Fix manpage to generate proper man pages for alternate policy,

basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as I pull the policy, policy.xml and file_contexts and file_contexts.homedir
2012-11-03 07:19:34 -04:00 · 2012-11-03 07:19:34 -04:00 · cc08d7735b
commit cc08d7735b
parent 1cc95772be
2 changed files with 233 additions and 136 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -341404,10 +341404,10 @@ index 0000000..c1d9411
 +}
 diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
 new file mode 100644
-index 0000000..c574a46
+index 0000000..d7cd4dc
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
-@@ -0,0 +1,139 @@
+@@ -0,0 +1,147 @@
 +# This file is part of systemd.
 +#
 +# Copyright 2011 Dan Walsh
@ -341473,7 +341473,7 @@ index 0000000..c574a46
 +
 +	COMMONOPTS='-P --policy -h --help'
 +        local -A OPTS=(
-+	       [manpage]='-h --help -p --path -a -all -d --domain -w --web'
+	       [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
 +	       [network]='-h --help -d --domain -l --list -p --port -t --type '
 +	       [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
 +	       [transition]='-h --help -s --source -t --target'
@ -341489,11 +341489,19 @@ index 0000000..c574a46
 +        done
 +
 +        if   [[ -z $verb ]]; then
 +	    if [ "$prev" = "-P" -o "$prev" = "--policy" ]; then
 +		COMPREPLY=( $( compgen -f -- "$cur") )
 +		compopt -o filenames
 +		return 0
 +	    else
 +                comps="${VERBS[*]} ${COMMONOPTS}"
 +	    fi
 +	elif [ "$verb" = "manpage" ]; then
 +	    if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
 +	        COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
 +		return 0
 +	    elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
 +		return 0
 +	    elif test "$prev" = "-p" || test "$prev" = "--path" ; then
 +		COMPREPLY=( $( compgen -d -- "$cur") )
 +		compopt -o filenames
@ -341891,10 +341899,10 @@ index 0000000..2e0163b
 +selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8),  sepolicy-network(8), sepolicy-transition(8)
 diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
 new file mode 100755
-index 0000000..9f96fd5
+index 0000000..eee20af
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -0,0 +1,303 @@
+@@ -0,0 +1,310 @@
 +#! /usr/bin/python -Es
 +# Copyright (C) 2012 Red Hat
 +# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -341981,11 +341989,11 @@ index 0000000..9f96fd5
 +                _print_net(d, net, "name_bind")
 +
 +def manpage(args):
-+    from sepolicy.manpage import ManPage, HTMLManPages, domains, manpage_domains, manpage_roles, os_version
+    from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
 +
 +    path = args.path
 +    if args.all:
-+        test_domains = domains
+        test_domains = gen_domains()
 +    else:
 +        test_domains = args.domain
 +
@ -341994,7 +342002,7 @@ index 0000000..9f96fd5
 +        print m.get_man_page_path()
 +
 +    if args.web:
-+        HTMLManPages(manpage_roles, manpage_domains, path, os_version)
+        HTMLManPages(manpage_roles, manpage_domains, path, args.os)
 +
 +class CheckPath(argparse.Action):
 +    def __call__(self, parser, namespace, values, option_string=None):
@ -342007,8 +342015,9 @@ index 0000000..9f96fd5
 +                                   help=_('Generate SELinux man pages'))
 +
 +        man.add_argument("-p", "--path", dest="path", default="/tmp",
-+                            action=CheckPath,
