Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as I pull the policy, policy.xml and file_contexts and file_contexts.homedir
This commit is contained in:
parent
1cc95772be
commit
cc08d7735b
@ -341404,10 +341404,10 @@ index 0000000..c1d9411
|
|||||||
+}
|
+}
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..c574a46
|
index 0000000..d7cd4dc
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||||
@@ -0,0 +1,139 @@
|
@@ -0,0 +1,147 @@
|
||||||
+# This file is part of systemd.
|
+# This file is part of systemd.
|
||||||
+#
|
+#
|
||||||
+# Copyright 2011 Dan Walsh
|
+# Copyright 2011 Dan Walsh
|
||||||
@ -341473,7 +341473,7 @@ index 0000000..c574a46
|
|||||||
+
|
+
|
||||||
+ COMMONOPTS='-P --policy -h --help'
|
+ COMMONOPTS='-P --policy -h --help'
|
||||||
+ local -A OPTS=(
|
+ local -A OPTS=(
|
||||||
+ [manpage]='-h --help -p --path -a -all -d --domain -w --web'
|
+ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
|
||||||
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
|
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
|
||||||
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
|
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
|
||||||
+ [transition]='-h --help -s --source -t --target'
|
+ [transition]='-h --help -s --source -t --target'
|
||||||
@ -341489,11 +341489,19 @@ index 0000000..c574a46
|
|||||||
+ done
|
+ done
|
||||||
+
|
+
|
||||||
+ if [[ -z $verb ]]; then
|
+ if [[ -z $verb ]]; then
|
||||||
|
+ if [ "$prev" = "-P" -o "$prev" = "--policy" ]; then
|
||||||
|
+ COMPREPLY=( $( compgen -f -- "$cur") )
|
||||||
|
+ compopt -o filenames
|
||||||
|
+ return 0
|
||||||
|
+ else
|
||||||
+ comps="${VERBS[*]} ${COMMONOPTS}"
|
+ comps="${VERBS[*]} ${COMMONOPTS}"
|
||||||
|
+ fi
|
||||||
+ elif [ "$verb" = "manpage" ]; then
|
+ elif [ "$verb" = "manpage" ]; then
|
||||||
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
|
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
|
||||||
+ COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
|
+ COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
|
||||||
+ return 0
|
+ return 0
|
||||||
|
+ elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
|
||||||
|
+ return 0
|
||||||
+ elif test "$prev" = "-p" || test "$prev" = "--path" ; then
|
+ elif test "$prev" = "-p" || test "$prev" = "--path" ; then
|
||||||
+ COMPREPLY=( $( compgen -d -- "$cur") )
|
+ COMPREPLY=( $( compgen -d -- "$cur") )
|
||||||
+ compopt -o filenames
|
+ compopt -o filenames
|
||||||
@ -341891,10 +341899,10 @@ index 0000000..2e0163b
|
|||||||
+selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8)
|
+selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
||||||
new file mode 100755
|
new file mode 100755
|
||||||
index 0000000..9f96fd5
|
index 0000000..eee20af
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy.py
|
+++ b/policycoreutils/sepolicy/sepolicy.py
|
||||||
@@ -0,0 +1,303 @@
|
@@ -0,0 +1,310 @@
|
||||||
+#! /usr/bin/python -Es
|
+#! /usr/bin/python -Es
|
||||||
+# Copyright (C) 2012 Red Hat
|
+# Copyright (C) 2012 Red Hat
|
||||||
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||||
@ -341981,11 +341989,11 @@ index 0000000..9f96fd5
|
|||||||
+ _print_net(d, net, "name_bind")
|
+ _print_net(d, net, "name_bind")
|
||||||
+
|
+
|
||||||
+def manpage(args):
|
+def manpage(args):
|
||||||
+ from sepolicy.manpage import ManPage, HTMLManPages, domains, manpage_domains, manpage_roles, os_version
|
+ from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
|
||||||
+
|
+
|
||||||
+ path = args.path
|
+ path = args.path
|
||||||
+ if args.all:
|
+ if args.all:
|
||||||
+ test_domains = domains
|
+ test_domains = gen_domains()
|
||||||
+ else:
|
+ else:
|
||||||
+ test_domains = args.domain
|
+ test_domains = args.domain
|
||||||
+
|
+
|
||||||
@ -341994,7 +342002,7 @@ index 0000000..9f96fd5
|
|||||||
+ print m.get_man_page_path()
|
+ print m.get_man_page_path()
|
||||||
+
|
+
|
||||||
+ if args.web:
|
+ if args.web:
|
||||||
+ HTMLManPages(manpage_roles, manpage_domains, path, os_version)
|
+ HTMLManPages(manpage_roles, manpage_domains, path, args.os)
|
||||||
+
|
+
|
||||||
+class CheckPath(argparse.Action):
|
+class CheckPath(argparse.Action):
|
||||||
+ def __call__(self, parser, namespace, values, option_string=None):
|
+ def __call__(self, parser, namespace, values, option_string=None):
|
||||||
@ -342007,8 +342015,9 @@ index 0000000..9f96fd5
|
|||||||
+ help=_('Generate SELinux man pages'))
|
+ help=_('Generate SELinux man pages'))
|
||||||
+
|
+
|
||||||
+ man.add_argument("-p", "--path", dest="path", default="/tmp",
|
+ man.add_argument("-p", "--path", dest="path", default="/tmp",
|
||||||
+ action=CheckPath,
|
|
||||||
+ help=_("path in which the generated SELinux man pages will be stored"))
|
