Another two fixes related to Python 3
- policycoreutils/sepolicy: decode output from subprocess, if error occurred (#1247039) - Use correct variable when creating a permissive domain
This commit is contained in:
parent
45b6c21434
commit
d2c9993f24
@ -656452,7 +656452,7 @@ index 568ebfd..306d9b7 100644
|
||||
def __init__(self, store):
|
||||
diff --git a/policycoreutils-2.4/semanage/seobject/__init__.py b/policycoreutils-2.4/semanage/seobject/__init__.py
|
||||
new file mode 100644
|
||||
index 0000000..c23ebef
|
||||
index 0000000..33f5fa9
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils-2.4/semanage/seobject/__init__.py
|
||||
@@ -0,0 +1,2271 @@
|
||||
@ -656933,7 +656933,7 @@ index 0000000..c23ebef
|
||||
+ raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
|
||||
+
|
||||
+ name = "permissive_%s" % setype
|
||||
+ modtxt = "(typepermissive %s)" % type
|
||||
+ modtxt = "(typepermissive %s)" % setype
|
||||
+
|
||||
+ rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil")
|
||||
+ if rc >= 0:
|
||||
@ -662374,7 +662374,7 @@ index bbabb3b..29370ee 100644
|
||||
os.remove(v)
|
||||
|
||||
diff --git a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
|
||||
index ba15b2c..4da25b9 100755
|
||||
index ba15b2c..fdec32a 100755
|
||||
--- a/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
|
||||
+++ b/policycoreutils-2.4/sepolicy/sepolicy/manpage.py
|
||||
@@ -1,4 +1,4 @@
|
||||
@ -662383,9 +662383,11 @@ index ba15b2c..4da25b9 100755
|
||||
# Copyright (C) 2012-2013 Red Hat
|
||||
# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
||||
# AUTHOR: Miroslav Grepl <mgrepl@redhat.com>
|
||||
@@ -30,103 +30,111 @@ import selinux
|
||||
@@ -29,104 +29,113 @@ import argparse
|
||||
import selinux
|
||||
import sepolicy
|
||||
from sepolicy import *
|
||||
+from sepolgen import util
|
||||
|
||||
-import commands
|
||||
+import subprocess
|
||||
@ -662572,7 +662574,7 @@ index ba15b2c..4da25b9 100755
|
||||
|
||||
def prettyprint(f,trim):
|
||||
return " ".join(f[:-len(trim)].split("_"))
|
||||
@@ -135,150 +143,106 @@ def prettyprint(f,trim):
|
||||
@@ -135,150 +144,106 @@ def prettyprint(f,trim):
|
||||
manpage_domains = []
|
||||
manpage_roles = []
|
||||
|
||||
@ -662611,7 +662613,7 @@ index ba15b2c..4da25b9 100755
|
||||
+ stderr=subprocess.STDOUT,
|
||||
+ shell=True)
|
||||
+ except subprocess.CalledProcessError as e:
|
||||
+ sys.stderr.write(e.output)
|
||||
+ sys.stderr.write(util.decode_input(e.output))
|
||||
+ return
|
||||
+ fd = open(html_manpage,'wb')
|
||||
+ fd.write(man_page)
|
||||
@ -662802,7 +662804,7 @@ index ba15b2c..4da25b9 100755
|
||||
</pre>
|
||||
<hr>
|
||||
<table><tr>
|
||||
@@ -286,38 +250,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
@@ -286,38 +251,38 @@ Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
<h3>SELinux domains</h3>"""
|
||||
% rolename_body)
|
||||
|
||||
@ -662861,7 +662863,7 @@ index ba15b2c..4da25b9 100755
|
||||
html, body {
|
||||
background-color: #fcfcfc;
|
||||
font-family: arial, sans-serif;
|
||||
@@ -326,9 +290,9 @@ html, body {
|
||||
@@ -326,9 +291,9 @@ html, body {
|
||||
}
|
||||
|
||||
h1, h2, h3, h4, h5, h5 {
|
||||
@ -662874,7 +662876,7 @@ index ba15b2c..4da25b9 100755
|
||||
}
|
||||
|
||||
a {
|
||||
@@ -374,159 +338,198 @@ pre.code {
|
||||
@@ -374,159 +339,198 @@ pre.code {
|
||||
}
|
||||
""")
|
||||
|
||||
@ -663197,7 +663199,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH "NAME"
|
||||
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||
.SH "DESCRIPTION"
|
||||
@@ -543,20 +546,20 @@ For example:
|
||||
@@ -543,20 +547,20 @@ For example:
|
||||
|
||||
|
||||
def _format_boolean_desc(self, b):
|
||||
@ -663230,7 +663232,7 @@ index ba15b2c..4da25b9 100755
|
||||
.PP
|
||||
If you want to %s, you must turn on the %s boolean. %s by default.
