policycoreutils-2.7-4.fc28

- restorecond: check write() and daemon() results
- sepolicy: do not fail when file_contexts.local or .subs do not exist
- sepolicy: remove stray space in section "SEE ALSO"
- sepolicy: fix misspelling of _ra_content_t suffix
- gui: port to Python 3 by migrating to PyGI
- gui: remove the status bar
- gui: fix parsing of "semodule -lfull" in tab Modules
- gui: delete overridden definition of usersPage.delete()
- Enable listing file_contexts.homedirs (#1409813)
- remove semodule_deps
This commit is contained in:
Petr Lautrbach 2017-10-20 13:51:23 +02:00
parent 7f2e82a8aa
commit 8fd0cedde2
6 changed files with 3741 additions and 33 deletions

View File

@ -1,3 +1,35 @@
diff --git policycoreutils-2.7/load_policy/load_policy.8 policycoreutils-2.7/load_policy/load_policy.8
index 5f5550d..0810995 100644
--- policycoreutils-2.7/load_policy/load_policy.8
+++ policycoreutils-2.7/load_policy/load_policy.8
@@ -39,4 +39,4 @@ Initial policy load failed and enforcing mode requested
.SH AUTHORS
.nf
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git policycoreutils-2.7/newrole/hashtab.c policycoreutils-2.7/newrole/hashtab.c
index 77ed143..24c65c4 100644
--- policycoreutils-2.7/newrole/hashtab.c
+++ policycoreutils-2.7/newrole/hashtab.c
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git policycoreutils-2.7/newrole/hashtab.h policycoreutils-2.7/newrole/hashtab.h
index 9f737df..3790f0a 100644
--- policycoreutils-2.7/newrole/hashtab.h
+++ policycoreutils-2.7/newrole/hashtab.h
@@ -1,5 +1,5 @@
-/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
+/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */
diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles
index 1aa330f..7ec0396 100755 index 1aa330f..7ec0396 100755
--- policycoreutils-2.7/scripts/fixfiles --- policycoreutils-2.7/scripts/fixfiles
@ -10,3 +42,16 @@ index 1aa330f..7ec0396 100755
FORCEFLAG="" FORCEFLAG=""
RPMFILES="" RPMFILES=""
PREFC="" PREFC=""
diff --git policycoreutils-2.7/setfiles/setfiles.8 policycoreutils-2.7/setfiles/setfiles.8
index 9501845..ccaaf4d 100644
--- policycoreutils-2.7/setfiles/setfiles.8
+++ policycoreutils-2.7/setfiles/setfiles.8
@@ -255,7 +255,7 @@ being updated provided there are no errors.
.SH "AUTHOR"
This man page was written by Russell Coker <russell@coker.com.au>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>
.SH "SEE ALSO"
.BR restorecon (8),

