policycoreutils-2.7-4.fc28
- restorecond: check write() and daemon() results - sepolicy: do not fail when file_contexts.local or .subs do not exist - sepolicy: remove stray space in section "SEE ALSO" - sepolicy: fix misspelling of _ra_content_t suffix - gui: port to Python 3 by migrating to PyGI - gui: remove the status bar - gui: fix parsing of "semodule -lfull" in tab Modules - gui: delete overridden definition of usersPage.delete() - Enable listing file_contexts.homedirs (#1409813) - remove semodule_deps
This commit is contained in:
parent
7f2e82a8aa
commit
8fd0cedde2
@ -1,3 +1,35 @@
|
|||||||
|
diff --git policycoreutils-2.7/load_policy/load_policy.8 policycoreutils-2.7/load_policy/load_policy.8
|
||||||
|
index 5f5550d..0810995 100644
|
||||||
|
--- policycoreutils-2.7/load_policy/load_policy.8
|
||||||
|
+++ policycoreutils-2.7/load_policy/load_policy.8
|
||||||
|
@@ -39,4 +39,4 @@ Initial policy load failed and enforcing mode requested
|
||||||
|
.SH AUTHORS
|
||||||
|
.nf
|
||||||
|
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||||||
|
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
|
||||||
|
diff --git policycoreutils-2.7/newrole/hashtab.c policycoreutils-2.7/newrole/hashtab.c
|
||||||
|
index 77ed143..24c65c4 100644
|
||||||
|
--- policycoreutils-2.7/newrole/hashtab.c
|
||||||
|
+++ policycoreutils-2.7/newrole/hashtab.c
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
|
||||||
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||||
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
||||||
|
|
||||||
|
/* FLASK */
|
||||||
|
|
||||||
|
diff --git policycoreutils-2.7/newrole/hashtab.h policycoreutils-2.7/newrole/hashtab.h
|
||||||
|
index 9f737df..3790f0a 100644
|
||||||
|
--- policycoreutils-2.7/newrole/hashtab.h
|
||||||
|
+++ policycoreutils-2.7/newrole/hashtab.h
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
|
||||||
|
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
|
||||||
|
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
|
||||||
|
|
||||||
|
/* FLASK */
|
||||||
|
|
||||||
diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles
|
diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles
|
||||||
index 1aa330f..7ec0396 100755
|
index 1aa330f..7ec0396 100755
|
||||||
--- policycoreutils-2.7/scripts/fixfiles
|
--- policycoreutils-2.7/scripts/fixfiles
|
||||||
@ -10,3 +42,16 @@ index 1aa330f..7ec0396 100755
|
|||||||
FORCEFLAG=""
|
FORCEFLAG=""
|
||||||
RPMFILES=""
|
RPMFILES=""
|
||||||
PREFC=""
|
PREFC=""
|
||||||
|
diff --git policycoreutils-2.7/setfiles/setfiles.8 policycoreutils-2.7/setfiles/setfiles.8
|
||||||
|
index 9501845..ccaaf4d 100644
|
||||||
|
--- policycoreutils-2.7/setfiles/setfiles.8
|
||||||
|
+++ policycoreutils-2.7/setfiles/setfiles.8
|
||||||
|
@@ -255,7 +255,7 @@ being updated provided there are no errors.
|
||||||
|
|
||||||
|
.SH "AUTHOR"
|
||||||
|
This man page was written by Russell Coker <russell@coker.com.au>.
