Allow ~ as a valid part of a filename in sepolgen
This commit is contained in:
parent
35a1c24b59
commit
97d6c28e36
@ -1,26 +1,8 @@
|
|||||||
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
||||||
index 898fbc3..631bab5 100644
|
index 898fbc3..9fdfafa 100644
|
||||||
--- a/sepolgen/src/sepolgen/audit.py
|
--- a/sepolgen/src/sepolgen/audit.py
|
||||||
+++ b/sepolgen/src/sepolgen/audit.py
|
+++ b/sepolgen/src/sepolgen/audit.py
|
||||||
@@ -68,6 +68,17 @@ def get_dmesg_msgs():
|
@@ -127,6 +127,9 @@ class PathMessage(AuditMessage):
|
||||||
stdout=subprocess.PIPE).communicate()[0]
|
|
||||||
return output
|
|
||||||
|
|
||||||
+def get_log_msgs():
|
|
||||||
+ """Obtain all of the avc and policy load messages from /var/log/messages.
|
|
||||||
+
|
|
||||||
+ Returns:
|
|
||||||
+ string contain all of the audit messages returned by /var/log/messages.
|
|
||||||
+ """
|
|
||||||
+ import subprocess
|
|
||||||
+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
|
|
||||||
+ stdout=subprocess.PIPE).communicate()[0]
|
|
||||||
+ return output
|
|
||||||
+
|
|
||||||
# Classes representing audit messages
|
|
||||||
|
|
||||||
class AuditMessage:
|
|
||||||
@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
|
|
||||||
if fields[0] == "path":
|
if fields[0] == "path":
|
||||||
self.path = fields[1][1:-1]
|
self.path = fields[1][1:-1]
|
||||||
return
|
return
|
||||||
@ -30,7 +12,7 @@ index 898fbc3..631bab5 100644
|
|||||||
|
|
||||||
class AVCMessage(AuditMessage):
|
class AVCMessage(AuditMessage):
|
||||||
"""AVC message representing an access denial or granted message.
|
"""AVC message representing an access denial or granted message.
|
||||||
@@ -168,6 +182,8 @@ class AVCMessage(AuditMessage):
|
@@ -168,6 +171,8 @@ class AVCMessage(AuditMessage):
|
||||||
self.name = ""
|
self.name = ""
|
||||||
self.accesses = []
|
self.accesses = []
|
||||||
self.denial = True
|
self.denial = True
|
||||||
@ -39,7 +21,7 @@ index 898fbc3..631bab5 100644
|
|||||||
|
|
||||||
def __parse_access(self, recs, start):
|
def __parse_access(self, recs, start):
|
||||||
# This is kind of sucky - the access that is in a space separated
|
# This is kind of sucky - the access that is in a space separated
|
||||||
@@ -229,7 +245,31 @@ class AVCMessage(AuditMessage):
|
@@ -229,7 +234,31 @@ class AVCMessage(AuditMessage):
|
||||||
|
|
||||||
if not found_src or not found_tgt or not found_class or not found_access:
|
if not found_src or not found_tgt or not found_class or not found_access:
|
||||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||||
@ -72,7 +54,7 @@ index 898fbc3..631bab5 100644
|
|||||||
class PolicyLoadMessage(AuditMessage):
|
class PolicyLoadMessage(AuditMessage):
|
||||||
"""Audit message indicating that the policy was reloaded."""
|
"""Audit message indicating that the policy was reloaded."""
|
||||||
def __init__(self, message):
|
def __init__(self, message):
|
||||||
@@ -472,10 +512,10 @@ class AuditParser:
|
@@ -472,10 +501,10 @@ class AuditParser:
|
||||||
if avc_filter:
|
if avc_filter:
|
||||||
if avc_filter.filter(avc):
|
if avc_filter.filter(avc):
|
||||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||||
@ -181,3 +163,29 @@ index 0e6b502..4882999 100644
|
|||||||
self.module.children.append(rule)
|
self.module.children.append(rule)
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
|
||||||
|
index 955784d..9a79340 100644
|
||||||
|
--- a/sepolgen/src/sepolgen/refparser.py
|
||||||
|
+++ b/sepolgen/src/sepolgen/refparser.py
|
||||||
|
@@ -245,7 +245,7 @@ def t_refpolicywarn(t):
|
||||||
|
t.lexer.lineno += 1
|
||||||
|
|
||||||
|
def t_IDENTIFIER(t):
|
||||||
|
- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
|
||||||
|
+ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*'
|
||||||
|
# Handle any keywords
|
||||||
|
t.type = reserved.get(t.value,'IDENTIFIER')
|
||||||
|
return t
|
||||||
|
diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
|
||||||
|
index 58332de..2f3c09d 100644
|
||||||
|
--- a/sepolgen/src/sepolgen/yacc.py
|
||||||
|
+++ b/sepolgen/src/sepolgen/yacc.py
|
||||||
|
@@ -594,7 +594,7 @@ class MiniProduction:
|
||||||
|
pass
|
||||||
|
|
||||||
|
# regex matching identifiers
|
||||||
|
-_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
|
||||||
|
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-~]+$')
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
# add_production()
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.8
|
Version: 2.1.8
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -352,6 +352,9 @@ fi
|
|||||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
|
||||||
|
- Allow ~ as a valid part of a filename in sepolgen
|
||||||
|
|
||||||
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4
|
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4
|
||||||
- sandbox init script should always return 0
|
- sandbox init script should always return 0
|
||||||
- sandbox command needs to check range of categories and report error if not big enough
|
- sandbox command needs to check range of categories and report error if not big enough
|
||||||
|
Loading…
Reference in New Issue
Block a user