Another two fixes related to Python 3

- policycoreutils/sepolicy: decode output from subprocess, if error
  occurred (#1247039)
- Use correct variable when creating a permissive domain
This commit is contained in:
Petr Lautrbach 2015-09-03 23:49:39 +02:00
parent 45b6c21434
commit d2c9993f24
2 changed files with 33 additions and 31 deletions

View File

@ -656452,7 +656452,7 @@ index 568ebfd..306d9b7 100644
def __init__(self, store):
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
new file mode 100644
index 0000000..c23ebef
index 0000000..33f5fa9
--- /dev/null
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py
@@ -0,0 +1,2271 @@
@ -656933,7 +656933,7 @@ index 0000000..c23ebef
+ raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
+
+ name = "permissive_%s" % setype
+ modtxt = "(typepermissive %s)" % type
+ modtxt = "(typepermissive %s)" % setype
+
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil")
+ if rc >= 0:
@ -662374,7 +662374,7 @@ index bbabb3b..29370ee 100644
os.remove(v)
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
index ba15b2c..4da25b9 100755
index ba15b2c..fdec32a 100755
--- a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
@@ -1,4 +1,4 @@
@ -662383,9 +662383,11 @@ index ba15b2c..4da25b9 100755
# Copyright (C) 2012-2013 Red Hat
# AUTHOR: Dan Walsh <dwalsh@redhat.com>
# AUTHOR: Miroslav Grepl <mgrepl@redhat.com>
@@ -30,103 +30,111 @@ import selinux
@@ -29,104 +29,113 @@ import argparse
import selinux
import sepolicy
from sepolicy import *
+from sepolgen import util
-import commands
+import subprocess
@ -662572,7 +662574,7 @@ index ba15b2c..4da25b9 100755
def prettyprint(f,trim):
return " ".join(f[:-len(trim)].split("_"))
@@ -135,150 +143,106 @@ def prettyprint(f,trim):
@@ -135,150 +144,106 @@ def prettyprint(f,trim):
manpage_domains = []
manpage_roles = []
@ -662611,7 +662613,7 @@ index ba15b2c..4da25b9 100755
+ stderr=subprocess.STDOUT,
+ shell=True)
+ except subprocess.CalledProcessError as e:
+ sys.stderr.write(e.output)
+ sys.stderr.write(util.decode_input(e.output))
+ return
+ fd = open(html_manpage,'wb')
+ fd.write(man_page)
@ -662802,7 +662804,7 @@ index ba15b2c..4da25b9 100755
</pre>
<hr>
<table><tr>
@@ -286,38 +250,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
@@ -286,38 +251,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
<h3>SELinux domains</h3>"""
% rolename_body)
@ -662861,7 +662863,7 @@ index ba15b2c..4da25b9 100755
html, body {
background-color: #fcfcfc;
font-family: arial, sans-serif;
@@ -326,9 +290,9 @@ html, body {
@@ -326,9 +291,9 @@ html, body {
}
h1, h2, h3, h4, h5, h5 {
@ -662874,7 +662876,7 @@ index ba15b2c..4da25b9 100755
}
a {
@@ -374,159 +338,198 @@ pre.code {
@@ -374,159 +339,198 @@ pre.code {
}
""")
@ -663197,7 +663199,7 @@ index ba15b2c..4da25b9 100755
.SH "NAME"
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
.SH "DESCRIPTION"
@@ -543,20 +546,20 @@ For example:
@@ -543,20 +547,20 @@ For example:
def _format_boolean_desc(self, b):
@ -663230,7 +663232,7 @@ index ba15b2c..4da25b9 100755
.PP
If you want to %s, you must turn on the %s boolean. %s by default.
@@ -565,34 +568,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
@@ -565,34 +569,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
.EE
""" % (self._format_boolean_desc(b), b, self.enabled_str[enabled], b)
@ -663281,7 +663283,7 @@ index ba15b2c..4da25b9 100755
.PP
If you want to %s for the %s, you must turn on the %s boolean.
@@ -601,12 +604,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
@@ -601,12 +605,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
.EE
""" % (self._format_boolean_desc(b),(", ".join(nsswitch_types)), b, b)
@ -663298,7 +663300,7 @@ index ba15b2c..4da25b9 100755
.SH PROCESS TYPES
SELinux defines process types (domains) for each process running on the system
.PP
@@ -617,11 +620,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -617,11 +621,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
The following process types are defined for %(domainname)s:
""" % {'domainname':self.domainname})
@ -663312,7 +663314,7 @@ index ba15b2c..4da25b9 100755
.PP
Note:
.B semanage permissive -a %(domainname)s_t
@@ -629,14 +632,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
@@ -629,14 +633,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
""" % {'domainname':self.domainname})
def _port_types(self):
@ -663333,7 +663335,7 @@ index ba15b2c..4da25b9 100755
.SH PORT TYPES
SELinux defines port types to represent TCP and UDP ports.
.PP
@@ -650,8 +653,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -650,8 +654,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
The following port types are defined for %(domainname)s:""" % {'domainname':self.domainname})
@ -663344,7 +663346,7 @@ index ba15b2c..4da25b9 100755
.EX
.TP 5
@@ -659,49 +662,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
@@ -659,49 +663,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
.TP 10
.EE
""" % p)
@ -663434,7 +663436,7 @@ index ba15b2c..4da25b9 100755
.SH FILE CONTEXTS
SELinux requires files to have an extended attribute to define the file type.
.PP
@@ -712,13 +718,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -712,13 +719,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname':self.domainname})