|
||||||
|
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>
|
||||||
|
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>
|
||||||
|
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
.BR restorecon (8),
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
%global libauditver 2.1.3-4
|
%global libauditver 2.1.3-4
|
||||||
%global libsepolver 2.7-1
|
%global libsepolver 2.7-2
|
||||||
%global libsemanagever 2.7-1
|
%global libsemanagever 2.7-4
|
||||||
%global libselinuxver 2.7-1
|
%global libselinuxver 2.7-5
|
||||||
%global sepolgenver 2.7
|
%global sepolgenver 2.7
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
@ -9,7 +9,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.7
|
Version: 2.7
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
@ -31,16 +31,17 @@ Source18: selinux-autorelabel.target
|
|||||||
Source19: selinux-autorelabel-generator.sh
|
Source19: selinux-autorelabel-generator.sh
|
||||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||||
# run:
|
# run:
|
||||||
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh policycoreutils
|
# HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10
|
||||||
# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9
|
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
||||||
|
# ./make-fedora-selinux-patch.sh $i
|
||||||
|
# done
|
||||||
Patch: policycoreutils-fedora.patch
|
Patch: policycoreutils-fedora.patch
|
||||||
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh selinux-python
|
|
||||||
Patch1: selinux-python-fedora.patch
|
Patch1: selinux-python-fedora.patch
|
||||||
Patch2: selinux-gui-fedora.patch
|
Patch2: selinux-gui-fedora.patch
|
||||||
Patch3: selinux-sandbox-fedora.patch
|
Patch3: selinux-sandbox-fedora.patch
|
||||||
Patch4: selinux-dbus-fedora.patch
|
Patch4: selinux-dbus-fedora.patch
|
||||||
# Patch5: semodule-utils-fedora.patch
|
Patch5: semodule-utils-fedora.patch
|
||||||
# Patch6: restorecond
|
Patch6: restorecond-fedora.patch
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||||
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
||||||
@ -90,8 +91,8 @@ tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
|
|||||||
%patch2 -p0 -b .selinux-gui
|
%patch2 -p0 -b .selinux-gui
|
||||||
%patch3 -p0 -b .selinux-sandbox
|
%patch3 -p0 -b .selinux-sandbox
|
||||||
%patch4 -p0 -b .selinux-dbus
|
%patch4 -p0 -b .selinux-dbus
|
||||||
# %patch5 -p0 -b .semodule-utils
|
%patch5 -p0 -b .semodule-utils
|
||||||
# %patch6 -p0 -b .restorecond
|
%patch6 -p0 -b .restorecond
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -126,7 +127,6 @@ make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBI
|
|||||||
|
|
||||||
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||||
|
|
||||||
# make -C policycoreutils-%{version} PYTHON=%{__python3} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
|
|
||||||
|
|
||||||
# Systemd
|
# Systemd
|
||||||
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
||||||
@ -134,6 +134,7 @@ rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
|||||||
tar -jxf %{SOURCE12} -C %{buildroot}/
|
tar -jxf %{SOURCE12} -C %{buildroot}/
|
||||||
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||||
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
|
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
|
||||||
|
rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
|
||||||
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
|
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
|
||||||
rm -f %{buildroot}/usr/sbin/open_init_pty
|
rm -f %{buildroot}/usr/sbin/open_init_pty
|
||||||
rm -f %{buildroot}/usr/sbin/run_init
|
rm -f %{buildroot}/usr/sbin/run_init
|
||||||
@ -331,12 +332,9 @@ The policycoreutils-devel package contains the management tools use to develop p
|
|||||||
%{_mandir}/man8/sepolicy-manpage.8*