View File

@ -1,7 +1,7 @@
%global libauditver 2.1.3-4 %global libauditver 2.1.3-4
%global libsepolver 2.7-1 %global libsepolver 2.7-2
%global libsemanagever 2.7-1 %global libsemanagever 2.7-4
%global libselinuxver 2.7-1 %global libselinuxver 2.7-5
%global sepolgenver 2.7 %global sepolgenver 2.7
%global generatorsdir %{_prefix}/lib/systemd/system-generators %global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -9,7 +9,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.7 Version: 2.7
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -31,16 +31,17 @@ Source18: selinux-autorelabel.target
Source19: selinux-autorelabel-generator.sh Source19: selinux-autorelabel-generator.sh
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh policycoreutils # HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10
# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9 # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
# ./make-fedora-selinux-patch.sh $i
# done
Patch: policycoreutils-fedora.patch Patch: policycoreutils-fedora.patch
# $ VERSION=2.7 ./make-fedora-selinux-patch.sh selinux-python
Patch1: selinux-python-fedora.patch Patch1: selinux-python-fedora.patch
Patch2: selinux-gui-fedora.patch Patch2: selinux-gui-fedora.patch
Patch3: selinux-sandbox-fedora.patch Patch3: selinux-sandbox-fedora.patch
Patch4: selinux-dbus-fedora.patch Patch4: selinux-dbus-fedora.patch
# Patch5: semodule-utils-fedora.patch Patch5: semodule-utils-fedora.patch
# Patch6: restorecond Patch6: restorecond-fedora.patch
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel # initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
@ -90,8 +91,8 @@ tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
%patch2 -p0 -b .selinux-gui %patch2 -p0 -b .selinux-gui
%patch3 -p0 -b .selinux-sandbox %patch3 -p0 -b .selinux-sandbox
%patch4 -p0 -b .selinux-dbus %patch4 -p0 -b .selinux-dbus
# %patch5 -p0 -b .semodule-utils %patch5 -p0 -b .semodule-utils
# %patch6 -p0 -b .restorecond %patch6 -p0 -b .restorecond
%build %build
@ -126,7 +127,6 @@ make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBI
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
# make -C policycoreutils-%{version} PYTHON=%{__python3} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
# Systemd # Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
@ -134,6 +134,7 @@ rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
tar -jxf %{SOURCE12} -C %{buildroot}/ tar -jxf %{SOURCE12} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8 rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
rm -f %{buildroot}/usr/sbin/open_init_pty rm -f %{buildroot}/usr/sbin/open_init_pty
rm -f %{buildroot}/usr/sbin/run_init rm -f %{buildroot}/usr/sbin/run_init
@ -331,12 +332,9 @@ The policycoreutils-devel package contains the management tools use to develop p
%{_mandir}/man8/sepolicy-manpage.8* %{_mandir}/man8/sepolicy-manpage.8*
%{_mandir}/man8/sepolicy-transition.8* %{_mandir}/man8/sepolicy-transition.8*
%{_usr}/share/bash-completion/completions/sepolicy %{_usr}/share/bash-completion/completions/sepolicy
%{_bindir}/semodule_deps
%{_bindir}/semodule_expand %{_bindir}/semodule_expand
%{_bindir}/semodule_link %{_bindir}/semodule_link
%{_bindir}/semodule_unpackage %{_bindir}/semodule_unpackage
%{_mandir}/man8/semodule_deps.8*
%{_mandir}/ru/man8/semodule_deps.8*
%{_mandir}/man8/semodule_expand.8* %{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8* %{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8* %{_mandir}/man8/semodule_link.8*
@ -405,6 +403,7 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/system-config-selinux/polgengui.py* %{_datadir}/system-config-selinux/polgengui.py*
%{_datadir}/system-config-selinux/system-config-selinux.py* %{_datadir}/system-config-selinux/system-config-selinux.py*
%{_datadir}/system-config-selinux/*.glade %{_datadir}/system-config-selinux/*.glade
%{_datadir}/system-config-selinux/*.ui
%{python_sitelib}/sepolicy/gui.py* %{python_sitelib}/sepolicy/gui.py*
%{python_sitelib}/sepolicy/sepolicy.glade %{python_sitelib}/sepolicy/sepolicy.glade
%dir %{python_sitelib}/sepolicy/help %dir %{python_sitelib}/sepolicy/help
@ -503,6 +502,18 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
- restorecond: check write() and daemon() results
- sepolicy: do not fail when file_contexts.local or .subs do not exist
- sepolicy: remove stray space in section "SEE ALSO"
- sepolicy: fix misspelling of _ra_content_t suffix
- gui: port to Python 3 by migrating to PyGI
- gui: remove the status bar
- gui: fix parsing of "semodule -lfull" in tab Modules
- gui: delete overridden definition of usersPage.delete()
- Enable listing file_contexts.homedirs (#1409813)
- remove semodule_deps
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3 * Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
- Also add Provides for the old name without %%_isa - Also add Provides for the old name without %%_isa

29
restorecond-fedora.patch Normal file
View File

@ -0,0 +1,29 @@
diff --git restorecond-2.7/restorecond.c restorecond-2.7/restorecond.c
index f379db1..6fbbd35 100644
--- restorecond-2.7/restorecond.c
+++ restorecond-2.7/restorecond.c
@@ -103,7 +103,10 @@ static int write_pid_file(void)
pidfile = 0;
return 1;
}
- (void)write(pidfd, val, (unsigned int)len);
+ if (write(pidfd, val, (unsigned int)len) != len) {
+ syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
+ return 1;
+ }
close(pidfd);
return 0;
}
@@ -204,8 +207,10 @@ int main(int argc, char **argv)
watch_file = server_watch_file;
read_config(master_fd, watch_file);
- if (!debug_mode)
- daemon(0, 0);
+ if (!debug_mode) {
+ if (daemon(0, 0) < 0)
+ exitApp("daemon");
+ }
write_pid_file();

