Fix manpage to generate proper man pages for alternate policy,

basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
This commit is contained in:
Dan Walsh 2012-11-03 07:19:34 -04:00
parent 1cc95772be
commit cc08d7735b
2 changed files with 233 additions and 136 deletions

View File

@ -341404,10 +341404,10 @@ index 0000000..c1d9411
+} +}
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
new file mode 100644 new file mode 100644
index 0000000..c574a46 index 0000000..d7cd4dc
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh +++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
@@ -0,0 +1,139 @@ @@ -0,0 +1,147 @@
+# This file is part of systemd. +# This file is part of systemd.
+# +#
+# Copyright 2011 Dan Walsh +# Copyright 2011 Dan Walsh
@ -341473,7 +341473,7 @@ index 0000000..c574a46
+ +
+ COMMONOPTS='-P --policy -h --help' + COMMONOPTS='-P --policy -h --help'
+ local -A OPTS=( + local -A OPTS=(
+ [manpage]='-h --help -p --path -a -all -d --domain -w --web' + [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
+ [network]='-h --help -d --domain -l --list -p --port -t --type ' + [network]='-h --help -d --domain -l --list -p --port -t --type '
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess' + [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
+ [transition]='-h --help -s --source -t --target' + [transition]='-h --help -s --source -t --target'
@ -341489,11 +341489,19 @@ index 0000000..c574a46
+ done + done
+ +
+ if [[ -z $verb ]]; then + if [[ -z $verb ]]; then
+ if [ "$prev" = "-P" -o "$prev" = "--policy" ]; then
+ COMPREPLY=( $( compgen -f -- "$cur") )
+ compopt -o filenames
+ return 0
+ else
+ comps="${VERBS[*]} ${COMMONOPTS}" + comps="${VERBS[*]} ${COMMONOPTS}"
+ fi
+ elif [ "$verb" = "manpage" ]; then + elif [ "$verb" = "manpage" ]; then
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then + if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
+ COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") ) + COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
+ return 0 + return 0
+ elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
+ return 0
+ elif test "$prev" = "-p" || test "$prev" = "--path" ; then + elif test "$prev" = "-p" || test "$prev" = "--path" ; then
+ COMPREPLY=( $( compgen -d -- "$cur") ) + COMPREPLY=( $( compgen -d -- "$cur") )
+ compopt -o filenames + compopt -o filenames
@ -341891,10 +341899,10 @@ index 0000000..2e0163b
+selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8) +selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8)
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
new file mode 100755 new file mode 100755
index 0000000..9f96fd5 index 0000000..eee20af
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy.py +++ b/policycoreutils/sepolicy/sepolicy.py
@@ -0,0 +1,303 @@ @@ -0,0 +1,310 @@
+#! /usr/bin/python -Es +#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat +# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh@redhat.com> +# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -341981,11 +341989,11 @@ index 0000000..9f96fd5
+ _print_net(d, net, "name_bind") + _print_net(d, net, "name_bind")
+ +
+def manpage(args): +def manpage(args):
+ from sepolicy.manpage import ManPage, HTMLManPages, domains, manpage_domains, manpage_roles, os_version + from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
+ +
+ path = args.path + path = args.path
+ if args.all: + if args.all:
+ test_domains = domains + test_domains = gen_domains()
+ else: + else:
+ test_domains = args.domain + test_domains = args.domain
+ +
@ -341994,7 +342002,7 @@ index 0000000..9f96fd5
+ print m.get_man_page_path() + print m.get_man_page_path()
+ +
+ if args.web: + if args.web:
+ HTMLManPages(manpage_roles, manpage_domains, path, os_version) + HTMLManPages(manpage_roles, manpage_domains, path, args.os)
+ +
