rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

policycoreutils-2.4-20.fc24

Browse Source 
- Fix 'semanage permissive -l' subcommand (#1286325)
- Several 'sepolicy gui' fixes (#1281309,#1281309,#1282382)
This commit is contained in:
Petr Lautrbach 2015-12-14 20:38:46 +01:00
parent d0523c635c
commit a69630b7b6
2 changed files with 119 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
policycoreutils-rhat.patch
View File

@ -1358,7 +1358,7 @@ index 37c1472..9854fb2 100644
<packing>
<property name="expand">False</property>
diff --git a/policycoreutils-2.4/gui/polgengui.py b/policycoreutils-2.4/gui/polgengui.py
index 0f0e564..1b88c47 100644
index 0f0e564..ac8f78f 100644
--- a/policycoreutils-2.4/gui/polgengui.py
+++ b/policycoreutils-2.4/gui/polgengui.py
@@ -30,29 +30,15 @@ import gnome
@ -1445,6 +1445,15 @@ index 0f0e564..1b88c47 100644
self.error(e.message)
def delete(self, args):
@@ -668,7 +654,7 @@ class childWindow:
entry.set_text("")
return False
if name in self.all_modules:
- if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
+ if self.verify(_("Module %s already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
entry.set_text("")
return False
@@ -687,7 +673,7 @@ class childWindow:
try:
generate.verify_ports(self.in_tcp_entry.get_text())
@ -655466,7 +655475,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils-2.4/semanage/semanage b/policycoreutils-2.4/semanage/semanage
index dd63010..69b9c49 100644
index dd63010..852fecf 100644
--- a/policycoreutils-2.4/semanage/semanage
+++ b/policycoreutils-2.4/semanage/semanage
@@ -1,4 +1,4 @@
@ -655688,16 +655697,37 @@ index dd63010..69b9c49 100644
def setupBooleanParser(subparsers):
generated_usage = generate_custom_usage(usage_boolean, usage_boolean_dict)
@@ -652,7 +666,7 @@ def setupPermissiveParser(subparsers):
parser_add_noheading(permissiveParser, "permissive")
parser_add_noreload(permissiveParser, "permissive")
@@ -632,12 +646,17 @@ def handlePermissive(args):
OBJECT = object_dict['permissive']()
OBJECT.set_reload(args.noreload)
- if args.action is "add":
- OBJECT.add(args.type)
if args.action is "list":
OBJECT.list(args.noheading)
- if args.action is "delete":
- OBJECT.delete(args.type)
+ elif args.type != None:
+ if args.action is "add":
+ OBJECT.add(args.type)
+ if args.action is "delete":
+ OBJECT.delete(args.type)
+ else:
+ args.parser.print_usage(sys.stderr)
+ sys.stderr.write(_('semanage permissive: error: the following argument is required: type\n'))
+ sys.exit(1)
def setupPermissiveParser(subparsers):
permissiveParser = subparsers.add_parser('permissive', help=_('Manage process type enforcement mode'))
@@ -654,6 +673,7 @@ def setupPermissiveParser(subparsers):
parser_add_store(permissiveParser, "permissive")
- permissiveParser.add_argument('type', nargs='?', default=None, help=_('type'))
+ permissiveParser.add_argument('type', nargs='+', default=None, help=_('type'))
permissiveParser.add_argument('type', nargs='?', default=None, help=_('type'))
permissiveParser.set_defaults(func=handlePermissive)
+ permissiveParser.set_defaults(parser=permissiveParser)
def handleDontaudit(args):
@@ -670,11 +684,11 @@ def setupDontauditParser(subparsers):
OBJECT = object_dict['dontaudit']()
@@ -670,11 +690,11 @@ def setupDontauditParser(subparsers):
def handleExport(args):
manageditems=[ "boolean", "login", "interface", "user", "port", "node", "fcontext", "module"]
for i in manageditems:
@ -655711,7 +655741,7 @@ index dd63010..69b9c49 100644
sys.exit(0)
@@ -743,10 +757,10 @@ def handleImport(args):
@@ -743,10 +763,10 @@ def handleImport(args):
commandParser = createCommandParser()
args = commandParser.parse_args(mkargv(l))
args.func(args)
@ -655724,7 +655754,7 @@ index dd63010..69b9c49 100644
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
sys.exit(1)
except KeyboardInterrupt:
@@ -764,11 +778,11 @@ def setupImportParser(subparsers):
@@ -764,11 +784,11 @@ def setupImportParser(subparsers):
def createCommandParser():
commandParser = seParser(prog='semanage',
@ -655741,7 +655771,7 @@ index dd63010..69b9c49 100644
#To add a new subcommand define the parser for it in a function above and call it here.