+ help=_("path in which the generated SELinux man pages will be stored"))
|
||||||
|
+ man.add_argument("-o", "--os", dest="os", default=sepolicy.get_os_version(),
|
||||||
|
+ help=_("name of the OS for man pages"))
|
||||||
+ man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
|
+ man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
|
||||||
+ help=_("Generate HTML man pages structure for selected SELinux man page"))
|
+ help=_("Generate HTML man pages structure for selected SELinux man page"))
|
||||||
+ group = man.add_mutually_exclusive_group(required=True)
|
+ group = man.add_mutually_exclusive_group(required=True)
|
||||||
@ -342053,6 +342062,11 @@ index 0000000..9f96fd5
|
|||||||
+ newval.append(v)
|
+ newval.append(v)
|
||||||
+ setattr(namespace, self.dest, values)
|
+ setattr(namespace, self.dest, values)
|
||||||
+
|
+
|
||||||
|
+class LoadPolicy(argparse.Action):
|
||||||
|
+ def __call__(self, parser, namespace, values, option_string=None):
|
||||||
|
+ sepolicy.policy(values)
|
||||||
|
+ setattr(namespace, self.dest, values)
|
||||||
|
+
|
||||||
+class CheckPolicyType(argparse.Action):
|
+class CheckPolicyType(argparse.Action):
|
||||||
+ def __call__(self, parser, namespace, values, option_string=None):
|
+ def __call__(self, parser, namespace, values, option_string=None):
|
||||||
+ from sepolicy.generate import get_poltype_desc, poltype
|
+ from sepolicy.generate import get_poltype_desc, poltype
|
||||||
@ -342181,6 +342195,7 @@ index 0000000..9f96fd5
|
|||||||
+ parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool')
|
+ parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool')
|
||||||
+ subparsers = parser.add_subparsers(help=_("commands"))
|
+ subparsers = parser.add_subparsers(help=_("commands"))
|
||||||
+ parser.add_argument("-P", "--policy", dest="policy",
|
+ parser.add_argument("-P", "--policy", dest="policy",
|
||||||
|
+ action=LoadPolicy,
|
||||||
+ default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy"))
|
+ default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy"))
|
||||||
+ gen_manpage_args(subparsers)
|
+ gen_manpage_args(subparsers)
|
||||||
+ gen_network_args(subparsers)
|
+ gen_network_args(subparsers)
|
||||||
@ -342191,19 +342206,19 @@ index 0000000..9f96fd5
|
|||||||
+
|
+
|
||||||
+ try:
|
+ try:
|
||||||
+ args = parser.parse_args()
|
+ args = parser.parse_args()
|
||||||
+ if args.policy:
|
|
||||||
+ sepolicy.policy(args.policy)
|
|
||||||
+ args.func(args)
|
+ args.func(args)
|
||||||
+ sys.exit(0)
|
+ sys.exit(0)
|
||||||
+ except ValueError,e:
|
+ except ValueError,e:
|
||||||
+ sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e)))
|
+ sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e)))
|
||||||
+ sys.exit(1)
|
+ sys.exit(1)
|
||||||
|
+ except KeyboardInterrupt:
|
||||||
|
+ sys.exit(0)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..22c0724
|
index 0000000..5df16bb
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
@@ -0,0 +1,87 @@
|
@@ -0,0 +1,110 @@
|
||||||
+#!/usr/bin/env python
|
+#!/usr/bin/env python
|
||||||
+
|
+
|
||||||
+# Author: Thomas Liu <tliu@redhat.com>
|
+# Author: Thomas Liu <tliu@redhat.com>
|
||||||
@ -342263,12 +342278,16 @@ index 0000000..22c0724
|
|||||||
+ dict_list = _policy.info(setype, name)
|
+ dict_list = _policy.info(setype, name)
|
||||||
+ return dict_list
|
+ return dict_list
|
||||||
+
|
+
|
||||||
+def _gen_boolens_dict():
|
+booleans_dict = None
|
||||||
|
+def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||||
|
+ global booleans_dict
|
||||||
|
+ if booleans_dict:
|
||||||
|
+ return booleans_dict
|
||||||
+ import xml.etree.ElementTree
|
+ import xml.etree.ElementTree
|
||||||
+ import re
|
+ import re
|
||||||
+ booleans_dict = {}
|
+ booleans_dict = {}
|
||||||
+ try:
|
+ try:
|
||||||
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
|
+ tree = xml.etree.ElementTree.parse(path)
|
||||||
+ for l in tree.findall("layer"):
|
+ for l in tree.findall("layer"):
|
||||||
+ for m in l.findall("module"):
|
+ for m in l.findall("module"):
|
||||||
+ for b in m.findall("tunable"):
|
+ for b in m.findall("tunable"):
|
||||||
@ -342290,7 +342309,26 @@ index 0000000..22c0724
|
|||||||
+ except IOError, e:
|
+ except IOError, e:
|
||||||
+ pass
|
+ pass
|
||||||
+ return booleans_dict
|
+ return booleans_dict
|
||||||
+booleans_dict = _gen_boolens_dict()
|
+
|
||||||
|
+def get_os_version():
|
||||||
|
+ os_version = ""
|
||||||
|
+ pkg_name = "selinux-policy"
|
||||||
|
+ try:
|
||||||
|
+ import commands
|
||||||
|
+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
|
||||||
|
+ if rc == 0:
|
||||||
|
+ os_version = output.split(".")[-2]
|
||||||
|
+ except:
|
||||||
|
+ os_version = ""
|
||||||
|
+
|
||||||
|
+ if os_version[0:2] == "fc":
|
||||||
|
+ os_version = "Fedora"+os_version[2:]
|
||||||
|
