From cc08d7735b276a04814689207a33bda02bcc22e4 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Sat, 3 Nov 2012 07:19:34 -0400 Subject: [PATCH] Fix manpage to generate proper man pages for alternate policy, basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as I pull the policy, policy.xml and file_contexts and file_contexts.homedir --- policycoreutils-rhat.patch | 362 +++++++++++++++++++++++-------------- policycoreutils.spec | 7 +- 2 files changed, 233 insertions(+), 136 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 9a48d6b..7c21877 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -341404,10 +341404,10 @@ index 0000000..c1d9411 +} diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh new file mode 100644 -index 0000000..c574a46 +index 0000000..d7cd4dc --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh -@@ -0,0 +1,139 @@ +@@ -0,0 +1,147 @@ +# This file is part of systemd. +# +# Copyright 2011 Dan Walsh @@ -341473,7 +341473,7 @@ index 0000000..c574a46 + + COMMONOPTS='-P --policy -h --help' + local -A OPTS=( -+ [manpage]='-h --help -p --path -a -all -d --domain -w --web' ++ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web' + [network]='-h --help -d --domain -l --list -p --port -t --type ' + [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess' + [transition]='-h --help -s --source -t --target' @@ -341489,11 +341489,19 @@ index 0000000..c574a46 + done + + if [[ -z $verb ]]; then ++ if [ "$prev" = "-P" -o "$prev" = "--policy" ]; then ++ COMPREPLY=( $( compgen -f -- "$cur") ) ++ compopt -o filenames ++ return 0 ++ else + comps="${VERBS[*]} ${COMMONOPTS}" ++ fi + elif [ "$verb" = "manpage" ]; then + if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then + COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") ) + return 0 ++ elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then ++ return 0 + elif test "$prev" = "-p" || test "$prev" = "--path" ; then + COMPREPLY=( $( compgen -d -- "$cur") ) + compopt -o filenames @@ -341891,10 +341899,10 @@ index 0000000..2e0163b +selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8) diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py new file mode 100755 -index 0000000..9f96fd5 +index 0000000..eee20af --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy.py -@@ -0,0 +1,303 @@ +@@ -0,0 +1,310 @@ +#! /usr/bin/python -Es +# Copyright (C) 2012 Red Hat +# AUTHOR: Dan Walsh @@ -341981,11 +341989,11 @@ index 0000000..9f96fd5 + _print_net(d, net, "name_bind") + +def manpage(args): -+ from sepolicy.manpage import ManPage, HTMLManPages, domains, manpage_domains, manpage_roles, os_version ++ from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains + + path = args.path + if args.all: -+ test_domains = domains ++ test_domains = gen_domains() + else: + test_domains = args.domain + @@ -341994,7 +342002,7 @@ index 0000000..9f96fd5 + print m.get_man_page_path() + + if args.web: -+ HTMLManPages(manpage_roles, manpage_domains, path, os_version) ++ HTMLManPages(manpage_roles, manpage_domains, path, args.os) + +class CheckPath(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): @@ -342007,8 +342015,9 @@ index 0000000..9f96fd5 + help=_('Generate SELinux man pages')) + + man.add_argument("-p", "--path", dest="path", default="/tmp", -+ action=CheckPath, -+ help=_("path in which the generated SELinux man pages will be stored")) ++ help=_("path in which the generated SELinux man pages will be stored")) ++ man.add_argument("-o", "--os", dest="os", default=sepolicy.get_os_version(), ++ help=_("name of the OS for man pages")) + man.add_argument("-w", "--web", dest="web", default=False, action="store_true", + help=_("Generate HTML man pages structure for selected SELinux man page")) + group = man.add_mutually_exclusive_group(required=True) @@ -342053,6 +342062,11 @@ index 0000000..9f96fd5 + newval.append(v) + setattr(namespace, self.dest, values) + ++class LoadPolicy(argparse.Action): ++ def __call__(self, parser, namespace, values, option_string=None): ++ sepolicy.policy(values) ++ setattr(namespace, self.dest, values) ++ +class CheckPolicyType(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + from sepolicy.generate import get_poltype_desc, poltype @@ -342181,6 +342195,7 @@ index 0000000..9f96fd5 + parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool') + subparsers = parser.add_subparsers(help=_("commands")) + parser.add_argument("-P", "--policy", dest="policy", ++ action=LoadPolicy, + default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy")) + gen_manpage_args(subparsers) + gen_network_args(subparsers) @@ -342191,19 +342206,19 @@ index 0000000..9f96fd5 + + try: + args = parser.parse_args() -+ if args.policy: -+ sepolicy.policy(args.policy) + args.func(args) + sys.exit(0) + except ValueError,e: + sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e))) + sys.exit(1) ++ except KeyboardInterrupt: ++ sys.exit(0) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py new file mode 100644 -index 0000000..22c0724 +index 0000000..5df16bb --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/__init__.py -@@ -0,0 +1,87 @@ +@@ -0,0 +1,110 @@ +#!/usr/bin/env python + +# Author: Thomas Liu @@ -342263,12 +342278,16 @@ index 0000000..22c0724 + dict_list = _policy.info(setype, name) + return dict_list + -+def _gen_boolens_dict(): ++booleans_dict = None ++def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): ++ global booleans_dict ++ if booleans_dict: ++ return booleans_dict + import xml.etree.ElementTree + import re + booleans_dict = {} + try: -+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") ++ tree = xml.etree.ElementTree.parse(path) + for l in tree.findall("layer"): + for m in l.findall("module"): + for b in m.findall("tunable"): @@ -342290,7 +342309,26 @@ index 0000000..22c0724 + except IOError, e: + pass + return booleans_dict -+booleans_dict = _gen_boolens_dict() ++ ++def get_os_version(): ++ os_version = "" ++ pkg_name = "selinux-policy" ++ try: ++ import commands ++ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name) ++ if rc == 0: ++ os_version = output.split(".")[-2] ++ except: ++ os_version = "" ++ ++ if os_version[0:2] == "fc": ++ os_version = "Fedora"+os_version[2:] ++ elif os_version[0:2] == "el": ++ os_version = "RHEL"+os_version[2:] ++ else: ++ os_version = "" ++ ++ return os_version diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py new file mode 100644 index 0000000..c23cb11 @@ -343686,10 +343724,10 @@ index 0000000..93b0762 + return out diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py new file mode 100755 -index 0000000..e3f9b70 +index 0000000..82e6388 --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/manpage.py -@@ -0,0 +1,1297 @@ +@@ -0,0 +1,1351 @@ +#! /usr/bin/python -Es +# Copyright (C) 2012 Red Hat +# AUTHOR: Dan Walsh @@ -343714,24 +343752,29 @@ index 0000000..e3f9b70 +# 02111-1307 USA +# +# -+__all__ = [ 'ManPage', 'HTMLManPages', 'domains', 'manpage_domains', 'manpage_roles', 'os_version' ] ++__all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ] + +import string +import argparse -+from sepolicy import network, booleans_dict +import selinux +import sepolicy ++from sepolicy import network, gen_bool_dict ++ +import commands +import sys, os, re, time + -+equiv_dict={ "smbd" : ( "samba" ), "httpd" : ( "apache" ), "virtd" : ( "virt", "libvirt" ) } ++equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt" ], "named" : [ "bind" ] } + +modules_dict = None -+def _gen_modules_dict(): ++def gen_modules_dict(path = "/usr/share/selinux/devel/policy.xml"): ++ global modules_dict ++ if modules_dict: ++ return modules_dict ++ + import xml.etree.ElementTree + modules_dict = {} + try: -+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") ++ tree = xml.etree.ElementTree.parse(path) + for l in tree.findall("layer"): + for m in l.findall("module"): + name = m.get("name") @@ -343747,16 +343790,71 @@ index 0000000..e3f9b70 + pass + return modules_dict + -+all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE)) -+entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"] -+alldomains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"] ++all_attributes = None ++def get_all_attributes(): ++ global all_attributes ++ if not all_attributes: ++ all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE)) ++ return all_attributes + -+def _gen_fcdict(): -+ fc_path = selinux.selinux_file_context_path() -+ fd = open(selinux.selinux_file_context_path(), "r") ++all_entrypoints = None ++def get_entrypoints(): ++ global all_entrypoints ++ if not all_entrypoints: ++ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"] ++ return all_entrypoints ++ ++all_domains = None ++def get_all_domains(): ++ global all_domains ++ if not all_domains: ++ all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"] ++ return all_domains ++ ++roles = None ++def get_all_roles(): ++ global roles ++ if roles: ++ return roles ++ roles = [] ++ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE)) ++ for r in allroles: ++ if r not in [ "system_r", "object_r" ]: ++ roles.append(r[:-2]) ++ return roles ++ ++domains = None ++def gen_domains(): ++ global domains ++ if domains: ++ return domains ++ domains = [] ++ for d in get_all_domains(): ++ found = False ++ domain = d[:-2] ++ if domain + "_exec_t" not in get_entrypoints(): ++ continue ++ if domain in domains: ++ continue ++ domains.append(domain) ++ ++ for role in get_all_roles(): ++ if role in domains: ++ continue ++ domains.append(role) ++ ++ domains.sort() ++ return domains ++ ++fcdict=None ++def _gen_fcdict(fc_path = selinux.selinux_file_context_path()): ++ global fcdict ++ if fcdict: ++ return fcdict ++ fd = open(fc_path, "r") + fc = fd.readlines() + fd.close() -+ fd = open(selinux.selinux_file_context_path()+".homedirs", "r") ++ fd = open(fc_path+".homedirs", "r") + fc += fd.readlines() + fd.close() + fcdict = {} @@ -343780,9 +343878,12 @@ index 0000000..e3f9b70 + fcdict["file_type"] = [ "all files on the system" ] + fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ] + return fcdict -+fcdict = _gen_fcdict() + -+def _gen_role_allows(): ++role_allows = None ++def get_all_role_allows(): ++ global role_allows ++ if role_allows: ++ return role_allows + role_allows = {} + for r in sepolicy.search([sepolicy.ROLE_ALLOW]): + if r["source"] == "system_r" or r["target"] == "system_r": @@ -343793,40 +343894,13 @@ index 0000000..e3f9b70 + role_allows[r["source"]] = [ r["target"] ] + + return role_allows -+role_allows = _gen_role_allows() + -+def _gen_roles(): -+ roles = [] -+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE)) -+ for r in allroles: -+ if r not in [ "system_r", "object_r" ]: -+ roles.append(r[:-2]) -+ return roles ++users = None ++def get_all_users(): ++ global users ++ if users: ++ return users + -+roles = _gen_roles() -+ -+def _gen_domains(): -+ domains = [] -+ for d in alldomains: -+ found = False -+ domain = d[:-2] -+ if domain + "_exec_t" not in entrypoints: -+ continue -+ if domain in domains: -+ continue -+ domains.append(domain) -+ -+ for role in roles: -+ if role in domains: -+ continue -+ domains.append(role) -+ -+ domains.sort() -+ return domains -+ -+domains = _gen_domains() -+ -+def _gen_users(): + users = [] + allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER)) + for u in allusers: @@ -343835,9 +343909,11 @@ index 0000000..e3f9b70 + users.sort() + return users + -+users = _gen_users() -+ ++types = None +def _gen_types(): ++ global types ++ if types: ++ return types + all_types = sepolicy.info(sepolicy.TYPE) + types = {} + for rec in all_types: @@ -343847,50 +343923,37 @@ index 0000000..e3f9b70 + types[rec["name"]] = [] + return types + -+types = _gen_types() -+ -+def _gen_file_types(): ++file_types = None ++def get_all_file_types(): ++ global file_types ++ if file_types: ++ return file_types + file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"] + file_types.sort() + return file_types -+file_types = _gen_file_types() + -+def _gen_port_types(): ++port_types = None ++def get_all_port_types(): ++ global port_types ++ if port_types: ++ return port_types + port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"] + port_types.sort() + return port_types -+port_types = _gen_port_types() + -+portrecs = network.portrecs +files_dict = {} -+bools = sepolicy.info(sepolicy.BOOLEAN) ++ ++bools = None ++def get_all_bools(): ++ global bools ++ if not bools: ++ bools = sepolicy.info(sepolicy.BOOLEAN) ++ return bools + +def prettyprint(f,trim): + return " ".join(f[:-len(trim)].split("_")) + -+def _get_os_version(): -+ os_version = "" -+ pkg_name = "selinux-policy" -+ try: -+ import commands -+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name) -+ if rc == 0: -+ os_version = output.split(".")[-2] -+ except: -+ os_version = "" -+ -+ if os_version[0:2] == "fc": -+ os_version = "Fedora"+os_version[2:] -+ elif os_version[0:2] == "el": -+ os_version = "RHEL"+os_version[2:] -+ else: -+ os_version = "" -+ -+ return os_version -+ -+ +# for HTML man pages -+os_version = _get_os_version() +manpage_domains = [] +manpage_roles = [] + @@ -343925,7 +343988,6 @@ index 0000000..e3f9b70 + """ + + def __init__(self, manpage_roles, manpage_domains, path, os_version): -+ + self.manpage_roles = get_alphabet_manpages(manpage_roles) + self.manpage_domains = get_alphabet_manpages(manpage_domains) + self.os_version = os_version @@ -343971,7 +344033,7 @@ index 0000000..e3f9b70 + +

SELinux man pages

+

-+The following links contain SELinux man pages for particular either Fedora or Red Hat Enterprise Linux releases. ++Fedora or Red Hat Enterprise Linux Man Pages. +

+
+

Fedora

@@ -344143,22 +344205,53 @@ index 0000000..e3f9b70 + """ + Generate a Manpage on an SELinux domain in the specified path + """ ++ all_attributes = get_all_attributes() ++ all_domains = get_all_domains() ++ all_bools = get_all_bools() ++ all_port_types = get_all_port_types() ++ all_roles = get_all_roles() ++ all_users = get_all_users() ++ all_file_types = get_all_file_types() ++ types = _gen_types() ++ modules_dict = None ++ domains = gen_domains() ++ role_allows = get_all_role_allows() ++ + def __init__(self, domainname, path = "/tmp", html = False): + self.html = html ++ self.portrecs = network.portrecs ++ ++ fcpath = path + "/file_contexts" ++ if os.path.exists(fcpath): ++ self.fcpath = fcpath ++ else: ++ self.fcpath = selinux.selinux_file_context_path() ++ self.fcdict = _gen_fcdict(self.fcpath) ++ ++ if not os.path.exists(path): ++ os.makedirs(path) + self.path = path ++ ++ xmlpath = path + "/policy.xml" ++ if os.path.exists(xmlpath): ++ self.xmlpath = xmlpath ++ else: ++ self.xmlpath = "/usr/share/selinux/devel/policy.xml" ++ self.booleans_dict = gen_bool_dict(self.xmlpath) ++ + if domainname.endswith("_t"): + self.domainname = domainname[:-2] + else: + self.domainname = domainname + -+ if self.domainname + "_t" not in alldomains: ++ if self.domainname + "_t" not in self.all_domains: + raise ValueError("domain %s_t does not exist" % self.domainname) + self.short_name = self.domainname + + self.type = self.domainname + "_t" + self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname) + self.fd = open(self.man_page_path, 'w') -+ if domainname in roles: ++ if domainname in self.all_roles: + self.