subparsers = commandParser.add_subparsers(dest='subcommand')
setupImportParser(subparsers)
@@ -788,7 +802,7 @@ def createCommandParser():
@@ -788,7 +808,7 @@ def createCommandParser():
def make_io_args(args):
# import/export backward compability
@ -655750,7 +655780,7 @@ index dd63010..69b9c49 100644
args_file = []
args_ie = []
args_subcommand = []
@@ -808,6 +822,8 @@ def make_io_args(args):
@@ -808,6 +828,8 @@ def make_io_args(args):
return args_subcommand+args_ie+args_file
def make_args(sys_args):
@ -655759,7 +655789,7 @@ index dd63010..69b9c49 100644
args = []
if "-o" in sys_args[1:] or "-i" in sys_args[1:]:
args=make_io_args(sys_args[1:])
@@ -822,21 +838,21 @@ def do_parser():
@@ -822,21 +844,21 @@ def do_parser():
args = commandParser.parse_args(make_args(sys.argv))
args.func(args)
sys.exit(0)
@ -658725,7 +658755,7 @@ index 458a4d2..b6088af 100644
+ except dbus.DBusException as e:
+ print(e)
diff --git a/policycoreutils-2.4/sepolicy/selinux_server.py b/policycoreutils-2.4/sepolicy/selinux_server.py
index e94c38f..671be1a 100644
index e94c38f..6e8d9b2 100644
--- a/policycoreutils-2.4/sepolicy/selinux_server.py
+++ b/policycoreutils-2.4/sepolicy/selinux_server.py
@@ -1,9 +1,9 @@
@ -658740,7 +658770,7 @@ index e94c38f..671be1a 100644
import slip.dbus.service
from slip.dbus import polkit
import os
@@ -18,7 +18,7 @@ class selinux_server(slip.dbus.service.Object):
@@ -18,45 +18,45 @@ class selinux_server(slip.dbus.service.Object):
#
# The semanage method runs a transaction on a series of semanage commands,
# these commnds can take the output of customized
@ -658749,7 +658779,9 @@ index e94c38f..671be1a 100644
@slip.dbus.polkit.require_auth("org.selinux.semanage")
@dbus.service.method("org.selinux", in_signature='s')
def semanage(self, buf):
@@ -27,10 +27,10 @@ class selinux_server(slip.dbus.service.Object):
- p = Popen(["/usr/sbin/semanage", "import"],stdout=PIPE, stderr=PIPE, stdin=PIPE)
+ p = Popen(["/usr/sbin/semanage", "import"],stdout=PIPE, stderr=PIPE, stdin=PIPE, universal_newlines=True)
p.stdin.write(buf)
output = p.communicate()
if p.returncode and p.returncode != 0:
raise dbus.exceptions.DBusException(output[1])
