Fix exceptionion hanling in audit2allow -o
- Generate Man pages for everydomain, not just ones with exec_t entrypoints - sepolicy comunicate should return ValueError not TypeError - Trim header line in sepolicy manpage to use less space - Add missing options to restorecon man page
This commit is contained in:
parent
19201f72c6
commit
b4c5b4829d
@ -34,7 +34,7 @@ index 88635d4..fc290ea 100644
|
|||||||
clean:
|
clean:
|
||||||
rm -f *~
|
rm -f *~
|
||||||
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
|
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
|
||||||
index 8e0c396..d282eee 100644
|
index 8e0c396..1059bea 100644
|
||||||
--- a/policycoreutils/audit2allow/audit2allow
|
--- a/policycoreutils/audit2allow/audit2allow
|
||||||
+++ b/policycoreutils/audit2allow/audit2allow
|
+++ b/policycoreutils/audit2allow/audit2allow
|
||||||
@@ -18,7 +18,7 @@
|
@@ -18,7 +18,7 @@
|
||||||
@ -82,6 +82,16 @@ index 8e0c396..d282eee 100644
|
|||||||
|
|
||||||
if rc == audit2why.RBAC:
|
if rc == audit2why.RBAC:
|
||||||
print "\t\tMissing role allow rule.\n"
|
print "\t\tMissing role allow rule.\n"
|
||||||
|
@@ -350,6 +349,9 @@ class AuditToPolicy:
|
||||||
|
except ValueError, e:
|
||||||
|
print e
|
||||||
|
sys.exit(1)
|
||||||
|
+ except IOError, e:
|
||||||
|
+ print e
|
||||||
|
+ sys.exit(1)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
app = AuditToPolicy()
|
||||||
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
|
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
|
||||||
index a854a45..bc70938 100644
|
index a854a45..bc70938 100644
|
||||||
--- a/policycoreutils/audit2allow/audit2allow.1
|
--- a/policycoreutils/audit2allow/audit2allow.1
|
||||||
@ -247461,6 +247471,19 @@ index 5e7415c..5267ed9 100644
|
|||||||
|
|
||||||
booleans_dict = None
|
booleans_dict = None
|
||||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||||
|
diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
|
||||||
|
index a179d95..9b9a09a 100755
|
||||||
|
--- a/policycoreutils/sepolicy/sepolicy/communicate.py
|
||||||
|
+++ b/policycoreutils/sepolicy/sepolicy/communicate.py
|
||||||
|
@@ -40,7 +40,7 @@ def expand_attribute(attribute):
|
||||||
|
def get_types(src, tclass, perm):
|
||||||
|
allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
|
||||||
|
if not allows:
|
||||||
|
- raise TypeError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
|
||||||
|
+ raise ValueError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
|
||||||
|
|
||||||
|
tlist = []
|
||||||
|
for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||||
index 26f8390..4739025 100644
|
index 26f8390..4739025 100644
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/generate.py
|
--- a/policycoreutils/sepolicy/sepolicy/generate.py
|
||||||
@ -247757,7 +247780,7 @@ index 8b063ca..407ce20 100644
|
|||||||
+ else:
|
+ else:
|
||||||
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
|
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
index 25062da..2747e4f 100755
|
index 25062da..63efc6d 100755
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
|
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
@@ -28,12 +28,12 @@ import string
|
@@ -28,12 +28,12 @@ import string
|
||||||
@ -247775,6 +247798,17 @@ index 25062da..2747e4f 100755
|
|||||||
|
|
||||||
equiv_dirs=[ "/var" ]
|
equiv_dirs=[ "/var" ]
|
||||||
modules_dict = None
|
modules_dict = None
|
||||||
|
@@ -100,8 +100,8 @@ def gen_domains():
|
||||||
|
for d in get_all_domains():
|
||||||
|
found = False
|
||||||
|
domain = d[:-2]
|
||||||
|
- if domain + "_exec_t" not in get_entrypoints():
|
||||||
|
- continue
|
||||||
|
+# if domain + "_exec_t" not in get_entrypoints():
|
||||||
|
+# continue
|
||||||
|
if domain in domains:
|
||||||
|
continue
|
||||||
|
domains.append(domain)
|
||||||
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
|
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
|
||||||
return alphabet_manpages
|
return alphabet_manpages
|
||||||
|
|
||||||
@ -247916,7 +247950,7 @@ index 25062da..2747e4f 100755
|
|||||||
self.anon_list = []
|
self.anon_list = []
|
||||||
|
|
||||||
self.attributes = {}
