Fix exceptionion hanling in audit2allow -o

- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
This commit is contained in:
Dan Walsh 2013-04-22 10:03:47 -04:00
parent 19201f72c6
commit b4c5b4829d
2 changed files with 72 additions and 6 deletions

View File

@ -34,7 +34,7 @@ index 88635d4..fc290ea 100644
clean: clean:
rm -f *~ rm -f *~
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 8e0c396..d282eee 100644 index 8e0c396..1059bea 100644
--- a/policycoreutils/audit2allow/audit2allow --- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow
@@ -18,7 +18,7 @@ @@ -18,7 +18,7 @@
@ -82,6 +82,16 @@ index 8e0c396..d282eee 100644
if rc == audit2why.RBAC: if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n" print "\t\tMissing role allow rule.\n"
@@ -350,6 +349,9 @@ class AuditToPolicy:
except ValueError, e:
print e
sys.exit(1)
+ except IOError, e:
+ print e
+ sys.exit(1)
if __name__ == "__main__":
app = AuditToPolicy()
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1 diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
index a854a45..bc70938 100644 index a854a45..bc70938 100644
--- a/policycoreutils/audit2allow/audit2allow.1 --- a/policycoreutils/audit2allow/audit2allow.1
@ -247461,6 +247471,19 @@ index 5e7415c..5267ed9 100644
booleans_dict = None booleans_dict = None
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
index a179d95..9b9a09a 100755
--- a/policycoreutils/sepolicy/sepolicy/communicate.py
+++ b/policycoreutils/sepolicy/sepolicy/communicate.py
@@ -40,7 +40,7 @@ def expand_attribute(attribute):
def get_types(src, tclass, perm):
allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
if not allows:
- raise TypeError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
+ raise ValueError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
tlist = []
for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
index 26f8390..4739025 100644 index 26f8390..4739025 100644
--- a/policycoreutils/sepolicy/sepolicy/generate.py --- a/policycoreutils/sepolicy/sepolicy/generate.py
@ -247757,7 +247780,7 @@ index 8b063ca..407ce20 100644
+ else: + else:
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface)) + sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
index 25062da..2747e4f 100755 index 25062da..63efc6d 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py --- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -28,12 +28,12 @@ import string @@ -28,12 +28,12 @@ import string
@ -247775,6 +247798,17 @@ index 25062da..2747e4f 100755
equiv_dirs=[ "/var" ] equiv_dirs=[ "/var" ]
modules_dict = None modules_dict = None
@@ -100,8 +100,8 @@ def gen_domains():
for d in get_all_domains():
found = False
domain = d[:-2]
- if domain + "_exec_t" not in get_entrypoints():
- continue
+# if domain + "_exec_t" not in get_entrypoints():
+# continue
if domain in domains:
continue
domains.append(domain)
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list): @@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
return alphabet_manpages return alphabet_manpages
@ -247916,7 +247950,7 @@ index 25062da..2747e4f 100755
self.anon_list = [] self.anon_list = []
self.attributes = {} self.attributes = {}
@@ -563,19 +561,8 @@ class ManPage: @@ -563,22 +561,11 @@ class ManPage:
def _get_ptypes(self): def _get_ptypes(self):
for f in self.all_domains: for f in self.all_domains:
@ -247937,7 +247971,11 @@ index 25062da..2747e4f 100755
+ self.ptypes.append(f) + self.ptypes.append(f)
def _header(self): def _header(self):
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"' - self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
+ self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
% {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
self.fd.write(r"""
.SH "NAME"
@@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n @@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
def _port_types(self): def _port_types(self):
self.ports = [] self.ports = []
@ -248169,7 +248207,7 @@ index 0000000..3a3faa6
+ +
+""" +"""
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 80b6d6e..07c5ee2 100644 index 80b6d6e..1215a29 100644
--- a/policycoreutils/setfiles/restorecon.8 --- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts. @@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
@ -248185,6 +248223,24 @@ index 80b6d6e..07c5ee2 100644
.SH "DESCRIPTION" .SH "DESCRIPTION"
This manual page describes the This manual page describes the
@@ -20,7 +20,7 @@ This program is primarily used to set the security context
It can also be run at any other time to correct inconsistent labels, to add
support for newly-installed policy or, by using the \-n option, to passively
check whether the file contexts are all set as specified by the active policy
-(default behavior) or by some other policy (see the \-c option).
+(default behavior).
.P
If a file object does not have a context, restorecon will write the default
context to the file object's extended attributes. If a file object has a
@@ -30,7 +30,7 @@ The -F option will force a replacement of the entire context.
.SH "OPTIONS"
.TP
.B \-e directory
-exclude a directory (repeat the option to exclude more than one directory).
+exclude a directory (repeat the option to exclude more than one directory, Requires full path).
.TP
.B \-f infilename
infilename contains a list of files to be processed. Use \- for stdin.
@@ -49,7 +49,7 @@ ignore files that do not exist. @@ -49,7 +49,7 @@ ignore files that do not exist.
don't change any file labels (passive check). don't change any file labels (passive check).
.TP .TP

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.14 Version: 2.1.14
Release: 35%{?dist} Release: 37%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -323,6 +323,16 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-37
- Fix exceptionion hanling in audit2allow -o
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-36
- Raise proper Exception on sepolicy communicate with invalid value
* Wed Apr 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-35 * Wed Apr 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-35
- Update translations - Update translations
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command. - Add patch by Miroslav Grepl to add compile test for sepolicy interface command.