PERMS]
- info[PERMS] = ",".join(info[PERMS])
-
- dict_list = _policy.search(info)
- if dict_list and len(perms) != 0:
- dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
- return dict_list
-
def _dict_has_perms(dict, perms):
for perm in perms:
if perm not in dict[PERMS]:
return False
return True
-def info(setype, name=None):
- dict_list = _policy.info(setype, name)
- return dict_list
-
booleans_dict = None
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
global booleans_dict
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
index 25062da..def78e9 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -28,7 +28,7 @@ import string
import argparse
import selinux
import sepolicy
-from sepolicy import network, gen_bool_dict, get_all_file_types, get_all_domains, get_all_roles, get_all_users, get_all_port_types, get_all_bools, get_all_attributes, get_all_role_allows
+from sepolicy import *
import commands
import sys, os, re, time
@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
.B restorecon -F -R -v /var/%(domainname)s
.pp
.TP
-Allow %(domainname)s servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_%(domainname)sd_anon_write boolean to be set.
+Allow %(domainname)s servers to read and write /var/%(domainname)s/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. You also need to turn on the %(domainname)s_anon_write boolean.
.PP
.B
semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
.br
.B restorecon -F -R -v /var/%(domainname)s/incoming
-
+.br
+.B setsebool -P %(domainname)s_anon_write 1
""" % {'domainname':self.domainname})
for b in self.anon_list:
desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 80b6d6e..07c5ee2 100644 index 80b6d6e..07c5ee2 100644
--- a/policycoreutils/setfiles/restorecon.8 --- a/policycoreutils/setfiles/restorecon.8

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.14 Version: 2.1.14
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -326,6 +326,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-5
- Fix man page generation and public_content description
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4 * Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
- Revert some changes which are causing the wrong policy version file to be created - Revert some changes which are causing the wrong policy version file to be created
- Switch sandbox to start using openbox rather then matchpbox - Switch sandbox to start using openbox rather then matchpbox