File diff suppressed because it is too large Load Diff

View File

@ -15,7 +15,7 @@ index 0bdb90f..0cdcfcc 100644
user identities to authorized role sets. In most cases, only the user identities to authorized role sets. In most cases, only the
former mapping needs to be adjusted by the administrator; the latter former mapping needs to be adjusted by the administrator; the latter
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
index 70fd192..af88126 100644 index 70fd192..55127de 100644
--- selinux-python-2.7/semanage/seobject.py --- selinux-python-2.7/semanage/seobject.py
+++ selinux-python-2.7/semanage/seobject.py +++ selinux-python-2.7/semanage/seobject.py
@@ -386,6 +386,8 @@ class moduleRecords(semanageRecords): @@ -386,6 +386,8 @@ class moduleRecords(semanageRecords):
@ -52,11 +52,149 @@ index 70fd192..af88126 100644
rc = semanage_set_default_priority(self.sh, priority) rc = semanage_set_default_priority(self.sh, priority)
if rc < 0: if rc < 0:
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
@@ -2566,10 +2574,15 @@ class fcontextRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not list file contexts"))
+ (rc, fchomedirs) = semanage_fcontext_list_homedirs(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list file contexts for home directories"))
+
(rc, fclocal) = semanage_fcontext_list_local(self.sh)
if rc < 0:
raise ValueError(_("Could not list local file contexts"))
+ self.flist += fchomedirs
self.flist += fclocal
ddict = {}
diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
index 5cfc071..a10dbcd 100644 index 5cfc071..24e3526 100644
--- selinux-python-2.7/sepolicy/sepolicy/__init__.py --- selinux-python-2.7/sepolicy/sepolicy/__init__.py
+++ selinux-python-2.7/sepolicy/sepolicy/__init__.py +++ selinux-python-2.7/sepolicy/sepolicy/__init__.py
@@ -1136,27 +1136,14 @@ def boolean_desc(boolean): @@ -4,6 +4,7 @@
# Author: Ryan Hallisey <rhallise@redhat.com>
# Author: Jason Zaman <perfinion@gentoo.org>
+import errno
import selinux
import setools
import glob
@@ -207,10 +208,17 @@ def info(setype, name=None):
elif len(ports) == 1:
q.ports = (ports[0], ports[0])
+ if _pol.mls:
+ return ({
+ 'high': x.ports.high,
+ 'protocol': str(x.protocol),
+ 'range': str(x.context.range_),
+ 'type': str(x.context.type_),
+ 'low': x.ports.low,
+ } for x in q.results())
return ({
'high': x.ports.high,
'protocol': str(x.protocol),
- 'range': str(x.context.range_),
'type': str(x.context.type_),
'low': x.ports.low,
} for x in q.results())
@@ -220,11 +228,16 @@ def info(setype, name=None):
if name:
q.name = name
+ if _pol.mls:
+ return ({
+ 'range': str(x.mls_range),
+ 'name': str(x),
+ 'roles': list(map(str, x.roles)),
+ 'level': str(x.mls_level),
+ } for x in q.results())
return ({
- 'range': str(x.mls_range),
'name': str(x),
'roles': list(map(str, x.roles)),
- 'level': str(x.mls_level),
} for x in q.results())
elif setype == BOOLEAN:
@@ -511,12 +524,15 @@ def find_entrypoint_path(exe, exclude_list=[]):
def read_file_equiv(edict, fc_path, modify):
- fd = open(fc_path, "r")
- fc = fd.readlines()
- fd.close()
- for e in fc:
- f = e.split()
- edict[f[0]] = {"equiv": f[1], "modify": modify}
+ try:
+ with open(fc_path, "r") as fd:
+ for e in fd:
+ f = e.split()
+ if f and not f[0].startswith('#'):
+ edict[f[0]] = {"equiv": f[1], "modify": modify}
+ except OSError as e:
+ if e.errno != errno.ENOENT:
+ raise
return edict
@@ -543,9 +559,13 @@ def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
if local_files:
return local_files
local_files = []
- fd = open(fc_path + ".local", "r")
- fc = fd.readlines()
- fd.close()
+ try:
+ with open(fc_path + ".local", "r") as fd:
+ fc = fd.readlines()
+ except OSError as e:
+ if e.errno != errno.ENOENT:
+ raise
+ return []
for i in fc:
rec = i.split()
if len(rec) == 0:
@@ -573,9 +593,12 @@ def get_fcdict(fc_path=selinux.selinux_file_context_path()):