|
||||
|
||||
@@ -565,34 +568,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
|
||||
@@ -565,34 +569,34 @@ If you want to %s, you must turn on the %s boolean. %s by default.
|
||||
|
||||
.EE
|
||||
""" % (self._format_boolean_desc(b), b, self.enabled_str[enabled], b)
|
||||
@ -663281,7 +663283,7 @@ index ba15b2c..4da25b9 100755
|
||||
.PP
|
||||
If you want to %s for the %s, you must turn on the %s boolean.
|
||||
|
||||
@@ -601,12 +604,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
|
||||
@@ -601,12 +605,12 @@ If you want to %s for the %s, you must turn on the %s boolean.
|
||||
.EE
|
||||
""" % (self._format_boolean_desc(b),(", ".join(nsswitch_types)), b, b)
|
||||
|
||||
@ -663298,7 +663300,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH PROCESS TYPES
|
||||
SELinux defines process types (domains) for each process running on the system
|
||||
.PP
|
||||
@@ -617,11 +620,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -617,11 +621,11 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
The following process types are defined for %(domainname)s:
|
||||
""" % {'domainname':self.domainname})
|
||||
@ -663312,7 +663314,7 @@ index ba15b2c..4da25b9 100755
|
||||
.PP
|
||||
Note:
|
||||
.B semanage permissive -a %(domainname)s_t
|
||||
@@ -629,14 +632,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
@@ -629,14 +633,14 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
""" % {'domainname':self.domainname})
|
||||
|
||||
def _port_types(self):
|
||||
@ -663333,7 +663335,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH PORT TYPES
|
||||
SELinux defines port types to represent TCP and UDP ports.
|
||||
.PP
|
||||
@@ -650,8 +653,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -650,8 +654,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
The following port types are defined for %(domainname)s:""" % {'domainname':self.domainname})
|
||||
|
||||
@ -663344,7 +663346,7 @@ index ba15b2c..4da25b9 100755
|
||||
|
||||
.EX
|
||||
.TP 5
|
||||
@@ -659,49 +662,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
|
||||
@@ -659,49 +663,52 @@ The following port types are defined for %(domainname)s:""" % {'domainname':self
|
||||
.TP 10
|
||||
.EE
|
||||
""" % p)
|
||||
@ -663434,7 +663436,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH FILE CONTEXTS
|
||||
SELinux requires files to have an extended attribute to define the file type.
|
||||
.PP
|
||||
@@ -712,13 +718,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -712,13 +719,13 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
""" % {'domainname':self.domainname})
|
||||
|
||||
@ -663452,7 +663454,7 @@ index ba15b2c..4da25b9 100755
|
||||
.PP
|
||||
%(domainname)s policy stores data with multiple different file context types under the %(equiv)s directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv dirctory you would execute the following command:
|
||||
.PP
|
||||
@@ -728,25 +734,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
@@ -728,25 +735,26 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
""" % {'domainname':self.domainname, 'equiv': e, 'alt': e.split('/')[-1] })
|
||||
|
||||
@ -663485,7 +663487,7 @@ index ba15b2c..4da25b9 100755
|
||||
|
||||
.EX
|
||||
.PP
|
||||
@@ -756,19 +763,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
|
||||
@@ -756,19 +764,19 @@ Note: SELinux often uses regular expressions to specify labels that match multip
|
||||
- %s
|
||||
""" % ( f, sepolicy.get_description(f)))
|
||||
|
||||
@ -663513,7 +663515,7 @@ index ba15b2c..4da25b9 100755
|
||||
|
||||
.PP
|
||||
Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
|
||||
@@ -779,19 +786,19 @@ to apply the labels.
|
||||
@@ -779,19 +787,19 @@ to apply the labels.
|
||||
""")
|
||||
|
||||
def _see_also(self):
|
||||
@ -663544,7 +663546,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH SHARING FILES
|
||||
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
|
||||
.TP
|
||||
@@ -812,9 +819,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
|
||||
@@ -812,9 +820,9 @@ semanage fcontext -a -t public_content_rw_t "/var/%(domainname)s/incoming(/.*)?"
|
||||
.br
|
||||
.B setsebool -P %(domainname)s_anon_write 1
|
||||
""" % {'domainname':self.domainname})
|
||||
@ -663557,7 +663559,7 @@ index ba15b2c..4da25b9 100755
|
||||
.PP
|
||||
If you want to %s, you must turn on the %s boolean.
|
||||
|
||||
@@ -824,7 +831,7 @@ If you want to %s, you must turn on the %s boolean.
