rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix manpage to generate proper man pages for alternate policy,

Browse Source 
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
This commit is contained in:
Dan Walsh 2012-11-03 07:19:34 -04:00
parent 1cc95772be
commit cc08d7735b
2 changed files with 233 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

362
policycoreutils-rhat.patch
View File

@ -341404,10 +341404,10 @@ index 0000000..c1d9411
+}
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
new file mode 100644
index 0000000..c574a46
index 0000000..d7cd4dc
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
@@ -0,0 +1,139 @@
@@ -0,0 +1,147 @@
+# This file is part of systemd.
+#
+# Copyright 2011 Dan Walsh
@ -341473,7 +341473,7 @@ index 0000000..c574a46
+
+ COMMONOPTS='-P --policy -h --help'
+ local -A OPTS=(
+ [manpage]='-h --help -p --path -a -all -d --domain -w --web'
+ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
+ [transition]='-h --help -s --source -t --target'
@ -341489,11 +341489,19 @@ index 0000000..c574a46
+ done
+
+ if [[ -z $verb ]]; then
+ if [ "$prev" = "-P" -o "$prev" = "--policy" ]; then
+ COMPREPLY=( $( compgen -f -- "$cur") )
+ compopt -o filenames
+ return 0
+ else
+ comps="${VERBS[*]} ${COMMONOPTS}"
+ fi
+ elif [ "$verb" = "manpage" ]; then
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
+ COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
+ return 0
+ elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
+ return 0
+ elif test "$prev" = "-p" || test "$prev" = "--path" ; then
+ COMPREPLY=( $( compgen -d -- "$cur") )
+ compopt -o filenames
@ -341891,10 +341899,10 @@ index 0000000..2e0163b
+selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8)
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
new file mode 100755
index 0000000..9f96fd5
index 0000000..eee20af
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy.py
@@ -0,0 +1,303 @@
@@ -0,0 +1,310 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -341981,11 +341989,11 @@ index 0000000..9f96fd5
+ _print_net(d, net, "name_bind")
+
+def manpage(args):
+ from sepolicy.manpage import ManPage, HTMLManPages, domains, manpage_domains, manpage_roles, os_version
+ from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
+
+ path = args.path
+ if args.all:
+ test_domains = domains
+ test_domains = gen_domains()
+ else:
+ test_domains = args.domain
+
@ -341994,7 +342002,7 @@ index 0000000..9f96fd5
+ print m.get_man_page_path()
+
+ if args.web:
+ HTMLManPages(manpage_roles, manpage_domains, path, os_version)
+ HTMLManPages(manpage_roles, manpage_domains, path, args.os)
+
+class CheckPath(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None):
@ -342007,8 +342015,9 @@ index 0000000..9f96fd5
+ help=_('Generate SELinux man pages'))
+
+ man.add_argument("-p", "--path", dest="path", default="/tmp",
+ action=CheckPath,
+ help=_("path in which the generated SELinux man pages will be stored"))
+ help=_("path in which the generated SELinux man pages will be stored"))
+ man.add_argument("-o", "--os", dest="os", default=sepolicy.get_os_version(),
+ help=_("name of the OS for man pages"))
+ man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
+ help=_("Generate HTML man pages structure for selected SELinux man page"))
+ group = man.add_mutually_exclusive_group(required=True)
@ -342053,6 +342062,11 @@ index 0000000..9f96fd5
+ newval.append(v)
+ setattr(namespace, self.dest, values)
+
+class LoadPolicy(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None):
+ sepolicy.policy(values)
+ setattr(namespace, self.dest, values)
+
+class CheckPolicyType(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None):
