rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly

Browse Source
This commit is contained in:
Dan Walsh 2012-07-27 09:42:59 -04:00
parent 7e579fc0a2
commit 634c0824af
2 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
policycoreutils-sepolgen.patch
View File

@ -144,10 +144,34 @@ index c3d665c..cc9f8ea 100644
try:
if ( av.type == audit2why.TERULE and
diff --git a/sepolgen/src/sepolgen/refpolicy.py b/sepolgen/src/sepolgen/refpolicy.py
index b138e3d..7ce8f9d 100644
index b138e3d..1399225 100644
--- a/sepolgen/src/sepolgen/refpolicy.py
+++ b/sepolgen/src/sepolgen/refpolicy.py
@@ -799,7 +799,7 @@ class Require(Leaf):
@@ -363,7 +363,10 @@ class Role(Leaf):
self.types = IdSet()
def to_string(self):
- return "role %s types %s;" % (self.role, self.types.to_comma_str())
+ s = ""
+ for t in self.types:
+ s += "role %s types %s;\n" % (self.role, t)
+ return s
class Type(Leaf):
def __init__(self, name="", parent=None):
@@ -511,7 +514,10 @@ class RoleType(Leaf):
self.types = IdSet()
def to_string(self):
- return "role %s types %s;" % (self.role, self.types.to_comma_str())
+ s = ""
+ for t in self.types:
+ s += "role %s types %s;\n" % (self.role, t)
+ return s
class ModuleDeclaration(Leaf):
def __init__(self, parent=None):
@@ -799,7 +805,7 @@ class Require(Leaf):
self.types = IdSet()
self.obj_classes = { }
self.roles = IdSet()
@ -156,7 +180,7 @@ index b138e3d..7ce8f9d 100644
self.users = IdSet()
def add_obj_class(self, obj_class, perms):
@@ -816,7 +816,7 @@ class Require(Leaf):
@@ -816,7 +822,7 @@ class Require(Leaf):
s.append("\tclass %s %s;" % (obj_class, perms.to_space_str()))
for role in self.roles:
s.append("\trole %s;" % role)

11
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.12
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -340,6 +340,15 @@ fi
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
* Fri Jul 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-5
- Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
* Thu Jul 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-4
- Fix restorecon to generate a better percentage of completion on restorecon -R /.
- Have audit2allow look at the constaint violation and tell the user whether it
- is because of user,role or level
* Wed Jul 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-3
- userapps is generating sandbox code in polgengui