@ -663452,7 +663454,7 @@ index ba15b2c..4da25b9 100755
.PP
%(domainname)s policy stores data with multiple different file context types under the %(equiv)s directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv dirctory you would execute the following command:
.PP
@@ -728,25 +734,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -728,25 +735,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname':self.domainname, 'equiv': e, 'alt': e.split('/')[-1] })
@ -663485,7 +663487,7 @@ index ba15b2c..4da25b9 100755
.EX
.PP
@@ -756,19 +763,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
@@ -756,19 +764,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
- %s
""" % ( f, sepolicy.get_description(f)))
@ -663513,7 +663515,7 @@ index ba15b2c..4da25b9 100755
.PP
Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -779,19 +786,19 @@ to apply the labels.
@@ -779,19 +787,19 @@ to apply the labels.
""")
def _see_also(self):
@ -663544,7 +663546,7 @@ index ba15b2c..4da25b9 100755
.SH SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
.TP
@@ -812,9 +819,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
@@ -812,9 +820,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
.br
.B setsebool -P %(domainname)s_anon_write 1
""" % {'domainname':self.domainname})
@ -663557,7 +663559,7 @@ index ba15b2c..4da25b9 100755
.PP
If you want to %s, you must turn on the %s boolean.
@@ -824,7 +831,7 @@ If you want to %s, you must turn on the %s boolean.
@@ -824,7 +832,7 @@ If you want to %s, you must turn on the %s boolean.
""" % (desc, b, b))
def _footer(self):
@ -663566,7 +663568,7 @@ index ba15b2c..4da25b9 100755
.SH "COMMANDS"
.B semanage fcontext
can also be used to manipulate default file context mappings.
@@ -836,19 +843,19 @@ can also be used to manipulate whether or not a process type is permissive.
@@ -836,19 +844,19 @@ can also be used to manipulate whether or not a process type is permissive.
can also be used to enable/disable/install/remove policy modules.
""")
@ -663591,7 +663593,7 @@ index ba15b2c..4da25b9 100755
.PP
.B system-config-selinux
is a GUI tool available to customize SELinux policy settings.
@@ -861,102 +868,102 @@ This manual page was auto-generated using
@@ -861,102 +869,102 @@ This manual page was auto-generated using
selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
""" % (self.domainname))
@ -663757,7 +663759,7 @@ index ba15b2c..4da25b9 100755
.SH "NAME"
%(user)s_u \- \fB%(desc)s\fP - Security Enhanced Linux Policy
@@ -989,22 +996,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
@@ -989,22 +997,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self._get_users_range()})
@ -663788,7 +663790,7 @@ index ba15b2c..4da25b9 100755
The SELinux user %(user)s can execute sudo.
You can set up sudo to allow %(user)s to transition to an administrative domain:
@@ -1012,14 +1019,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
@@ -1012,14 +1020,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
Add one or more of the following record to sudoers using visudo.
""" % { 'user':self.domainname } )
@ -663806,7 +663808,7 @@ index ba15b2c..4da25b9 100755
You might also need to add one or more of these new roles to your SELinux user record.
List the SELinux roles your SELinux user can reach by executing:
@@ -1033,104 +1040,104 @@ Modify the roles list and add %(user)s_r to this list.
@@ -1033,104 +1041,104 @@ Modify the roles list and add %(user)s_r to this list.
For more details you can see semanage man page.
""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
@ -663953,7 +663955,7 @@ index ba15b2c..4da25b9 100755
.SH TRANSITIONS
Three things can happen when %(type)s attempts to execute a program.
@@ -1143,7 +1150,7 @@ Three things can happen when %(type)s attempts to execute a program.
@@ -1143,7 +1151,7 @@ Three things can happen when %(type)s attempts to execute a program.
Execute the following to see the types that the SELinux user %(type)s can execute without transitioning:
@ -663962,7 +663964,7 @@ index ba15b2c..4da25b9 100755
.TP
@@ -1151,15 +1158,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
@@ -1151,15 +1159,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
Execute the following to see the types that the SELinux user %(type)s can execute and transition:
@ -663983,7 +663985,7 @@ index ba15b2c..4da25b9 100755
.SH "NAME"
%(user)s_r \- \fB%(desc)s\fP - Security Enhanced Linux Policy
@@ -1201,21 +1208,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
@@ -1201,21 +1209,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
.B $ semanage user -m -R 'staff_r system_r %(user)s_r' staff_u
""" % {'desc': self.desc, 'user':self.domainname})

View File

@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
Source3: system-config-selinux.png
Source4: sepolicy-icons.tgz
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
# HEAD https://github.com/fedora-selinux/selinux/commit/c8400be1e608ae21a27568d70d93e70e4dc808b6
# HEAD https://github.com/fedora-selinux/selinux/commit/eb5c289a0e39d67b1cb12c85a166be236892b08a
Patch: policycoreutils-rhat.patch
Patch1: sepolgen-rhat.patch
Obsoletes: policycoreutils < 2.0.61-2