|
%{_mandir}/man8/sepolicy-manpage.8*
|
||||||
%{_mandir}/man8/sepolicy-transition.8*
|
%{_mandir}/man8/sepolicy-transition.8*
|
||||||
%{_usr}/share/bash-completion/completions/sepolicy
|
%{_usr}/share/bash-completion/completions/sepolicy
|
||||||
%{_bindir}/semodule_deps
|
|
||||||
%{_bindir}/semodule_expand
|
%{_bindir}/semodule_expand
|
||||||
%{_bindir}/semodule_link
|
%{_bindir}/semodule_link
|
||||||
%{_bindir}/semodule_unpackage
|
%{_bindir}/semodule_unpackage
|
||||||
%{_mandir}/man8/semodule_deps.8*
|
|
||||||
%{_mandir}/ru/man8/semodule_deps.8*
|
|
||||||
%{_mandir}/man8/semodule_expand.8*
|
%{_mandir}/man8/semodule_expand.8*
|
||||||
%{_mandir}/ru/man8/semodule_expand.8*
|
%{_mandir}/ru/man8/semodule_expand.8*
|
||||||
%{_mandir}/man8/semodule_link.8*
|
%{_mandir}/man8/semodule_link.8*
|
||||||
@ -405,6 +403,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%{_datadir}/system-config-selinux/polgengui.py*
|
%{_datadir}/system-config-selinux/polgengui.py*
|
||||||
%{_datadir}/system-config-selinux/system-config-selinux.py*
|
%{_datadir}/system-config-selinux/system-config-selinux.py*
|
||||||
%{_datadir}/system-config-selinux/*.glade
|
%{_datadir}/system-config-selinux/*.glade
|
||||||
|
%{_datadir}/system-config-selinux/*.ui
|
||||||
%{python_sitelib}/sepolicy/gui.py*
|
%{python_sitelib}/sepolicy/gui.py*
|
||||||
%{python_sitelib}/sepolicy/sepolicy.glade
|
%{python_sitelib}/sepolicy/sepolicy.glade
|
||||||
%dir %{python_sitelib}/sepolicy/help
|
%dir %{python_sitelib}/sepolicy/help
|
||||||
@ -503,6 +502,18 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
|
||||||
|
- restorecond: check write() and daemon() results
|
||||||
|
- sepolicy: do not fail when file_contexts.local or .subs do not exist
|
||||||
|
- sepolicy: remove stray space in section "SEE ALSO"
|
||||||
|
- sepolicy: fix misspelling of _ra_content_t suffix
|
||||||
|
- gui: port to Python 3 by migrating to PyGI
|
||||||
|
- gui: remove the status bar
|
||||||
|
- gui: fix parsing of "semodule -lfull" in tab Modules
|
||||||
|
- gui: delete overridden definition of usersPage.delete()
|
||||||
|
- Enable listing file_contexts.homedirs (#1409813)
|
||||||
|
- remove semodule_deps
|
||||||
|
|
||||||
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
|
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
|
||||||
- Also add Provides for the old name without %%_isa
|
- Also add Provides for the old name without %%_isa
|
||||||
|
|
||||||
|
29
restorecond-fedora.patch
Normal file
29
restorecond-fedora.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
diff --git restorecond-2.7/restorecond.c restorecond-2.7/restorecond.c
|
||||||
|
index f379db1..6fbbd35 100644
|
||||||
|
--- restorecond-2.7/restorecond.c
|
||||||
|
+++ restorecond-2.7/restorecond.c
|
||||||
|
@@ -103,7 +103,10 @@ static int write_pid_file(void)
|
||||||
|
pidfile = 0;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
- (void)write(pidfd, val, (unsigned int)len);
|
||||||
|
+ if (write(pidfd, val, (unsigned int)len) != len) {
|
||||||
|
+ syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
close(pidfd);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -204,8 +207,10 @@ int main(int argc, char **argv)
|
||||||
|
watch_file = server_watch_file;
|
||||||
|
read_config(master_fd, watch_file);
|
||||||
|
|
||||||
|
- if (!debug_mode)
|
||||||
|
- daemon(0, 0);
|
||||||
|
+ if (!debug_mode) {
|
||||||
|
+ if (daemon(0, 0) < 0)
|
||||||
|
+ exitApp("daemon");
|
||||||
|
+ }
|
||||||
|
|
||||||
|
write_pid_file();
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -15,7 +15,7 @@ index 0bdb90f..0cdcfcc 100644
|
|||||||
user identities to authorized role sets. In most cases, only the
|
user identities to authorized role sets. In most cases, only the
|
||||||
