From cc5a0e201f40adcb4001ff934fbbac80671e9244 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Thu, 24 Apr 2014 13:48:24 +0200 Subject: [PATCH] - Add 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages patch --- ...RD_FILE_CONTEXT-section-in-man-pages.patch | 73 +++++++++++++++++++ policycoreutils.spec | 3 + 2 files changed, 76 insertions(+) create mode 100644 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch diff --git a/0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch new file mode 100644 index 0000000..eb58f18 --- /dev/null +++ b/0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch @@ -0,0 +1,73 @@ +From 02891cb83799989f733d30c0386206afaba309a5 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Mon, 14 Apr 2014 15:14:08 +0200 +Subject: [PATCH] 0001-Fix STANDARD_FILE_CONTEXT section in man pages + +Signed-off-by: Miroslav Grepl +--- + policycoreutils/sepolicy/sepolicy/__init__.py | 15 +++++++++++++++ + policycoreutils/sepolicy/sepolicy/manpage.py | 7 +++++-- + 2 files changed, 20 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py +index f7f05cb..6b94239 100644 +--- a/policycoreutils/sepolicy/sepolicy/__init__.py ++++ b/policycoreutils/sepolicy/sepolicy/__init__.py +@@ -98,6 +98,21 @@ def get_conditionals_format_text(cond): + def get_types_from_attribute(attribute): + return info(ATTRIBUTE,attribute)[0]["types"] + ++def get_attributes_from_type(setype): ++ return info(TYPE,setype)[0]["attributes"] ++ ++def file_type_is_executable(setype): ++ if "exec_type" in get_attributes_from_type(setype): ++ return True ++ else: ++ return False ++ ++def file_type_is_entrypoint(setype): ++ if "entry_type" in get_attributes_from_type(setype): ++ return True ++ else: ++ return False ++ + file_type_str = {} + file_type_str["a"] = _("all files") + file_type_str["f"] = _("regular file") +diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py +index 9af0794..c2d014d 100755 +--- a/policycoreutils/sepolicy/sepolicy/manpage.py ++++ b/policycoreutils/sepolicy/sepolicy/manpage.py +@@ -679,10 +679,13 @@ Default Defined Ports:""") + + def _file_context(self): + flist=[] ++ flist_non_exec=[] + mpaths=[] + for f in self.all_file_types: + if f.startswith(self.domainname): + flist.append(f) ++ if not file_type_is_executable(f) or not file_type_is_entrypoint(f): ++ flist_non_exec.append(f) + if f in self.fcdict: + mpaths = mpaths + self.fcdict[f]["regex"] + if len(mpaths) == 0: +@@ -741,12 +744,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d + SELinux defines the file context types for the %(domainname)s, if you wanted to + store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. + +-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?' ++.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?' + .br + .B restorecon -R -v /srv/my%(domainname)s_content + + Note: SELinux often uses regular expressions to specify labels that match multiple files. +-""" % {'domainname':self.domainname, "type":flist[0] }) ++""" % {'domainname':self.domainname, "type":flist_non_exec[0] }) + + self.fd.write(r""" + .I The following file types are defined for %(domainname)s: +-- +1.9.0 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 539d6f9..50a0b74 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -20,6 +20,7 @@ Source4: sepolicy-icons.tgz #Patch: policycoreutils-rhat.patch Patch: policycoreutils-rhat-revert.patch Patch1: policycoreutils-sepolicy-manpage.patch +Patch2: 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch #Patch1: policycoreutils-sepolgen.patch Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3 @@ -51,6 +52,7 @@ to switch roles. %prep %setup -q -a 1 %patch -p2 -b .rhat +%patch2 -p2 -b .man-pages #%patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver} cp %{SOURCE3} gui/ tar xvf %{SOURCE4} @@ -387,6 +389,7 @@ The policycoreutils-restorecond package contains the restorecond service. %changelog * Tue Apr 24 2014 Miroslav Grepl - 2.2.5-12 - Add policycoreutils-rhat-revert.patch to revert the last two commits to make build working +- Add 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages patch * Tue Apr 1 2014 Dan Walsh - 2.2.5-11 - Update Translations