@ -658762,16 +658794,29 @@ index e94c38f..671be1a 100644
# another server to make the two systems have duplicate policy.
#
@slip.dbus.polkit.require_auth("org.selinux.customized")
@@ -42,7 +42,7 @@ class selinux_server(slip.dbus.service.Object):
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
def customized(self):
- p = Popen(["/usr/sbin/semanage", "export"],stdout=PIPE, stderr=PIPE)
+ p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE, universal_newlines=True)
buf = p.stdout.read()
output = p.communicate()
if p.returncode and p.returncode != 0:
raise OSError("Failed to read SELinux configuration: %s", output)
return buf
-
+
#
# The semodule_list method will return the output of semodule -l, using the customized polkit,
- # The semodule_list method will return the output of semodule -l, using the customized polkit,
+ # The semodule_list method will return the output of semodule --list=full, using the customized polkit,
# since this is a readonly behaviour
@@ -56,7 +56,7 @@ class selinux_server(slip.dbus.service.Object):
#
@slip.dbus.polkit.require_auth("org.selinux.semodule_list")
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
def semodule_list(self):
- p = Popen(["/usr/sbin/semodule", "-l"],stdout=PIPE, stderr=PIPE)
+ p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE, universal_newlines=True)
buf = p.stdout.read()
output = p.communicate()
if p.returncode and p.returncode != 0:
raise OSError("Failed to list SELinux modules: %s", output)
return buf
@ -659221,7 +659266,7 @@ index 74fb347..ec02fb2 100755
+ print("Out")
sys.exit(0)
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
index 679725d..b540180 100644
index 679725d..7499c1c 100644
--- a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py
@@ -1,25 +1,30 @@
@ -659354,7 +659399,7 @@ index 679725d..b540180 100644
+def get_all_modules():
+ all_modules = []
+ cmd = "semodule -l 2>/dev/null"
+ cmd = "semodule --list=full 2>/dev/null"
+ try:
+ output = subprocess.check_output(cmd,
+ stderr=subprocess.STDOUT,
@ -659367,7 +659412,7 @@ index 679725d..b540180 100644
+
+ for i in l:
+ if len(i):
+ all_modules.append(i.split()[0])
+ all_modules.append(i.split()[1])
+
+ return all_modules
+
@ -660956,7 +661001,7 @@ index 6b53035..a06c6c4 100644
out += "%s # %s\n" % (self.write_te(out_dir), _("Type Enforcement file"))
out += "%s # %s\n" % (self.write_if(out_dir), _("Interface file"))
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/gui.py b/policycoreutils-2.4/sepolicy/sepolicy/gui.py
index 5ca87b9..4437d9e 100644
index 5ca87b9..23a6c33 100644
--- a/policycoreutils-2.4/sepolicy/sepolicy/gui.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy/gui.py
@@ -1,4 +1,4 @@
@ -661132,6 +661177,18 @@ index 5ca87b9..4437d9e 100644
"on_info_button_button_press_event" : self.on_help_button,
"on_back_button_clicked" : self.on_help_back_clicked,
"on_forward_button_clicked" : self.on_help_forward_clicked,
@@ -668,9 +663,9 @@ class SELinuxGui():
self.module_dict = {}
for m in self.dbus.semodule_list().split("\n"):
mod = m.split()
- if len(mod) < 2:
+ if len(mod) < 3:
continue
- self.module_dict[mod[0]] = { "version": mod[1], "Disabled" : (len(mod) > 2) }
+ self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) }
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"])
@@ -703,7 +698,7 @@ class SELinuxGui():
def match_func(self, completion, key_string, iter, func_data):
@ -661294,16 +661351,21 @@ index 5ca87b9..4437d9e 100644
self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
if self.transitions_radio_button.get_active():
@@ -1441,7 +1436,7 @@ class SELinuxGui():
@@ -1440,8 +1435,12 @@ class SELinuxGui():
def stripsort(self, model, row1, row2, user_data):
sort_column, _ = model.get_sort_column_id()
val1 = self.unmarkup(model.get_value(row1, sort_column))