+ elif os_version[0:2] == "el":
|
||||||
|
+ os_version = "RHEL"+os_version[2:]
|
||||||
|
+ else:
|
||||||
|
+ os_version = ""
|
||||||
|
+
|
||||||
|
+ return os_version
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..c23cb11
|
index 0000000..c23cb11
|
||||||
@ -343686,10 +343724,10 @@ index 0000000..93b0762
|
|||||||
+ return out
|
+ return out
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
new file mode 100755
|
new file mode 100755
|
||||||
index 0000000..e3f9b70
|
index 0000000..82e6388
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||||
@@ -0,0 +1,1297 @@
|
@@ -0,0 +1,1351 @@
|
||||||
+#! /usr/bin/python -Es
|
+#! /usr/bin/python -Es
|
||||||
+# Copyright (C) 2012 Red Hat
|
+# Copyright (C) 2012 Red Hat
|
||||||
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
+# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||||
@ -343714,24 +343752,29 @@ index 0000000..e3f9b70
|
|||||||
+# 02111-1307 USA
|
+# 02111-1307 USA
|
||||||
+#
|
+#
|
||||||
+#
|
+#
|
||||||
+__all__ = [ 'ManPage', 'HTMLManPages', 'domains', 'manpage_domains', 'manpage_roles', 'os_version' ]
|
+__all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
|
||||||
+
|
+
|
||||||
+import string
|
+import string
|
||||||
+import argparse
|
+import argparse
|
||||||
+from sepolicy import network, booleans_dict
|
|
||||||
+import selinux
|
+import selinux
|
||||||
+import sepolicy
|
+import sepolicy
|
||||||
|
+from sepolicy import network, gen_bool_dict
|
||||||
|
+
|
||||||
+import commands
|
+import commands
|
||||||
+import sys, os, re, time
|
+import sys, os, re, time
|
||||||
+
|
+
|
||||||
+equiv_dict={ "smbd" : ( "samba" ), "httpd" : ( "apache" ), "virtd" : ( "virt", "libvirt" ) }
|
+equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt" ], "named" : [ "bind" ] }
|
||||||
+
|
+
|
||||||
+modules_dict = None
|
+modules_dict = None
|
||||||
+def _gen_modules_dict():
|
+def gen_modules_dict(path = "/usr/share/selinux/devel/policy.xml"):
|
||||||
|
+ global modules_dict
|
||||||
|
+ if modules_dict:
|
||||||
|
+ return modules_dict
|
||||||
|
+
|
||||||
+ import xml.etree.ElementTree
|
+ import xml.etree.ElementTree
|
||||||
+ modules_dict = {}
|
+ modules_dict = {}
|
||||||
+ try:
|
+ try:
|
||||||
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
|
+ tree = xml.etree.ElementTree.parse(path)
|
||||||
+ for l in tree.findall("layer"):
|
+ for l in tree.findall("layer"):
|
||||||
+ for m in l.findall("module"):
|
+ for m in l.findall("module"):
|
||||||
+ name = m.get("name")
|
+ name = m.get("name")
|
||||||
@ -343747,16 +343790,71 @@ index 0000000..e3f9b70
|
|||||||
+ pass
|
+ pass
|
||||||
+ return modules_dict
|
+ return modules_dict
|
||||||
+
|
+
|
||||||
+all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
|
+all_attributes = None
|
||||||
+entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
|
+def get_all_attributes():
|
||||||
+alldomains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
|
+ global all_attributes
|
||||||
|
+ if not all_attributes:
|
||||||
|
+ all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
|
||||||
|
+ return all_attributes
|
||||||
+
|
+
|
||||||
+def _gen_fcdict():
|
+all_entrypoints = None
|
||||||
+ fc_path = selinux.selinux_file_context_path()
|
+def get_entrypoints():
|
||||||
+ fd = open(selinux.selinux_file_context_path(), "r")
|
+ global all_entrypoints
|
||||||
|
+ if not all_entrypoints:
|
||||||
|
+ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
|
||||||
|
+ return all_entrypoints
|
||||||
|
+
|
||||||
|
+all_domains = None
|
||||||
|
+def get_all_domains():
|
||||||
|
+ global all_domains
|
||||||
|
+ if not all_domains:
|
||||||
|
+ all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
|
||||||
|
+ return all_domains
|
||||||
|
+
|
||||||
|
+roles = None
|
||||||
|
+def get_all_roles():
|
||||||
|
+ global roles
|
||||||
|
+ if roles:
|
||||||
|
+ return roles
|
||||||
|
+ roles = []
|
||||||
|
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
|
||||||
|
+ for r in allroles:
|
||||||
|
+ if r not in [ "system_r", "object_r" ]:
|
||||||
|
+ roles.append(r[:-2])
|
||||||
|
+ return roles
|
||||||
|
+
|
||||||
|
+domains = None
|
||||||
|
+def gen_domains():
|
||||||
|
+ global domains
|
||||||
|
+ if domains:
|
||||||
|
+ return domains
|
||||||
|
+ domains = []
|
||||||
|
+ for d in get_all_domains():
|
||||||
|
+ found = False
|
||||||
|
+ domain = d[:-2]
|
||||||
|
+ if domain + "_exec_t" not in get_entrypoints():
|
||||||
|
+ continue
|
||||||
|
+ if domain in domains:
|
||||||
|
+ continue
|
||||||
|
+ domains.append(domain)
|
||||||
|
+
|
||||||
|
+ for role in get_all_roles():
|
||||||
|
+ if role in domains:
|
||||||
|
+ continue
|
||||||
|
+ domains.append(role)
|
||||||
|
+
|
||||||
|
+ domains.sort()
|
||||||
|
+ return domains
|