+                         help=_("path in which the generated SELinux man pages will be stored"))
-+                            help=_("path in which the generated SELinux man pages will be stored"))
+        man.add_argument("-o", "--os", dest="os", default=sepolicy.get_os_version(),
 +                         help=_("name of the OS for man pages"))
 +        man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
 +                                help=_("Generate HTML man pages structure for selected SELinux man page"))
 +        group = man.add_mutually_exclusive_group(required=True)
@ -342053,6 +342062,11 @@ index 0000000..9f96fd5
 +            newval.append(v)
 +        setattr(namespace, self.dest, values)
 +
 +class LoadPolicy(argparse.Action):
 +    def __call__(self, parser, namespace, values, option_string=None):
 +        sepolicy.policy(values)
 +        setattr(namespace, self.dest, values)
 +
 +class CheckPolicyType(argparse.Action):
 +    def __call__(self, parser, namespace, values, option_string=None):
 +        from sepolicy.generate import get_poltype_desc, poltype
@ -342181,6 +342195,7 @@ index 0000000..9f96fd5
 +    parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool')
 +    subparsers = parser.add_subparsers(help=_("commands"))
 +    parser.add_argument("-P", "--policy", dest="policy",
 +                        action=LoadPolicy, 
 +                        default=None, help=_("Alternate SELinux policy, defaults to /sys/fs/selinux/policy"))
 +    gen_manpage_args(subparsers)
 +    gen_network_args(subparsers)
@ -342191,19 +342206,19 @@ index 0000000..9f96fd5
 +
 +    try:
 +        args = parser.parse_args()
 +        if args.policy:
 +            sepolicy.policy(args.policy)
 +        args.func(args)
 +        sys.exit(0)
 +    except ValueError,e:
 +        sys.stderr.write("%s: %s" % (e.__class__.__name__, str(e)))
 +        sys.exit(1)
 +    except KeyboardInterrupt:
 +        sys.exit(0)        
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
 new file mode 100644
-index 0000000..22c0724
+index 0000000..5df16bb
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,110 @@
 +#!/usr/bin/env python
 +
 +# Author: Thomas Liu <tliu@redhat.com>
@ -342263,12 +342278,16 @@ index 0000000..22c0724
 +    dict_list = _policy.info(setype, name)
 +    return dict_list
 +
-+def _gen_boolens_dict():
+booleans_dict = None
 +def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
 +        global booleans_dict
 +        if booleans_dict:
 +            return booleans_dict
 +	import xml.etree.ElementTree
 +	import re
 +	booleans_dict = {}
 +	try:
-+		tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+		tree = xml.etree.ElementTree.parse(path)
 +		for l in  tree.findall("layer"):
 +			for m in  l.findall("module"):
 +				for b in  m.findall("tunable"):
@ -342290,7 +342309,26 @@ index 0000000..22c0724
 +	except IOError, e:
 +		pass
 +	return booleans_dict
-+booleans_dict = _gen_boolens_dict()
+
 +def get_os_version():
 +    os_version = ""
 +    pkg_name = "selinux-policy"
 +    try:
 +	import commands
 +	rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
 +	if rc == 0:
 +	    os_version = output.split(".")[-2]
 +    except:
 +	os_version = ""
 +
 +    if os_version[0:2] == "fc":
 +	os_version = "Fedora"+os_version[2:]
 +    elif os_version[0:2] == "el":
 +	os_version = "RHEL"+os_version[2:]
 +    else:
 +	os_version = ""
 +
 +    return os_version