fc += fd.readlines()
fd.close()
fcdict = {}
- fd = open(fc_path + ".local", "r")
- fc += fd.readlines()
- fd.close()
+ try:
+ with open(fc_path + ".local", "r") as fd:
+ fc += fd.readlines()
+ except OSError as e:
+ if e.errno != errno.ENOENT:
+ raise
for i in fc:
rec = i.split()
@@ -856,8 +879,9 @@ def get_selinux_users():
global selinux_user_list
if not selinux_user_list:
selinux_user_list = list(info(USER))
- for x in selinux_user_list:
- x['range'] = "".join(x['range'].split(" "))
+ if _pol.mls:
+ for x in selinux_user_list:
+ x['range'] = "".join(x['range'].split(" "))
return selinux_user_list
@@ -955,7 +979,7 @@ def get_description(f, markup=markup):
if f.endswith("_db_t"):
return txt + "treat the files as %s database content." % prettyprint(f, "_db_t")
if f.endswith("_ra_content_t"):
- return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_conten_t")
+ return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_content_t")
if f.endswith("_cert_t"):
return txt + "treat the files as %s certificate data." % prettyprint(f, "_cert_t")
if f.endswith("_key_t"):
@@ -1136,27 +1160,14 @@ def boolean_desc(boolean):
def get_os_version(): def get_os_version():
@ -90,11 +228,124 @@ index 5cfc071..a10dbcd 100644
def reinit(): def reinit():
diff --git selinux-python-2.7/sepolicy/sepolicy/gui.py selinux-python-2.7/sepolicy/sepolicy/gui.py
index 007c94a..6562aa8 100644
--- selinux-python-2.7/sepolicy/sepolicy/gui.py
+++ selinux-python-2.7/sepolicy/sepolicy/gui.py
@@ -907,8 +907,8 @@ class SELinuxGui():
if "object_r" in roles:
roles.remove("object_r")
self.user_liststore.set_value(iter, 1, ", ".join(roles))
- self.user_liststore.set_value(iter, 2, u["level"])
- self.user_liststore.set_value(iter, 3, u["range"])
+ self.user_liststore.set_value(iter, 2, u.get("level", ""))
+ self.user_liststore.set_value(iter, 3, u.get("range", ""))
self.user_liststore.set_value(iter, 4, True)
self.ready_mouse()
@@ -1755,14 +1755,14 @@ class SELinuxGui():
if self.login_mls_entry.get_text() == "":
for u in sepolicy.get_selinux_users():
if seuser == u['name']:
- self.login_mls_entry.set_text(u['range'])
+ self.login_mls_entry.set_text(u.get('range', ''))
def user_roles_combobox_change(self, combo, *args):
serole = self.combo_get_active_text(combo)
if self.user_mls_entry.get_text() == "":
for u in sepolicy.get_all_roles():
if serole == u['name']:
- self.user_mls_entry.set_text(u['range'])
+ self.user_mls_entry.set_text(u.get('range', ''))
def get_selected_iter(self):
iter = None
@@ -1973,7 +1973,10 @@ class SELinuxGui():
self.cur_dict["user"][name] = {"action": "-m", "range": mls_range, "level": level, "role": roles, "oldrange": oldrange, "oldlevel": oldlevel, "oldroles": oldroles, "oldname": oldname}
else:
iter = self.liststore.append(None)
- self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
+ if mls_range or level:
+ self.cur_dict["user"][name] = {"action": "-a", "range": mls_range, "level": level, "role": roles}
+ else:
+ self.cur_dict["user"][name] = {"action": "-a", "role": roles}
self.liststore.set_value(iter, 0, name)
self.liststore.set_value(iter, 1, roles)
@@ -2089,8 +2092,8 @@ class SELinuxGui():
user_dict = self.cust_dict["user"]
for user in user_dict:
roles = user_dict[user]["role"]
- mls = user_dict[user]["range"]
- level = user_dict[user]["level"]
+ mls = user_dict[user].get("range", "")
+ level = user_dict[user].get("level", "")
iter = self.user_delete_liststore.append()
self.user_delete_liststore.set_value(iter, 1, user)
self.user_delete_liststore.set_value(iter, 2, roles)
@@ -2104,7 +2107,7 @@ class SELinuxGui():
login_dict = self.cust_dict["login"]
for login in login_dict:
seuser = login_dict[login]["seuser"]
- mls = login_dict[login]["range"]
+ mls = login_dict[login].get("range", "")
iter = self.login_delete_liststore.append()
self.login_delete_liststore.set_value(iter, 1, seuser)