+class CheckPath(argparse.Action): +class CheckPath(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None): + def __call__(self, parser, namespace, values, option_string=None):
@ -342007,8 +342015,9 @@ index 0000000..9f96fd5
+ help=_('Generate SELinux man pages')) + help=_('Generate SELinux man pages'))
+ +
+ man.add_argument("-p", "--path", dest="path", default="/tmp", + man.add_argument("-p", "--path", dest="path", default="/tmp",
+ action=CheckPath,
+ help=_("path in which the generated SELinux man pages will be stored")) + help=_("path in which the generated SELinux man pages will be stored"))
+ man.add_argument("-o", "--os", dest="os", default=sepolicy.get_os_version(),
+ help=_("name of the OS for man pages"))
+ man.add_argument("-w", "--web", dest="web", default=False, action="store_true", + man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
+ help=_("Generate HTML man pages structure for selected SELinux man page")) + help=_("Generate HTML man pages structure for selected SELinux man page"))
+ group = man.add_mutually_exclusive_group(required=True) + group = man.add_mutually_exclusive_group(required=True)
@ -342053,6 +342062,11 @@ index 0000000..9f96fd5
+ newval.append(v) + newval.append(v)
+ setattr(namespace, self.dest, values) + setattr(namespace, self.dest, values)
+ +
+class LoadPolicy(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None):
+ sepolicy.policy(values)
+ setattr(namespace, self.dest, values)
+
+class CheckPolicyType(argparse.Action): +class CheckPolicyType(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None): + def __call__(self, parser, namespace, values, option_string=None):
+ from sepolicy.generate import get_poltype_desc, poltype + from sepolicy.generate import get_poltype_desc, poltype
@ -342181,6 +342195,7 @@ index 0000000..9f96fd5
+ parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool') + parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool')
+ subparsers = parser.add_subparsers(help=_("commands")) + subparsers = parser.add_subparsers(help=_("commands"))
+ parser.add_argument("-P", "--policy", dest="policy", + parser.add_argument("-P", "--policy", dest="policy",
+ action=LoadPolicy,
+ default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy")) + default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy"))
+ gen_manpage_args(subparsers) + gen_manpage_args(subparsers)
+ gen_network_args(subparsers) + gen_network_args(subparsers)
@ -342191,19 +342206,19 @@ index 0000000..9f96fd5
+ +
+ try: + try:
+ args = parser.parse_args() + args = parser.parse_args()
+ if args.policy:
+ sepolicy.policy(args.policy)
+ args.func(args) + args.func(args)
+ sys.exit(0) + sys.exit(0)
+ except ValueError,e: + except ValueError,e:
+ sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e))) + sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e)))
+ sys.exit(1) + sys.exit(1)
+ except KeyboardInterrupt:
+ sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644 new file mode 100644
index 0000000..22c0724 index 0000000..5df16bb
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -0,0 +1,87 @@ @@ -0,0 +1,110 @@
+#!/usr/bin/env python +#!/usr/bin/env python
+ +
+# Author: Thomas Liu <tliu@redhat.com> +# Author: Thomas Liu <tliu@redhat.com>
@ -342263,12 +342278,16 @@ index 0000000..22c0724
+ dict_list = _policy.info(setype, name) + dict_list = _policy.info(setype, name)
+ return dict_list + return dict_list
+ +
+def _gen_boolens_dict(): +booleans_dict = None
+def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
+ global booleans_dict
+ if booleans_dict:
+ return booleans_dict
+ import xml.etree.ElementTree + import xml.etree.ElementTree
+ import re + import re
+ booleans_dict = {} + booleans_dict = {}
+ try: + try:
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") + tree = xml.etree.ElementTree.parse(path)
+ for l in tree.findall("layer"): + for l in tree.findall("layer"):
+ for m in l.findall("module"): + for m in l.findall("module"):
+ for b in m.findall("tunable"): + for b in m.findall("tunable"):
@ -342290,7 +342309,26 @@ index 0000000..22c0724
+ except IOError, e: + except IOError, e:
+ pass + pass
+ return booleans_dict + return booleans_dict
+booleans_dict = _gen_boolens_dict() +
+def get_os_version():
+ os_version = ""
+ pkg_name = "selinux-policy"
+ try:
+ import commands
+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
+ if rc == 0:
+ os_version = output.split(".")[-2]
+ except:
+ os_version = ""
+
+ if os_version[0:2] == "fc":
+ os_version = "Fedora"+os_version[2:]
+ elif os_version[0:2] == "el":
+ os_version = "RHEL"+os_version[2:]
+ else:
+ os_version = ""
+
+ return os_version
diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py
new file mode 100644 new file mode 100644
index 0000000..c23cb11 index 0000000..c23cb11
@ -343686,10 +343724,10 @@ index 0000000..93b0762
+ return out + return out
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
new file mode 100755 new file mode 100755
index 0000000..e3f9b70 index 0000000..82e6388
--- /dev/null --- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -0,0 +1,1297 @@ @@ -0,0 +1,1351 @@
+#! /usr/bin/python -Es +#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat +# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh@redhat.com> +# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -343714,24 +343752,29 @@ index 0000000..e3f9b70
+# 02111-1307 USA +# 02111-1307 USA
+# +#
+# +#
+__all__ = [ 'ManPage', 'HTMLManPages', 'domains', 'manpage_domains', 'manpage_roles', 'os_version' ] +__all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
+ +
+import string +import string
+import argparse +import argparse
+from sepolicy import network, booleans_dict
+import selinux +import selinux
+import sepolicy +import sepolicy
+from sepolicy import network, gen_bool_dict
+
+import commands +import commands
+import sys, os, re, time +import sys, os, re, time
+ +
+equiv_dict={ "smbd" : ( "samba" ), "httpd" : ( "apache" ), "virtd" : ( "virt", "libvirt" ) } +equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt" ], "named" : [ "bind" ] }
+ +
+modules_dict = None +modules_dict = None
+def _gen_modules_dict(): +def gen_modules_dict(path = "/usr/share/selinux/devel/policy.xml"):
+ global modules_dict
+ if modules_dict:
+ return modules_dict
+
+ import xml.etree.ElementTree + import xml.etree.ElementTree
+ modules_dict = {} + modules_dict = {}
+ try: + try:
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") + tree = xml.etree.ElementTree.parse(path)
+ for l in tree.findall("layer"): + for l in tree.findall("layer"):
+ for m in l.findall("module"): + for m in l.findall("module"):
+ name = m.get("name") + name = m.get("name")
@ -343747,16 +343790,71 @@ index 0000000..e3f9b70
+ pass + pass
+ return modules_dict + return modules_dict
+ +
+all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE)) +all_attributes = None
+entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"] +def get_all_attributes():
+alldomains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"] + global all_attributes
+ if not all_attributes:
+ all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
+ return all_attributes
+ +
+def _gen_fcdict(): +all_entrypoints = None
+ fc_path = selinux.selinux_file_context_path() +def get_entrypoints():
+ fd = open(selinux.selinux_file_context_path(), "r") + global all_entrypoints
+ if not all_entrypoints:
+ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
+ return all_entrypoints
+
+all_domains = None
+def get_all_domains():
+ global all_domains
+ if not all_domains:
+ all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
+ return all_domains
+
+roles = None
+def get_all_roles():
+ global roles
+ if roles:
+ return roles
+ roles = []
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
+ for r in allroles:
+ if r not in [ "system_r", "object_r" ]:
+ roles.append(r[:-2])
+ return roles
+
+domains = None
+def gen_domains():