 diff --git a/policycoreutils/sepolicy/sepolicy/booleans.py b/policycoreutils/sepolicy/sepolicy/booleans.py
 new file mode 100644
 index 0000000..c23cb11
@ -343686,10 +343724,10 @@ index 0000000..93b0762
 +            return out
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
 new file mode 100755
-index 0000000..e3f9b70
+index 0000000..82e6388
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -0,0 +1,1297 @@
+@@ -0,0 +1,1351 @@
 +#! /usr/bin/python -Es
 +# Copyright (C) 2012 Red Hat
 +# AUTHOR: Dan Walsh <dwalsh@redhat.com>
@ -343714,24 +343752,29 @@ index 0000000..e3f9b70
 +#                                        02111-1307  USA
 +#
 +#
-+__all__ = [ 'ManPage', 'HTMLManPages', 'domains', 'manpage_domains', 'manpage_roles', 'os_version' ]
+__all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
 +
 +import string
 +import argparse
 +from sepolicy import network, booleans_dict
 +import selinux
 +import sepolicy
 +from sepolicy import network, gen_bool_dict
 +
 +import commands
 +import sys, os, re, time
 +
-+equiv_dict={ "smbd" : ( "samba" ), "httpd" : ( "apache" ), "virtd" : ( "virt", "libvirt" ) }
+equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt" ], "named" : [ "bind" ] }
 +
 +modules_dict = None
-+def _gen_modules_dict():
+def gen_modules_dict(path = "/usr/share/selinux/devel/policy.xml"):
 +	global modules_dict
 +	if modules_dict:
 +		return modules_dict
 +
 +	import xml.etree.ElementTree
 +	modules_dict = {}
 +	try:
-+		tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+		tree = xml.etree.ElementTree.parse(path)
 +		for l in  tree.findall("layer"):
 +			for m in  l.findall("module"):
 +				name = m.get("name")
@ -343747,16 +343790,71 @@ index 0000000..e3f9b70
 +		pass
 +	return modules_dict
 +
-+all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
+all_attributes = None
-+entrypoints =  sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
+def get_all_attributes():
-+alldomains =  sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
+	global all_attributes
 +	if not all_attributes:
 +		all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
 +	return all_attributes
 +
-+def _gen_fcdict():
+all_entrypoints = None
-+	fc_path = selinux.selinux_file_context_path()
+def get_entrypoints():
-+	fd = open(selinux.selinux_file_context_path(), "r")
+	global all_entrypoints
 +	if not all_entrypoints:
 +		all_entrypoints =  sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
 +	return all_entrypoints
 +
 +all_domains = None
 +def get_all_domains():
 +	global all_domains
 +	if not all_domains:
 +		all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
 +	return all_domains
 +
 +roles = None
 +def get_all_roles():
 +	global roles
 +	if roles:
 +		return roles
 +	roles = []
 +	allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
 +	for r in allroles:
 +		if r not in [ "system_r", "object_r" ]:
 +			roles.append(r[:-2])
 +	return roles
 +
 +domains = None
 +def gen_domains():
 +	global domains
 +	if domains:
 +		return domains
 +        domains = []
 +	for d in get_all_domains():
 +		found = False
 +		domain = d[:-2]
 +		if domain + "_exec_t" not in get_entrypoints():
 +			continue
 +		if domain in domains:
 +			continue
 +		domains.append(domain)
 +
 +	for role in get_all_roles():
 +		if role in domains:
 +			continue
 +		domains.append(role)
 +
 +	domains.sort()
 +	return domains
 +
 +fcdict=None
 +def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
 +	global fcdict
 +	if fcdict:
 +		return fcdict
 +	fd = open(fc_path, "r")
 +	fc = fd.readlines()
 +	fd.close()
-+	fd = open(selinux.selinux_file_context_path()+".homedirs", "r")
+	fd = open(fc_path+".homedirs", "r")
 +	fc += fd.readlines()
 +	fd.close()
 +	fcdict = {}
@ -343780,9 +343878,12 @@ index 0000000..e3f9b70
 +	fcdict["file_type"] = [ "all files on the system" ]
 +	fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
 +	return fcdict
 +fcdict = _gen_fcdict()
 +
-+def _gen_role_allows():
+role_allows = None
 +def get_all_role_allows():
 +	global role_allows
 +	if role_allows:
 +		return role_allows
 +	role_allows = {}
 +	for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
 +		if r["source"] == "system_r" or r["target"] == "system_r":
@ -343793,40 +343894,13 @@ index 0000000..e3f9b70
 +			role_allows[r["source"]] = [ r["target"] ]
 +
 +	return role_allows
 +role_allows = _gen_role_allows()
 +
-+def _gen_roles():
+users = None
-+	roles = []
+def get_all_users():
-+	allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
+	global users
-+	for r in allroles:
+	if users:
-+		if r not in [ "system_r", "object_r" ]:
+		return users
 +			roles.append(r[:-2])
 +	return roles
 +
 +roles = _gen_roles()
 +
 +def _gen_domains():
 +	domains = []
 +	for d in alldomains:
 +		found = False
 +		domain = d[:-2]
 +		if domain + "_exec_t" not in entrypoints:
 +			continue
 +		if domain in domains:
 +			continue
 +		domains.append(domain)
 +
 +	for role in roles:
 +		if role in domains:
 +			continue
 +		domains.append(role)
 +
 +	domains.sort()
 +	return domains
 +
 +domains = _gen_domains()
 +
 +def _gen_users():
 +	users = []
 +	allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
 +	for u in allusers:
@ -343835,9 +343909,11 @@ index 0000000..e3f9b70
 +	users.sort()
 +	return users
 +
-+users = _gen_users()
+types = None
 +
 +def _gen_types():
 +	global types
 +	if types:
 +		return types
 +	all_types =  sepolicy.info(sepolicy.TYPE)
 +	types = {}
 +	for rec in all_types:
@ -343847,50 +343923,37 @@ index 0000000..e3f9b70
 +			types[rec["name"]] = []
 +	return types
 +
-+types = _gen_types()
+file_types = None
-+
+def get_all_file_types():
-+def _gen_file_types():
+	global file_types
 +	if file_types:
 +		return file_types
 +	file_types =  sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
 +	file_types.sort()
 +	return file_types
 +file_types = _gen_file_types()
 +
-+def _gen_port_types():
+port_types = None
 +def get_all_port_types():
 +	global port_types
 +	if port_types:
 +		return port_types
 +	port_types =  sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
 +	port_types.sort()
 +	return port_types
 +port_types = _gen_port_types()
 +
 +portrecs = network.portrecs
 +files_dict = {}
-+bools = sepolicy.info(sepolicy.BOOLEAN)
+
 +bools = None
 +def get_all_bools():
 +	global bools
 +	if not bools:
 +		bools = sepolicy.info(sepolicy.BOOLEAN)
 +	return bools
 +
 +def prettyprint(f,trim):
 +    return " ".join(f[:-len(trim)].split("_"))
 +
 +def _get_os_version():
 +    os_version = ""
 +    pkg_name = "selinux-policy"
 +    try:
 +	import commands
 +	rc, output = commands.getstatusoutput("rpm -q '%s'" % pkg_name)
 +	if rc == 0:
 +	    os_version = output.split(".")[-2]
 +    except:
 +	os_version = ""
 +
 +    if os_version[0:2] == "fc":
 +	os_version = "Fedora"+os_version[2:]
 +    elif os_version[0:2] == "el":
 +	os_version = "RHEL"+os_version[2:]
 +    else:
 +	os_version = ""
 +
 +    return os_version
 +
 +
