rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Dec 19 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-7

Browse Source 
- add exists switch to semanage to tell it not to check for existance of Linux user
Resolves: #219421
This commit is contained in:
Daniel J Walsh 2006-12-19 14:09:47 +00:00
parent 8672af3e7f
commit 84ce12524d
2 changed files with 132 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
policycoreutils-rhat.patch
View File

@ -4949,9 +4949,111 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
/etc/samba/secrets.tdb /etc/samba/secrets.tdb
/etc/mtab /etc/mtab
/var/run/utmp /var/run/utmp
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.33.6/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-11-16 17:14:26.000000000 -0500
+++ policycoreutils-1.33.6/semanage/semanage 2006-12-19 08:56:35.000000000 -0500
@@ -65,6 +65,7 @@
-l (symbolic link) \n\
-p (named pipe) \n\n\
\
+ -e, --exists Check if Linux user exists before adding (login only)\n\
-p, --proto Port protocol (tcp or udp)\n\
-P, --prefix Prefix for home directory labeling\n\
-L, --level Default SELinux Level (MLS/MCS Systems only)\n\
@@ -88,7 +89,7 @@
valid_option={}
valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
valid_option["login"] = []
- valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
+ valid_option["login"] += valid_everyone + [ '-e', '--exists', '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
valid_option["port"] = []
@@ -118,7 +119,8 @@
seuser = ""
prefix = ""
heading=1
-
+ exists = 1
+
add = 0
modify = 0
delete = 0
@@ -134,9 +136,10 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:s:R:L:r:t:T:P:',
+ 'ade:f:lhmnp:s:R:L:r:t:T:P:',
['add',
'delete',
+ 'exists=',
'ftype=',
'help',
'list',
@@ -165,13 +168,26 @@
if modify or add:
usage()
delete = 1
+
+ if o == "-e" or o == "--exists":
+ if not add:
+ usage()
+ a = a.upper()
+ if a == "0" or a == "FALSE":
+ exists = False
+ else:
+ if a == "1" or a == "TRUE":
+ exists = True
+ else:
+ usage()
if o == "-f" or o == "--ftype":
- ftype=a
+ ftype = a
+
if o == "-h" or o == "--help":
usage()
if o == "-n" or o == "--noheading":
- heading=0
+ heading = 0
if o == "-m"or o == "--modify":
if delete or add:
@@ -238,7 +254,7 @@
if add:
if object == "login":
- OBJECT.add(target, seuser, serange)
+ OBJECT.add(target, seuser, serange, exists)
if object == "translation":
OBJECT.add(target, setrans)
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.6/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2006-11-29 17:11:17.000000000 -0500
+++ policycoreutils-1.33.6/semanage/semanage.8 2006-12-19 08:43:02.000000000 -0500
@@ -5,7 +5,7 @@
.SH "SYNOPSIS"
.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n]
.br
-.B semanage login \-{a|d|m} [\-sr] login_name
+.B semanage login \-{a|d|m} [\-esr] login_name
.br
.B semanage user \-{a|d|m} [\-LrRP] selinux_name
.br
@@ -43,6 +43,9 @@
.I \-d, \-\-delete
Delete a OBJECT record NAME
.TP
+.I \-e, \-\-exists
+Check whether or not the Linux user exists before adding the login mapping.
+.TP
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.6/semanage/seobject.py diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.6/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-11-16 17:14:26.000000000 -0500 --- nsapolicycoreutils/semanage/seobject.py 2006-11-16 17:14:26.000000000 -0500
+++ policycoreutils-1.33.6/semanage/seobject.py 2006-12-18 13:59:38.000000000 -0500 +++ policycoreutils-1.33.6/semanage/seobject.py 2006-12-19 08:31:21.000000000 -0500
@@ -94,23 +94,25 @@ @@ -94,23 +94,25 @@
return re.search("^" + reg +"$",raw) return re.search("^" + reg +"$",raw)
@ -5011,7 +5113,26 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
class semanageRecords: class semanageRecords:
def __init__(self): def __init__(self):
self.sh = semanage_handle_create() self.sh = semanage_handle_create()
@@ -456,7 +459,8 @@ @@ -228,7 +231,7 @@
def __init__(self):
semanageRecords.__init__(self)
- def add(self, name, sename, serange):
+ def add(self, name, sename, serange, check_exists = True):
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -249,7 +252,8 @@
if exists:
raise ValueError(_("Login mapping for %s is already defined") % name)
try:
- pwd.getpwnam(name)
+ if check_exists:
+ pwd.getpwnam(name)
except:
raise ValueError(_("Linux User %s does not exist") % name)
@@ -456,7 +460,8 @@
rc = semanage_user_set_mlslevel(self.sh, u, selevel) rc = semanage_user_set_mlslevel(self.sh, u, selevel)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set MLS level for %s") % name) raise ValueError(_("Could not set MLS level for %s") % name)
@ -5021,7 +5142,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
rc = semanage_user_set_prefix(self.sh, u, prefix) rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0: if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -522,11 +526,17 @@ @@ -522,11 +527,17 @@
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "": if prefix != "":

10
policycoreutils.spec
View File

@ -5,7 +5,7 @@
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.33.6 Version: 1.33.6
Release: 6%{?dist} Release: 7%{?dist}
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -168,8 +168,14 @@ fi
[ -x /sbin/service ] && /sbin/service restorecond condrestart [ -x /sbin/service ] && /sbin/service restorecond condrestart
%changelog %changelog
* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6 * Tue Dec 19 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-7
- add exists switch to semanage to tell it not to check for existance of Linux user
Resolves: #219421
* Mon Dec 18 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6
- Fix audit2allow generating reference policy - Fix audit2allow generating reference policy
- Fix semanage to manage user roles properly
Resolves: #220071
* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-5 * Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-5
- Update po files - Update po files