+ global domains
+ if domains:
+ return domains
+ domains = []
+ for d in get_all_domains():
+ found = False
+ domain = d[:-2]
+ if domain + "_exec_t" not in get_entrypoints():
+ continue
+ if domain in domains:
+ continue
+ domains.append(domain)
+
+ for role in get_all_roles():
+ if role in domains:
+ continue
+ domains.append(role)
+
+ domains.sort()
+ return domains
+
+fcdict=None
+def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
+ global fcdict
+ if fcdict:
+ return fcdict
+ fd = open(fc_path, "r")
+ fc = fd.readlines() + fc = fd.readlines()
+ fd.close() + fd.close()
+ fd = open(selinux.selinux_file_context_path()+".homedirs", "r") + fd = open(fc_path+".homedirs", "r")
+ fc += fd.readlines() + fc += fd.readlines()
+ fd.close() + fd.close()
+ fcdict = {} + fcdict = {}
@ -343780,9 +343878,12 @@ index 0000000..e3f9b70
+ fcdict["file_type"] = [ "all files on the system" ] + fcdict["file_type"] = [ "all files on the system" ]
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ] + fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
+ return fcdict + return fcdict
+fcdict = _gen_fcdict()
+ +
+def _gen_role_allows(): +role_allows = None
+def get_all_role_allows():
+ global role_allows
+ if role_allows:
+ return role_allows
+ role_allows = {} + role_allows = {}
+ for r in sepolicy.search([sepolicy.ROLE_ALLOW]): + for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
+ if r["source"] == "system_r" or r["target"] == "system_r": + if r["source"] == "system_r" or r["target"] == "system_r":
@ -343793,40 +343894,13 @@ index 0000000..e3f9b70
+ role_allows[r["source"]] = [ r["target"] ] + role_allows[r["source"]] = [ r["target"] ]
+ +
+ return role_allows + return role_allows
+role_allows = _gen_role_allows()
+ +
+def _gen_roles(): +users = None
+ roles = [] +def get_all_users():
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE)) + global users
+ for r in allroles: + if users:
+ if r not in [ "system_r", "object_r" ]: + return users
+ roles.append(r[:-2])
+ return roles
+ +
+roles = _gen_roles()
+
+def _gen_domains():
+ domains = []
+ for d in alldomains:
+ found = False
+ domain = d[:-2]
+ if domain + "_exec_t" not in entrypoints:
+ continue
+ if domain in domains:
+ continue
+ domains.append(domain)
+
+ for role in roles:
+ if role in domains:
+ continue
+ domains.append(role)
+
+ domains.sort()
+ return domains
+
+domains = _gen_domains()
+
+def _gen_users():
+ users = [] + users = []
+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER)) + allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
+ for u in allusers: + for u in allusers:
@ -343835,9 +343909,11 @@ index 0000000..e3f9b70
+ users.sort() + users.sort()
+ return users + return users
+ +
+users = _gen_users() +types = None
+
+def _gen_types(): +def _gen_types():
+ global types
+ if types:
+ return types
+ all_types = sepolicy.info(sepolicy.TYPE) + all_types = sepolicy.info(sepolicy.TYPE)
+ types = {} + types = {}
+ for rec in all_types: + for rec in all_types:
@ -343847,50 +343923,37 @@ index 0000000..e3f9b70
+ types[rec["name"]] = [] + types[rec["name"]] = []
+ return types + return types
+ +
+types = _gen_types() +file_types = None
+ +def get_all_file_types():
+def _gen_file_types(): + global file_types
+ if file_types:
+ return file_types
+ file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"] + file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
+ file_types.sort() + file_types.sort()
+ return file_types + return file_types
+file_types = _gen_file_types()
+ +
+def _gen_port_types(): +port_types = None
+def get_all_port_types():
+ global port_types
+ if port_types:
+ return port_types
+ port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"] + port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
+ port_types.sort() + port_types.sort()
+ return port_types + return port_types
+port_types = _gen_port_types()
+ +
+portrecs = network.portrecs
+files_dict = {} +files_dict = {}
