diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch index 03f07da..ee09b7c 100644 --- a/policycoreutils-sepolgen.patch +++ b/policycoreutils-sepolgen.patch @@ -181,3 +181,42 @@ index 0e6b502..6ce892c 100644 self.module.children.append(rule) +diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py +index 1a2eec8..955784d 100644 +--- a/sepolgen/src/sepolgen/refparser.py ++++ b/sepolgen/src/sepolgen/refparser.py +@@ -109,6 +109,7 @@ tokens = ( + 'DONTAUDIT', + 'AUDITALLOW', + 'NEVERALLOW', ++ 'PERMISSIVE', + 'TYPE_TRANSITION', + 'TYPE_CHANGE', + 'TYPE_MEMBER', +@@ -170,6 +171,7 @@ reserved = { + 'dontaudit' : 'DONTAUDIT', + 'auditallow' : 'AUDITALLOW', + 'neverallow' : 'NEVERALLOW', ++ 'permissive' : 'PERMISSIVE', + 'type_transition' : 'TYPE_TRANSITION', + 'type_change' : 'TYPE_CHANGE', + 'type_member' : 'TYPE_MEMBER', +@@ -490,6 +492,7 @@ def p_policy_stmt(p): + | interface_call + | role_def + | role_allow ++ | permissive + | type_def + | typealias_def + | attribute_def +@@ -747,6 +750,10 @@ def p_role_allow(p): + r.tgt_roles = p[3] + p[0] = r + ++def p_permissive(p): ++ 'permissive : PERMISSIVE names SEMI' ++ t.skip(1) ++ + def p_avrule_def(p): + '''avrule_def : ALLOW names names COLON names names SEMI + | DONTAUDIT names names COLON names names SEMI diff --git a/policycoreutils.spec b/policycoreutils.spec index aa63752..86d15e1 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.6 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -352,6 +352,9 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Thu Sep 29 2011 Dan Walsh - 2.1.6-3 +- Ignore permissive commands in interfaces + * Thu Sep 29 2011 Dan Walsh - 2.1.6-2 - Remove gnome requirement from polgengui