From a8ac23f196675164cdacf95bdd0a80fc9945bca7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 11 Apr 2009 12:22:23 +0000 Subject: [PATCH] * Sat Apr 11 2009 Dan Walsh 2.0.62-9 - Handle case where subs file does not exist --- policycoreutils-rhat.patch | 136 ++++++++++++++++++++++++------------- policycoreutils.spec | 5 +- 2 files changed, 93 insertions(+), 48 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 68eb567..5030dc8 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -120,6 +120,32 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po +/root/.ssh/* + + +diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.62/scripts/chcat +--- nsapolicycoreutils/scripts/chcat 2009-01-13 08:45:35.000000000 -0500 ++++ policycoreutils-2.0.62/scripts/chcat 2009-04-09 12:28:34.000000000 -0400 +@@ -281,14 +281,14 @@ + def expandCats(cats): + newcats = [] + for c in cats: +- if c.find(".") != -1: +- c = c.split(".") +- for i in range(int(c[0][1:]), int(c[1][1:]) + 1): +- x = ("c%d" % i) +- if x not in newcats: +- newcats.append("c%d" % i) +- else: +- for i in c.split(","): ++ for i in c.split(","): ++ if i.find(".") != -1: ++ j = i.split(".") ++ for k in range(int(j[0][1:]), int(j[1][1:]) + 1): ++ x = ("c%d" % k) ++ if x not in newcats: ++ newcats.append(x) ++ else: + if i not in newcats: + newcats.append(i) + if len(newcats) > 25: diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2009-02-18 16:44:47.000000000 -0500 +++ policycoreutils-2.0.62/scripts/fixfiles 2009-04-03 14:12:56.000000000 -0400 @@ -240,10 +266,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2008-11-14 17:10:15.000000000 -0500 -+++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-08 22:01:48.000000000 -0400 -@@ -23,14 +23,14 @@ ++++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-11 08:13:02.000000000 -0400 +@@ -21,16 +21,16 @@ + # + # - import pwd, grp, string, selinux, tempfile, os, re, sys +-import pwd, grp, string, selinux, tempfile, os, re, sys ++import pwd, grp, string, selinux, tempfile, os, re, sys, stat from semanage import *; -PROGNAME="policycoreutils" +PROGNAME = "policycoreutils" @@ -325,7 +354,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if heading: print "\n%-25s %s\n" % (_("Level"), _("Translation")) keys = self.ddict.keys() -@@ -281,15 +281,20 @@ +@@ -273,6 +273,7 @@ + (fd, newfilename) = tempfile.mkstemp('', self.filename) + os.write(fd, self.out()) + os.close(fd) ++ os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE]) + os.rename(newfilename, self.filename) + os.system("/sbin/service mcstrans reload > /dev/null") + +@@ -281,15 +282,20 @@ global handle if handle != None: @@ -349,7 +386,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def begin(self): if self.transaction: return -@@ -303,6 +308,12 @@ +@@ -303,6 +309,12 @@ if rc < 0: raise ValueError(_("Could not commit semanage transaction")) @@ -362,7 +399,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po class permissiveRecords(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) -@@ -320,7 +331,7 @@ +@@ -320,7 +332,7 @@ l.append(name.split("permissive_")[1]) return l @@ -371,7 +408,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if heading: print "\n%-25s\n" % (_("Permissive Types")) for t in self.get_all(): -@@ -328,6 +339,7 @@ +@@ -328,6 +340,7 @@ def add(self, type): @@ -379,7 +416,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po name = "permissive_%s" % type dirname = "/var/lib/selinux" os.chdir(dirname) -@@ -341,7 +353,7 @@ +@@ -341,7 +354,7 @@ permissive %s; """ % (name, type, type) @@ -388,7 +425,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po fd.write(modtxt) fd.close() mc = module.ModuleCompiler() -@@ -351,16 +363,19 @@ +@@ -351,16 +364,19 @@ fd.close() rc = semanage_module_install(self.sh, data, len(data)); @@ -413,7 +450,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def