 +# for HTML man pages
 +os_version = _get_os_version()
 +manpage_domains = []
 +manpage_roles = []
 +
@ -343925,7 +343988,6 @@ index 0000000..e3f9b70
 +	"""
 +
 +	def __init__(self, manpage_roles, manpage_domains, path, os_version):
 +
 +		self.manpage_roles = get_alphabet_manpages(manpage_roles)
 +		self.manpage_domains = get_alphabet_manpages(manpage_domains)
 +		self.os_version = os_version
@ -343971,7 +344033,7 @@ index 0000000..e3f9b70
 +<body>
 +<h1>SELinux man pages</h1>
 +<br></br>
-+The following links contain SELinux man pages for particular either Fedora or Red Hat Enterprise Linux releases.</h2>
+Fedora or Red Hat Enterprise Linux Man Pages.</h2>
 +<br></br>
 +<hr>
 +<h3>Fedora</h3>
@ -344143,22 +344205,53 @@ index 0000000..e3f9b70
 +    """
 +	Generate a Manpage on an SELinux domain in the specified path
 +    """
 +    all_attributes = get_all_attributes()
 +    all_domains = get_all_domains()
 +    all_bools = get_all_bools()
 +    all_port_types = get_all_port_types()
 +    all_roles = get_all_roles()
 +    all_users = get_all_users()
 +    all_file_types = get_all_file_types()
 +    types = _gen_types()
 +    modules_dict = None
 +    domains = gen_domains()
 +    role_allows = get_all_role_allows()
 +
 +    def __init__(self, domainname, path = "/tmp", html = False):
 +	self.html = html
 +	self.portrecs = network.portrecs
 +
 +	fcpath = path + "/file_contexts"
 +	if os.path.exists(fcpath):
 +		self.fcpath = fcpath
 +	else:
 +		self.fcpath = selinux.selinux_file_context_path()
 +	self.fcdict = _gen_fcdict(self.fcpath)
 +
 +	if not os.path.exists(path):
 +		os.makedirs(path)
 +	self.path = path
 +
 +	xmlpath = path + "/policy.xml"
 +	if os.path.exists(xmlpath):
 +		self.xmlpath = xmlpath
 +	else:
 +		self.xmlpath = "/usr/share/selinux/devel/policy.xml"
 +	self.booleans_dict = gen_bool_dict(self.xmlpath)
 +
 +	if domainname.endswith("_t"):
 +		self.domainname = domainname[:-2]
 +	else:
 +		self.domainname = domainname
 +
-+	if self.domainname + "_t" not in alldomains:
+	if self.domainname + "_t" not in self.all_domains:
 +		raise  ValueError("domain %s_t does not exist" % self.domainname)
 +	self.short_name = self.domainname
 +
 +	self.type = self.domainname + "_t"
 +	self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
 +	self.fd = open(self.man_page_path, 'w')
-+	if domainname in roles:
+	if domainname in self.all_roles:
 +	    self.__gen_user_man_page()
 +	    if self.html:
 +		manpage_roles.append(self.man_page_path)
@ -344178,16 +344271,15 @@ index 0000000..e3f9b70
 +
 +    def __gen_user_man_page(self):
 +	self.role = self.domainname + "_r"
-+	global modules_dict
+	if not self.modules_dict:
-+	if not modules_dict:
+		self.modules_dict = gen_modules_dict(self.xmlpath)
 +		modules_dict = _gen_modules_dict()
 +
 +	try:
-+	    self.desc = modules_dict[self.domainname]
+	    self.desc = self.modules_dict[self.domainname]
 +	except:
 +	    self.desc = "%s user role" % self.domainname
 +
-+	if self.domainname in users:
+	if self.domainname in self.all_users:
 +	    self.attributes = sepolicy.info(sepolicy.TYPE,(self.type))[0]["attributes"]
 +	    self._user_header()
 +	    self._user_attribute()
@ -344239,7 +344331,7 @@ index 0000000..e3f9b70
 +	self._footer()
 +
 +    def _get_ptypes(self):
-+	for f in alldomains:
+	for f in self.all_domains:
 +	    if f.startswith(self.short_name):
 +		self.ptypes.append(f)
 +
@ -344364,15 +344456,15 @@ index 0000000..e3f9b70
 +
