* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-26

- Fix listing of booleans from audit2allow
2010-06-02 15:48:11 +00:00 · 2010-06-02 15:48:11 +00:00 · d98a8977c6
commit d98a8977c6
parent 829762e693
3 changed files with 81503 additions and 72763 deletions
--- a/policycoreutils-po.patch
+++ b/policycoreutils-po.patch
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@ -295,7 +295,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policy
         return iter(self.children)
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
 --- nsasepolgen/src/sepolgen/policygen.py	2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py	2010-05-21 10:36:31.000000000 -0400
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py	2010-06-02 11:45:17.000000000 -0400
@@ -29,6 +29,8 @@
 import access
 import interfaces
@ -313,21 +313,22 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
     def set_gen_refpol(self, if_set=None, perm_maps=None):
         """Set whether reference policy interfaces are generated.
 
-@@ -151,9 +154,41 @@
+@@ -151,8 +154,41 @@
             rule = refpolicy.AVRule(av)
             if self.dontaudit:
                 rule.rule_type = rule.DONTAUDIT
 +            rule.comment = ""
             if self.explain:
-                 rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
-            self.module.children.append(rule)
+-                rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
+                rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
 +            if av.type == audit2why.ALLOW:
 +                rule.comment += "#!!!! This avc is allowed in the current policy\n" 
 +            if av.type == audit2why.DONTAUDIT:
 +                rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n" 
+
 +            if av.type == audit2why.BOOLEAN:
 +                if len(av.bools) > 1:
-+                    rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n#     %s\n" % ", ".join(map(lambda x: av.bools[0][0], av.bools))
+                    rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n#     %s\n" % ", ".join(map(lambda x: x[0], av.bools))
 +                else:
 +                    rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
 +
@ -352,10 +353,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
 +                                    rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
 +                        except:
 +                            pass
-+                self.module.children.append(rule)
+             self.module.children.append(rule)
 
 
-     def add_access(self, av_set):
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py
 --- nsasepolgen/src/sepolgen/refparser.py	2010-05-19 14:45:51.000000000 -0400
 +++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py	2010-05-21 10:26:43.000000000 -0400
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.82
-Release: 24%{?dist}
+Release: 26%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:  http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -87,6 +87,7 @@ make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_li

 install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
 install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
+install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
 install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
 install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
 install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
@ -218,6 +219,7 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_datadir}/pixmaps/system-config-selinux.png
 %dir %{_datadir}/system-config-selinux
 %dir %{_datadir}/system-config-selinux/templates
+%{_datadir}/system-config-selinux/system-config-selinux.png
 %{_datadir}/system-config-selinux/*.py*
 %{_datadir}/system-config-selinux/selinux.tbl
 %{_datadir}/system-config-selinux/*.glade
@ -311,6 +313,14 @@ fi
 exit 0

 %changelog
+* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-26
+- Fix listing of booleans from audit2allow
+
+* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-25
+- Fix audit2allow to output if the current policy has avc
+- Update translations
+- Fix icon
+
 * Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
 - Man page fixes
 - sandbox fixes