Ignore permissive commands in interfaces

policycoreutils-sepolgen.patch

@@ -181,3 +181,42 @@ index 0e6b502..6ce892c 100644
              self.module.children.append(rule)
  
  
+diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
+index 1a2eec8..955784d 100644
+--- a/sepolgen/src/sepolgen/refparser.py
++++ b/sepolgen/src/sepolgen/refparser.py
+@@ -109,6 +109,7 @@ tokens = (
+     'DONTAUDIT',
+     'AUDITALLOW',
+     'NEVERALLOW',
++    'PERMISSIVE',
+     'TYPE_TRANSITION',
+     'TYPE_CHANGE',
+     'TYPE_MEMBER',
+@@ -170,6 +171,7 @@ reserved = {
+     'dontaudit' : 'DONTAUDIT',
+     'auditallow' : 'AUDITALLOW',
+     'neverallow' : 'NEVERALLOW',
++    'permissive' : 'PERMISSIVE',
+     'type_transition' : 'TYPE_TRANSITION',
+     'type_change' : 'TYPE_CHANGE',
+     'type_member' : 'TYPE_MEMBER',
+@@ -490,6 +492,7 @@ def p_policy_stmt(p):
+                    | interface_call
+                    | role_def
+                    | role_allow
++                   | permissive
+                    | type_def
+                    | typealias_def
+                    | attribute_def
+@@ -747,6 +750,10 @@ def p_role_allow(p):
+     r.tgt_roles = p[3]
+     p[0] = r
+ 
++def p_permissive(p):
++    'permissive : PERMISSIVE names SEMI'
++    t.skip(1)
++
+ def p_avrule_def(p):
+     '''avrule_def : ALLOW names names COLON names names SEMI
+                   | DONTAUDIT names names COLON names names SEMI

policycoreutils.spec

@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Thu Sep 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3
+- Ignore permissive commands in interfaces
+
 * Thu Sep 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
 - Remove gnome requirement from polgengui