|
self.attributes = {}
|
||||||
@@ -563,19 +561,8 @@ class ManPage:
|
@@ -563,22 +561,11 @@ class ManPage:
|
||||||
|
|
||||||
def _get_ptypes(self):
|
def _get_ptypes(self):
|
||||||
for f in self.all_domains:
|
for f in self.all_domains:
|
||||||
@ -247937,7 +247971,11 @@ index 25062da..2747e4f 100755
|
|||||||
+ self.ptypes.append(f)
|
+ self.ptypes.append(f)
|
||||||
|
|
||||||
def _header(self):
|
def _header(self):
|
||||||
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
|
- self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
|
||||||
|
+ self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||||
|
% {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||||
|
self.fd.write(r"""
|
||||||
|
.SH "NAME"
|
||||||
@@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
@@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||||
def _port_types(self):
|
def _port_types(self):
|
||||||
self.ports = []
|
self.ports = []
|
||||||
@ -248169,7 +248207,7 @@ index 0000000..3a3faa6
|
|||||||
+
|
+
|
||||||
+"""
|
+"""
|
||||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||||
index 80b6d6e..07c5ee2 100644
|
index 80b6d6e..1215a29 100644
|
||||||
--- a/policycoreutils/setfiles/restorecon.8
|
--- a/policycoreutils/setfiles/restorecon.8
|
||||||
+++ b/policycoreutils/setfiles/restorecon.8
|
+++ b/policycoreutils/setfiles/restorecon.8
|
||||||
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
|
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
|
||||||
@ -248185,6 +248223,24 @@ index 80b6d6e..07c5ee2 100644
|
|||||||
|
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
This manual page describes the
|
This manual page describes the
|
||||||
|
@@ -20,7 +20,7 @@ This program is primarily used to set the security context
|
||||||
|
It can also be run at any other time to correct inconsistent labels, to add
|
||||||
|
support for newly-installed policy or, by using the \-n option, to passively
|
||||||
|
check whether the file contexts are all set as specified by the active policy
|
||||||
|
-(default behavior) or by some other policy (see the \-c option).
|
||||||
|
+(default behavior).
|
||||||
|
.P
|
||||||
|
If a file object does not have a context, restorecon will write the default
|
||||||
|
context to the file object's extended attributes. If a file object has a
|
||||||
|
@@ -30,7 +30,7 @@ The -F option will force a replacement of the entire context.
|
||||||
|
.SH "OPTIONS"
|
||||||
|
.TP
|
||||||
|
.B \-e directory
|
||||||
|
-exclude a directory (repeat the option to exclude more than one directory).
|
||||||
|
+exclude a directory (repeat the option to exclude more than one directory, Requires full path).
|
||||||
|
.TP
|
||||||
|
.B \-f infilename
|
||||||
|
infilename contains a list of files to be processed. Use \- for stdin.
|
||||||
@@ -49,7 +49,7 @@ ignore files that do not exist.
|
@@ -49,7 +49,7 @@ ignore files that do not exist.
|
||||||
don't change any file labels (passive check).
|
don't change any file labels (passive check).
|
||||||
.TP
|
.TP
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.14
|
Version: 2.1.14
|
||||||
Release: 35%{?dist}
|
Release: 37%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -323,6 +323,16 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-37
|
||||||
|
- Fix exceptionion hanling in audit2allow -o
|
||||||
|
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
|
||||||
|
- sepolicy comunicate should return ValueError not TypeError
|
||||||
|
- Trim header line in sepolicy manpage to use less space
|
||||||
|
- Add missing options to restorecon man page
|
||||||
|
|
||||||
|
* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-36
|
||||||
|
- Raise proper Exception on sepolicy communicate with invalid value
|
||||||
|
|
||||||
* Wed Apr 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-35
|
* Wed Apr 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-35
|
||||||
- Update translations
|
- Update translations
|
||||||
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
|
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
|
||||||
|
Loading…
Reference in New Issue
Block a user