 +    def _gen_bool_text(self, name):
 +	booltext = ""
-+	for bdict in bools:
+	for bdict in self.all_bools:
 +	    b = bdict['name']
 +	    if b.find(name) >= 0:
 +		if b.endswith("anon_write"):
 +		    self.anon_list.append(b)
 +		else:
-+		    if b not in booleans_dict:
+		    if b not in self.booleans_dict:
 +			    continue
-+		    desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
+		    desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
 +		    if desc[-1] == ".":
 +			desc = desc[:-1]
 +		    booltext += """
@ -344390,15 +344482,15 @@ index 0000000..e3f9b70
 +		for alias in equiv_dict[self.domainname]:
 +			self.booltext += self._gen_bool_text(alias)
 +
-+	for bdict in bools:
+	for bdict in self.all_bools:
 +	    b = bdict['name']
 +	    if b.find(self.short_name) >= 0:
 +		if b.endswith("anon_write"):
 +		    self.anon_list.append(b)
 +		else:
-+		    if b not in booleans_dict:
+		    if b not in self.booleans_dict:
 +			    continue
-+		    desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
+		    desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
 +		    if desc[-1] == ".":
 +			desc = desc[:-1]
 +		    self.booltext += """
@ -344423,7 +344515,7 @@ index 0000000..e3f9b70
 +	nsswitch_types = []
 +	nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'kerberos_enabled']
 +	nsswitchbooltext = ""
-+	if "nsswitch_domain" in all_attributes:
+	if "nsswitch_domain" in self.all_attributes:
 +	    self.fd.write("""
 +.SH NSSWITCH DOMAIN
 +""")
@ -344433,7 +344525,7 @@ index 0000000..e3f9b70
 +
 +	    if len(nsswitch_types):
 +		for i in nsswitch_booleans:
-+		    desc = booleans_dict[i][2][0].lower() + booleans_dict[i][2][1:-1]
+		    desc = self.booleans_dict[i][2][0].lower() + self.booleans_dict[i][2][1:-1]
 +		    nsswitchbooltext += """
 +.PP
 +If you want to %s for the %s, you must turn on the %s boolean.
@ -344472,7 +344564,7 @@ index 0000000..e3f9b70
 +
 +    def _port_types(self):
 +	self.ports = []
-+	for f in port_types:
+	for f in self.all_port_types:
 +	    if f.startswith(self.short_name):
 +		self.ports.append(f)
 +
@ -344503,7 +344595,7 @@ index 0000000..e3f9b70
 +""" % p)
 +	    once = True
 +	    for prot in ( "tcp", "udp" ):
-+	       if (p,prot) in portrecs:
+	       if (p,prot) in self.portrecs:
 +		    if once:
 +			self.fd.write("""
 +
@ -344511,7 +344603,7 @@ index 0000000..e3f9b70
 +		    once = False
 +		    self.fd.write(r"""
 +%s %s
-+.EE""" % (prot, ",".join(portrecs[(p,prot)])))
+.EE""" % (prot, ",".join(self.portrecs[(p,prot)])))
 +
 +    def _file_context(self):
 +	self.fd.write(r"""
@ -344525,7 +344617,7 @@ index 0000000..e3f9b70
 +.PP
 +The following file types are defined for %(domainname)s:
 +""" % {'domainname':self.domainname})
-+	for f in file_types:
+	for f in self.all_file_types:
 +	    if f.startswith(self.domainname):
 +		self.fd.write("""
 +
@ -344562,7 +344654,7 @@ index 0000000..e3f9b70
 +    def _see_also(self):
 +	    ret = ""
 +	    prefix = self.short_name.split("_")[0]
-+	    for d in domains:
+	    for d in self.domains:
 +		    if d == self.domainname:
 +			    continue
 +		    if d.startswith(prefix):
@ -344594,7 +344686,7 @@ index 0000000..e3f9b70
 +
 +"""  % {'domainname':self.domainname})
 +	    for b in self.anon_list:
-+		desc = booleans_dict[b][2][0].lower() + booleans_dict[b][2][1:]
+		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
 +		self.fd.write("""
 +.PP
 +If you want to %s, you must turn on the %s boolean.