former mapping needs to be adjusted by the administrator; the latter
|
former mapping needs to be adjusted by the administrator; the latter
|
||||||
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
|
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
|
||||||
index 70fd192..af88126 100644
|
index 70fd192..55127de 100644
|
||||||
--- selinux-python-2.7/semanage/seobject.py
|
--- selinux-python-2.7/semanage/seobject.py
|
||||||
+++ selinux-python-2.7/semanage/seobject.py
|
+++ selinux-python-2.7/semanage/seobject.py
|
||||||
@@ -386,6 +386,8 @@ class moduleRecords(semanageRecords):
|
@@ -386,6 +386,8 @@ class moduleRecords(semanageRecords):
|
||||||
@ -52,11 +52,149 @@ index 70fd192..af88126 100644
|
|||||||
rc = semanage_set_default_priority(self.sh, priority)
|
rc = semanage_set_default_priority(self.sh, priority)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
||||||
|
@@ -2566,10 +2574,15 @@ class fcontextRecords(semanageRecords):
|
||||||
|
if rc < 0:
|
||||||
|
raise ValueError(_("Could not list file contexts"))
|
||||||
|
|
||||||
|
+ (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh)
|
||||||
|
+ if rc < 0:
|
||||||
|
+ raise ValueError(_("Could not list file contexts for home directories"))
|
||||||
|
+
|
||||||
|
(rc, fclocal) = semanage_fcontext_list_local(self.sh)
|
||||||
|
if rc < 0:
|
||||||
|
raise ValueError(_("Could not list local file contexts"))
|
||||||
|
|
||||||
|
+ self.flist += fchomedirs
|
||||||
|
self.flist += fclocal
|
||||||
|
|
||||||
|
ddict = {}
|
||||||
diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
||||||
index 5cfc071..a10dbcd 100644
|
index 5cfc071..24e3526 100644
|
||||||
--- selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
--- selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
||||||
+++ selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
+++ selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
||||||
@@ -1136,27 +1136,14 @@ def boolean_desc(boolean):
|
@@ -4,6 +4,7 @@
|
||||||
|
# Author: Ryan Hallisey <rhallise@redhat.com>
|
||||||
|
# Author: Jason Zaman <perfinion@gentoo.org>
|
||||||
|
|
||||||
|
+import errno
|
||||||
|
import selinux
|
||||||
|
import setools
|
||||||
|
import glob
|
||||||
|
@@ -207,10 +208,17 @@ def info(setype, name=None):
|
||||||
|
elif len(ports) == 1:
|
||||||
|
q.ports = (ports[0], ports[0])
|
||||||
|
|
||||||
|
+ if _pol.mls:
|
||||||
|
+ return ({
|
||||||
|
+ 'high': x.ports.high,
|
||||||
|
+ 'protocol': str(x.protocol),
|
||||||
|
+ 'range': str(x.context.range_),
|
||||||
|
+ 'type': str(x.context.type_),
|
||||||
|
+ 'low': x.ports.low,
|
||||||
|
+ } for x in q.results())
|
||||||
|
return ({
|
||||||
|
'high': x.ports.high,
|
||||||
|
'protocol': str(x.protocol),
|
||||||
|
- 'range': str(x.context.range_),
|
||||||
|
'type': str(x.context.type_),
|
||||||
|
'low': x.ports.low,
|
||||||
|
} for x in q.results())
|
||||||
|
@@ -220,11 +228,16 @@ def info(setype, name=None):
|
||||||
|
if name:
|
||||||
|
q.name = name
|
||||||
|
|
||||||
|
+ if _pol.mls:
|
||||||
|
+ return ({
|
||||||
|
+ 'range': str(x.mls_range),
|
||||||
|
+ 'name': str(x),
|
||||||
|
+ 'roles': list(map(str, x.roles)),
|
||||||
|
+ 'level': str(x.mls_level),
|
||||||
|
+ } for x in q.results())
|
||||||
|
return ({
|
||||||
|
- 'range': str(x.mls_range),
|
||||||
|
'name': str(x),
|
||||||
|
'roles': list(map(str, x.roles)),
|
||||||
|
- 'level': str(x.mls_level),
|
||||||
|
} for x in q.results())
|
||||||
|
|
||||||
|
elif setype == BOOLEAN:
|
||||||
|
@@ -511,12 +524,15 @@ def find_entrypoint_path(exe, exclude_list=[]):
|
||||||
|
|
||||||
|
|
||||||
|
def read_file_equiv(edict, fc_path, modify):
|
||||||
|
- fd = open(fc_path, "r")
|
||||||
|
- fc = fd.readlines()
|
||||||
|
- fd.close()
|
||||||
|
- for e in fc:
|
||||||
|
- f = e.split()
|
||||||
|
- edict[f[0]] = {"equiv": f[1], "modify": modify}
|
||||||
|
+ try:
|
||||||
|
+ with open(fc_path, "r") as fd:
|
||||||
|
+ for e in fd:
|
||||||
|
+ f = e.split()
|
||||||
|
+ if f and not f[0].startswith('#'):
|
||||||
|
+ edict[f[0]] = {"equiv": f[1], "modify": modify}
|
||||||
|
+ except OSError as e:
|
||||||
|
+ if e.errno != errno.ENOENT:
|
||||||
|
+ raise
|
||||||
|
return edict
|
||||||
|
|
||||||
|
|
||||||
|
@@ -543,9 +559,13 @@ def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
|
||||||
|
if local_files:
|
||||||
|
return local_files
|
||||||
|
local_files = []
|
||||||
|
- fd = open(fc_path + ".local", "r")
|
||||||
|
- fc = fd.readlines()
|
||||||
|
- fd.close()
|
||||||
|
+ try:
|
||||||
|
+ with open(fc_path + ".local", "r") as fd:
|
||||||
|
+ fc = fd.readlines()
|
||||||
|
+ except OSError as e:
|
||||||
|
+ if e.errno != errno.ENOENT:
|
||||||
|
+ raise
|
||||||
|
+ return []
|
||||||
|
for i in fc:
|
||||||
|
rec = i.split()
|
||||||
|
if len(rec) == 0:
|
||||||
|
@@ -573,9 +593,12 @@ def get_fcdict(fc_path=selinux.selinux_file_context_path()):
|
||||||
|
fc += fd.readlines()
|
||||||
|
fd.close()
|
||||||
|
fcdict = {}
|
||||||
|
- fd = open(fc_path + ".local", "r")
|
||||||
|
- fc += fd.readlines()
|
||||||
|
- fd.close()
|
||||||
|
+ try:
|
||||||
|
+ with open(fc_path + ".local", "r") as fd:
|
||||||
|
+ fc += fd.readlines()
|
||||||
|
+ except OSError as e:
|
||||||
|
+ if e.errno != errno.ENOENT:
|
||||||
|
+ raise
|
||||||
|
|
||||||
|
for i in fc:
|
||||||
|
rec = i.split()
|
||||||
|
@@ -856,8 +879,9 @@ def get_selinux_users():
|
||||||
|
global selinux_user_list
|
||||||
|
if not selinux_user_list:
|
||||||
|
selinux_user_list = list(info(USER))
|
||||||
|
- for x in selinux_user_list:
|
||||||
|
- x['range'] = "".join(x['range'].split(" "))
|
||||||
|
+ if _pol.mls:
|
||||||
|
+ for x in selinux_user_list:
|
||||||
|
+ x['range'] = "".join(x['range'].split(" "))
|
||||||
|
return selinux_user_list
|
||||||
|
|
||||||
|
|
||||||
|
@@ -955,7 +979,7 @@ def get_description(f, markup=markup):
|
||||||
|
if f.endswith("_db_t"):
|
||||||
|
return txt + "treat the files as %s database content." % prettyprint(f, "_db_t")
|
||||||
|
if f.endswith("_ra_content_t"):
|
||||||
|
- return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_conten_t")
|
||||||
|
+ return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_content_t")
|
||||||
|
if f.endswith("_cert_t"):
|
||||||
|
return txt + "treat the files as %s certificate data." % prettyprint(f, "_cert_t")
|
||||||
|
if f.endswith("_key_t"):
|
||||||
|
@@ -1136,27 +1160,14 @@ def boolean_desc(boolean):
|
||||||
|
|
||||||
|
|
||||||
def get_os_version():
|
def get_os_version():
|
||||||
@ -90,11 +228,124 @@ index 5cfc071..a10dbcd 100644
|
|||||||
|
|
||||||
|
|
||||||
def reinit():
|
def reinit():
|
||||||
|
diff --git selinux-python-2.7/sepolicy/sepolicy/gui.py selinux-python-2.7/sepolicy/sepolicy/gui.py
|
||||||
|
index 007c94a..6562aa8 100644
|
||||||
|
--- selinux-python-2.7/sepolicy/sepolicy/gui.py
|
||||||
|
+++ selinux-python-2.7/sepolicy/sepolicy/gui.py
|
||||||
|
@@ -907,8 +907,8 @@ class SELinuxGui():
|
||||||
|
if "object_r" in roles:
|
||||||
|
roles.remove("object_r")
|
||||||
|
self.user_liststore.set_value(iter, 1, ", ".join(roles))
|
||||||
|
- self.user_liststore.set_value(iter, 2, u["level"])
|
||||||
|
- self.user_liststore.set_value(iter, 3, u["range"])
|
||||||
|
+ self.user_liststore.set_value(iter, 2, u.get("level", ""))
|
||||||
|
+ self.user_liststore.set_value(iter, 3, u.get("range", ""))
|
||||||
|
self.user_liststore.set_value(iter, 4, True)
|
||||||
|
self.ready_mouse()
|
||||||
|
|
||||||
|
@@ -1755,14 +1755,14 @@ class SELinuxGui():
|
||||||
|
if self.login_mls_entry.get_text() == "":
|
||||||
|
for u in sepolicy.get_selinux_users():
|
||||||
|
if seuser == u['name']:
|
||||||
|
- self.login_mls_entry.set_text(u['range'])
|
||||||
|
+ self.login_mls_entry.set_text(u.get('range', ''))
|
||||||
|
|
||||||
|
def user_roles_combobox_change(self, combo, *args):
|
||||||
|
serole = self.combo_get_active_text(combo)
|
||||||
|
if self.user_mls_entry.get_text() == "":
|
||||||
|
for u in sepolicy.get_all_roles():
|
||||||
|
if serole == u['name']:
|
||||||
|
- self.user_mls_entry.set_text(u['range'])
|
||||||
|
+ self.user_mls_entry.set_text(u.get('range', ''))
|
||||||
|
|
||||||
|
def get_selected_iter(self):
|
||||||
|
iter = None
|
||||||
|
@@ -1973,7 +1973,10 @@ class SELinuxGui():
|
||||||
|
self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname}
|
||||||
|
else:
|
||||||
|
iter = self.liststore.append(None)
|
||||||
|
- self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
|
||||||
|
+ if mls_range or level:
|
||||||
|
+ self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
|
||||||
|
+ else:
|
||||||
|
+ self.cur_dict["user"][name] = {"action": "-a", "role": roles}
|
||||||
|
|
||||||
|
self.liststore.set_value(iter, 0, name)
|
||||||
|
self.liststore.set_value(iter, 1, roles)
|
||||||
|
@@ -2089,8 +2092,8 @@ class SELinuxGui():
|
||||||
|
user_dict = self.cust_dict["user"]
|
||||||
|
for user in user_dict:
|
||||||
|
roles = user_dict[user]["role"]
|
||||||
|
- mls = user_dict[user]["range"]
|
||||||
|
- level = user_dict[user]["level"]
|
||||||
|
+ mls = user_dict[user].get("range", "")
|
||||||
|
+ level = user_dict[user].get("level", "")
|
||||||
|
iter = self.user_delete_liststore.append()
|
||||||
|
self.user_delete_liststore.set_value(iter, 1, user)
|
||||||
|
self.user_delete_liststore.set_value(iter, 2, roles)
|
||||||
|
@@ -2104,7 +2107,7 @@ class SELinuxGui():
|
||||||
|
login_dict = self.cust_dict["login"]
|
||||||
|
for login in login_dict:
|
||||||
|
seuser = login_dict[login]["seuser"]
|
||||||
|
- mls = login_dict[login]["range"]
|
||||||
|
+ mls = login_dict[login].get("range", "")
|
||||||
|
iter = self.login_delete_liststore.append()
|
||||||
|
self.login_delete_liststore.set_value(iter, 1, seuser)
|
||||||
|
self.login_delete_liststore.set_value(iter, 2, login)
|
||||||
|
@@ -2268,7 +2271,7 @@ class SELinuxGui():
|
||||||
|
self.update_treestore.set_value(niter, 3, False)
|
||||||
|
roles = self.cur_dict["user"][user]["role"]
|
||||||
|
self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles)
|
||||||
|
- mls = self.cur_dict["user"][user]["range"]
|
||||||
|
+ mls = self.cur_dict["user"][user].get("range", "")
|
||||||
|
niter = self.update_treestore.append(iter)
|
||||||
|
self.update_treestore.set_value(niter, 3, False)
|
||||||
|
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
|
||||||
|
@@ -2293,7 +2296,7 @@ class SELinuxGui():
|
||||||
|
self.update_treestore.set_value(niter, 3, False)
|
||||||
|
seuser = self.cur_dict["login"][login]["seuser"]
|
||||||
|
self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser)
|
||||||
|
- mls = self.cur_dict["login"][login]["range"]
|
||||||
|
+ mls = self.cur_dict["login"][login].get("range", "")
|
||||||
|
niter = self.update_treestore.append(iter)
|
||||||
|
self.update_treestore.set_value(niter, 3, False)
|
||||||
|
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
|
||||||
|
@@ -2487,14 +2490,18 @@ class SELinuxGui():
|
||||||
|
for l in self.cur_dict[k]:
|
||||||
|
if self.cur_dict[k][l]["action"] == "-d":
|
||||||
|
update_buffer += "login -d %s\n" % l
|
||||||
|
- else:
|
||||||
|
+ elif "range" in self.cur_dict[k][l]:
|
||||||
|
update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l)
|
||||||
|
+ else:
|
||||||
|
+ update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l)
|
||||||
|
if k in "user":
|
||||||
|
for u in self.cur_dict[k]:
|
||||||
|