+bools = sepolicy.info(sepolicy.BOOLEAN) +
+bools = None
+def get_all_bools():
+ global bools
+ if not bools:
+ bools = sepolicy.info(sepolicy.BOOLEAN)
+ return bools
+ +
+def prettyprint(f,trim): +def prettyprint(f,trim):
+ return " ".join(f[:-len(trim)].split("_")) + return " ".join(f[:-len(trim)].split("_"))
+ +
+def _get_os_version():
+ os_version = ""
+ pkg_name = "selinux-policy"
+ try:
+ import commands
+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
+ if rc == 0:
+ os_version = output.split(".")[-2]
+ except:
+ os_version = ""
+
+ if os_version[0:2] == "fc":
+ os_version = "Fedora"+os_version[2:]
+ elif os_version[0:2] == "el":
+ os_version = "RHEL"+os_version[2:]
+ else:
+ os_version = ""
+
+ return os_version
+
+
+# for HTML man pages +# for HTML man pages
+os_version = _get_os_version()
+manpage_domains = [] +manpage_domains = []
+manpage_roles = [] +manpage_roles = []
+ +
@ -343925,7 +343988,6 @@ index 0000000..e3f9b70
+ """ + """
+ +
+ def __init__(self, manpage_roles, manpage_domains, path, os_version): + def __init__(self, manpage_roles, manpage_domains, path, os_version):
+
+ self.manpage_roles = get_alphabet_manpages(manpage_roles) + self.manpage_roles = get_alphabet_manpages(manpage_roles)
+ self.manpage_domains = get_alphabet_manpages(manpage_domains) + self.manpage_domains = get_alphabet_manpages(manpage_domains)
+ self.os_version = os_version + self.os_version = os_version
@ -343971,7 +344033,7 @@ index 0000000..e3f9b70
+<body> +<body>
+<h1>SELinux man pages</h1> +<h1>SELinux man pages</h1>
+<br></br> +<br></br>
+The following links contain SELinux man pages for particular either Fedora or Red Hat Enterprise Linux releases.</h2> +Fedora or Red Hat Enterprise Linux Man Pages.</h2>
+<br></br> +<br></br>
+<hr> +<hr>
+<h3>Fedora</h3> +<h3>Fedora</h3>
@ -344143,22 +344205,53 @@ index 0000000..e3f9b70
+ """ + """
+ Generate a Manpage on an SELinux domain in the specified path + Generate a Manpage on an SELinux domain in the specified path
+ """ + """
+ all_attributes = get_all_attributes()
+ all_domains = get_all_domains()
+ all_bools = get_all_bools()
+ all_port_types = get_all_port_types()
+ all_roles = get_all_roles()
+ all_users = get_all_users()
+ all_file_types = get_all_file_types()
+ types = _gen_types()
+ modules_dict = None
+ domains = gen_domains()
+ role_allows = get_all_role_allows()
+
+ def __init__(self, domainname, path = "/tmp", html = False): + def __init__(self, domainname, path = "/tmp", html = False):
+ self.html = html + self.html = html
+ self.portrecs = network.portrecs
+
+ fcpath = path + "/file_contexts"
+ if os.path.exists(fcpath):
+ self.fcpath = fcpath
+ else:
+ self.fcpath = selinux.selinux_file_context_path()
+ self.fcdict = _gen_fcdict(self.fcpath)
+
+ if not os.path.exists(path):
+ os.makedirs(path)
+ self.path = path + self.path = path
+
+ xmlpath = path + "/policy.xml"
+ if os.path.exists(xmlpath):
+ self.xmlpath = xmlpath
+ else:
+ self.xmlpath = "/usr/share/selinux/devel/policy.xml"
+ self.booleans_dict = gen_bool_dict(self.xmlpath)
+
+ if domainname.endswith("_t"): + if domainname.endswith("_t"):
+ self.domainname = domainname[:-2] + self.domainname = domainname[:-2]
+ else: + else:
+ self.domainname = domainname + self.domainname = domainname
+ +
+ if self.domainname + "_t" not in alldomains: + if self.domainname + "_t" not in self.all_domains:
+ raise ValueError("domain %s_t does not exist" % self.domainname) + raise ValueError("domain %s_t does not exist" % self.domainname)
+ self.short_name = self.domainname + self.short_name = self.domainname
+ +
+ self.type = self.domainname + "_t" + self.type = self.domainname + "_t"
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname) + self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
+ self.fd = open(self.man_page_path, 'w') + self.fd = open(self.man_page_path, 'w')
+ if domainname in roles: + if domainname in self.all_roles:
+ self.__gen_user_man_page() + self.__gen_user_man_page()
+ if self.html: + if self.html:
+ manpage_roles.append(self.man_page_path) + manpage_roles.append(self.man_page_path)
@ -344178,16 +344271,15 @@ index 0000000..e3f9b70
+ +
+ def __gen_user_man_page(self): + def __gen_user_man_page(self):
+ self.role = self.domainname + "_r" + self.role = self.domainname + "_r"
+ global modules_dict + if not self.modules_dict:
+ if not modules_dict: + self.modules_dict = gen_modules_dict(self.xmlpath)
+ modules_dict = _gen_modules_dict()
+ +
+ try: + try:
+ self.desc = modules_dict[self.domainname] + self.desc = self.modules_dict[self.domainname]
+ except: + except:
+ self.desc = "%s user role" % self.domainname + self.desc = "%s user role" % self.domainname
+ +
+ if self.domainname in users: + if self.domainname in self.all_users:
+ self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"] + self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"]
+ self._user_header() + self._user_header()
+ self._user_attribute() + self._user_attribute()
@ -344239,7 +344331,7 @@ index 0000000..e3f9b70
+ self._footer() + self._footer()
+ +
+ def _get_ptypes(self): + def _get_ptypes(self):
+ for f in alldomains: + for f in self.all_domains:
+ if f.startswith(self.short_name): + if f.startswith(self.short_name):
+ self.ptypes.append(f) + self.ptypes.append(f)
+ +
@ -344364,15 +344456,15 @@ index 0000000..e3f9b70
+ +
+ def _gen_bool_text(self, name): + def _gen_bool_text(self, name):
+ booltext = "" + booltext = ""
+ for bdict in bools: + for bdict in self.all_bools:
+ b = bdict['name'] + b = bdict['name']
+ if b.find(name) >= 0: + if b.find(name) >= 0:
+ if b.endswith("anon_write"): + if b.endswith("anon_write"):
+ self.anon_list.append(b) + self.anon_list.append(b)
+ else: + else:
+ if b not in booleans_dict: + if b not in self.booleans_dict:
+ continue + continue
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:] + desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+ if desc[-1] == ".": + if desc[-1] == ".":
+ desc = desc[:-1] + desc = desc[:-1]
+ booltext += """ + booltext += """
@ -344390,15 +344482,15 @@ index 0000000..e3f9b70
+ for alias in equiv_dict[self.domainname]: + for alias in equiv_dict[self.domainname]:
+ self.booltext += self._gen_bool_text(alias) + self.booltext += self._gen_bool_text(alias)
+ +
+ for bdict in bools: + for bdict in self.all_bools:
+ b = bdict['name'] + b = bdict['name']
+ if b.find(self.short_name) >= 0: + if b.find(self.short_name) >= 0:
+ if b.endswith("anon_write"): + if b.endswith("anon_write"):
+ self.anon_list.append(b) + self.anon_list.append(b)
+ else: + else:
+ if b not in booleans_dict: + if b not in self.booleans_dict:
+ continue + continue
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:] + desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+ if desc[-1] == ".": + if desc[-1] == ".":
+ desc = desc[:-1] + desc = desc[:-1]
+ self.booltext += """ + self.booltext += """
@ -344423,7 +344515,7 @@ index 0000000..e3f9b70
+ nsswitch_types = [] + nsswitch_types = []
+ nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled'] + nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled']
+ nsswitchbooltext = "" + nsswitchbooltext = ""
+ if "nsswitch_domain" in all_attributes: + if "nsswitch_domain" in self.all_attributes:
+ self.fd.write(""" + self.fd.write("""
+.SH NSSWITCH DOMAIN +.SH NSSWITCH DOMAIN
+""") +""")
@ -344433,7 +344525,7 @@ index 0000000..e3f9b70
+ +
+ if len(nsswitch_types): + if len(nsswitch_types):
+ for i in nsswitch_booleans: + for i in nsswitch_booleans:
+ desc = booleans_dict[i][2][0].lower() + booleans_dict[i][2][1:-1] + desc = self.booleans_dict[i][2][0].lower() + self.booleans_dict[i][2][1:-1]
+ nsswitchbooltext += """ + nsswitchbooltext += """
+.PP +.PP
+If you want to %s for the %s, you must turn on the %s boolean. +If you want to %s for the %s, you must turn on the %s boolean.
@ -344472,7 +344564,7 @@ index 0000000..e3f9b70
+ +
+ def _port_types(self): + def _port_types(self):
+ self.ports = [] + self.ports = []
+ for f in port_types: + for f in self.all_port_types:
+ if f.startswith(self.short_name): + if f.startswith(self.short_name):
+ self.ports.append(f) + self.ports.append(f)
+ +
@ -344503,7 +344595,7 @@ index 0000000..e3f9b70
+""" % p) +""" % p)
+ once = True + once = True
+ for prot in ( "tcp", "udp" ): + for prot in ( "tcp", "udp" ):
+ if (p,prot) in portrecs: + if (p,prot) in self.portrecs:
+ if once: + if once:
+ self.fd.write(""" + self.fd.write("""
+ +
@ -344511,7 +344603,7 @@ index 0000000..e3f9b70
+ once = False + once = False
+ self.fd.write(r""" + self.fd.write(r"""
+%s %s +%s %s
+.EE""" % (prot, ",".join(portrecs[(p,prot)]))) +.EE""" % (prot, ",".join(self.portrecs[(p,prot)])))
+ +
+ def _file_context(self): + def _file_context(self):
+ self.fd.write(r""" + self.fd.write(r"""
@ -344525,7 +344617,7 @@ index 0000000..e3f9b70
+.PP +.PP
+The following file types are defined for %(domainname)s: +The following file types are defined for %(domainname)s:
+""" % {'domainname':self.domainname}) +""" % {'domainname':self.domainname})
+ for f in file_types: + for f in self.all_file_types:
+ if f.startswith(self.domainname): + if f.startswith(self.domainname):
+ self.fd.write(""" + self.fd.write("""
+ +
@ -344562,7 +344654,7 @@ index 0000000..e3f9b70
+ def _see_also(self): + def _see_also(self):
+ ret = "" + ret = ""
+ prefix = self.short_name.split("_")[0] + prefix = self.short_name.split("_")[0]
+ for d in domains: + for d in self.domains:
+ if d == self.domainname: + if d == self.domainname:
+ continue + continue
+ if d.startswith(prefix): + if d.startswith(prefix):
@ -344594,7 +344686,7 @@ index 0000000..e3f9b70
+ +
+""" % {'domainname':self.domainname}) +""" % {'domainname':self.domainname})
+ for b in self.anon_list: + for b in self.anon_list:
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:] + desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+ self.fd.write(""" + self.fd.write("""
+.PP +.PP
+If you want to %s, you must turn on the %s boolean. +If you want to %s, you must turn on the %s boolean.
@ -344653,7 +344745,7 @@ index 0000000..e3f9b70
+ return False + return False
+ if check.endswith("_t"): + if check.endswith("_t"):
+ for a in attributes: + for a in attributes:
+ if a in types[check]: + if a in self.types[check]:
+ return False + return False
+ return True + return True
+ +
@ -344674,8 +344766,8 @@ index 0000000..e3f9b70
+""" % (self.domainname, entrypoints_str, self.domainname)) +""" % (self.domainname, entrypoints_str, self.domainname))
+ paths=[] + paths=[]
+ for entrypoint in entrypoints: + for entrypoint in entrypoints:
+ if entrypoint in fcdict: + if entrypoint in self.fcdict:
+ paths += fcdict[entrypoint] + paths += self.fcdict[entrypoint]
+ +
+ self.fd.write(""" + self.fd.write("""
+%s""" % ", ".join(paths)) +%s""" % ", ".join(paths))
@ -344714,8 +344806,8 @@ index 0000000..e3f9b70
+.B %s +.B %s
+ +
+""" % f) +""" % f)
+ if f in fcdict: + if f in self.fcdict:
+ for path in fcdict[f]: + for path in self.fcdict[f]:
+ self.fd.write("""\t%s + self.fd.write("""\t%s
+.br +.br
+""" % path) +""" % path)
@ -344757,7 +344849,7 @@ index 0000000..e3f9b70
+ +
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname}) +""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
+ +
+ if "login_userdomain" in self.attributes and "login_userdomain" in all_attributes: + if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
+ self.fd.write(""" + self.fd.write("""
+If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute: +If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute:
+ +
@ -344770,7 +344862,7 @@ index 0000000..e3f9b70
+ self.fd.write(""" + self.fd.write("""
+.SH SUDO +.SH SUDO
+""") +""")
+ if sudotype in types: + if sudotype in self.types:
+ role = self.domainname + "_r" + role = self.domainname + "_r"
+ self.fd.write(""" + self.fd.write("""
+The SELinux user %(user)s can execute sudo. +The SELinux user %(user)s can execute sudo.
