rpms/policycoreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-5

Browse Source 
- Additial cleanup of boolean handling for semanage
This commit is contained in:
Daniel J Walsh 2008-07-09 13:04:58 +00:00
parent fab4898fba
commit 794090192b
2 changed files with 58 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
policycoreutils-rhat.patch
View File

@ -1,44 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.52/Makefile
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
+++ policycoreutils-2.0.52/Makefile 2008-07-03 16:17:10.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.52/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
+++ policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-03 16:17:10.000000000 -0400
@@ -210,9 +210,10 @@
}
if (fsetfilecon(fd, scontext) < 0) {
- syslog(LOG_ERR,
- "set context %s->%s failed:'%s'\n",
- filename, scontext, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR,
+ "set context %s->%s failed:'%s'\n",
+ filename, scontext, strerror(errno));
if (retcontext >= 0)
free(prev_context);
free(scontext);
@@ -225,8 +226,9 @@
if (retcontext >= 0)
free(prev_context);
} else {
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
- filename, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+ filename, strerror(errno));
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.52/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-07-02 17:19:15.000000000 -0400
+++ policycoreutils-2.0.52/semanage/semanage 2008-07-03 16:17:10.000000000 -0400
+++ policycoreutils-2.0.52/semanage/semanage 2008-07-09 08:44:58.000000000 -0400
@@ -51,7 +51,7 @@
semanage interface -{a|d|m} [-tr] interface_spec
semanage fcontext -{a|d|m} [-frst] file_spec
@ -76,7 +38,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
- deleteall = 0
- list = 0
- locallist = 0
+ value = ""
+ value = None
+ add = False
+ modify = False
+ delete = False
@ -184,23 +146,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
OBJECT.add(target, rlist, selevel, serange, prefix)
if object == "port":
@@ -317,7 +325,12 @@
@@ -317,7 +325,7 @@
if modify:
if object == "boolean":
- OBJECT.modify(target, value)
+ if use_file:
+ OBJECT.modify(target, use_file = use_file)
+ else:
+ if value == "":
+ raise ValueError(_("boolean requires value"))
+ OBJECT.modify(target, value)
+ OBJECT.modify(target, value, use_file)
if object == "login":
OBJECT.modify(target, seuser, serange)
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.52/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-07-02 17:19:15.000000000 -0400
+++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-03 16:17:10.000000000 -0400
+++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-09 08:44:40.000000000 -0400
@@ -3,9 +3,9 @@
semanage \- SELinux Policy Management tool
@ -237,10 +194,41 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.52/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-07-02 17:19:15.000000000 -0400
+++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-08 08:45:07.000000000 -0400
@@ -1448,53 +1443,58 @@
+++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-09 08:55:45.000000000 -0400
@@ -330,20 +330,15 @@
for name in dirs:
os.rmdir(os.path.join(root, name))
- if rc != 0:
- raise ValueError(out)
-
-
def delete(self, name):
for n in name.split():
rc = semanage_module_remove(self.sh, "permissive_%s" % n)
if rc < 0:
raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name)
- rc = semanage_commit(self.sh)
- if rc < 0:
+ rc = semanage_commit(self.sh)
+ if rc < 0:
raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name)
-
def deleteall(self):
l = self.get_all()
if len(l) > 0:
@@ -1447,54 +1442,72 @@
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+ self.dict={}
+ self.dict["TRUE"] = 1
+ self.dict["FALSE"] = 0
+ self.dict["ON"] = 1
+ self.dict["OFF"] = 0
+ self.dict["1"] = 1
+ self.dict["0"] = 0
- def modify(self, name, value = ""):
- if value == "":
@ -276,11 +264,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
- if value != "":
- nvalue = int(value)
- semanage_bool_set_value(b, nvalue)
+ if value != "":
+ nvalue = int(value)
+ semanage_bool_set_value(b, nvalue)
+ if value.upper() in self.dict:
+ semanage_bool_set_value(b, self.dict[value.upper()])
else:
raise ValueError(_("You must specify a value"))
- raise ValueError(_("You must specify a value"))
+ raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
+
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
@ -291,7 +279,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
+ semanage_bool_key_free(k)
+ semanage_bool_free(b)
+ def modify(self, name, value=False, use_file=False):
+ def modify(self, name, value=None, use_file=False):
+
rc = semanage_begin_transaction(self.sh)
if rc < 0:
@ -305,9 +293,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
- raise ValueError(_("Could not modify boolean %s") % name)
+ if use_file:
+ fd = open(name)
+ for b in fd.read().split():
+ bool, val = b.split("=")
+ self.__mod(bool, val)
+ for b in fd.read().split("\n"):
+ b = b.strip()
+ if len(b) == 0:
+ continue
+
+ try:
+ boolname, val = b.split("=")
+ except ValueError, e:
+ raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
+ self.__mod(boolname.strip(), val.strip())
+ fd.close()
+ else:
+ self.__mod(name, value)
@ -330,7 +325,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
(rc,exists) = semanage_bool_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if boolean %s is defined") % name)
@@ -1571,8 +1571,15 @@
@@ -1571,8 +1584,15 @@
else:
return _("unknown")

5
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.52
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-5
- Additial cleanup of boolean handling for semanage
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-4
- Handle ranges of ports in gui