From b4c5b4829d70edb15387bb693f2a601bf4a56e31 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 22 Apr 2013 10:03:47 -0400 Subject: [PATCH] Fix exceptionion hanling in audit2allow -o - Generate Man pages for everydomain, not just ones with exec_t entrypoints - sepolicy comunicate should return ValueError not TypeError - Trim header line in sepolicy manpage to use less space - Add missing options to restorecon man page --- policycoreutils-rhat.patch | 66 +++++++++++++++++++++++++++++++++++--- policycoreutils.spec | 12 ++++++- 2 files changed, 72 insertions(+), 6 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index d2e0001..7c8352d 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -34,7 +34,7 @@ index 88635d4..fc290ea 100644 clean: rm -f *~ diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow -index 8e0c396..d282eee 100644 +index 8e0c396..1059bea 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow @@ -18,7 +18,7 @@ @@ -82,6 +82,16 @@ index 8e0c396..d282eee 100644 if rc == audit2why.RBAC: print "\t\tMissing role allow rule.\n" +@@ -350,6 +349,9 @@ class AuditToPolicy: + except ValueError, e: + print e + sys.exit(1) ++ except IOError, e: ++ print e ++ sys.exit(1) + + if __name__ == "__main__": + app = AuditToPolicy() diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1 index a854a45..bc70938 100644 --- a/policycoreutils/audit2allow/audit2allow.1 @@ -247461,6 +247471,19 @@ index 5e7415c..5267ed9 100644 booleans_dict = None def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): +diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py +index a179d95..9b9a09a 100755 +--- a/policycoreutils/sepolicy/sepolicy/communicate.py ++++ b/policycoreutils/sepolicy/sepolicy/communicate.py +@@ -40,7 +40,7 @@ def expand_attribute(attribute): + def get_types(src, tclass, perm): + allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm}) + if not allows: +- raise TypeError("The %s type is not allowed to %s any types" % (src, ",".join(perm))) ++ raise ValueError("The %s type is not allowed to %s any types" % (src, ",".join(perm))) + + tlist = [] + for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)): diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py index 26f8390..4739025 100644 --- a/policycoreutils/sepolicy/sepolicy/generate.py @@ -247757,7 +247780,7 @@ index 8b063ca..407ce20 100644 + else: + sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface)) diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py -index 25062da..2747e4f 100755 +index 25062da..63efc6d 100755 --- a/policycoreutils/sepolicy/sepolicy/manpage.py +++ b/policycoreutils/sepolicy/sepolicy/manpage.py @@ -28,12 +28,12 @@ import string @@ -247775,6 +247798,17 @@ index 25062da..2747e4f 100755 equiv_dirs=[ "/var" ] modules_dict = None +@@ -100,8 +100,8 @@ def gen_domains(): + for d in get_all_domains(): + found = False + domain = d[:-2] +- if domain + "_exec_t" not in get_entrypoints(): +- continue ++# if domain + "_exec_t" not in get_entrypoints(): ++# continue + if domain in domains: + continue + domains.append(domain) @@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list): return alphabet_manpages @@ -247916,7 +247950,7 @@ index 25062da..2747e4f 100755 self.anon_list = [] self.attributes = {} -@@ -563,19 +561,8 @@ class ManPage: +@@ -563,22 +561,11 @@ class ManPage: def _get_ptypes(self): for f in self.all_domains: @@ -247937,7 +247971,11 @@ index 25062da..2747e4f 100755 + self.ptypes.append(f) def _header(self): - self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"' +- self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"' ++ self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"' + % {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")}) + self.fd.write(r""" + .SH "NAME" @@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n def _port_types(self): self.ports = [] @@ -248169,7 +248207,7 @@ index 0000000..3a3faa6 + +""" diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 -index 80b6d6e..07c5ee2 100644 +index 80b6d6e..1215a29 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 @@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts. @@ -248185,6 +248223,24 @@ index 80b6d6e..07c5ee2 100644 .SH "DESCRIPTION" This manual page describes the +@@ -20,7 +20,7 @@ This program is primarily used to set the security context + It can also be run at any other time to correct inconsistent labels, to add + support for newly-installed policy or, by using the \-n option, to passively + check whether the file contexts are all set as specified by the active policy +-(default behavior) or by some other policy (see the \-c option). ++(default behavior). + .P + If a file object does not have a context, restorecon will write the default + context to the file object's extended attributes. If a file object has a +@@ -30,7 +30,7 @@ The -F option will force a replacement of the entire context. + .SH "OPTIONS" + .TP + .B \-e directory +-exclude a directory (repeat the option to exclude more than one directory). ++exclude a directory (repeat the option to exclude more than one directory, Requires full path). + .TP + .B \-f infilename + infilename contains a list of files to be processed. Use \- for stdin. @@ -49,7 +49,7 @@ ignore files that do not exist. don't change any file labels (passive check). .TP diff --git a/policycoreutils.spec b/policycoreutils.spec index 2fa429f..379fb41 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 35%{?dist} +Release: 37%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -323,6 +323,16 @@ The policycoreutils-restorecond package contains the restorecond service. %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Mon Apr 22 2013 Dan Walsh - 2.1.14-37 +- Fix exceptionion hanling in audit2allow -o +- Generate Man pages for everydomain, not just ones with exec_t entrypoints +- sepolicy comunicate should return ValueError not TypeError +- Trim header line in sepolicy manpage to use less space +- Add missing options to restorecon man page + +* Thu Apr 11 2013 Dan Walsh - 2.1.14-36 +- Raise proper Exception on sepolicy communicate with invalid value + * Wed Apr 10 2013 Dan Walsh - 2.1.14-35 - Update translations - Add patch by Miroslav Grepl to add compile test for sepolicy interface command.