__gen_user_man_page() + if self.html: + manpage_roles.append(self.man_page_path) @@ -344178,16 +344271,15 @@ index 0000000..e3f9b70 + + def __gen_user_man_page(self): + self.role = self.domainname + "_r" -+ global modules_dict -+ if not modules_dict: -+ modules_dict = _gen_modules_dict() ++ if not self.modules_dict: ++ self.modules_dict = gen_modules_dict(self.xmlpath) + + try: -+ self.desc = modules_dict[self.domainname] ++ self.desc = self.modules_dict[self.domainname] + except: + self.desc = "%s user role" % self.domainname + -+ if self.domainname in users: ++ if self.domainname in self.all_users: + self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"] + self._user_header() + self._user_attribute() @@ -344239,7 +344331,7 @@ index 0000000..e3f9b70 + self._footer() + + def _get_ptypes(self): -+ for f in alldomains: ++ for f in self.all_domains: + if f.startswith(self.short_name): + self.ptypes.append(f) + @@ -344364,15 +344456,15 @@ index 0000000..e3f9b70 + + def _gen_bool_text(self, name): + booltext = "" -+ for bdict in bools: ++ for bdict in self.all_bools: + b = bdict['name'] + if b.find(name) >= 0: + if b.endswith("anon_write"): + self.anon_list.append(b) + else: -+ if b not in booleans_dict: ++ if b not in self.booleans_dict: + continue -+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:] ++ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:] + if desc[-1] == ".": + desc = desc[:-1] + booltext += """ @@ -344390,15 +344482,15 @@ index 0000000..e3f9b70 + for alias in equiv_dict[self.domainname]: + self.booltext += self._gen_bool_text(alias) + -+ for bdict in bools: ++ for bdict in self.all_bools: + b = bdict['name'] + if b.find(self.short_name) >= 0: + if b.endswith("anon_write"): + self.anon_list.append(b) + else: -+ if b not in booleans_dict: ++ if b not in self.booleans_dict: + continue -+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:] ++ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:] + if desc[-1] == ".": + desc = desc[:-1] + self.booltext += """ @@ -344423,7 +344515,7 @@ index 0000000..e3f9b70 + nsswitch_types = [] + nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled'] + nsswitchbooltext = "" -+ if "nsswitch_domain" in all_attributes: ++ if "nsswitch_domain" in self.all_attributes: + self.fd.write(""" +.SH NSSWITCH DOMAIN +""") @@ -344433,7 +344525,7 @@ index 0000000..e3f9b70 + + if len(nsswitch_types): + for i in nsswitch_booleans: -+ desc = booleans_dict[i][2][0].lower() + booleans_dict[i][2][1:-1] ++ desc = self.booleans_dict[i][2][0].lower() + self.booleans_dict[i][2][1:-1] + nsswitchbooltext += """ +.PP +If you want to %s for the %s, you must turn on the %s boolean. @@ -344472,7 +344564,7 @@ index 0000000..e3f9b70 + + def _port_types(self): + self.ports = [] -+ for f in port_types: ++ for f in self.all_port_types: + if f.startswith(self.short_name): + self.ports.append(f) + @@ -344503,7 +344595,7 @@ index 0000000..e3f9b70 +""" % p) + once = True + for prot in ( "tcp", "udp" ): -+ if (p,prot) in portrecs: ++ if (p,prot) in self.portrecs: + if once: + self.fd.write(""" + @@ -344511,7 +344603,7 @@ index 0000000..e3f9b70 + once = False + self.fd.write(r""" +%s %s -+.EE""" % (prot, ",".join(portrecs[(p,prot)]))) ++.EE""" % (prot, ",".join(self.portrecs[(p,prot)]))) + + def _file_context(self): + self.fd.write(r""" @@ -344525,7 +344617,7 @@ index 0000000..e3f9b70 +.PP +The following file types are defined for %(domainname)s: +""" % {'domainname':self.domainname}) -+ for f in file_types: ++ for f in self.all_file_types: + if f.startswith(self.domainname): + self.fd.write(""" + @@ -344562,7 +344654,7 @@ index 0000000..e3f9b70 + def _see_also(self): + ret = "" + prefix = self.short_name.split("_")[0] -+ for d in domains: ++ for d in self.domains: + if d == self.domainname: + continue + if d.startswith(prefix): @@ -344594,7 +344686,7 @@ index 0000000..e3f9b70 + +""" % {'domainname':self.domainname}) + for b in self.anon_list: -+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:] ++ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:] + self.fd.write(""" +.PP +If you want to %s, you must turn on the %s boolean. @@ -344653,7 +344745,7 @@ index 0000000..e3f9b70 + return False + if check.endswith("_t"): + for a in attributes: -+ if a in types[check]: ++ if a in self.types[check]: + return False + return True + @@ -344674,8 +344766,8 @@ index 0000000..e3f9b70 +""" % (self.domainname, entrypoints_str, self.domainname)) + paths=[] + for entrypoint in entrypoints: -+ if entrypoint in fcdict: -+ paths += fcdict[entrypoint] ++ if entrypoint in self.fcdict: ++ paths += self.fcdict[entrypoint] + + self.fd.write(""" +%s""" % ", ".join(paths)) @@ -344714,8 +344806,8 @@ index 0000000..e3f9b70 +.B %s + +""" % f) -+ if f in fcdict: -+ for path in fcdict[f]: ++ if f in self.fcdict: ++ for path in self.fcdict[f]: + self.fd.write("""\t%s +.br +""" % path) @@ -344757,7 +344849,7 @@ index 0000000..e3f9b70 + +""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname}) + -+ if "login_userdomain" in self.attributes and "login_userdomain" in all_attributes: ++ if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes: + self.fd.write(""" +If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute: + @@ -344770,7 +344862,7 @@ index 0000000..e3f9b70 + self.fd.write(""" +.SH SUDO +""") -+ if sudotype in types: ++ if sudotype in self.types: + role = self.domainname + "_r" + self.fd.write(""" +The SELinux user %(user)s can execute sudo. @@ -344780,7 +344872,7 @@ index 0000000..e3f9b70 +Add one or more of the following record to sudoers using visudo. + +""" % { 'user':self.domainname } ) -+ for adminrole in role_allows[role]: ++ for adminrole in self.role_allows[role]: + self.fd.write(""" +USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND +.br @@ -344800,7 +344892,7 @@ index 0000000..e3f9b70 + +For more details you can see semanage man page. + -+""" % {'user':self.domainname, "roles": " ".join([role] + role_allows[role]) } ) ++""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } ) + else: + self.fd.write(""" +The SELinux type %s_t is not allowed to execute sudo. @@ -344826,7 +344918,7 @@ index 0000000..e3f9b70 +""" % self.domainname) + + def _xwindows_login(self): -+ if "x_domain" in all_attributes: ++ if "x_domain" in self.all_attributes: + self.fd.write(""" +.SH X WINDOWS LOGIN +""") @@ -344840,7 +344932,7 @@ index 0000000..e3f9b70 +""" % self.domainname) + + def _terminal_login(self): -+ if "login_userdomain" in all_attributes: ++ if "login_userdomain" in self.all_attributes: + self.fd.write(""" +.SH TERMINAL LOGIN +""") @@ -344858,7 +344950,7 @@ index 0000000..e3f9b70 +.SH NETWORK +""") + for net in ("tcp", "udp"): -+ portdict = sepolicy.network.get_network_connect(self.type, net, "name_bind") ++ portdict = network.get_network_connect(self.type, net, "name_bind") + if len(portdict) > 0: + self.fd.write(""" +.TP @@ -344969,8 +345061,8 @@ index 0000000..e3f9b70 + +""" % {'desc': self.desc, 'user':self.domainname}) + troles = [] -+ for i in role_allows: -+ if self.domainname +"_r" in role_allows[i]: ++ for i in self.role_allows: ++ if self.domainname +"_r" in self.role_allows[i]: + troles.append(i) + if len(troles) > 0: + plural = "" diff --git a/policycoreutils.spec b/policycoreutils.spec index 621e6da..cbff1cc 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.13 -Release: 23%{?dist} +Release: 24%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -329,6 +329,11 @@ The policycoreutils-restorecond package contains the restorecond service. %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Sat Nov 3 2012 Dan Walsh - 2.1.12-24 +- Fix manpage to generate proper man pages for alternate policy, +basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as +I pull the policy, policy.xml and file_contexts and file_contexts.homedir + * Thu Nov 1 2012 Dan Walsh - 2.1.12-23 - Fix some build problems in sepolicy manpage and sepolicy transition