+ from sepolicy.generate import get_poltype_desc, poltype
@ -342181,6 +342195,7 @@ index 0000000..9f96fd5
+ parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool')
+ subparsers = parser.add_subparsers(help=_("commands"))
+ parser.add_argument("-P", "--policy", dest="policy",
+ action=LoadPolicy,
+ default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy"))
+ gen_manpage_args(subparsers)
+ gen_network_args(subparsers)
@ -342191,19 +342206,19 @@ index 0000000..9f96fd5
+
+ try:
+ args = parser.parse_args()
+ if args.policy:
+ sepolicy.policy(args.policy)
+ args.func(args)
+ sys.exit(0)
+ except ValueError,e:
+ sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e)))
+ sys.exit(1)
+ except KeyboardInterrupt:
+ sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644
index 0000000..22c0724
index 0000000..5df16bb
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -0,0 +1,87 @@
@@ -0,0 +1,110 @@
+#!/usr/bin/env python
+
+# Author: Thomas Liu <tliu@redhat.com>
@ -342263,12 +342278,16 @@ index 0000000..22c0724
+ dict_list = _policy.info(setype, name)
+ return dict_list
+
+def _gen_boolens_dict():
+booleans_dict = None
+def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
+ global booleans_dict
+ if booleans_dict:
+ return booleans_dict
+ import xml.etree.ElementTree
+ import re
+ booleans_dict = {}
+ try:
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+ tree = xml.etree.ElementTree.parse(path)
+ for l in tree.findall("layer"):
+ for m in l.findall("module"):
+ for b in m.findall("tunable"):
@ -342290,7 +342309,26 @@ index 0000000..22c0724
+ except IOError, e:
+ pass
+ return booleans_dict
+booleans_dict = _gen_boolens_dict()
+
+def get_os_version():
+ os_version = ""
+ pkg_name = "selinux-policy"
+ try:
+ import commands
+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
+ if rc == 0:
+ os_version = output.split(".")[-2]
+ except:
+ os_version = ""
+
+ if os_version[0:2] == "fc":
+ os_version = "Fedora"+os_version[2:]
+ elif os_version[0:2] == "el":
+ os_version = "RHEL"+os_version[2:]
+ else:
+ os_version = ""
+
+ return os_version
diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py
new file mode 100644
index 0000000..c23cb11
@ -343686,10 +343724,10 @@ index 0000000..93b0762
+ return out
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
new file mode 100755
index 0000000..e3f9b70
index 0000000..82e6388
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -0,0 +1,1297 @@
@@ -0,0 +1,1351 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -343714,24 +343752,29 @@ index 0000000..e3f9b70
+# 02111-1307 USA
+#
+#
+__all__ = [ 'ManPage', 'HTMLManPages', 'domains', 'manpage_domains', 'manpage_roles', 'os_version' ]
+__all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
+
+import string
+import argparse
+from sepolicy import network, booleans_dict
+import selinux
+import sepolicy
+from sepolicy import network, gen_bool_dict
+
+import commands
+import sys, os, re, time
+
+equiv_dict={ "smbd" : ( "samba" ), "httpd" : ( "apache" ), "virtd" : ( "virt", "libvirt" ) }
+equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt" ], "named" : [ "bind" ] }
+
+modules_dict = None
+def _gen_modules_dict():
+def gen_modules_dict(path = "/usr/share/selinux/devel/policy.xml"):
+ global modules_dict
+ if modules_dict:
+ return modules_dict
+
+ import xml.etree.ElementTree
+ modules_dict = {}
+ try:
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+ tree = xml.etree.ElementTree.parse(path)
+ for l in tree.findall("layer"):
+ for m in l.findall("module"):
+ name = m.get("name")
@ -343747,16 +343790,71 @@ index 0000000..e3f9b70
+ pass
+ return modules_dict
+
+all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
+entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
+alldomains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
+all_attributes = None
+def get_all_attributes():
+ global all_attributes
+ if not all_attributes:
+ all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
+ return all_attributes
+
+def _gen_fcdict():
+ fc_path = selinux.selinux_file_context_path()
+ fd = open(selinux.selinux_file_context_path(), "r")
+all_entrypoints = None
+def get_entrypoints():
+ global all_entrypoints
+ if not all_entrypoints:
+ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
+ return all_entrypoints
+
+all_domains = None
+def get_all_domains():
+ global all_domains
+ if not all_domains:
+ all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
+ return all_domains
+
+roles = None
+def get_all_roles():
+ global roles
+ if roles:
+ return roles
+ roles = []
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
+ for r in allroles:
+ if r not in [ "system_r", "object_r" ]:
+ roles.append(r[:-2])
+ return roles
+
+domains = None
+def gen_domains():
+ global domains
+ if domains:
+ return domains
+ domains = []
+ for d in get_all_domains():
+ found = False
+ domain = d[:-2]
+ if domain + "_exec_t" not in get_entrypoints():
+ continue
+ if domain in domains:
+ continue
+ domains.append(domain)
+
+ for role in get_all_roles():
+ if role in domains:
+ continue
+ domains.append(role)
+
+ domains.sort()
+ return domains
+
+fcdict=None
+def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
+ global fcdict
+ if fcdict:
+ return fcdict
+ fd = open(fc_path, "r")
+ fc = fd.readlines()
+ fd.close()
+ fd = open(selinux.selinux_file_context_path()+".homedirs", "r")
+ fd = open(fc_path+".homedirs", "r")
+ fc += fd.readlines()
+ fd.close()
+ fcdict = {}
@ -343780,9 +343878,12 @@ index 0000000..e3f9b70
+ fcdict["file_type"] = [ "all files on the system" ]
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
+ return fcdict
+fcdict = _gen_fcdict()
+
+def _gen_role_allows():
+role_allows = None
+def get_all_role_allows():
+ global role_allows
+ if role_allows:
+ return role_allows
+ role_allows = {}
+ for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
+ if r["source"] == "system_r" or r["target"] == "system_r":
@ -343793,40 +343894,13 @@ index 0000000..e3f9b70
+ role_allows[r["source"]] = [ r["target"] ]
+
+ return role_allows
+role_allows = _gen_role_allows()
+
+def _gen_roles():
+ roles = []
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
+ for r in allroles:
+ if r not in [ "system_r", "object_r" ]:
+ roles.append(r[:-2])
+ return roles
+users = None
+def get_all_users():
+ global users
+ if users:
+ return users
+
+roles = _gen_roles()
+
+def _gen_domains():
+ domains = []
+ for d in alldomains:
+ found = False
+ domain = d[:-2]
+ if domain + "_exec_t" not in entrypoints:
+ continue
+ if domain in domains:
+ continue
+ domains.append(domain)
+
+ for role in roles:
+ if role in domains:
+ continue
+ domains.append(role)
+
+ domains.sort()
+ return domains
+
+domains = _gen_domains()
+
+def _gen_users():
+ users = []
+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
+ for u in allusers:
@ -343835,9 +343909,11 @@ index 0000000..e3f9b70
+ users.sort()
+ return users
+
+users = _gen_users()
+
+types = None
+def _gen_types():
+ global types
+ if types:
+ return types
+ all_types = sepolicy.info(sepolicy.TYPE)
+ types = {}
+ for rec in all_types:
@ -343847,50 +343923,37 @@ index 0000000..e3f9b70
+ types[rec["name"]] = []
+ return types
+
+types = _gen_types()
+
+def _gen_file_types():
+file_types = None
+def get_all_file_types():
+ global file_types
+ if file_types:
+ return file_types
+ file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