delete(self, name): for n in name.split(): -@@ -390,11 +405,11 @@ +@@ -390,11 +406,11 @@ if sename == "": sename = "user_u" @@ -427,7 +464,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: -@@ -410,7 +425,7 @@ +@@ -410,7 +426,7 @@ except: raise ValueError(_("Linux User %s does not exist") % name) @@ -436,7 +473,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create login mapping for %s") % name) -@@ -450,17 +465,17 @@ +@@ -450,17 +466,17 @@ if sename == "" and serange == "": raise ValueError(_("Requires seuser or serange")) @@ -457,7 +494,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query seuser for %s") % name) -@@ -483,7 +498,7 @@ +@@ -483,7 +499,7 @@ semanage_seuser_key_free(k) semanage_seuser_free(u) @@ -466,7 +503,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def modify(self, name, sename = "", serange = ""): try: -@@ -492,21 +507,21 @@ +@@ -492,21 +508,21 @@ self.commit() except ValueError, error: @@ -492,7 +529,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if not exists: -@@ -525,10 +540,10 @@ +@@ -525,10 +541,10 @@ self.commit() except ValueError, error: @@ -505,7 +542,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} -@@ -578,17 +593,17 @@ +@@ -578,17 +594,17 @@ if len(roles) < 1: raise ValueError(_("You must add at least one role for %s") % name) @@ -526,7 +563,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create SELinux user for %s") % name) -@@ -612,7 +627,7 @@ +@@ -612,7 +628,7 @@ rc = semanage_user_set_prefix(self.sh, u, prefix) if rc < 0: raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) @@ -535,7 +572,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not extract key for %s") % name) -@@ -645,17 +660,17 @@ +@@ -645,17 +661,17 @@ else: raise ValueError(_("Requires prefix or roles")) @@ -556,7 +593,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query user for %s") % name) -@@ -703,17 +718,17 @@ +@@ -703,17 +719,17 @@ raise error def __delete(self, name): @@ -577,7 +614,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if not exists: -@@ -795,7 +810,7 @@ +@@ -795,7 +811,7 @@ low = int(ports[0]) high = int(ports[1]) @@ -586,7 +623,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create a key for %s/%s") % (proto, port)) return ( k, proto_d, low, high ) -@@ -812,13 +827,13 @@ +@@ -812,13 +828,13 @@ ( k, proto_d, low, high ) = self.__genkey(port, proto) @@ -602,7 +639,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create port for %s/%s") % (proto, port)) -@@ -871,13 +886,13 @@ +@@ -871,13 +887,13 @@ ( k, proto_d, low, high ) = self.__genkey(port, proto) @@ -618,7 +655,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query port %s/%s") % (proto, port)) -@@ -926,13 +941,13 @@ +@@ -926,13 +942,13 @@ def __delete(self, port, proto): ( k, proto_d, low, high ) = self.__genkey(port, proto) @@ -634,7 +671,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) if not exists: -@@ -1038,17 +1053,17 @@ +@@ -1038,17 +1054,17 @@ if ctype == "": raise ValueError(_("SELinux Type is required")) @@ -655,7 +692,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create addr for %s") % addr) -@@ -1113,17 +1128,17 @@ +@@ -1113,17 +1129,17 @@ if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) @@ -676,7 +713,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query addr %s") % addr) -@@ -1160,17 +1175,17 @@ +@@ -1160,17 +1176,17 @@ else: raise ValueError(_("Unknown or missing protocol")) @@ -697,7 +734,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if addr %s is defined") % addr) if not exists: -@@ -1240,17 +1255,17 @@ +@@ -1240,17 +1256,17 @@ if ctype == "": raise ValueError(_("SELinux Type is required")) @@ -718,7 +755,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create interface for %s") % interface) -@@ -1301,17 +1316,17 @@ +@@ -1301,17 +1317,17 @@ if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) @@ -739,7 +776,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query interface %s") % interface) -@@ -1335,17 +1350,17 @@ +@@ -1335,17 +1351,17 @@ self.commit() def __delete(self, interface): @@ -760,26 +797,31 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if not exists: -@@ -1393,6 +1408,40 @@ +@@ -1393,6 +1409,45 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) + self.equiv = {} -+ fd = open(selinux.selinux_file_context_subs_path(), "r") -+ for i in fd.readlines(): -+ src, dst = i.split() -+ self.equiv[src] = dst -+ fd.close() + self.equil_ind = False ++ try: ++ fd = open(selinux.selinux_file_context_subs_path(), "r") ++ for i in fd.readlines(): ++ src, dst = i.split() ++ self.equiv[src] = dst ++ fd.close() ++ except IOError: ++ pass + + def commit(self): + if self.equil_ind: -+ tmpfile = "%s.tmp" % selinux.selinux_file_context_subs_path() ++ subs_file = selinux.selinux_file_context_subs_path() ++ tmpfile = "%s.tmp" % subs_file + fd = open(tmpfile, "w") + for src in self.equiv.keys(): + fd.write("%s %s\n" % (src, self.equiv[src])) + fd.close() -+ os.rename(tmpfile,selinux.selinux_file_context_subs_path()) ++ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE]) ++ os.rename(tmpfile,subs_file) + self.equil_ind = False + semanageRecords.commit(self) + @@ -801,7 +843,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1429,23 +1478,23 @@ +@@ -1429,23 +1484,23 @@ if type == "": raise ValueError(_("SELinux Type is required")) @@ -829,7 +871,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create file context for %s") % target) -@@ -1486,21 +1535,21 @@ +@@ -1486,21 +1541,21 @@ raise ValueError(_("Requires setype, serange or seuser")) self.validate(target) @@ -856,7 +898,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query file context for %s") % target) -@@ -1550,7 +1599,7 @@ +@@ -1550,7 +1605,7 @@ target = semanage_fcontext_get_expr(fcontext) ftype = semanage_fcontext_get_type(fcontext) ftype_str = semanage_fcontext_get_type_str(ftype) @@ -865,7 +907,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1558,19 +1607,26 @@ +@@ -1558,19 +1613,26 @@ if rc < 0: raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -896,7 +938,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: -@@ -1617,11 +1673,11 @@ +@@ -1617,11 +1679,11 @@ return ddict def list(self, heading = 1, locallist = 0 ): @@ -910,7 +952,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1630,11 +1686,17 @@ +@@ -1630,11 +1692,17 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -929,7 +971,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po self.dict["TRUE"] = 1 self.dict["FALSE"] = 0 self.dict["ON"] = 1 -@@ -1643,16 +1705,16 @@ +@@ -1643,16 +1711,16 @@ self.dict["0"] = 0 def __mod(self, name, value): @@ -949,7 +991,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not query file context %s") % name) -@@ -1670,7 +1732,7 @@ +@@ -1670,7 +1738,7 @@ semanage_bool_key_free(k) semanage_bool_free(b) @@ -958,7 +1000,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po self.begin() -@@ -1694,16 +1756,16 @@ +@@ -1694,16 +1762,16 @@ def __delete(self, name): @@ -978,7 +1020,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po if rc < 0: raise ValueError(_("Could not check if boolean %s is defined") % name) if not exists: -@@ -1762,7 +1824,7 @@ +@@ -1762,7 +1830,7 @@ return _("unknown") def list(self, heading = True, locallist = False, use_file = False): diff --git a/policycoreutils.spec b/policycoreutils.spec index fc5f9cd..56dc027 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.62 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -221,6 +221,9 @@ else fi %changelog +* Sat Apr 11 2009 Dan Walsh 2.0.62-9 +- Handle case where subs file does not exist + * Wed Apr 8 2009 Dan Walsh 2.0.62-8 - Update po files - Add --equiv command for semanage