||||||
|
+
|
||||||
|
+fcdict=None
|
||||||
|
+def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
|
||||||
|
+ global fcdict
|
||||||
|
+ if fcdict:
|
||||||
|
+ return fcdict
|
||||||
|
+ fd = open(fc_path, "r")
|
||||||
+ fc = fd.readlines()
|
+ fc = fd.readlines()
|
||||||
+ fd.close()
|
+ fd.close()
|
||||||
+ fd = open(selinux.selinux_file_context_path()+".homedirs", "r")
|
+ fd = open(fc_path+".homedirs", "r")
|
||||||
+ fc += fd.readlines()
|
+ fc += fd.readlines()
|
||||||
+ fd.close()
|
+ fd.close()
|
||||||
+ fcdict = {}
|
+ fcdict = {}
|
||||||
@ -343780,9 +343878,12 @@ index 0000000..e3f9b70
|
|||||||
+ fcdict["file_type"] = [ "all files on the system" ]
|
+ fcdict["file_type"] = [ "all files on the system" ]
|
||||||
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
|
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
|
||||||
+ return fcdict
|
+ return fcdict
|
||||||
+fcdict = _gen_fcdict()
|
|
||||||
+
|
+
|
||||||
+def _gen_role_allows():
|
+role_allows = None
|
||||||
|
+def get_all_role_allows():
|
||||||
|
+ global role_allows
|
||||||
|
+ if role_allows:
|
||||||
|
+ return role_allows
|
||||||
+ role_allows = {}
|
+ role_allows = {}
|
||||||
+ for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
|
+ for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
|
||||||
+ if r["source"] == "system_r" or r["target"] == "system_r":
|
+ if r["source"] == "system_r" or r["target"] == "system_r":
|
||||||
@ -343793,40 +343894,13 @@ index 0000000..e3f9b70
|
|||||||
+ role_allows[r["source"]] = [ r["target"] ]
|
+ role_allows[r["source"]] = [ r["target"] ]
|
||||||
+
|
+
|
||||||
+ return role_allows
|
+ return role_allows
|
||||||
+role_allows = _gen_role_allows()
|
|
||||||
+
|
+
|
||||||
+def _gen_roles():
|
+users = None
|
||||||
+ roles = []
|
+def get_all_users():
|
||||||
+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
|
+ global users
|
||||||
+ for r in allroles:
|
+ if users:
|
||||||
+ if r not in [ "system_r", "object_r" ]:
|
+ return users
|
||||||
+ roles.append(r[:-2])
|
|
||||||
+ return roles
|
|
||||||
+
|
+
|
||||||
+roles = _gen_roles()
|
|
||||||
+
|
|
||||||
+def _gen_domains():
|
|
||||||
+ domains = []
|
|
||||||
+ for d in alldomains:
|
|
||||||
+ found = False
|
|
||||||
+ domain = d[:-2]
|
|
||||||
+ if domain + "_exec_t" not in entrypoints:
|
|
||||||
+ continue
|
|
||||||
+ if domain in domains:
|
|
||||||
+ continue
|
|
||||||
+ domains.append(domain)
|
|
||||||
+
|
|
||||||
+ for role in roles:
|
|
||||||
+ if role in domains:
|
|
||||||
+ continue
|
|
||||||
+ domains.append(role)
|
|
||||||
+
|
|
||||||
+ domains.sort()
|
|
||||||
+ return domains
|
|
||||||
+
|
|
||||||
+domains = _gen_domains()
|
|
||||||
+
|
|
||||||
+def _gen_users():
|
|
||||||
+ users = []
|
+ users = []
|
||||||
+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
|
+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
|
||||||
+ for u in allusers:
|
+ for u in allusers:
|
||||||
@ -343835,9 +343909,11 @@ index 0000000..e3f9b70
|
|||||||
+ users.sort()
|
+ users.sort()
|
||||||
+ return users
|
+ return users
|
||||||
+
|
+
|
||||||
+users = _gen_users()
|
+types = None
|
||||||
+
|
|
||||||
+def _gen_types():
|
+def _gen_types():
|
||||||
|
+ global types
|
||||||
|
+ if types:
|
||||||
|
+ return types
|
||||||
+ all_types = sepolicy.info(sepolicy.TYPE)
|
+ all_types = sepolicy.info(sepolicy.TYPE)
|
||||||
+ types = {}
|
+ types = {}
|
||||||
+ for rec in all_types:
|
+ for rec in all_types:
|
||||||
@ -343847,50 +343923,37 @@ index 0000000..e3f9b70
|
|||||||
+ types[rec["name"]] = []
|
+ types[rec["name"]] = []
|
||||||
+ return types
|
+ return types
|
||||||
+
|
+
|
||||||
+types = _gen_types()
|
+file_types = None
|
||||||
+
|
+def get_all_file_types():
|
||||||
+def _gen_file_types():
|
+ global file_types
|
||||||
|
+ if file_types:
|
||||||
|
+ return file_types
|
||||||
+ file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
|
+ file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
|
||||||
+ file_types.sort()
|
+ file_types.sort()
|
||||||
+ return file_types
|
+ return file_types
|
||||||
+file_types = _gen_file_types()
|
|
||||||
+
|
+
|
||||||
+def _gen_port_types():
|
+port_types = None
|
||||||
|
+def get_all_port_types():
|
||||||
|
+ global port_types
|
||||||
|
+ if port_types:
|
||||||
|
+ return port_types
|
||||||
+ port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
|
+ port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
|
||||||
+ port_types.sort()
|
+ port_types.sort()
|
||||||
+ return port_types
|
+ return port_types
|
||||||
+port_types = _gen_port_types()
|
|
||||||
+
|
+
|
||||||
+portrecs = network.portrecs
|
|
||||||
+files_dict = {}
|
+files_dict = {}
|
||||||
+bools = sepolicy.info(sepolicy.BOOLEAN)
|
+
|
||||||
|
+bools = None
|
||||||
|
+def get_all_bools():
|
||||||
|
+ global bools
|
||||||
|
+ if not bools:
|
||||||
|
+ bools = sepolicy.info(sepolicy.BOOLEAN)
|
||||||
|
+ return bools
|
||||||
+
|
+
|
||||||
+def prettyprint(f,trim):
|
+def prettyprint(f,trim):
|
||||||
+ return " ".join(f[:-len(trim)].split("_"))
|
+ return " ".join(f[:-len(trim)].split("_"))
|
||||||
+
|
+
|
||||||
+def _get_os_version():
|
|
||||||
+ os_version = ""
|
|
||||||
+ pkg_name = "selinux-policy"
|
|
||||||
+ try:
|
|
||||||
+ import commands
|
|
||||||
+ rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
|
|
||||||
+ if rc == 0:
|
|
||||||
+ os_version = output.split(".")[-2]
|
|
||||||
+ except:
|
|
||||||
+ os_version = ""
|
|
||||||
+
|
|
||||||
+ if os_version[0:2] == "fc":
|
|
||||||
+ os_version = "Fedora"+os_version[2:]
|
|
||||||
+ elif os_version[0:2] == "el":
|
|
||||||
+ os_version = "RHEL"+os_version[2:]
|
|
||||||
+ else:
|
|
||||||
+ os_version = ""
|
|
||||||
+
|
|
||||||
+ return os_version
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+# for HTML man pages
|
+# for HTML man pages
|
||||||
+os_version = _get_os_version()
|
|
||||||
+manpage_domains = []
|
+manpage_domains = []
|
||||||
+manpage_roles = []
|
+manpage_roles = []
|
||||||
+
|
+
|
||||||
@ -343925,7 +343988,6 @@ index 0000000..e3f9b70
|
|||||||
+ """
|
+ """
|
||||||
+
|
+
|
||||||
+ def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
+ def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
||||||
+
|
|
||||||
+ self.manpage_roles = get_alphabet_manpages(manpage_roles)
|
+ self.manpage_roles = get_alphabet_manpages(manpage_roles)
|
||||||
+ self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
+ self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
||||||
+ self.os_version = os_version
|
+ self.os_version = os_version
|
||||||
@ -343971,7 +344033,7 @@ index 0000000..e3f9b70
|
|||||||
+<body>
|
+<body>
|
||||||
+<h1>SELinux man pages</h1>
|
+<h1>SELinux man pages</h1>
|
||||||
+<br></br>
|
+<br></br>
|
||||||
+The following links contain SELinux man pages for particular either Fedora or Red Hat Enterprise Linux releases.</h2>
|
+Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||||
+<br></br>
|
+<br></br>
|
||||||
+<hr>
|
+<hr>
|
||||||
+<h3>Fedora</h3>
|
+<h3>Fedora</h3>
|
||||||
@ -344143,22 +344205,53 @@ index 0000000..e3f9b70
|
|||||||
+ """
|
+ """
|
||||||
+ Generate a Manpage on an SELinux domain in the specified path
|
+ Generate a Manpage on an SELinux domain in the specified path
|
||||||
+ """
|
+ """
|
||||||
|
+ all_attributes = get_all_attributes()
|
||||||
|
+ all_domains = get_all_domains()
|
||||||
|
+ all_bools = get_all_bools()
|
||||||
|
+ all_port_types = get_all_port_types()
|
||||||
|
+ all_roles = get_all_roles()
|
||||||
|
+ all_users = get_all_users()
|
||||||
|
+ all_file_types = get_all_file_types()
|
||||||
|
+ types = _gen_types()
|
||||||
|
+ modules_dict = None
|
||||||
|
+ domains = gen_domains()
|
||||||
|
+ role_allows = get_all_role_allows()
|
||||||
|
+
|
||||||
+ def __init__(self, domainname, path = "/tmp", html = False):
|
+ def __init__(self, domainname, path = "/tmp", html = False):
|
||||||
+ self.html = html
|
+ self.html = html
|
||||||
|
+ self.portrecs = network.portrecs
|
||||||
|
+
|
||||||
|
+ fcpath = path + "/file_contexts"
|
||||||
|
+ if os.path.exists(fcpath):
|
||||||
|
+ self.fcpath = fcpath
|
||||||
|
+ else:
|
||||||
|
+ self.fcpath = selinux.selinux_file_context_path()
|
||||||
|
+ self.fcdict = _gen_fcdict(self.fcpath)
|
||||||
|
+
|
||||||
|
+ if not os.path.exists(path):
|
||||||
|
+ os.makedirs(path)
|
||||||
+ self.path = path
|
+ self.path = path
|
||||||
|
+
|
||||||
|
+ xmlpath = path + "/policy.xml"
|
||||||
|
+ if os.path.exists(xmlpath):
|
||||||
|
+ self.xmlpath = xmlpath
|
||||||
|
+ else:
|
||||||
|
+ self.xmlpath = "/usr/share/selinux/devel/policy.xml"
|
||||||
|
+ self.booleans_dict = gen_bool_dict(self.xmlpath)
|
||||||
|
+
|
||||||
+ if domainname.endswith("_t"):
|
+ if domainname.endswith("_t"):
|
||||||
+ self.domainname = domainname[:-2]
|
+ self.domainname = domainname[:-2]
|
||||||
+ else:
|
+ else:
|
||||||
+ self.domainname = domainname
|
+ self.domainname = domainname
|
||||||
+
|
+
|
||||||
+ if self.domainname + "_t" not in alldomains:
|
+ if self.domainname + "_t" not in self.all_domains:
|
||||||
+ raise ValueError("domain %s_t does not exist" % self.domainname)
|
+ raise ValueError("domain %s_t does not exist" % self.domainname)
|
||||||
+ self.short_name = self.domainname
|
+ self.short_name = self.domainname
|
||||||
+
|
+
|
||||||
+ self.type = self.domainname + "_t"
|
+ self.type = self.domainname + "_t"
|
||||||
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
|
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
|
||||||
