* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-26
- Fix listing of booleans from audit2allow
This commit is contained in:
Daniel J Walsh
parent
829762e693
commit
d98a8977c6
154222
policycoreutils-po.patch
154222
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
@ -295,7 +295,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policy
|
|||||||
return iter(self.children)
|
return iter(self.children)
|
||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
|
||||||
--- nsasepolgen/src/sepolgen/policygen.py 2010-05-19 14:45:51.000000000 -0400
|
--- nsasepolgen/src/sepolgen/policygen.py 2010-05-19 14:45:51.000000000 -0400
|
||||||
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-05-21 10:36:31.000000000 -0400
|
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-06-02 11:45:17.000000000 -0400
|
||||||
@@ -29,6 +29,8 @@
|
@@ -29,6 +29,8 @@
|
||||||
import access
|
import access
|
||||||
import interfaces
|
import interfaces
|
||||||
@ -313,21 +313,22 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
|
|||||||
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
||||||
"""Set whether reference policy interfaces are generated.
|
"""Set whether reference policy interfaces are generated.
|
||||||
|
|
||||||
@@ -151,9 +154,41 @@
|
@@ -151,8 +154,41 @@
|
||||||
rule = refpolicy.AVRule(av)
|
rule = refpolicy.AVRule(av)
|
||||||
if self.dontaudit:
|
if self.dontaudit:
|
||||||
rule.rule_type = rule.DONTAUDIT
|
rule.rule_type = rule.DONTAUDIT
|
||||||
+ rule.comment = ""
|
+ rule.comment = ""
|
||||||
if self.explain:
|
if self.explain:
|
||||||
rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
|
- rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
|
||||||
- self.module.children.append(rule)
|
+ rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
|
||||||
+ if av.type == audit2why.ALLOW:
|
+ if av.type == audit2why.ALLOW:
|
||||||
+ rule.comment += "#!!!! This avc is allowed in the current policy\n"
|
+ rule.comment += "#!!!! This avc is allowed in the current policy\n"
|
||||||
+ if av.type == audit2why.DONTAUDIT:
|
+ if av.type == audit2why.DONTAUDIT:
|
||||||
+ rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
|
+ rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
|
||||||
|
+
|
||||||
+ if av.type == audit2why.BOOLEAN:
|
+ if av.type == audit2why.BOOLEAN:
|
||||||
+ if len(av.bools) > 1:
|
+ if len(av.bools) > 1:
|
||||||
+ rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: av.bools[0][0], av.bools))
|
+ rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: x[0], av.bools))
|
||||||
+ else:
|
+ else:
|
||||||
+ rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
|
+ rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
|
||||||
+
|
+
|
||||||
@ -352,10 +353,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
|
|||||||
+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||||
+ except:
|
+ except:
|
||||||
+ pass
|
+ pass
|
||||||
+ self.module.children.append(rule)
|
self.module.children.append(rule)
|
||||||
|
|
||||||
|
|
||||||
def add_access(self, av_set):
|
|
||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py
|
||||||
--- nsasepolgen/src/sepolgen/refparser.py 2010-05-19 14:45:51.000000000 -0400
|
--- nsasepolgen/src/sepolgen/refparser.py 2010-05-19 14:45:51.000000000 -0400
|
||||||
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-05-21 10:26:43.000000000 -0400
|
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-05-21 10:26:43.000000000 -0400
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.82
|
Version: 2.0.82
|
||||||
Release: 24%{?dist}
|
Release: 26%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -87,6 +87,7 @@ make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_li
|
|||||||
|
|
||||||
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
|
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
|
||||||
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
|
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
|
||||||
|
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
|
||||||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
|
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
|
||||||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
|
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
|
||||||
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
|
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
|
||||||
@ -218,6 +219,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%{_datadir}/pixmaps/system-config-selinux.png
|
%{_datadir}/pixmaps/system-config-selinux.png
|
||||||
%dir %{_datadir}/system-config-selinux
|
%dir %{_datadir}/system-config-selinux
|
||||||
%dir %{_datadir}/system-config-selinux/templates
|
%dir %{_datadir}/system-config-selinux/templates
|
||||||
|
%{_datadir}/system-config-selinux/system-config-selinux.png
|
||||||
%{_datadir}/system-config-selinux/*.py*
|
%{_datadir}/system-config-selinux/*.py*
|
||||||
%{_datadir}/system-config-selinux/selinux.tbl
|
%{_datadir}/system-config-selinux/selinux.tbl
|
||||||
%{_datadir}/system-config-selinux/*.glade
|
%{_datadir}/system-config-selinux/*.glade
|
||||||
@ -311,6 +313,14 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-26
|
||||||
|
- Fix listing of booleans from audit2allow
|
||||||
|
|
||||||
|
* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-25
|
||||||
|
- Fix audit2allow to output if the current policy has avc
|
||||||
|
- Update translations
|
||||||
|
- Fix icon
|
||||||
|
|
||||||
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
|
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
|
||||||
- Man page fixes
|
- Man page fixes
|
||||||
- sandbox fixes
|
- sandbox fixes
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user