@ -344653,7 +344745,7 @@ index 0000000..e3f9b70
 +		    return False
 +	    if check.endswith("_t"):
 +		    for a in attributes:
-+			    if a in types[check]:
+			    if a in self.types[check]:
 +				    return False
 +	    return True
 +
@ -344674,8 +344766,8 @@ index 0000000..e3f9b70
 +"""   %	(self.domainname, entrypoints_str, self.domainname))
 +	paths=[]
 +	for entrypoint in entrypoints:
-+		if entrypoint in fcdict:
+		if entrypoint in self.fcdict:
-+			paths += fcdict[entrypoint]
+			paths += self.fcdict[entrypoint]
 +
 +	self.fd.write("""
 +%s""" % ", ".join(paths))
@ -344714,8 +344806,8 @@ index 0000000..e3f9b70
 +.B %s
 +
 +""" % f)
-+	    if f in fcdict:
+	    if f in self.fcdict:
-+		for path in fcdict[f]:
+		for path in self.fcdict[f]:
 +		    self.fd.write("""\t%s
 +.br
 +""" % path)
@ -344757,7 +344849,7 @@ index 0000000..e3f9b70
 +
 +""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
 +
-+	if "login_userdomain" in self.attributes and "login_userdomain" in all_attributes:
+	if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
 +	    self.fd.write("""
 +If you want to map the one Linux user (joe) to the SELinux user %(user)s, you would execute:
 +
@ -344770,7 +344862,7 @@ index 0000000..e3f9b70
 +	self.fd.write("""
 +.SH SUDO
 +""")
-+	if sudotype in types:
+	if sudotype in self.types:
 +	    role = self.domainname + "_r"
 +	    self.fd.write("""
 +The SELinux user %(user)s can execute sudo.
@ -344780,7 +344872,7 @@ index 0000000..e3f9b70
 +Add one or more of the following record to sudoers using visudo.
 +
 +""" % { 'user':self.domainname } )
-+	    for adminrole in role_allows[role]:
+	    for adminrole in self.role_allows[role]:
 +		self.fd.write("""
 +USERNAME ALL=(ALL) ROLE=%(admin)s_r TYPE=%(admin)s_t COMMAND
 +.br
@ -344800,7 +344892,7 @@ index 0000000..e3f9b70
 +
 +For more details you can see semanage man page.
 +
-+""" % {'user':self.domainname, "roles": " ".join([role] + role_allows[role]) } )
+""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
 +	    else:
 +		self.fd.write("""
 +The SELinux type %s_t is not allowed to execute sudo.
@ -344826,7 +344918,7 @@ index 0000000..e3f9b70
 +""" % self.domainname)
 +
 +    def _xwindows_login(self):
-+	if "x_domain" in all_attributes:
+	if "x_domain" in self.all_attributes:
 +	    self.fd.write("""
 +.SH X WINDOWS LOGIN
 +""")
@ -344840,7 +344932,7 @@ index 0000000..e3f9b70
 +""" % self.domainname)
 +
 +    def _terminal_login(self):
-+	if "login_userdomain" in all_attributes:
+	if "login_userdomain" in self.all_attributes:
 +	    self.fd.write("""
 +.SH TERMINAL LOGIN
 +""")
@ -344858,7 +344950,7 @@ index 0000000..e3f9b70
 +.SH NETWORK
 +""")
 +	for net in ("tcp", "udp"):
-+	    portdict = sepolicy.network.get_network_connect(self.type, net, "name_bind")
+	    portdict = network.get_network_connect(self.type, net, "name_bind")
 +	    if len(portdict) > 0:
 +		self.fd.write("""
 +.TP
@ -344969,8 +345061,8 @@ index 0000000..e3f9b70
 +
 +""" % {'desc': self.desc, 'user':self.domainname})
 +	troles = []
-+	for i in role_allows:
+	for i in self.role_allows:
-+	    if self.domainname +"_r" in role_allows[i]:
+	    if self.domainname +"_r" in self.role_allows[i]:
 +		troles.append(i)
 +	if len(troles) > 0:
 +	    plural = ""
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -329,6 +329,11 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 %changelog
 * Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
 - Fix manpage to generate proper man pages for alternate policy,  
 basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as 
 I pull the policy, policy.xml and file_contexts and file_contexts.homedir
 * Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
 - Fix some build problems in sepolicy manpage and sepolicy transition