+ self.fd = open(self.man_page_path, 'w')
|
+ self.fd = open(self.man_page_path, 'w')
|
||||||
+ if domainname in roles:
|
+ if domainname in self.all_roles:
|
||||||
+ self.__gen_user_man_page()
|
+ self.__gen_user_man_page()
|
||||||
+ if self.html:
|
+ if self.html:
|
||||||
+ manpage_roles.append(self.man_page_path)
|
+ manpage_roles.append(self.man_page_path)
|
||||||
@ -344178,16 +344271,15 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+ def __gen_user_man_page(self):
|
+ def __gen_user_man_page(self):
|
||||||
+ self.role = self.domainname + "_r"
|
+ self.role = self.domainname + "_r"
|
||||||
+ global modules_dict
|
+ if not self.modules_dict:
|
||||||
+ if not modules_dict:
|
+ self.modules_dict = gen_modules_dict(self.xmlpath)
|
||||||
+ modules_dict = _gen_modules_dict()
|
|
||||||
+
|
+
|
||||||
+ try:
|
+ try:
|
||||||
+ self.desc = modules_dict[self.domainname]
|
+ self.desc = self.modules_dict[self.domainname]
|
||||||
+ except:
|
+ except:
|
||||||
+ self.desc = "%s user role" % self.domainname
|
+ self.desc = "%s user role" % self.domainname
|
||||||
+
|
+
|
||||||
+ if self.domainname in users:
|
+ if self.domainname in self.all_users:
|
||||||
+ self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"]
|
+ self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"]
|
||||||
+ self._user_header()
|
+ self._user_header()
|
||||||
+ self._user_attribute()
|
+ self._user_attribute()
|
||||||
@ -344239,7 +344331,7 @@ index 0000000..e3f9b70
|
|||||||
+ self._footer()
|
+ self._footer()
|
||||||
+
|
+
|
||||||
+ def _get_ptypes(self):
|
+ def _get_ptypes(self):
|
||||||
+ for f in alldomains:
|
+ for f in self.all_domains:
|
||||||
+ if f.startswith(self.short_name):
|
+ if f.startswith(self.short_name):
|
||||||
+ self.ptypes.append(f)
|
+ self.ptypes.append(f)
|
||||||
+
|
+
|
||||||
@ -344364,15 +344456,15 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+ def _gen_bool_text(self, name):
|
+ def _gen_bool_text(self, name):
|
||||||
+ booltext = ""
|
+ booltext = ""
|
||||||
+ for bdict in bools:
|
+ for bdict in self.all_bools:
|
||||||
+ b = bdict['name']
|
+ b = bdict['name']
|
||||||
+ if b.find(name) >= 0:
|
+ if b.find(name) >= 0:
|
||||||
+ if b.endswith("anon_write"):
|
+ if b.endswith("anon_write"):
|
||||||
+ self.anon_list.append(b)
|
+ self.anon_list.append(b)
|
||||||
+ else:
|
+ else:
|
||||||
+ if b not in booleans_dict:
|
+ if b not in self.booleans_dict:
|
||||||
+ continue
|
+ continue
|
||||||
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
|
+ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
|
||||||
+ if desc[-1] == ".":
|
+ if desc[-1] == ".":
|
||||||
+ desc = desc[:-1]
|
+ desc = desc[:-1]
|
||||||
+ booltext += """
|
+ booltext += """
|
||||||
@ -344390,15 +344482,15 @@ index 0000000..e3f9b70
|
|||||||
+ for alias in equiv_dict[self.domainname]:
|
+ for alias in equiv_dict[self.domainname]:
|
||||||
+ self.booltext += self._gen_bool_text(alias)
|
+ self.booltext += self._gen_bool_text(alias)
|
||||||
+
|
+
|
||||||
+ for bdict in bools:
|
+ for bdict in self.all_bools:
|
||||||
+ b = bdict['name']
|
+ b = bdict['name']
|
||||||
+ if b.find(self.short_name) >= 0:
|
+ if b.find(self.short_name) >= 0:
|
||||||
+ if b.endswith("anon_write"):
|
+ if b.endswith("anon_write"):
|
||||||
+ self.anon_list.append(b)
|
+ self.anon_list.append(b)
|
||||||
+ else:
|
+ else:
|
||||||
+ if b not in booleans_dict:
|
+ if b not in self.booleans_dict:
|
||||||
+ continue
|
+ continue
|
||||||
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
|
+ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
|
||||||
+ if desc[-1] == ".":
|
+ if desc[-1] == ".":
|
||||||
+ desc = desc[:-1]
|
+ desc = desc[:-1]
|
||||||
+ self.booltext += """
|
+ self.booltext += """
|
||||||
@ -344423,7 +344515,7 @@ index 0000000..e3f9b70
|
|||||||
+ nsswitch_types = []
|
+ nsswitch_types = []
|
||||||
+ nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled']
|
+ nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled']
|
||||||
+ nsswitchbooltext = ""
|
+ nsswitchbooltext = ""
|
||||||
+ if "nsswitch_domain" in all_attributes:
|
+ if "nsswitch_domain" in self.all_attributes:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+.SH NSSWITCH DOMAIN
|
+.SH NSSWITCH DOMAIN
|
||||||
+""")
|
+""")
|
||||||
@ -344433,7 +344525,7 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+ if len(nsswitch_types):
|
+ if len(nsswitch_types):
|
||||||
+ for i in nsswitch_booleans:
|
+ for i in nsswitch_booleans:
|
||||||
+ desc = booleans_dict[i][2][0].lower() + booleans_dict[i][2][1:-1]
|
+ desc = self.booleans_dict[i][2][0].lower() + self.booleans_dict[i][2][1:-1]
|
||||||
+ nsswitchbooltext += """
|
+ nsswitchbooltext += """
|
||||||
+.PP
|
+.PP
|
||||||
+If you want to %s for the %s, you must turn on the %s boolean.