|
||||
@@ -824,7 +832,7 @@ If you want to %s, you must turn on the %s boolean.
|
||||
""" % (desc, b, b))
|
||||
|
||||
def _footer(self):
|
||||
@ -663566,7 +663568,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH "COMMANDS"
|
||||
.B semanage fcontext
|
||||
can also be used to manipulate default file context mappings.
|
||||
@@ -836,19 +843,19 @@ can also be used to manipulate whether or not a process type is permissive.
|
||||
@@ -836,19 +844,19 @@ can also be used to manipulate whether or not a process type is permissive.
|
||||
can also be used to enable/disable/install/remove policy modules.
|
||||
""")
|
||||
|
||||
@ -663591,7 +663593,7 @@ index ba15b2c..4da25b9 100755
|
||||
.PP
|
||||
.B system-config-selinux
|
||||
is a GUI tool available to customize SELinux policy settings.
|
||||
@@ -861,102 +868,102 @@ This manual page was auto-generated using
|
||||
@@ -861,102 +869,102 @@ This manual page was auto-generated using
|
||||
selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
|
||||
""" % (self.domainname))
|
||||
|
||||
@ -663757,7 +663759,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH "NAME"
|
||||
%(user)s_u \- \fB%(desc)s\fP - Security Enhanced Linux Policy
|
||||
|
||||
@@ -989,22 +996,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
|
||||
@@ -989,22 +997,22 @@ If you wanted to change the default user mapping to use the %(user)s_u user, you
|
||||
|
||||
""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self._get_users_range()})
|
||||
|
||||
@ -663788,7 +663790,7 @@ index ba15b2c..4da25b9 100755
|
||||
The SELinux user %(user)s can execute sudo.
|
||||
|
||||
You can set up sudo to allow %(user)s to transition to an administrative domain:
|
||||
@@ -1012,14 +1019,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
|
||||
@@ -1012,14 +1020,14 @@ You can set up sudo to allow %(user)s to transition to an administrative domain:
|
||||
Add one or more of the following record to sudoers using visudo.
|
||||
|
||||
""" % { 'user':self.domainname } )
|
||||
@ -663806,7 +663808,7 @@ index ba15b2c..4da25b9 100755
|
||||
You might also need to add one or more of these new roles to your SELinux user record.
|
||||
|
||||
List the SELinux roles your SELinux user can reach by executing:
|
||||
@@ -1033,104 +1040,104 @@ Modify the roles list and add %(user)s_r to this list.
|
||||
@@ -1033,104 +1041,104 @@ Modify the roles list and add %(user)s_r to this list.
|
||||
For more details you can see semanage man page.
|
||||
|
||||
""" % {'user':self.domainname, "roles": " ".join([role] + self.role_allows[role]) } )
|
||||
@ -663953,7 +663955,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH TRANSITIONS
|
||||
|
||||
Three things can happen when %(type)s attempts to execute a program.
|
||||
@@ -1143,7 +1150,7 @@ Three things can happen when %(type)s attempts to execute a program.
|
||||
@@ -1143,7 +1151,7 @@ Three things can happen when %(type)s attempts to execute a program.
|
||||
|
||||
Execute the following to see the types that the SELinux user %(type)s can execute without transitioning:
|
||||
|
||||
@ -663962,7 +663964,7 @@ index ba15b2c..4da25b9 100755
|
||||
|
||||
.TP
|
||||
|
||||
@@ -1151,15 +1158,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
|
||||
@@ -1151,15 +1159,15 @@ Execute the following to see the types that the SELinux user %(type)s can execut
|
||||
|
||||
Execute the following to see the types that the SELinux user %(type)s can execute and transition:
|
||||
|
||||
@ -663983,7 +663985,7 @@ index ba15b2c..4da25b9 100755
|
||||
.SH "NAME"
|
||||
%(user)s_r \- \fB%(desc)s\fP - Security Enhanced Linux Policy
|
||||
|
||||
@@ -1201,21 +1208,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
|
||||
@@ -1201,21 +1209,21 @@ You need to add %(user)s_r to the staff_u user. You could setup the staff_u use
|
||||
.B $ semanage user -m -R 'staff_r system_r %(user)s_r' staff_u
|
||||
|
||||
""" % {'desc': self.desc, 'user':self.domainname})
|
||||
|
@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2
|
||||
Source3: system-config-selinux.png
|
||||
Source4: sepolicy-icons.tgz
|
||||
# use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/c8400be1e608ae21a27568d70d93e70e4dc808b6
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/eb5c289a0e39d67b1cb12c85a166be236892b08a
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: sepolgen-rhat.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
|
Loading…
Reference in New Issue
Block a user