@ -344780,7 +344872,7 @@ index 0000000..e3f9b70
+Add one or more of the following record to sudoers using visudo. +Add one or more of the following record to sudoers using visudo.
+ +
+""" % { 'user':self.domainname } ) +""" % { 'user':self.domainname } )
+ for adminrole in role_allows[role]: + for adminrole in self.role_allows[role]:
+ self.fd.write(""" + self.fd.write("""
+USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND +USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND
+.br +.br
@ -344800,7 +344892,7 @@ index 0000000..e3f9b70
+ +
+For more details you can see semanage man page. +For more details you can see semanage man page.
+ +
+""" % {'user':self.domainname, "roles": " ".join([role] + role_allows[role]) } ) +""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
+ else: + else:
+ self.fd.write(""" + self.fd.write("""
+The SELinux type %s_t is not allowed to execute sudo. +The SELinux type %s_t is not allowed to execute sudo.
@ -344826,7 +344918,7 @@ index 0000000..e3f9b70
+""" % self.domainname) +""" % self.domainname)
+ +
+ def _xwindows_login(self): + def _xwindows_login(self):
+ if "x_domain" in all_attributes: + if "x_domain" in self.all_attributes:
+ self.fd.write(""" + self.fd.write("""
+.SH X WINDOWS LOGIN +.SH X WINDOWS LOGIN
+""") +""")
@ -344840,7 +344932,7 @@ index 0000000..e3f9b70
+""" % self.domainname) +""" % self.domainname)
+ +
+ def _terminal_login(self): + def _terminal_login(self):
+ if "login_userdomain" in all_attributes: + if "login_userdomain" in self.all_attributes:
+ self.fd.write(""" + self.fd.write("""
+.SH TERMINAL LOGIN +.SH TERMINAL LOGIN
+""") +""")
@ -344858,7 +344950,7 @@ index 0000000..e3f9b70
+.SH NETWORK +.SH NETWORK
+""") +""")
+ for net in ("tcp", "udp"): + for net in ("tcp", "udp"):
+ portdict = sepolicy.network.get_network_connect(self.type, net, "name_bind") + portdict = network.get_network_connect(self.type, net, "name_bind")
+ if len(portdict) > 0: + if len(portdict) > 0:
+ self.fd.write(""" + self.fd.write("""
+.TP +.TP
@ -344969,8 +345061,8 @@ index 0000000..e3f9b70
+ +
+""" % {'desc': self.desc, 'user':self.domainname}) +""" % {'desc': self.desc, 'user':self.domainname})
+ troles = [] + troles = []
+ for i in role_allows: + for i in self.role_allows:
+ if self.domainname +"_r" in role_allows[i]: + if self.domainname +"_r" in self.role_allows[i]:
+ troles.append(i) + troles.append(i)
+ if len(troles) > 0: + if len(troles) > 0:
+ plural = "" + plural = ""

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.13 Version: 2.1.13
Release: 23%{?dist} Release: 24%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -329,6 +329,11 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23 * Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
- Fix some build problems in sepolicy manpage and sepolicy transition - Fix some build problems in sepolicy manpage and sepolicy transition