From ad9ae902cf9663d9e6907387e27b81055ed63b32 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 1 Jul 2008 13:44:20 +0000 Subject: [PATCH] Updated seobject.py --- policycoreutils-rhat.patch | 77 ++++++++++++++++++++++++++------------ 1 file changed, 54 insertions(+), 23 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 235cd17..8af5d66 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,15 +1,15 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.49/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile --- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400 -+++ policycoreutils-2.0.49/Makefile 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/Makefile 2008-07-01 09:43:28.000000000 -0400 @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.49/restorecond/restorecond.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/restorecond/restorecond.c 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 09:43:28.000000000 -0400 @@ -210,9 +210,10 @@ } @@ -36,9 +36,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po } free(scontext); close(fd); -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.49/restorecond/restorecond.init +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.50/restorecond/restorecond.init --- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/restorecond/restorecond.init 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/restorecond/restorecond.init 2008-07-01 09:43:28.000000000 -0400 @@ -2,7 +2,7 @@ # # restorecond: Daemon used to maintain path file context @@ -48,9 +48,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po # description: restorecond uses inotify to look for creation of new files \ # listed in the /etc/selinux/restorecond.conf file, and restores the \ # correct security context. -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.49/scripts/fixfiles +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.50/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/scripts/fixfiles 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/scripts/fixfiles 2008-07-01 09:43:28.000000000 -0400 @@ -138,6 +138,9 @@ fi LogReadOnly @@ -80,9 +80,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po } if [ $# = 0 ]; then -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.49/scripts/fixfiles.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.50/scripts/fixfiles.8 --- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/scripts/fixfiles.8 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-07-01 09:43:28.000000000 -0400 @@ -7,6 +7,8 @@ .B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ] @@ -102,9 +102,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po .SH "OPTIONS" .TP -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.49/semanage/semanage +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/semanage/semanage 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 09:43:28.000000000 -0400 @@ -43,49 +43,52 @@ if __name__ == '__main__': @@ -230,9 +230,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po sys.exit(0); if modify: -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.49/semanage/semanage.8 +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/semanage/semanage.8 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 09:43:28.000000000 -0400 @@ -17,6 +17,8 @@ .br .B semanage fcontext \-{a|d|m} [\-frst] file_spec @@ -255,9 +255,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po Russell Coker . Examples by Thomas Bleher . - -diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.49/semanage/seobject.py +diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400 -+++ policycoreutils-2.0.49/semanage/seobject.py 2008-06-27 07:21:06.000000000 -0400 ++++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 09:43:52.000000000 -0400 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005, 2006, 2007 Red Hat @@ -275,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) -@@ -246,7 +248,67 @@ +@@ -246,7 +248,98 @@ os.close(fd) os.rename(newfilename, self.filename) os.system("/sbin/service mcstrans reload > /dev/null") @@ -284,6 +284,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po +class permissiveRecords: + def __init__(self, store): + self.store = store ++ self.sh = semanage_handle_create() ++ if not self.sh: ++ raise ValueError(_("Could not create semanage handle")) ++ ++ if store != "": ++ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT); ++ ++ self.semanaged = semanage_is_managed(self.sh) ++ ++ if not self.semanaged: ++ semanage_handle_destroy(self.sh) ++ raise ValueError(_("SELinux policy is not managed or store cannot be accessed.")) ++ ++ rc = semanage_access_check(self.sh) ++ if rc < SEMANAGE_CAN_READ: ++ semanage_handle_destroy(self.sh) ++ raise ValueError(_("Cannot read policy store.")) ++ ++ rc = semanage_connect(self.sh) ++ if rc < 0: ++ semanage_handle_destroy(self.sh) ++ raise ValueError(_("Could not establish semanage connection")) + + def get_all(self): + rc, out = commands.getstatusoutput("semodule -l | grep ^permissive"); @@ -319,8 +341,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po + fd.close() + mc = module.ModuleCompiler() + mc.create_module_package(filename, 1) -+ rc, out = commands.getstatusoutput("semodule -i permissive_%s.pp" % type); -+ for root, dirs, files in os.walk("top", topdown=False): ++ fd = open("permissive_%s.pp" % type) ++ data = fd.read() ++ fd.close() ++ ++ rc = semanage_module_install(self.sh, data, len(data)); ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not set permissive domain %s") % name) ++ for root, dirs, files in os.walk("tmp", topdown=False): + for name in files: + os.remove(os.path.join(root, name)) + for name in dirs: @@ -331,9 +360,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po + + + def delete(self, name): -+ rc, out = commands.getstatusoutput("semodule -r permissive_%s" % name ); -+ if rc != 0: -+ raise ValueError(out) ++ for i in name.split ++ rc = semanage_module_remove(self.sh, "permissive_%s" % name) ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not remove permissive domain %s") % name) + + def deleteall(self): + l = self.get_all() @@ -344,7 +375,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po class semanageRecords: def __init__(self, store): self.sh = semanage_handle_create() -@@ -464,7 +526,7 @@ +@@ -464,7 +557,7 @@ def __init__(self, store = ""): semanageRecords.__init__(self, store)