self.login_delete_liststore.set_value(iter, 2, login)
@@ -2268,7 +2271,7 @@ class SELinuxGui():
self.update_treestore.set_value(niter, 3, False)
roles = self.cur_dict["user"][user]["role"]
self.update_treestore.set_value(niter, 1, (_("Roles: %s")) % roles)
- mls = self.cur_dict["user"][user]["range"]
+ mls = self.cur_dict["user"][user].get("range", "")
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
@@ -2293,7 +2296,7 @@ class SELinuxGui():
self.update_treestore.set_value(niter, 3, False)
seuser = self.cur_dict["login"][login]["seuser"]
self.update_treestore.set_value(niter, 1, (_("SELinux User: %s")) % seuser)
- mls = self.cur_dict["login"][login]["range"]
+ mls = self.cur_dict["login"][login].get("range", "")
niter = self.update_treestore.append(iter)
self.update_treestore.set_value(niter, 3, False)
self.update_treestore.set_value(niter, 1, _("MLS/MCS Range: %s") % mls)
@@ -2487,14 +2490,18 @@ class SELinuxGui():
for l in self.cur_dict[k]:
if self.cur_dict[k][l]["action"] == "-d":
update_buffer += "login -d %s\n" % l
- else:
+ elif "range" in self.cur_dict[k][l]:
update_buffer += "login %s -s %s -r %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], self.cur_dict[k][l]["range"], l)
+ else:
+ update_buffer += "login %s -s %s %s\n" % (self.cur_dict[k][l]["action"], self.cur_dict[k][l]["seuser"], l)
if k in "user":
for u in self.cur_dict[k]:
if self.cur_dict[k][u]["action"] == "-d":
update_buffer += "user -d %s\n" % u
- else:
+ elif "level" in self.cur_dict[k][u] and "range" in self.cur_dict[k][u]:
update_buffer += "user %s -L %s -r %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["level"], self.cur_dict[k][u]["range"], self.cur_dict[k][u]["role"], u)
+ else:
+ update_buffer += "user %s -R %s %s\n" % (self.cur_dict[k][u]["action"], self.cur_dict[k][u]["role"], u)
if k in "fcontext-equiv":
for f in self.cur_dict[k]:
diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py
index 4d84636..4772b50 100755 index 4d84636..b463165 100755
--- selinux-python-2.7/sepolicy/sepolicy/manpage.py --- selinux-python-2.7/sepolicy/sepolicy/manpage.py
+++ selinux-python-2.7/sepolicy/sepolicy/manpage.py +++ selinux-python-2.7/sepolicy/sepolicy/manpage.py
@@ -125,8 +125,33 @@ def gen_domains(): @@ -84,7 +84,8 @@ def get_all_users_info():
for d in allusers_info:
allusers.append(d['name'])
- users_range[d['name'].split("_")[0]] = d['range']
+ if 'range' in d:
+ users_range[d['name'].split("_")[0]] = d['range']
for u in allusers:
if u not in ["system_u", "root", "unconfined_u"]:
@@ -125,8 +126,36 @@ def gen_domains():
domains.sort() domains.sort()
return domains return domains
@ -121,7 +372,10 @@ index 4d84636..4772b50 100755
+def _gen_mcs_constrained_types(): +def _gen_mcs_constrained_types():
+ global mcs_constrained_types + global mcs_constrained_types
+ if mcs_constrained_types is None: + if mcs_constrained_types is None:
+ try:
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) + mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+ except StopIteration:
+ mcs_constrained_types = []
+ return mcs_constrained_types + return mcs_constrained_types
+ +
+ +
@ -129,7 +383,7 @@ index 4d84636..4772b50 100755
def _gen_types(): def _gen_types():
global types global types
@@ -149,10 +174,6 @@ def prettyprint(f, trim): @@ -149,10 +178,6 @@ def prettyprint(f, trim):
manpage_domains = [] manpage_domains = []
manpage_roles = [] manpage_roles = []
@ -140,7 +394,7 @@ index 4d84636..4772b50 100755
def get_alphabet_manpages(manpage_list): def get_alphabet_manpages(manpage_list):
alphabet_manpages = dict.fromkeys(string.ascii_letters, []) alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
for i in string.ascii_letters: for i in string.ascii_letters:
@@ -182,7 +203,7 @@ def convert_manpage_to_html(html_manpage, manpage): @@ -182,7 +207,7 @@ def convert_manpage_to_html(html_manpage, manpage):