if self.cur_dict[k][u]["action"] == "-d":
|
||||||
|
update_buffer += "user -d %s\n" % u
|
||||||
|
- else:
|
||||||
|
+ elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]:
|
||||||
|
update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u)
|
||||||
|
+ else:
|
||||||
|
+ update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u)
|
||||||
|
|
||||||
|
if k in "fcontext-equiv":
|
||||||
|
for f in self.cur_dict[k]:
|
||||||
diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py
|
diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py
|
||||||
index 4d84636..4772b50 100755
|
index 4d84636..b463165 100755
|
||||||
--- selinux-python-2.7/sepolicy/sepolicy/manpage.py
|
--- selinux-python-2.7/sepolicy/sepolicy/manpage.py
|
||||||
+++ selinux-python-2.7/sepolicy/sepolicy/manpage.py
|
+++ selinux-python-2.7/sepolicy/sepolicy/manpage.py
|
||||||
@@ -125,8 +125,33 @@ def gen_domains():
|
@@ -84,7 +84,8 @@ def get_all_users_info():
|
||||||
|
|
||||||
|
for d in allusers_info:
|
||||||
|
allusers.append(d['name'])
|
||||||
|
- users_range[d['name'].split("_")[0]] = d['range']
|
||||||
|
+ if 'range' in d:
|
||||||
|
+ users_range[d['name'].split("_")[0]] = d['range']
|
||||||
|
|
||||||
|
for u in allusers:
|
||||||
|
if u not in ["system_u", "root", "unconfined_u"]:
|
||||||
|
@@ -125,8 +126,36 @@ def gen_domains():
|
||||||
domains.sort()
|
domains.sort()
|
||||||
return domains
|
return domains
|
||||||
|
|
||||||
@ -121,7 +372,10 @@ index 4d84636..4772b50 100755
|
|||||||
+def _gen_mcs_constrained_types():
|
+def _gen_mcs_constrained_types():
|
||||||
+ global mcs_constrained_types
|
+ global mcs_constrained_types
|
||||||
+ if mcs_constrained_types is None:
|
+ if mcs_constrained_types is None:
|
||||||
|
+ try:
|
||||||
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
|
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
|
||||||
|
+ except StopIteration:
|
||||||
|
+ mcs_constrained_types = []
|
||||||
+ return mcs_constrained_types
|
+ return mcs_constrained_types
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
@ -129,7 +383,7 @@ index 4d84636..4772b50 100755
|
|||||||
|
|
||||||
def _gen_types():
|
def _gen_types():
|
||||||
global types
|
global types
|
||||||
@@ -149,10 +174,6 @@ def prettyprint(f, trim):
|
@@ -149,10 +178,6 @@ def prettyprint(f, trim):
|
||||||
manpage_domains = []
|
manpage_domains = []
|
||||||
manpage_roles = []
|
manpage_roles = []
|
||||||
|
|
||||||
@ -140,7 +394,7 @@ index 4d84636..4772b50 100755
|
|||||||
def get_alphabet_manpages(manpage_list):
|
def get_alphabet_manpages(manpage_list):
|
||||||
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
|
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
|
||||||
for i in string.ascii_letters:
|
for i in string.ascii_letters:
|
||||||
@@ -182,7 +203,7 @@ def convert_manpage_to_html(html_manpage, manpage):
|
@@ -182,7 +207,7 @@ def convert_manpage_to_html(html_manpage, manpage):
|
||||||
class HTMLManPages:
|
class HTMLManPages:
|
||||||
|
|
||||||
"""
|
"""
|
||||||
@ -149,7 +403,7 @@ index 4d84636..4772b50 100755
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
||||||
@@ -190,9 +211,9 @@ class HTMLManPages:
|
@@ -190,9 +215,9 @@ class HTMLManPages:
|
||||||
self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
||||||
self.os_version = os_version
|
self.os_version = os_version
|
||||||
self.old_path = path + "/"
|
self.old_path = path + "/"
|
||||||
@ -161,7 +415,7 @@ index 4d84636..4772b50 100755
|
|||||||
self.__gen_html_manpages()
|
self.__gen_html_manpages()
|
||||||
else:
|
else:
|
||||||
print("SELinux HTML man pages can not be generated for this %s" % os_version)
|
print("SELinux HTML man pages can not be generated for this %s" % os_version)
|
||||||
@@ -201,7 +222,6 @@ class HTMLManPages:
|
@@ -201,7 +226,6 @@ class HTMLManPages:
