* Tue Dec 19 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-7

- add exists switch to semanage to tell it not to check for existance of Linux user Resolves: #219421
2006-12-19 14:09:47 +00:00 · 2006-12-19 14:09:47 +00:00 · 84ce12524d
commit 84ce12524d
parent 8672af3e7f
2 changed files with 132 additions and 5 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -4949,9 +4949,111 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 /etc/samba/secrets.tdb
 /etc/mtab
 /var/run/utmp
+diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.33.6/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage	2006-11-16 17:14:26.000000000 -0500
+++ policycoreutils-1.33.6/semanage/semanage	2006-12-19 08:56:35.000000000 -0500
+@@ -65,6 +65,7 @@
+ 		-l (symbolic link) \n\
+ 		-p (named pipe) \n\n\
+ \
+        -e, --exists     Check if Linux user exists before adding (login only)\n\
+ 	-p, --proto      Port protocol (tcp or udp)\n\
+ 	-P, --prefix     Prefix for home directory labeling\n\
+ 	-L, --level      Default SELinux Level (MLS/MCS Systems only)\n\
+@@ -88,7 +89,7 @@
+ 		valid_option={}
+ 		valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
+ 		valid_option["login"] = []
+-		valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
+		valid_option["login"] += valid_everyone + [ '-e', '--exists', '-s', '--seuser', '-r', '--range']
+ 		valid_option["user"] = []
+ 		valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ] 
+ 		valid_option["port"] = []
+@@ -118,7 +119,8 @@
+ 		seuser = ""
+ 		prefix = ""
+ 		heading=1
+-
+                exists = 1
+                
+ 		add = 0
+ 		modify = 0
+ 		delete = 0
+@@ -134,9 +136,10 @@
+ 		args = sys.argv[2:]
+ 
+ 		gopts, cmds = getopt.getopt(args,
+-					    'adf:lhmnp:s:R:L:r:t:T:P:',
+					    'ade:f:lhmnp:s:R:L:r:t:T:P:',
+ 					    ['add',
+ 					     'delete',
+                                             'exists=',
+ 					     'ftype=',
+ 					     'help',
+ 					     'list', 
+@@ -165,13 +168,26 @@
+ 				if modify or add:
+ 					usage()
+ 				delete = 1
+
+			if o == "-e"  or o == "--exists":
+				if not add:
+					usage()
+                                a = a.upper()
+                                if a == "0" or a == "FALSE":
+                                       exists =  False
+                                else:
+                                       if a == "1" or a == "TRUE":
+                                              exists =  True
+                                       else:
+                                              usage()
+ 			if o == "-f"  or o == "--ftype":
+-				ftype=a
+				ftype = a
+
+ 			if o == "-h" or o == "--help":
+ 				usage()
+ 
+ 			if o == "-n" or o == "--noheading":
+-				heading=0
+				heading = 0
+ 
+ 			if o == "-m"or o == "--modify":
+ 				if delete or add:
+@@ -238,7 +254,7 @@
+ 
+ 		if add:
+ 			if object == "login":
+-				OBJECT.add(target, seuser, serange)
+				OBJECT.add(target, seuser, serange, exists)
+ 
+ 			if object == "translation":
+ 				OBJECT.add(target, setrans)
+diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.6/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8	2006-11-29 17:11:17.000000000 -0500
+++ policycoreutils-1.33.6/semanage/semanage.8	2006-12-19 08:43:02.000000000 -0500
+@@ -5,7 +5,7 @@
+ .SH "SYNOPSIS"
+ .B semanage {login|user|port|interface|fcontext|translation} \-l [\-n]
+ .br
+-.B semanage login \-{a|d|m} [\-sr] login_name
+.B semanage login \-{a|d|m} [\-esr] login_name
+ .br
+ .B semanage user \-{a|d|m} [\-LrRP] selinux_name
+ .br
+@@ -43,6 +43,9 @@
+ .I                \-d, \-\-delete     
+ Delete a OBJECT record NAME
+ .TP
+.I                \-e, \-\-exists
+Check whether or not the Linux user exists before adding the login mapping.
+.TP
+ .I                \-f, \-\-ftype
+ File Type.   This is used with fcontext.
+ Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.6/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2006-11-16 17:14:26.000000000 -0500
-+++ policycoreutils-1.33.6/semanage/seobject.py	2006-12-18 13:59:38.000000000 -0500
+++ policycoreutils-1.33.6/semanage/seobject.py	2006-12-19 08:31:21.000000000 -0500
@@ -94,23 +94,25 @@
 	return re.search("^" + reg +"$",raw)
 
@ -5011,7 +5113,26 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 class semanageRecords:
 	def __init__(self):
 		self.sh = semanage_handle_create()
-@@ -456,7 +459,8 @@
+@@ -228,7 +231,7 @@
+ 	def __init__(self):
+ 		semanageRecords.__init__(self)
+ 
+-	def add(self, name, sename, serange):
+	def add(self, name, sename, serange, check_exists = True):
+ 		if is_mls_enabled == 1:
+ 			if serange == "":
+ 				serange = "s0"
+@@ -249,7 +252,8 @@
+ 			if exists:
+ 				raise ValueError(_("Login mapping for %s is already defined") % name)
+ 			try:
+-				pwd.getpwnam(name)
+                               if check_exists:
+                                      pwd.getpwnam(name)
+ 			except:
+ 				raise ValueError(_("Linux User %s does not exist") % name)
+ 
+@@ -456,7 +460,8 @@
 				rc = semanage_user_set_mlslevel(self.sh, u, selevel)
 				if rc < 0:
 					raise ValueError(_("Could not set MLS level for %s") % name)
@ -5021,7 +5142,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 			rc = semanage_user_set_prefix(self.sh, u, prefix)
 			if rc < 0:
 				raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
-@@ -522,11 +526,17 @@
+@@ -522,11 +527,17 @@
 				semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
 
 			if prefix != "":
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -5,7 +5,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.33.6
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -168,8 +168,14 @@ fi
 [ -x /sbin/service ] && /sbin/service restorecond condrestart

 %changelog
-* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6
+* Tue Dec 19 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-7
+- add exists switch to semanage to tell it not to check for existance of Linux user
+Resolves: #219421
+
+* Mon Dec 18 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6
 - Fix audit2allow generating reference policy
+- Fix semanage to manage user roles properly 
+Resolves: #220071

 * Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-5
 - Update po files