class HTMLManPages: class HTMLManPages:
""" """
@ -149,7 +403,7 @@ index 4d84636..4772b50 100755
""" """
def __init__(self, manpage_roles, manpage_domains, path, os_version): def __init__(self, manpage_roles, manpage_domains, path, os_version):
@@ -190,9 +211,9 @@ class HTMLManPages: @@ -190,9 +215,9 @@ class HTMLManPages:
self.manpage_domains = get_alphabet_manpages(manpage_domains) self.manpage_domains = get_alphabet_manpages(manpage_domains)
self.os_version = os_version self.os_version = os_version
self.old_path = path + "/" self.old_path = path + "/"
@ -161,7 +415,7 @@ index 4d84636..4772b50 100755
self.__gen_html_manpages() self.__gen_html_manpages()
else: else:
print("SELinux HTML man pages can not be generated for this %s" % os_version) print("SELinux HTML man pages can not be generated for this %s" % os_version)
@@ -201,7 +222,6 @@ class HTMLManPages: @@ -201,7 +226,6 @@ class HTMLManPages:
def __gen_html_manpages(self): def __gen_html_manpages(self):
self._write_html_manpage() self._write_html_manpage()
self._gen_index() self._gen_index()
@ -169,7 +423,7 @@ index 4d84636..4772b50 100755
self._gen_css() self._gen_css()
def _write_html_manpage(self): def _write_html_manpage(self):
@@ -219,67 +239,21 @@ class HTMLManPages: @@ -219,67 +243,21 @@ class HTMLManPages:
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
def _gen_index(self): def _gen_index(self):
@ -241,7 +495,7 @@ index 4d84636..4772b50 100755
for letter in self.manpage_roles: for letter in self.manpage_roles:
if len(self.manpage_roles[letter]): if len(self.manpage_roles[letter]):
fd.write(""" fd.write("""
@@ -423,6 +397,9 @@ class ManPage: @@ -423,6 +401,9 @@ class ManPage:
self.all_file_types = sepolicy.get_all_file_types() self.all_file_types = sepolicy.get_all_file_types()
self.role_allows = sepolicy.get_all_role_allows() self.role_allows = sepolicy.get_all_role_allows()
self.types = _gen_types() self.types = _gen_types()
@ -251,7 +505,7 @@ index 4d84636..4772b50 100755
if self.source_files: if self.source_files:
self.fcpath = self.root + "file_contexts" self.fcpath = self.root + "file_contexts"
@@ -735,10 +712,13 @@ Default Defined Ports:""") @@ -735,10 +716,13 @@ Default Defined Ports:""")
def _file_context(self): def _file_context(self):
flist = [] flist = []
@ -265,7 +519,7 @@ index 4d84636..4772b50 100755
if f in self.fcdict: if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"] mpaths = mpaths + self.fcdict[f]["regex"]
if len(mpaths) == 0: if len(mpaths) == 0:
@@ -790,19 +770,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d @@ -790,19 +774,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP .PP
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
@ -289,7 +543,17 @@ index 4d84636..4772b50 100755
self.fd.write(r""" self.fd.write(r"""
.I The following file types are defined for %(domainname)s: .I The following file types are defined for %(domainname)s:
@@ -974,8 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a @@ -921,8 +906,7 @@ This manual page was auto-generated using
.B "sepolicy manpage".
.SH "SEE ALSO"
-selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
-""" % (self.domainname))
+selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)""" % (self.domainname))
if self.booltext != "":
self.fd.write(", setsebool(8)")
@@ -974,8 +958,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
%s""" % ", ".join(paths)) %s""" % ", ".join(paths))
def _mcs_types(self): def _mcs_types(self):

View File

@ -0,0 +1,10 @@
diff --git semodule-utils-2.7/Makefile semodule-utils-2.7/Makefile
index 6bf4aee..e0a6579 100644
--- semodule-utils-2.7/Makefile
+++ semodule-utils-2.7/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = semodule_package semodule_link semodule_expand semodule_deps
+SUBDIRS = semodule_package semodule_link semodule_expand
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \