From 9f10e60d0ddb34c160f0f42f74e04df37951e229 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 8 Sep 2008 21:03:49 +0000 Subject: [PATCH] * Mon Sep 8 2008 Dan Walsh 2.0.55-5 - Add node support to semanage --- policycoreutils-rhat.patch | 480 ++++++++++--------------------------- policycoreutils.spec | 5 +- 2 files changed, 129 insertions(+), 356 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index ef88097..2481fb4 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -92,7 +92,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po } diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.55/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.55/semanage/semanage 2008-08-29 14:34:58.000000000 -0400 ++++ policycoreutils-2.0.55/semanage/semanage 2008-09-08 14:46:57.000000000 -0400 @@ -20,7 +20,7 @@ # 02111-1307 USA # @@ -102,25 +102,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po import seobject import selinux PROGNAME="policycoreutils" -@@ -43,13 +43,14 @@ +@@ -43,7 +43,9 @@ if __name__ == '__main__': def usage(message = ""): - print _(""" --semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] + raise ValueError(_(""" +semanage [ -S store ] -i [ input_file | - ] + -+semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] + semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] semanage login -{a|d|m} [-sr] login_name | %groupname semanage user -{a|d|m} [-LrRP] selinux_name - semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range - semanage interface -{a|d|m} [-tr] interface_spec --semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr - semanage fcontext -{a|d|m} [-frst] file_spec - semanage translation -{a|d|m} [-T] level - semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file -@@ -60,6 +61,7 @@ +@@ -60,6 +62,7 @@ -a, --add Add a OBJECT record NAME -d, --delete Delete a OBJECT record NAME -m, --modify Modify a OBJECT record NAME @@ -128,17 +121,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -l, --list List the OBJECTS -C, --locallist List OBJECTS local customizations -D, --deleteall Remove all OBJECTS local customizations -@@ -81,8 +83,7 @@ - -p (named pipe) - - -F, --file Treat target as an input file for command, change multiple settings -- -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) -- -M, --mask Netmask -+ -p, --proto Port protocol (tcp or udp) - -P, --prefix Prefix for home directory labeling - -L, --level Default SELinux Level (MLS/MCS Systems only) - -R, --roles SELinux Roles (ex: "sysadm_r staff_r") -@@ -91,9 +92,8 @@ +@@ -91,9 +94,8 @@ -s, --seuser SELinux User Name -t, --type SELinux Type for the object -r, --range MLS/MCS Security Range (MLS/MCS Systems only) @@ -150,18 +133,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po def errorExit(error): sys.stderr.write("%s: " % sys.argv[0]) -@@ -111,9 +111,7 @@ - valid_option["port"] = [] - valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ] - valid_option["interface"] = [] -- valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] -- valid_option["node"] = [] -- valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol'] -+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] - valid_option["fcontext"] = [] - valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] - valid_option["translation"] = [] -@@ -124,16 +122,56 @@ +@@ -124,12 +126,53 @@ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ] return valid_option @@ -221,11 +193,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po serange = "" port = "" proto = "" -- mask = "" - selevel = "" - setype = "" - ftype = "" -@@ -151,24 +189,23 @@ +@@ -151,24 +194,23 @@ locallist = False use_file = False store = "" @@ -243,7 +211,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po gopts, cmds = getopt.getopt(args, - '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:M:', -+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:', ++ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:', ['add', 'delete', 'deleteall', @@ -254,17 +222,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po 'list', 'modify', 'noheading', -@@ -183,8 +220,7 @@ - 'roles=', +@@ -184,7 +226,7 @@ 'type=', 'trans=', -- 'prefix=', + 'prefix=', - 'mask=' -+ 'prefix=' ++ 'mask=' ]) for o, a in gopts: if o not in option_dict[object]: -@@ -193,16 +229,16 @@ +@@ -193,16 +235,16 @@ for o,a in gopts: if o == "-a" or o == "--add": if modify or delete: @@ -284,7 +251,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po deleteall = True if o == "-f" or o == "--ftype": ftype=a -@@ -211,7 +247,7 @@ +@@ -211,7 +253,7 @@ use_file = True if o == "-h" or o == "--help": @@ -293,7 +260,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if o == "-n" or o == "--noheading": heading = False -@@ -221,7 +257,7 @@ +@@ -221,7 +263,7 @@ if o == "-m"or o == "--modify": if delete or add: @@ -302,7 +269,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po modify = True if o == "-S" or o == '--store': -@@ -229,7 +265,7 @@ +@@ -229,7 +271,7 @@ if o == "-r" or o == '--range': if is_mls_enabled == 0: @@ -311,7 +278,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po serange = a if o == "-l" or o == "--list": -@@ -237,7 +273,7 @@ +@@ -237,7 +279,7 @@ if o == "-L" or o == '--level': if is_mls_enabled == 0: @@ -320,27 +287,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po selevel = a if o == "-p" or o == '--proto': -@@ -252,9 +288,6 @@ - if o == "-s" or o == "--seuser": - seuser = a +@@ -280,7 +322,7 @@ -- if o == "-M" or o == '--mask': -- mask = a -- - if o == "-t" or o == "--type": - setype = a - -@@ -277,9 +310,6 @@ - - if object == "interface": - OBJECT = seobject.interfaceRecords(store) -- -- if object == "node": -- OBJECT = seobject.nodeRecords(store) - + if object == "node": + OBJECT = seobject.nodeRecords(store) +- ++ if object == "fcontext": OBJECT = seobject.fcontextRecords(store) -@@ -298,14 +328,14 @@ + +@@ -298,14 +340,14 @@ OBJECT.list(heading, locallist, use_file) else: OBJECT.list(heading, locallist) @@ -358,7 +314,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po target = cmds[0] -@@ -317,10 +347,7 @@ +@@ -317,10 +359,7 @@ OBJECT.add(target, setrans) if object == "user": @@ -370,15 +326,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if object == "port": OBJECT.add(target, proto, serange, setype) -@@ -328,15 +355,12 @@ - if object == "interface": - OBJECT.add(target, serange, setype) - -- if object == "node": -- OBJECT.add(target, mask, proto, serange, setype) -- - if object == "fcontext": - OBJECT.add(target, setype, ftype, serange, seuser) +@@ -336,7 +375,7 @@ if object == "permissive": OBJECT.add(target) @@ -387,13 +335,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if modify: if object == "boolean": -@@ -358,13 +382,10 @@ - if object == "interface": - OBJECT.modify(target, serange, setype) - -- if object == "node": -- OBJECT.modify(target, mask, proto, serange, setype) -- +@@ -364,7 +403,7 @@ if object == "fcontext": OBJECT.modify(target, setype, ftype, serange, seuser) @@ -402,13 +344,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if delete: if object == "port": -@@ -373,22 +394,72 @@ - elif object == "fcontext": - OBJECT.delete(target, ftype) - -- elif object == "node": -- OBJECT.delete(target, mask, proto) -- +@@ -379,16 +418,69 @@ else: OBJECT.delete(target) @@ -483,39 +419,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po errorExit(error.args[1]) - except KeyboardInterrupt, error: - sys.exit(0) -diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.55/semanage/semanage.8 ---- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.55/semanage/semanage.8 2008-08-29 14:34:58.000000000 -0400 -@@ -3,7 +3,7 @@ - semanage \- SELinux Policy Management tool - - .SH "SYNOPSIS" --.B semanage {boolean|login|user|port|interface|node|fcontext|translation} \-{l|D} [\-n] [\-S store] -+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store] - .br - .B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file - .br -@@ -15,8 +15,6 @@ - .br - .B semanage interface \-{a|d|m} [\-tr] interface_spec - .br --.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address --.br - .B semanage fcontext \-{a|d|m} [\-frst] file_spec - .br - .B semanage permissive \-{a|d} type -@@ -80,7 +78,7 @@ - Do not print heading when listing OBJECTS. - .TP - .I \-p, \-\-proto --Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6). -+Protocol for the specified port (tcp|udp). - .TP - .I \-r, \-\-range - MLS/MCS Security Range (MLS/MCS Systems only) diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.55/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.55/semanage/seobject.py 2008-08-29 14:34:58.000000000 -0400 ++++ policycoreutils-2.0.55/semanage/seobject.py 2008-09-08 15:02:04.000000000 -0400 @@ -26,7 +26,6 @@ PROGNAME="policycoreutils" import sepolgen.module as module @@ -1088,25 +994,30 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po - (rc,k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) -- -- (rc,exists) = semanage_user_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if SELinux user %s is defined") % name) -- if not exists: -- raise ValueError(_("SELinux user %s is not defined") % name) + if prefix == "" and len(roles) == 0 and serange == "" and selevel == "": + if is_mls_enabled == 1: + raise ValueError(_("Requires prefix, roles, level or range")) + else: + raise ValueError(_("Requires prefix or roles")) -- (rc,u) = semanage_user_query(self.sh, k) +- (rc,exists) = semanage_user_exists(self.sh, k) - if rc < 0: -- raise ValueError(_("Could not query user for %s") % name) +- raise ValueError(_("Could not check if SELinux user %s is defined") % name) +- if not exists: +- raise ValueError(_("SELinux user %s is not defined") % name) + (rc,k) = semanage_user_key_create(self.sh, name) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) +- (rc,u) = semanage_user_query(self.sh, k) +- if rc < 0: +- raise ValueError(_("Could not query user for %s") % name) ++ (rc,exists) = semanage_user_exists(self.sh, k) ++ if rc < 0: ++ raise ValueError(_("Could not check if SELinux user %s is defined") % name) ++ if not exists: ++ raise ValueError(_("SELinux user %s is not defined") % name) + - oldserange = semanage_user_get_mlsrange(u) - (rc, rlist) = semanage_user_get_roles(self.sh, u) - if rc >= 0: @@ -1129,22 +1040,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po - for r in roles: - if r not in rlist: - semanage_user_add_role(self.sh, u, r) -+ (rc,exists) = semanage_user_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if SELinux user %s is defined") % name) -+ if not exists: -+ raise ValueError(_("SELinux user %s is not defined") % name) - -- rc = semanage_begin_transaction(self.sh) -- if rc < 0: -- raise ValueError(_("Could not start semanage transaction")) + (rc,u) = semanage_user_query(self.sh, k) + if rc < 0: + raise ValueError(_("Could not query user for %s") % name) -- rc = semanage_user_modify_local(self.sh, k, u) +- rc = semanage_begin_transaction(self.sh) - if rc < 0: -- raise ValueError(_("Could not modify SELinux user %s") % name) +- raise ValueError(_("Could not start semanage transaction")) + oldserange = semanage_user_get_mlsrange(u) + (rc, rlist) = semanage_user_get_roles(self.sh, u) + if rc >= 0: @@ -1168,6 +1070,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po + if r not in rlist: + semanage_user_add_role(self.sh, u, r) +- rc = semanage_user_modify_local(self.sh, k, u) +- if rc < 0: +- raise ValueError(_("Could not modify SELinux user %s") % name) +- - rc = semanage_commit(self.sh) - if rc < 0: - raise ValueError(_("Could not modify SELinux user %s") % name) @@ -1372,236 +1278,101 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -1031,236 +1007,11 @@ - rec += ", %s" % p - print rec +@@ -1035,7 +1011,7 @@ + def __init__(self, store = ""): + semanageRecords.__init__(self,store) --class nodeRecords(semanageRecords): -- def __init__(self, store = ""): -- semanageRecords.__init__(self,store) -- - def add(self, addr, mask, proto, serange, ctype): -- if addr == "": -- raise ValueError(_("Node Address is required")) -- -- if mask == "": -- raise ValueError(_("Node Netmask is required")) -- -- if proto == "ipv4": -- proto = 0 -- elif proto == "ipv6": -- proto = 1 -- else: -- raise ValueError(_("Unknown or missing protocol")) -- -- -- if is_mls_enabled == 1: -- if serange == "": -- serange = "s0" -- else: -- serange = untranslate(serange) -- -- if ctype == "": -- raise ValueError(_("SELinux Type is required")) -- -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -- if rc < 0: -- raise ValueError(_("Could not create key for %s") % addr) -- if rc < 0: -- raise ValueError(_("Could not check if addr %s is defined") % addr) -- -- (rc,exists) = semanage_node_exists(self.sh, k) -- if exists: -- raise ValueError(_("Addr %s already defined") % addr) -- -- (rc,node) = semanage_node_create(self.sh) -- if rc < 0: -- raise ValueError(_("Could not create addr for %s") % addr) -- -- rc = semanage_node_set_addr(self.sh, node, proto, addr) -- (rc, con) = semanage_context_create(self.sh) -- if rc < 0: -- raise ValueError(_("Could not create context for %s") % addr) -- -- rc = semanage_node_set_mask(self.sh, node, proto, mask) -- if rc < 0: -- raise ValueError(_("Could not set mask for %s") % addr) -- -- -- rc = semanage_context_set_user(self.sh, con, "system_u") -- if rc < 0: -- raise ValueError(_("Could not set user in addr context for %s") % addr) -- -- rc = semanage_context_set_role(self.sh, con, "object_r") -- if rc < 0: -- raise ValueError(_("Could not set role in addr context for %s") % addr) -- -- rc = semanage_context_set_type(self.sh, con, ctype) -- if rc < 0: -- raise ValueError(_("Could not set type in addr context for %s") % addr) -- -- if serange != "": -- rc = semanage_context_set_mls(self.sh, con, serange) -- if rc < 0: -- raise ValueError(_("Could not set mls fields in addr context for %s") % addr) -- -- rc = semanage_node_set_con(self.sh, node, con) -- if rc < 0: -- raise ValueError(_("Could not set addr context for %s") % addr) -- ++ def __add(self, addr, mask, proto, serange, ctype): + if addr == "": + raise ValueError(_("Node Address is required")) + +@@ -1104,23 +1080,20 @@ + if rc < 0: + raise ValueError(_("Could not set addr context for %s") % addr) + - rc = semanage_begin_transaction(self.sh) - if rc < 0: - raise ValueError(_("Could not start semanage transaction")) - -- rc = semanage_node_modify_local(self.sh, k, node) -- if rc < 0: -- raise ValueError(_("Could not add addr %s") % addr) -- + rc = semanage_node_modify_local(self.sh, k, node) + if rc < 0: + raise ValueError(_("Could not add addr %s") % addr) + - rc = semanage_commit(self.sh) - if rc < 0: - raise ValueError(_("Could not add addr %s") % addr) - -- semanage_context_free(con) -- semanage_node_key_free(k) -- semanage_node_free(node) -- + semanage_context_free(con) + semanage_node_key_free(k) + semanage_node_free(node) + - def modify(self, addr, mask, proto, serange, setype): -- if addr == "": -- raise ValueError(_("Node Address is required")) -- -- if mask == "": -- raise ValueError(_("Node Netmask is required")) -- if proto == "ipv4": -- proto = 0 -- elif proto == "ipv6": -- proto = 1 -- else: -- raise ValueError(_("Unknown or missing protocol")) -- -- -- if serange == "" and setype == "": -- raise ValueError(_("Requires setype or serange")) -- -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -- if rc < 0: -- raise ValueError(_("Could not create key for %s") % addr) -- -- (rc,exists) = semanage_node_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if addr %s is defined") % addr) -- if not exists: -- raise ValueError(_("Addr %s is not defined") % addr) -- -- (rc,node) = semanage_node_query(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not query addr %s") % addr) -- -- con = semanage_node_get_con(node) -- -- if serange != "": -- semanage_context_set_mls(self.sh, con, untranslate(serange)) -- if setype != "": -- semanage_context_set_type(self.sh, con, setype) -- ++ def add(self, addr, mask, proto, serange, ctype): ++ self.begin() ++ self.__add(self, addr, mask, proto, serange, ctype) ++ self.commit() ++ ++ def __modify(self, addr, mask, proto, serange, setype): + if addr == "": + raise ValueError(_("Node Address is required")) + +@@ -1158,22 +1131,19 @@ + if setype != "": + semanage_context_set_type(self.sh, con, setype) + - rc = semanage_begin_transaction(self.sh) - if rc < 0: - raise ValueError(_("Could not start semanage transaction")) - -- rc = semanage_node_modify_local(self.sh, k, node) -- if rc < 0: -- raise ValueError(_("Could not modify addr %s") % addr) -- + rc = semanage_node_modify_local(self.sh, k, node) + if rc < 0: + raise ValueError(_("Could not modify addr %s") % addr) + - rc = semanage_commit(self.sh) - if rc < 0: - raise ValueError(_("Could not modify addr %s") % addr) - -- semanage_node_key_free(k) -- semanage_node_free(node) -- + semanage_node_key_free(k) + semanage_node_free(node) + - def delete(self, addr, mask, proto): -- if addr == "": -- raise ValueError(_("Node Address is required")) -- -- if mask == "": -- raise ValueError(_("Node Netmask is required")) -- -- if proto == "ipv4": -- proto = 0 -- elif proto == "ipv6": -- proto = 1 -- else: -- raise ValueError(_("Unknown or missing protocol")) -- -- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) -- if rc < 0: -- raise ValueError(_("Could not create key for %s") % addr) -- -- (rc,exists) = semanage_node_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if addr %s is defined") % addr) -- if not exists: -- raise ValueError(_("Addr %s is not defined") % addr) -- -- (rc,exists) = semanage_node_exists_local(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if addr %s is defined") % addr) -- if not exists: -- raise ValueError(_("Addr %s is defined in policy, cannot be deleted") % addr) -- ++ def modify(self, addr, mask, proto, serange, setype): ++ self.begin() ++ self.__modify(addr, mask, proto, serange, setype) ++ self.commit() ++ ++ def __delete(self, addr, mask, proto): + if addr == "": + raise ValueError(_("Node Address is required")) + +@@ -1203,20 +1173,17 @@ + if not exists: + raise ValueError(_("Addr %s is defined in policy, cannot be deleted") % addr) + - rc = semanage_begin_transaction(self.sh) - if rc < 0: - raise ValueError(_("Could not start semanage transaction")) - -- rc = semanage_node_del_local(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not delete addr %s") % addr) -- + rc = semanage_node_del_local(self.sh, k) + if rc < 0: + raise ValueError(_("Could not delete addr %s") % addr) + - rc = semanage_commit(self.sh) - if rc < 0: - raise ValueError(_("Could not delete addr %s") % addr) - -- semanage_node_key_free(k) -- -- def get_all(self, locallist = 0): -- ddict = {} -- if locallist : -- (rc, self.ilist) = semanage_node_list_local(self.sh) -- else: -- (rc, self.ilist) = semanage_node_list(self.sh) -- if rc < 0: -- raise ValueError(_("Could not list addrs")) -- -- for node in self.ilist: -- con = semanage_node_get_con(node) -- addr = semanage_node_get_addr(self.sh, node) -- mask = semanage_node_get_mask(self.sh, node) -- proto = semanage_node_get_proto(node) -- if proto == 0: -- proto = "ipv4" -- elif proto == 1: -- proto = "ipv6" -- ddict[(addr[1], mask[1], proto)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) -- -- return ddict -- -- def list(self, heading = 1, locallist = 0): -- if heading: -- print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") -- ddict = self.get_all(locallist) -- keys = ddict.keys() -- keys.sort() -- if is_mls_enabled: -- for k in keys: -- val = '' -- for fields in k: -- val = val + '\t' + str(fields) -- print "%-18s %-18s %-5s %s:%s:%s:%s " % (k[0],k[1],k[2],ddict[k][0], ddict[k][1],ddict[k][2], translate(ddict[k][3], False)) -- else: -- for k in keys: -- print "%-18s %-18s %-5s %s:%s:%s " % (k[0],k[1],k[2],ddict[k][0], ddict[k][1],ddict[k][2]) -- -- - class interfaceRecords(semanageRecords): + semanage_node_key_free(k) + ++ def delete(self, addr, mask, proto): ++ self.begin() ++ self.__delete(addr, mask, proto) ++ self.commit() ++ + def get_all(self, locallist = 0): + ddict = {} + if locallist : +@@ -1260,7 +1227,7 @@ def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -1610,7 +1381,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -1314,23 +1065,20 @@ +@@ -1314,23 +1281,20 @@ if rc < 0: raise ValueError(_("Could not set message context for %s") % interface) @@ -1640,7 +1411,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) -@@ -1355,22 +1103,19 @@ +@@ -1355,22 +1319,19 @@ if setype != "": semanage_context_set_type(self.sh, con, setype) @@ -1669,7 +1440,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po (rc,k) = semanage_iface_key_create(self.sh, interface) if rc < 0: raise ValueError(_("Could not create key for %s") % interface) -@@ -1387,20 +1132,17 @@ +@@ -1387,20 +1348,17 @@ if not exists: raise ValueError(_("Interface %s is defined in policy, cannot be deleted") % interface) @@ -1695,7 +1466,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -1459,7 +1201,7 @@ +@@ -1459,7 +1417,7 @@ if target == "" or target.find("\n") >= 0: raise ValueError(_("Invalid file specification")) @@ -1704,7 +1475,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po self.validate(target) if is_mls_enabled == 1: -@@ -1500,24 +1242,22 @@ +@@ -1500,24 +1458,21 @@ semanage_fcontext_set_type(fcontext, file_types[ftype]) @@ -1726,7 +1497,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po semanage_fcontext_free(fcontext) - def modify(self, target, setype, ftype, serange, seuser): -+ + def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): + self.begin() + self.__add(target, type, ftype, serange, seuser) @@ -1736,7 +1506,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if serange == "" and setype == "" and seuser == "": raise ValueError(_("Requires setype, serange or seuser")) self.validate(target) -@@ -1558,29 +1298,25 @@ +@@ -1558,29 +1513,25 @@ if rc < 0: raise ValueError(_("Could not set file context for %s") % target) @@ -1773,7 +1543,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po for fcontext in flist: target = semanage_fcontext_get_expr(fcontext) -@@ -1595,11 +1331,9 @@ +@@ -1595,11 +1546,9 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -1787,7 +1557,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1616,20 +1350,17 @@ +@@ -1616,20 +1565,17 @@ else: raise ValueError(_("File context for %s is not defined") % target) @@ -1813,7 +1583,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po def get_all(self, locallist = 0): l = [] if locallist: -@@ -1711,9 +1442,8 @@ +@@ -1711,9 +1657,8 @@ def modify(self, name, value=None, use_file=False): @@ -1825,7 +1595,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po if use_file: fd = open(name) for b in fd.read().split("\n"): -@@ -1723,18 +1453,16 @@ +@@ -1723,18 +1668,16 @@ try: boolname, val = b.split("=") @@ -1847,7 +1617,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po (rc,k) = semanage_bool_key_create(self.sh, name) if rc < 0: -@@ -1751,42 +1479,30 @@ +@@ -1751,42 +1694,30 @@ if not exists: raise ValueError(_("Boolean %s is defined in policy, cannot be deleted") % name) diff --git a/policycoreutils.spec b/policycoreutils.spec index f554632..017307d 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.55 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Mon Sep 8 2008 Dan Walsh 2.0.55-5 +- Add node support to semanage + * Mon Sep 8 2008 Dan Walsh 2.0.55-4 - Fix fixfiles to correct unlabeled_t files and remove .? files