+ if val1 is None:
+ val1 = ""
val2 = self.unmarkup(model.get_value(row2, sort_column))
- return cmp(val1,val2)
+ if val2 is None:
+ val2 = ""
+ return (val1 > val2) - (val1 < val2)
def display_more_detail(self, windows, path):
it = self.boolean_filter.get_iter(path)
@@ -1627,7 +1622,7 @@ class SELinuxGui():
@@ -1627,7 +1626,7 @@ class SELinuxGui():
self.files_type_combolist.clear()
self.files_class_combolist.clear()
compare = self.strip_domain(self.application)
@ -661312,7 +661374,7 @@ index 5ca87b9..4437d9e 100644
if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"):
exclude_list.append(self.strip_domain(d[0]))
@@ -1638,7 +1633,7 @@ class SELinuxGui():
@@ -1638,7 +1637,7 @@ class SELinuxGui():
self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files])
if ipage == EXE_PAGE and self.entrypoints != None:
@ -661321,7 +661383,7 @@ index 5ca87b9..4437d9e 100644
if exe.startswith(compare):
iter = self.files_type_combolist.append()
self.files_type_combolist.set_value(iter, 0, exe)
@@ -1648,7 +1643,7 @@ class SELinuxGui():
@@ -1648,7 +1647,7 @@ class SELinuxGui():
self.files_class_combobox.set_sensitive(False)
elif ipage == WRITABLE_PAGE and self.writable_files != None:
@ -661330,7 +661392,7 @@ index 5ca87b9..4437d9e 100644
if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types:
iter = self.files_type_combolist.append()
self.files_type_combolist.set_value(iter, 0, write)
@@ -1665,7 +1660,7 @@ class SELinuxGui():
@@ -1665,7 +1664,7 @@ class SELinuxGui():
self.more_types_files_liststore.set_value(iter, 0, app)
self.files_class_combobox.set_active(0)
except AttributeError:
@ -661339,7 +661401,7 @@ index 5ca87b9..4437d9e 100644
pass
self.files_type_combobox.set_active(0)
self.files_mls_entry.set_text("s0")
@@ -1706,13 +1701,13 @@ class SELinuxGui():
@@ -1706,13 +1705,13 @@ class SELinuxGui():
try:
if ipage == OUTBOUND_PAGE:
@ -661357,7 +661419,7 @@ index 5ca87b9..4437d9e 100644
for t,ports in netd[k]:
if t not in port_types + ["port_t", "unreserved_port_t"]:
if t.endswith("_type"):
@@ -1807,7 +1802,7 @@ class SELinuxGui():
@@ -1807,7 +1806,7 @@ class SELinuxGui():
self.wait_mouse()
try:
self.dbus.semanage(update_buffer)
@ -661366,7 +661428,7 @@ index 5ca87b9..4437d9e 100644
self.error(e)
self.ready_mouse()
@@ -1885,7 +1880,7 @@ class SELinuxGui():
@@ -1885,7 +1884,7 @@ class SELinuxGui():
tree.set_value(iter, 2, fclass)
def restore_to_default(self, *args):
@ -661375,7 +661437,7 @@ index 5ca87b9..4437d9e 100644
def invalid_entry_retry(self, *args):
self.closewindow(self.error_check_window)
@@ -2138,7 +2133,7 @@ class SELinuxGui():
@@ -2138,7 +2137,7 @@ class SELinuxGui():
def on_save_delete_file_equiv_clicked(self, *args):
for delete in self.files_delete_liststore:
@ -661384,7 +661446,7 @@ index 5ca87b9..4437d9e 100644
def on_toggle_update(self, cell, path, model):
model[path][0] = not model[path][0]
@@ -2180,7 +2175,6 @@ class SELinuxGui():
@@ -2180,7 +2179,6 @@ class SELinuxGui():
self.update = True
self.update_treestore.clear()
for bools in self.cur_dict["boolean"]:
@ -661392,7 +661454,7 @@ index 5ca87b9..4437d9e 100644
iter = self.update_treestore.append(None)
self.update_treestore.set_value(iter, 0, True)
self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools))
@@ -2411,8 +2405,11 @@ class SELinuxGui():
@@ -2411,8 +2409,11 @@ class SELinuxGui():
cur = selinux.getfilecon(path)[1].split(":")[2]
con = selinux.matchpathcon(path,0)[1].split(":")[2]
if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH":path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES:
@ -661406,7 +661468,7 @@ index 5ca87b9..4437d9e 100644
def new_updates(self, *args):
self.update_button.set_sensitive(self.modified())
@@ -2446,8 +2443,8 @@ class SELinuxGui():
@@ -2446,8 +2447,8 @@ class SELinuxGui():
self.wait_mouse()
try:
