From 8e3bfe09496dbbb2c21993a743f1ebb677062aa3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 27 Mar 2013 11:20:46 -0400 Subject: [PATCH] Allow semanage fcontext -a -t "<>" ... to work --- policycoreutils-rhat.patch | 21 ++++++++++++++++++--- policycoreutils.spec | 9 ++++++--- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index fbe432f..06b2ab6 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -2059,7 +2059,7 @@ index 6e33c85..89b8b24 100644 return diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py -index 85bc37f..f703aed 100644 +index 85bc37f..0f9bc6e 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -32,11 +32,10 @@ from IPy import IP @@ -2119,7 +2119,22 @@ index 85bc37f..f703aed 100644 (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1777,7 +1781,8 @@ class fcontextRecords(semanageRecords): +@@ -1640,11 +1644,12 @@ class interfaceRecords(semanageRecords): + print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2]) + + class fcontextRecords(semanageRecords): ++ valid_types = ["<>"] + try: +- valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"] ++ valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"] + valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"] + except RuntimeError: +- valid_types = [] ++ pass + + def __init__(self, store = ""): + semanageRecords.__init__(self, store) +@@ -1777,7 +1782,8 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -2129,7 +2144,7 @@ index 85bc37f..f703aed 100644 (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -2026,6 +2031,9 @@ class booleanRecords(semanageRecords): +@@ -2026,6 +2032,9 @@ class booleanRecords(semanageRecords): self.modify_local = False def __mod(self, name, value): diff --git a/policycoreutils.spec b/policycoreutils.spec index b9a0825..7cf9e88 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 26%{?dist} +Release: 27%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -309,11 +309,14 @@ The policycoreutils-restorecond package contains the restorecond service. %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog -* Mon Mar 25 2013 Dan Walsh - 2.1.14-25 +* Wed Mar 27 2013 Dan Walsh - 2.1.14-27 +- Allow semanage fcontext -a -t "<>" ... to work + +* Mon Mar 25 2013 Dan Walsh - 2.1.14-26 - Can not unshare IPC in sandbox, since it blows up Xephyr - Remove bogus error message sandbox about reseting setfsuid -* Thu Mar 21 2013 Dan Walsh - 2.1.14-24 +* Thu Mar 21 2013 Dan Walsh - 2.1.14-25 - Fix sepolicy generate --customize to generate policy with -w commands * Thu Mar 21 2013 Dan Walsh - 2.1.14-24