diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch index d6fdfdb..0482ee2 100644 --- a/policycoreutils-sepolgen.patch +++ b/policycoreutils-sepolgen.patch @@ -1,26 +1,8 @@ diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py -index 898fbc3..631bab5 100644 +index 898fbc3..9fdfafa 100644 --- a/sepolgen/src/sepolgen/audit.py +++ b/sepolgen/src/sepolgen/audit.py -@@ -68,6 +68,17 @@ def get_dmesg_msgs(): - stdout=subprocess.PIPE).communicate()[0] - return output - -+def get_log_msgs(): -+ """Obtain all of the avc and policy load messages from /var/log/messages. -+ -+ Returns: -+ string contain all of the audit messages returned by /var/log/messages. -+ """ -+ import subprocess -+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"], -+ stdout=subprocess.PIPE).communicate()[0] -+ return output -+ - # Classes representing audit messages - - class AuditMessage: -@@ -127,6 +138,9 @@ class PathMessage(AuditMessage): +@@ -127,6 +127,9 @@ class PathMessage(AuditMessage): if fields[0] == "path": self.path = fields[1][1:-1] return @@ -30,7 +12,7 @@ index 898fbc3..631bab5 100644 class AVCMessage(AuditMessage): """AVC message representing an access denial or granted message. -@@ -168,6 +182,8 @@ class AVCMessage(AuditMessage): +@@ -168,6 +171,8 @@ class AVCMessage(AuditMessage): self.name = "" self.accesses = [] self.denial = True @@ -39,7 +21,7 @@ index 898fbc3..631bab5 100644 def __parse_access(self, recs, start): # This is kind of sucky - the access that is in a space separated -@@ -229,7 +245,31 @@ class AVCMessage(AuditMessage): +@@ -229,7 +234,31 @@ class AVCMessage(AuditMessage): if not found_src or not found_tgt or not found_class or not found_access: raise ValueError("AVC message in invalid format [%s]\n" % self.message) @@ -72,7 +54,7 @@ index 898fbc3..631bab5 100644 class PolicyLoadMessage(AuditMessage): """Audit message indicating that the policy was reloaded.""" def __init__(self, message): -@@ -472,10 +512,10 @@ class AuditParser: +@@ -472,10 +501,10 @@ class AuditParser: if avc_filter: if avc_filter.filter(avc): av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass, @@ -181,3 +163,29 @@ index 0e6b502..4882999 100644 self.module.children.append(rule) +diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py +index 955784d..9a79340 100644 +--- a/sepolgen/src/sepolgen/refparser.py ++++ b/sepolgen/src/sepolgen/refparser.py +@@ -245,7 +245,7 @@ def t_refpolicywarn(t): + t.lexer.lineno += 1 + + def t_IDENTIFIER(t): +- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*' ++ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*' + # Handle any keywords + t.type = reserved.get(t.value,'IDENTIFIER') + return t +diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py +index 58332de..2f3c09d 100644 +--- a/sepolgen/src/sepolgen/yacc.py ++++ b/sepolgen/src/sepolgen/yacc.py +@@ -594,7 +594,7 @@ class MiniProduction: + pass + + # regex matching identifiers +-_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$') ++_is_identifier = re.compile(r'^[a-zA-Z0-9_-~]+$') + + # ----------------------------------------------------------------------------- + # add_production() diff --git a/policycoreutils.spec b/policycoreutils.spec index fc43712..6098c28 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.8 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -352,6 +352,9 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Wed Nov 16 2011 Dan Walsh - 2.1.8-5 +- Allow ~ as a valid part of a filename in sepolgen + * Fri Nov 11 2011 Dan Walsh - 2.1.8-4 - sandbox init script should always return 0 - sandbox command needs to check range of categories and report error if not big enough