+ file_types.sort()
+ return file_types
+file_types = _gen_file_types()
+
+def _gen_port_types():
+port_types = None
+def get_all_port_types():
+ global port_types
+ if port_types:
+ return port_types
+ port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
+ port_types.sort()
+ return port_types
+port_types = _gen_port_types()
+
+portrecs = network.portrecs
+files_dict = {}
+bools = sepolicy.info(sepolicy.BOOLEAN)
+
+bools = None
+def get_all_bools():
+ global bools
+ if not bools:
+ bools = sepolicy.info(sepolicy.BOOLEAN)
+ return bools
+
+def prettyprint(f,trim):
+ return " ".join(f[:-len(trim)].split("_"))
+
+def _get_os_version():
+ os_version = ""
+ pkg_name = "selinux-policy"
+ try:
+ import commands
+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
+ if rc == 0:
+ os_version = output.split(".")[-2]
+ except:
+ os_version = ""
+
+ if os_version[0:2] == "fc":
+ os_version = "Fedora"+os_version[2:]
+ elif os_version[0:2] == "el":
+ os_version = "RHEL"+os_version[2:]
+ else:
+ os_version = ""
+
+ return os_version
+
+
+# for HTML man pages
+os_version = _get_os_version()
+manpage_domains = []
+manpage_roles = []
+
@ -343925,7 +343988,6 @@ index 0000000..e3f9b70
+ """
+
+ def __init__(self, manpage_roles, manpage_domains, path, os_version):
+
+ self.manpage_roles = get_alphabet_manpages(manpage_roles)
+ self.manpage_domains = get_alphabet_manpages(manpage_domains)
+ self.os_version = os_version
@ -343971,7 +344033,7 @@ index 0000000..e3f9b70
+<body>
+<h1>SELinux man pages</h1>
+<br></br>
+The following links contain SELinux man pages for particular either Fedora or Red Hat Enterprise Linux releases.</h2>
+Fedora or Red Hat Enterprise Linux Man Pages.</h2>
+<br></br>
+<hr>
+<h3>Fedora</h3>
@ -344143,22 +344205,53 @@ index 0000000..e3f9b70
+ """
+ Generate a Manpage on an SELinux domain in the specified path
+ """
+ all_attributes = get_all_attributes()
+ all_domains = get_all_domains()
+ all_bools = get_all_bools()
+ all_port_types = get_all_port_types()
+ all_roles = get_all_roles()
+ all_users = get_all_users()
+ all_file_types = get_all_file_types()
+ types = _gen_types()
+ modules_dict = None
+ domains = gen_domains()
+ role_allows = get_all_role_allows()
+
+ def __init__(self, domainname, path = "/tmp", html = False):
+ self.html = html
+ self.portrecs = network.portrecs
+
+ fcpath = path + "/file_contexts"
+ if os.path.exists(fcpath):
+ self.fcpath = fcpath
+ else:
+ self.fcpath = selinux.selinux_file_context_path()
+ self.fcdict = _gen_fcdict(self.fcpath)
+
+ if not os.path.exists(path):
+ os.makedirs(path)
+ self.path = path
+
+ xmlpath = path + "/policy.xml"
+ if os.path.exists(xmlpath):
+ self.xmlpath = xmlpath
+ else:
+ self.xmlpath = "/usr/share/selinux/devel/policy.xml"
+ self.booleans_dict = gen_bool_dict(self.xmlpath)
+
+ if domainname.endswith("_t"):
+ self.domainname = domainname[:-2]
+ else:
+ self.domainname = domainname
+
+ if self.domainname + "_t" not in alldomains:
+ if self.domainname + "_t" not in self.all_domains:
+ raise ValueError("domain %s_t does not exist" % self.domainname)
+ self.short_name = self.domainname
+
+ self.type = self.domainname + "_t"
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
+ self.fd = open(self.man_page_path, 'w')
+ if domainname in roles:
+ if domainname in self.all_roles:
+ self.__gen_user_man_page()
+ if self.html:
+ manpage_roles.append(self.man_page_path)
@ -344178,16 +344271,15 @@ index 0000000..e3f9b70
+
+ def __gen_user_man_page(self):
+ self.role = self.domainname + "_r"
+ global modules_dict
+ if not modules_dict:
+ modules_dict = _gen_modules_dict()
+ if not self.modules_dict:
+ self.modules_dict = gen_modules_dict(self.xmlpath)
+
+ try:
+ self.desc = modules_dict[self.domainname]
+ self.desc = self.modules_dict[self.domainname]
+ except:
+ self.desc = "%s user role" % self.domainname
+
+ if self.domainname in users:
+ if self.domainname in self.all_users:
+ self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"]
+ self._user_header()
+ self._user_attribute()
@ -344239,7 +344331,7 @@ index 0000000..e3f9b70
+ self._footer()
+
+ def _get_ptypes(self):
+ for f in alldomains:
+ for f in self.all_domains:
+ if f.startswith(self.short_name):
+ self.ptypes.append(f)
+
@ -344364,15 +344456,15 @@ index 0000000..e3f9b70
+
+ def _gen_bool_text(self, name):
+ booltext = ""
+ for bdict in bools:
+ for bdict in self.all_bools:
+ b = bdict['name']
+ if b.find(name) >= 0:
+ if b.endswith("anon_write"):
+ self.anon_list.append(b)
+ else:
+ if b not in booleans_dict:
+ if b not in self.booleans_dict:
+ continue
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
+ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+ if desc[-1] == ".":
+ desc = desc[:-1]
+ booltext += """
@ -344390,15 +344482,15 @@ index 0000000..e3f9b70
+ for alias in equiv_dict[self.domainname]:
+ self.booltext += self._gen_bool_text(alias)
+
+ for bdict in bools:
+ for bdict in self.all_bools:
+ b = bdict['name']
+ if b.find(self.short_name) >= 0:
+ if b.endswith("anon_write"):
+ self.anon_list.append(b)
+ else:
+ if b not in booleans_dict:
+ if b not in self.booleans_dict:
+ continue
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
+ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+ if desc[-1] == ".":
+ desc = desc[:-1]
+ self.booltext += """
@ -344423,7 +344515,7 @@ index 0000000..e3f9b70
+ nsswitch_types = []
+ nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled']
+ nsswitchbooltext = ""
+ if "nsswitch_domain" in all_attributes:
+ if "nsswitch_domain" in self.all_attributes:
+ self.fd.write("""
+.SH NSSWITCH DOMAIN
+""")
@ -344433,7 +344525,7 @@ index 0000000..e3f9b70
+
+ if len(nsswitch_types):
+ for i in nsswitch_booleans:
+ desc = booleans_dict[i][2][0].lower() + booleans_dict[i][2][1:-1]
+ desc = self.booleans_dict[i][2][0].lower() + self.booleans_dict[i][2][1:-1]
+ nsswitchbooltext += """
+.PP
+If you want to %s for the %s, you must turn on the %s boolean.
@ -344472,7 +344564,7 @@ index 0000000..e3f9b70
+
+ def _port_types(self):
+ self.ports = []
+ for f in port_types:
+ for f in self.all_port_types:
+ if f.startswith(self.short_name):
+ self.ports.append(f)
+
@ -344503,7 +344595,7 @@ index 0000000..e3f9b70
+""" % p)
+ once = True
+ for prot in ( "tcp", "udp" ):
+ if (p,prot) in portrecs:
+ if (p,prot) in self.portrecs:
+ if once:
+ self.fd.write("""
+
@ -344511,7 +344603,7 @@ index 0000000..e3f9b70
+ once = False
+ self.fd.write(r"""
+%s %s
+.EE""" % (prot, ",".join(portrecs[(p,prot)])))
+.EE""" % (prot, ",".join(self.portrecs[(p,prot)])))
+
+ def _file_context(self):
+ self.fd.write(r"""
@ -344525,7 +344617,7 @@ index 0000000..e3f9b70
+.PP
+The following file types are defined for %(domainname)s:
+""" % {'domainname':self.domainname})
+ for f in file_types:
+ for f in self.all_file_types:
+ if f.startswith(self.domainname):
+ self.fd.write("""
+
@ -344562,7 +344654,7 @@ index 0000000..e3f9b70
+ def _see_also(self):
+ ret = ""
+ prefix = self.short_name.split("_")[0]
+ for d in domains:
+ for d in self.domains:
+ if d == self.domainname:
+ continue
+ if d.startswith(prefix):
@ -344594,7 +344686,7 @@ index 0000000..e3f9b70
+
+""" % {'domainname':self.domainname})
+ for b in self.anon_list:
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
+ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+ self.fd.write("""
+.PP
+If you want to %s, you must turn on the %s boolean.
@ -344653,7 +344745,7 @@ index 0000000..e3f9b70
+ return False
+ if check.endswith("_t"):
+ for a in attributes:
+ if a in types[check]:
+ if a in self.types[check]:
+ return False
+ return True
+
@ -344674,8 +344766,8 @@ index 0000000..e3f9b70
+""" % (self.domainname, entrypoints_str, self.domainname))
+ paths=[]
+ for entrypoint in entrypoints:
+ if entrypoint in fcdict:
+ paths += fcdict[entrypoint]
+ if entrypoint in self.fcdict:
+ paths += self.fcdict[entrypoint]
+
+ self.fd.write("""
+%s""" % ", ".join(paths))
@ -344714,8 +344806,8 @@ index 0000000..e3f9b70
+.B %s
+
+""" % f)
+ if f in fcdict:
+ for path in fcdict[f]:
+ if f in self.fcdict:
+ for path in self.fcdict[f]:
+ self.fd.write("""\t%s
+.br
+""" % path)
@ -344757,7 +344849,7 @@ index 0000000..e3f9b70
+
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
+
+ if "login_userdomain" in self.attributes and "login_userdomain" in all_attributes:
+ if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
+ self.fd.write("""
+If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute:
+
@ -344770,7 +344862,7 @@ index 0000000..e3f9b70
+ self.fd.write("""
+.SH SUDO
+""")
+ if sudotype in types:
+ if sudotype in self.types:
+ role = self.domainname + "_r"
+ self.fd.write("""
+The SELinux user %(user)s can execute sudo.
@ -344780,7 +344872,7 @@ index 0000000..e3f9b70
+Add one or more of the following record to sudoers using visudo.
+
+""" % { 'user':self.domainname } )
+ for adminrole in role_allows[role]:
+ for adminrole in self.role_allows[role]:
+ self.fd.write("""
+USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND
+.br
@ -344800,7 +344892,7 @@ index 0000000..e3f9b70
+
+For more details you can see semanage man page.
+
+""" % {'user':self.domainname, "roles": " ".join([role] + role_allows[role]) } )
+""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
+ else:
+ self.fd.write("""
+The SELinux type %s_t is not allowed to execute sudo.
@ -344826,7 +344918,7 @@ index 0000000..e3f9b70
+""" % self.domainname)
+
+ def _xwindows_login(self):
+ if "x_domain" in all_attributes:
+ if "x_domain" in self.all_attributes:
+ self.fd.write("""
+.SH X WINDOWS LOGIN
+""")
@ -344840,7 +344932,7 @@ index 0000000..e3f9b70
+""" % self.domainname)
+
+ def _terminal_login(self):
+ if "login_userdomain" in all_attributes:
+ if "login_userdomain" in self.all_attributes:
+ self.fd.write("""
+.SH TERMINAL LOGIN
+""")
@ -344858,7 +344950,7 @@ index 0000000..e3f9b70
+.SH NETWORK
+""")
+ for net in ("tcp", "udp"):
+ portdict = sepolicy.network.get_network_connect(self.type, net, "name_bind")
+ portdict = network.get_network_connect(self.type, net, "name_bind")
+ if len(portdict) > 0:
+ self.fd.write("""
+.TP
@ -344969,8 +345061,8 @@ index 0000000..e3f9b70
+
+""" % {'desc': self.desc, 'user':self.domainname})
+ troles = []
+ for i in role_allows:
+ if self.domainname +"_r" in role_allows[i]:
+ for i in self.role_allows:
+ if self.domainname +"_r" in self.role_allows[i]:
+ troles.append(i)
+ if len(troles) > 0:
+ plural = ""

7
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
Release: 23%{?dist}
Release: 24%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -329,6 +329,11 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
- Fix some build problems in sepolicy manpage and sepolicy transition