self.dbus.semanage(update_buffer)
@ -661417,7 +661479,7 @@ index 5ca87b9..4437d9e 100644
self.ready_mouse()
self.init_cur()
@@ -2541,34 +2538,7 @@ class SELinuxGui():
@@ -2541,34 +2542,7 @@ class SELinuxGui():
self.network_mls_label.set_visible(advanced)
self.network_mls_entry.set_visible(advanced)
@ -661453,7 +661515,7 @@ index 5ca87b9..4437d9e 100644
if label.get_text() == ADVANCED_SEARCH_LABEL[1]:
label.set_text(ADVANCED_SEARCH_LABEL[0])
self.close_popup()
@@ -2576,25 +2546,6 @@ class SELinuxGui():
@@ -2576,25 +2550,6 @@ class SELinuxGui():
label.set_text(ADVANCED_SEARCH_LABEL[1])
self.show_popup(self.advanced_search_window)
@ -661479,7 +661541,7 @@ index 5ca87b9..4437d9e 100644
def set_enforce_text(self, value):
if value:
self.status_bar.push(self.context_id, _("System Status: Enforcing"))
@@ -2603,8 +2554,14 @@ class SELinuxGui():
@@ -2603,8 +2558,14 @@ class SELinuxGui():
self.current_status_permissive.set_active(True)
def set_enforce(self, button):
@ -661496,7 +661558,7 @@ index 5ca87b9..4437d9e 100644
def on_browse_select(self, *args):
filename = self.file_dialog.get_filename()
@@ -2664,16 +2621,22 @@ class SELinuxGui():
@@ -2664,16 +2625,22 @@ class SELinuxGui():
self.system_policy_type_combobox.set_active(self.typeHistory)
return None
@ -661523,7 +661585,7 @@ index 5ca87b9..4437d9e 100644
def import_config_show(self, *args):
self.file_dialog.set_action(Gtk.FileChooserAction.OPEN)
@@ -2730,7 +2693,7 @@ class SELinuxGui():
@@ -2730,7 +2697,7 @@ class SELinuxGui():
return
try:
self.dbus.relabel_on_boot(active)
@ -661532,7 +661594,7 @@ index 5ca87b9..4437d9e 100644
self.error(e)
def closewindow(self, window, *args):
@@ -2816,10 +2779,13 @@ class SELinuxGui():
@@ -2816,10 +2783,13 @@ class SELinuxGui():
if not self.finish_init:
return
self.wait_mouse()
@ -663437,7 +663499,7 @@ index c6645ef..8965795 100644
+ except dbus.DBusException as e:
+ print (e)
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade b/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade
index 1275c7f..b848baa 100644
index 1275c7f..83822dd 100644
--- a/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade
+++ b/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade
@@ -2,7 +2,7 @@
@ -663510,6 +663572,15 @@ index 1275c7f..b848baa 100644
<property name="xalign">0.5</property>
<property name="draw_indicator">True</property>
<signal name="toggled" handler="on_make_path_recursive_toggled" swapped="no"/>
@@ -1061,7 +1043,7 @@
<object class="GtkImage" id="help_image">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="pixbuf">images/booleans.png</property>
+ <property name="pixbuf">help/booleans.png</property>
</object>
<packing>
<property name="expand">False</property>
@@ -2948,7 +2930,7 @@ Enabled</property>
<property name="tooltip_text" translatable="yes">Executables which will transition to a different domain, when the 'selected domain' executes them.</property>
<property name="xpad">1</property>

8
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.4
Release: 19%{?dist}
Release: 20%{?dist}
License: GPLv2
Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
# HEAD https://github.com/fedora-selinux/selinux/commit/d0f3cdcf325dc08aae2a2884c9cdcb35d82baf19
# HEAD https://github.com/fedora-selinux/selinux/commit/3f154b2e8e2978ba65afbd224f4bbd64e2374a36
Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch
Patch100: policycoreutils-fix-semanage-python3.patch
@ -404,6 +404,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Mon Dec 14 2015 Petr Lautrbach <plautrba@redhat.com> - 2.4-20
- Fix 'semanage permissive -l' subcommand (#1286325)
- Several 'sepolicy gui' fixes (#1281309,#1281309,#1282382)
* Tue Nov 17 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-19
- Require at least one argument for 'semanage permissive -d' (#1255676)