|
+If you want to %s for the %s, you must turn on the %s boolean.
|
||||||
@ -344472,7 +344564,7 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+ def _port_types(self):
|
+ def _port_types(self):
|
||||||
+ self.ports = []
|
+ self.ports = []
|
||||||
+ for f in port_types:
|
+ for f in self.all_port_types:
|
||||||
+ if f.startswith(self.short_name):
|
+ if f.startswith(self.short_name):
|
||||||
+ self.ports.append(f)
|
+ self.ports.append(f)
|
||||||
+
|
+
|
||||||
@ -344503,7 +344595,7 @@ index 0000000..e3f9b70
|
|||||||
+""" % p)
|
+""" % p)
|
||||||
+ once = True
|
+ once = True
|
||||||
+ for prot in ( "tcp", "udp" ):
|
+ for prot in ( "tcp", "udp" ):
|
||||||
+ if (p,prot) in portrecs:
|
+ if (p,prot) in self.portrecs:
|
||||||
+ if once:
|
+ if once:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+
|
+
|
||||||
@ -344511,7 +344603,7 @@ index 0000000..e3f9b70
|
|||||||
+ once = False
|
+ once = False
|
||||||
+ self.fd.write(r"""
|
+ self.fd.write(r"""
|
||||||
+%s %s
|
+%s %s
|
||||||
+.EE""" % (prot, ",".join(portrecs[(p,prot)])))
|
+.EE""" % (prot, ",".join(self.portrecs[(p,prot)])))
|
||||||
+
|
+
|
||||||
+ def _file_context(self):
|
+ def _file_context(self):
|
||||||
+ self.fd.write(r"""
|
+ self.fd.write(r"""
|
||||||
@ -344525,7 +344617,7 @@ index 0000000..e3f9b70
|
|||||||
+.PP
|
+.PP
|
||||||
+The following file types are defined for %(domainname)s:
|
+The following file types are defined for %(domainname)s:
|
||||||
+""" % {'domainname':self.domainname})
|
+""" % {'domainname':self.domainname})
|
||||||
+ for f in file_types:
|
+ for f in self.all_file_types:
|
||||||
+ if f.startswith(self.domainname):
|
+ if f.startswith(self.domainname):
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+
|
+
|
||||||
@ -344562,7 +344654,7 @@ index 0000000..e3f9b70
|
|||||||
+ def _see_also(self):
|
+ def _see_also(self):
|
||||||
+ ret = ""
|
+ ret = ""
|
||||||
+ prefix = self.short_name.split("_")[0]
|
+ prefix = self.short_name.split("_")[0]
|
||||||
+ for d in domains:
|
+ for d in self.domains:
|
||||||
+ if d == self.domainname:
|
+ if d == self.domainname:
|
||||||
+ continue
|
+ continue
|
||||||
+ if d.startswith(prefix):
|
+ if d.startswith(prefix):
|
||||||
@ -344594,7 +344686,7 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+""" % {'domainname':self.domainname})
|
+""" % {'domainname':self.domainname})
|
||||||
+ for b in self.anon_list:
|
+ for b in self.anon_list:
|
||||||
+ desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
|
+ desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+.PP
|
+.PP
|
||||||
+If you want to %s, you must turn on the %s boolean.
|
+If you want to %s, you must turn on the %s boolean.