|
||||||
def __gen_html_manpages(self):
|
def __gen_html_manpages(self):
|
||||||
self._write_html_manpage()
|
self._write_html_manpage()
|
||||||
self._gen_index()
|
self._gen_index()
|
||||||
@ -169,7 +423,7 @@ index 4d84636..4772b50 100755
|
|||||||
self._gen_css()
|
self._gen_css()
|
||||||
|
|
||||||
def _write_html_manpage(self):
|
def _write_html_manpage(self):
|
||||||
@@ -219,67 +239,21 @@ class HTMLManPages:
|
@@ -219,67 +243,21 @@ class HTMLManPages:
|
||||||
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
|
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
|
||||||
|
|
||||||
def _gen_index(self):
|
def _gen_index(self):
|
||||||
@ -241,7 +495,7 @@ index 4d84636..4772b50 100755
|
|||||||
for letter in self.manpage_roles:
|
for letter in self.manpage_roles:
|
||||||
if len(self.manpage_roles[letter]):
|
if len(self.manpage_roles[letter]):
|
||||||
fd.write("""
|
fd.write("""
|
||||||
@@ -423,6 +397,9 @@ class ManPage:
|
@@ -423,6 +401,9 @@ class ManPage:
|
||||||
self.all_file_types = sepolicy.get_all_file_types()
|
self.all_file_types = sepolicy.get_all_file_types()
|
||||||
self.role_allows = sepolicy.get_all_role_allows()
|
self.role_allows = sepolicy.get_all_role_allows()
|
||||||
self.types = _gen_types()
|
self.types = _gen_types()
|
||||||
@ -251,7 +505,7 @@ index 4d84636..4772b50 100755
|
|||||||
|
|
||||||
if self.source_files:
|
if self.source_files:
|
||||||
self.fcpath = self.root + "file_contexts"
|
self.fcpath = self.root + "file_contexts"
|
||||||
@@ -735,10 +712,13 @@ Default Defined Ports:""")
|
@@ -735,10 +716,13 @@ Default Defined Ports:""")
|
||||||
|
|
||||||
def _file_context(self):
|
def _file_context(self):
|
||||||
flist = []
|
flist = []
|
||||||
@ -265,7 +519,7 @@ index 4d84636..4772b50 100755
|
|||||||
if f in self.fcdict:
|
if f in self.fcdict:
|
||||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||||
if len(mpaths) == 0:
|
if len(mpaths) == 0:
|
||||||
@@ -790,19 +770,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
@@ -790,19 +774,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||||
.PP
|
.PP
|
||||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
||||||
|
|
||||||
@ -289,7 +543,17 @@ index 4d84636..4772b50 100755
|
|||||||
|
|
||||||
self.fd.write(r"""
|
self.fd.write(r"""
|
||||||
.I The following file types are defined for %(domainname)s:
|
.I The following file types are defined for %(domainname)s:
|
||||||
@@ -974,8 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
|
@@ -921,8 +906,7 @@ This manual page was auto-generated using
|
||||||
|
.B "sepolicy manpage".
|
||||||
|
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
-selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
|
||||||
|
-""" % (self.domainname))
|
||||||
|
+selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)""" % (self.domainname))
|
||||||
|
|
||||||
|
if self.booltext != "":
|
||||||
|
self.fd.write(", setsebool(8)")
|
||||||
|
@@ -974,8 +958,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
|
||||||
%s""" % ", ".join(paths))
|
%s""" % ", ".join(paths))
|
||||||
|
|
||||||
def _mcs_types(self):
|
def _mcs_types(self):
|
||||||
|
10
semodule-utils-fedora.patch
Normal file
10
semodule-utils-fedora.patch
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
diff --git semodule-utils-2.7/Makefile semodule-utils-2.7/Makefile
|
||||||
|
index 6bf4aee..e0a6579 100644
|
||||||
|
--- semodule-utils-2.7/Makefile
|
||||||
|
+++ semodule-utils-2.7/Makefile
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-SUBDIRS = semodule_package semodule_link semodule_expand semodule_deps
|
||||||
|
+SUBDIRS = semodule_package semodule_link semodule_expand
|
||||||
|
|
||||||
|
all install relabel clean indent:
|
||||||
|
@for subdir in $(SUBDIRS); do \
|
Loading…
Reference in New Issue
Block a user