diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index ed1fa76..6b4545c 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,44 +1,6 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.52/Makefile ---- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400 -+++ policycoreutils-2.0.52/Makefile 2008-07-03 16:17:10.000000000 -0400 -@@ -1,4 +1,4 @@ --SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui - - INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) - -diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.52/restorecond/restorecond.c ---- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-03 16:17:10.000000000 -0400 -@@ -210,9 +210,10 @@ - } - - if (fsetfilecon(fd, scontext) < 0) { -- syslog(LOG_ERR, -- "set context %s->%s failed:'%s'\n", -- filename, scontext, strerror(errno)); -+ if (errno != EOPNOTSUPP) -+ syslog(LOG_ERR, -+ "set context %s->%s failed:'%s'\n", -+ filename, scontext, strerror(errno)); - if (retcontext >= 0) - free(prev_context); - free(scontext); -@@ -225,8 +226,9 @@ - if (retcontext >= 0) - free(prev_context); - } else { -- syslog(LOG_ERR, "get context on %s failed: '%s'\n", -- filename, strerror(errno)); -+ if (errno != EOPNOTSUPP) -+ syslog(LOG_ERR, "get context on %s failed: '%s'\n", -+ filename, strerror(errno)); - } - free(scontext); - close(fd); diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.52/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2008-07-02 17:19:15.000000000 -0400 -+++ policycoreutils-2.0.52/semanage/semanage 2008-07-03 16:17:10.000000000 -0400 ++++ policycoreutils-2.0.52/semanage/semanage 2008-07-09 08:44:58.000000000 -0400 @@ -51,7 +51,7 @@ semanage interface -{a|d|m} [-tr] interface_spec semanage fcontext -{a|d|m} [-frst] file_spec @@ -76,7 +38,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po - deleteall = 0 - list = 0 - locallist = 0 -+ value = "" ++ value = None + add = False + modify = False + delete = False @@ -184,23 +146,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po OBJECT.add(target, rlist, selevel, serange, prefix) if object == "port": -@@ -317,7 +325,12 @@ +@@ -317,7 +325,7 @@ if modify: if object == "boolean": - OBJECT.modify(target, value) -+ if use_file: -+ OBJECT.modify(target, use_file = use_file) -+ else: -+ if value == "": -+ raise ValueError(_("boolean requires value")) -+ OBJECT.modify(target, value) ++ OBJECT.modify(target, value, use_file) if object == "login": OBJECT.modify(target, seuser, serange) diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.52/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2008-07-02 17:19:15.000000000 -0400 -+++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-03 16:17:10.000000000 -0400 ++++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-09 08:44:40.000000000 -0400 @@ -3,9 +3,9 @@ semanage \- SELinux Policy Management tool @@ -237,10 +194,41 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po .TP diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.52/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2008-07-02 17:19:15.000000000 -0400 -+++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-08 08:45:07.000000000 -0400 -@@ -1448,53 +1443,58 @@ ++++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-09 08:55:45.000000000 -0400 +@@ -330,20 +330,15 @@ + for name in dirs: + os.rmdir(os.path.join(root, name)) + +- if rc != 0: +- raise ValueError(out) +- +- + def delete(self, name): + for n in name.split(): + rc = semanage_module_remove(self.sh, "permissive_%s" % n) + if rc < 0: + raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name) +- rc = semanage_commit(self.sh) +- if rc < 0: ++ rc = semanage_commit(self.sh) ++ if rc < 0: + raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name) + +- + def deleteall(self): + l = self.get_all() + if len(l) > 0: +@@ -1447,54 +1442,72 @@ + class booleanRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) ++ self.dict={} ++ self.dict["TRUE"] = 1 ++ self.dict["FALSE"] = 0 ++ self.dict["ON"] = 1 ++ self.dict["OFF"] = 0 ++ self.dict["1"] = 1 ++ self.dict["0"] = 0 - def modify(self, name, value = ""): - if value == "": @@ -276,11 +264,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po - if value != "": - nvalue = int(value) - semanage_bool_set_value(b, nvalue) -+ if value != "": -+ nvalue = int(value) -+ semanage_bool_set_value(b, nvalue) ++ if value.upper() in self.dict: ++ semanage_bool_set_value(b, self.dict[value.upper()]) else: - raise ValueError(_("You must specify a value")) +- raise ValueError(_("You must specify a value")) ++ raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) ) + + rc = semanage_bool_set_active(self.sh, k, b) + if rc < 0: @@ -291,7 +279,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po + semanage_bool_key_free(k) + semanage_bool_free(b) -+ def modify(self, name, value=False, use_file=False): ++ def modify(self, name, value=None, use_file=False): + rc = semanage_begin_transaction(self.sh) if rc < 0: @@ -305,9 +293,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po - raise ValueError(_("Could not modify boolean %s") % name) + if use_file: + fd = open(name) -+ for b in fd.read().split(): -+ bool, val = b.split("=") -+ self.__mod(bool, val) ++ for b in fd.read().split("\n"): ++ b = b.strip() ++ if len(b) == 0: ++ continue ++ ++ try: ++ boolname, val = b.split("=") ++ except ValueError, e: ++ raise ValueError(_("Bad format %s: Record %s" % ( name, b) )) ++ self.__mod(boolname.strip(), val.strip()) + fd.close() + else: + self.__mod(name, value) @@ -330,7 +325,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po (rc,exists) = semanage_bool_exists(self.sh, k) if rc < 0: raise ValueError(_("Could not check if boolean %s is defined") % name) -@@ -1571,8 +1571,15 @@ +@@ -1571,8 +1584,15 @@ else: return _("unknown") diff --git a/policycoreutils.spec b/policycoreutils.spec index 7b6d970..70a79a2 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.52 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Wed Jul 9 2008 Dan Walsh 2.0.52-5 +- Additial cleanup of boolean handling for semanage + * Tue Jul 8 2008 Dan Walsh 2.0.52-4 - Handle ranges of ports in gui