|
||||||
@ -344653,7 +344745,7 @@ index 0000000..e3f9b70
|
|||||||
+ return False
|
+ return False
|
||||||
+ if check.endswith("_t"):
|
+ if check.endswith("_t"):
|
||||||
+ for a in attributes:
|
+ for a in attributes:
|
||||||
+ if a in types[check]:
|
+ if a in self.types[check]:
|
||||||
+ return False
|
+ return False
|
||||||
+ return True
|
+ return True
|
||||||
+
|
+
|
||||||
@ -344674,8 +344766,8 @@ index 0000000..e3f9b70
|
|||||||
+""" % (self.domainname, entrypoints_str, self.domainname))
|
+""" % (self.domainname, entrypoints_str, self.domainname))
|
||||||
+ paths=[]
|
+ paths=[]
|
||||||
+ for entrypoint in entrypoints:
|
+ for entrypoint in entrypoints:
|
||||||
+ if entrypoint in fcdict:
|
+ if entrypoint in self.fcdict:
|
||||||
+ paths += fcdict[entrypoint]
|
+ paths += self.fcdict[entrypoint]
|
||||||
+
|
+
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+%s""" % ", ".join(paths))
|
+%s""" % ", ".join(paths))
|
||||||
@ -344714,8 +344806,8 @@ index 0000000..e3f9b70
|
|||||||
+.B %s
|
+.B %s
|
||||||
+
|
+
|
||||||
+""" % f)
|
+""" % f)
|
||||||
+ if f in fcdict:
|
+ if f in self.fcdict:
|
||||||
+ for path in fcdict[f]:
|
+ for path in self.fcdict[f]:
|
||||||
+ self.fd.write("""\t%s
|
+ self.fd.write("""\t%s
|
||||||
+.br
|
+.br
|
||||||
+""" % path)
|
+""" % path)
|
||||||
@ -344757,7 +344849,7 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
|
+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
|
||||||
+
|
+
|
||||||
+ if "login_userdomain" in self.attributes and "login_userdomain" in all_attributes:
|
+ if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute:
|
+If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute:
|
||||||
+
|
+
|
||||||
@ -344770,7 +344862,7 @@ index 0000000..e3f9b70
|
|||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+.SH SUDO
|
+.SH SUDO
|
||||||
+""")
|
+""")
|
||||||
+ if sudotype in types:
|
+ if sudotype in self.types:
|
||||||
+ role = self.domainname + "_r"
|
+ role = self.domainname + "_r"
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+The SELinux user %(user)s can execute sudo.
|
+The SELinux user %(user)s can execute sudo.
|
||||||
@ -344780,7 +344872,7 @@ index 0000000..e3f9b70
|
|||||||
+Add one or more of the following record to sudoers using visudo.
|
+Add one or more of the following record to sudoers using visudo.
|
||||||
+
|
+
|
||||||
+""" % { 'user':self.domainname } )
|
+""" % { 'user':self.domainname } )
|
||||||
+ for adminrole in role_allows[role]:
|
+ for adminrole in self.role_allows[role]:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND
|
+USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND
|
||||||
+.br
|
+.br
|
||||||
@ -344800,7 +344892,7 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+For more details you can see semanage man page.
|
+For more details you can see semanage man page.
|
||||||
+
|
+
|
||||||
+""" % {'user':self.domainname, "roles": " ".join([role] + role_allows[role]) } )
|
+""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
|
||||||
+ else:
|
+ else:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+The SELinux type %s_t is not allowed to execute sudo.
|
+The SELinux type %s_t is not allowed to execute sudo.
|
||||||
@ -344826,7 +344918,7 @@ index 0000000..e3f9b70
|
|||||||
+""" % self.domainname)
|
+""" % self.domainname)
|
||||||
+
|
+
|
||||||
+ def _xwindows_login(self):
|
+ def _xwindows_login(self):
|
||||||
+ if "x_domain" in all_attributes:
|
+ if "x_domain" in self.all_attributes:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+.SH X WINDOWS LOGIN
|
+.SH X WINDOWS LOGIN
|
||||||
+""")
|
+""")
|
||||||
@ -344840,7 +344932,7 @@ index 0000000..e3f9b70
|
|||||||
+""" % self.domainname)
|
+""" % self.domainname)
|
||||||
+
|
+
|
||||||
+ def _terminal_login(self):
|
+ def _terminal_login(self):
|
||||||
+ if "login_userdomain" in all_attributes:
|
+ if "login_userdomain" in self.all_attributes:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+.SH TERMINAL LOGIN
|
+.SH TERMINAL LOGIN
|
||||||
+""")
|
+""")
|
||||||
@ -344858,7 +344950,7 @@ index 0000000..e3f9b70
|
|||||||
+.SH NETWORK
|
+.SH NETWORK
|
||||||
+""")
|
+""")
|
||||||
+ for net in ("tcp", "udp"):
|
+ for net in ("tcp", "udp"):
|
||||||
+ portdict = sepolicy.network.get_network_connect(self.type, net, "name_bind")
|
+ portdict = network.get_network_connect(self.type, net, "name_bind")
|
||||||
+ if len(portdict) > 0:
|
+ if len(portdict) > 0:
|
||||||
+ self.fd.write("""
|
+ self.fd.write("""
|
||||||
+.TP
|
+.TP
|
||||||
@ -344969,8 +345061,8 @@ index 0000000..e3f9b70
|
|||||||
+
|
+
|
||||||
+""" % {'desc': self.desc, 'user':self.domainname})
|
+""" % {'desc': self.desc, 'user':self.domainname})
|
||||||
+ troles = []
|
+ troles = []
|
||||||
+ for i in role_allows:
|
+ for i in self.role_allows:
|
||||||
+ if self.domainname +"_r" in role_allows[i]:
|
+ if self.domainname +"_r" in self.role_allows[i]:
|
||||||
+ troles.append(i)
|
+ troles.append(i)
|
||||||
+ if len(troles) > 0:
|
+ if len(troles) > 0:
|
||||||
+ plural = ""
|
+ plural = ""
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.13
|
Version: 2.1.13
|
||||||
Release: 23%{?dist}
|
Release: 24%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -329,6 +329,11 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
|
||||||
|
- Fix manpage to generate proper man pages for alternate policy,
|
||||||
|
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
|
||||||
|
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
|
||||||
|
|
||||||
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
|
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
|
||||||
- Fix some build problems in sepolicy manpage and sepolicy transition
|
- Fix some build problems in sepolicy manpage and sepolicy transition
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user