* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
- Update to upstream * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh. * Merged sepolgen fixes from Dan Walsh.
This commit is contained in:
parent
f8fdb548ab
commit
dc277d2b31
@ -1,140 +1,7 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.34/sepolgen-1.0.10/src/sepolgen/audit.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.35/sepolgen-1.0.10/src/sepolgen/refparser.py
|
||||||
--- nsasepolgen/src/sepolgen/audit.py 2007-09-13 08:21:11.000000000 -0400
|
--- nsasepolgen/src/sepolgen/refparser.py 2008-01-23 14:36:29.000000000 -0500
|
||||||
+++ policycoreutils-2.0.34/sepolgen-1.0.10/src/sepolgen/audit.py 2007-12-21 02:10:43.000000000 -0500
|
+++ policycoreutils-2.0.35/sepolgen-1.0.10/src/sepolgen/refparser.py 2008-01-11 11:17:50.000000000 -0500
|
||||||
@@ -32,7 +32,7 @@
|
@@ -919,7 +919,7 @@
|
||||||
string contain all of the audit messages returned by ausearch.
|
|
||||||
"""
|
|
||||||
import subprocess
|
|
||||||
- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START"],
|
|
||||||
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
|
|
||||||
stdout=subprocess.PIPE).communicate()[0]
|
|
||||||
return output
|
|
||||||
|
|
||||||
@@ -251,7 +251,9 @@
|
|
||||||
self.type = refpolicy.SecurityContext(dict["tcontext"]).type
|
|
||||||
except:
|
|
||||||
raise ValueError("Split string does not represent a valid compute sid message")
|
|
||||||
-
|
|
||||||
+ def output(self):
|
|
||||||
+ return "role %s types %s;\n" % (self.role, self.type)
|
|
||||||
+
|
|
||||||
# Parser for audit messages
|
|
||||||
|
|
||||||
class AuditParser:
|
|
||||||
@@ -402,6 +404,26 @@
|
|
||||||
self.__parse(l)
|
|
||||||
self.__post_process()
|
|
||||||
|
|
||||||
+ def to_role(self, role_filter=None):
|
|
||||||
+ """Return list of SELINUX_ERR messages matching the specified filter
|
|
||||||
+
|
|
||||||
+ Filter out types that match the filer, or all roles
|
|
||||||
+
|
|
||||||
+ Params:
|
|
||||||
+ role_filter - [optional] Filter object used to filter the
|
|
||||||
+ output.
|
|
||||||
+ Returns:
|
|
||||||
+ Access vector set representing the denied access in the
|
|
||||||
+ audit logs parsed by this object.
|
|
||||||
+ """
|
|
||||||
+ roles = []
|
|
||||||
+ if role_filter:
|
|
||||||
+ for selinux_err in self.compute_sid_msgs:
|
|
||||||
+ if role_filter.filter(selinux_err):
|
|
||||||
+ roles.append(selinux_err)
|
|
||||||
+ return roles
|
|
||||||
+ return self.compute_sid_msgs
|
|
||||||
+
|
|
||||||
def to_access(self, avc_filter=None, only_denials=True):
|
|
||||||
"""Convert the audit logs access into a an access vector set.
|
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.34/sepolgen-1.0.10/src/sepolgen/refparser.py
|
|
||||||
--- nsasepolgen/src/sepolgen/refparser.py 2007-09-13 08:21:11.000000000 -0400
|
|
||||||
+++ policycoreutils-2.0.34/sepolgen-1.0.10/src/sepolgen/refparser.py 2007-12-20 14:20:49.000000000 -0500
|
|
||||||
@@ -118,6 +118,7 @@
|
|
||||||
'TEMPLATE',
|
|
||||||
'GEN_CONTEXT',
|
|
||||||
# m4
|
|
||||||
+ 'IFELSE',
|
|
||||||
'IFDEF',
|
|
||||||
'IFNDEF',
|
|
||||||
'DEFINE'
|
|
||||||
@@ -174,6 +175,7 @@
|
|
||||||
'template' : 'TEMPLATE',
|
|
||||||
'gen_context' : 'GEN_CONTEXT',
|
|
||||||
# M4
|
|
||||||
+ 'ifelse' : 'IFELSE',
|
|
||||||
'ifndef' : 'IFNDEF',
|
|
||||||
'ifdef' : 'IFDEF',
|
|
||||||
'define' : 'DEFINE'
|
|
||||||
@@ -220,6 +222,12 @@
|
|
||||||
# Ignore all comments
|
|
||||||
t.lexer.lineno += 1
|
|
||||||
|
|
||||||
+def t_refpolicywarn1(t):
|
|
||||||
+ r'define.*refpolicywarn\(.*\n'
|
|
||||||
+ # Ignore refpolicywarn statements - they sometimes
|
|
||||||
+ # contain text that we can't parse.
|
|
||||||
+ t.skip(1)
|
|
||||||
+
|
|
||||||
def t_refpolicywarn(t):
|
|
||||||
r'refpolicywarn\(.*\n'
|
|
||||||
# Ignore refpolicywarn statements - they sometimes
|
|
||||||
@@ -258,10 +266,12 @@
|
|
||||||
m = None
|
|
||||||
# error is either None (indicating no error) or a string error message.
|
|
||||||
error = None
|
|
||||||
+parse_file = ""
|
|
||||||
# spt is the support macros (e.g., obj/perm sets) - it is an instance of
|
|
||||||
# refpolicy.SupportMacros and should always be present during parsing
|
|
||||||
# though it may not contain any macros.
|
|
||||||
spt = None
|
|
||||||
+success=True
|
|
||||||
|
|
||||||
# utilities
|
|
||||||
def collect(stmts, parent, val=None):
|
|
||||||
@@ -382,6 +392,19 @@
|
|
||||||
collect(p[12], x, val=False)
|
|
||||||
p[0] = [x]
|
|
||||||
|
|
||||||
+def p_ifelse(p):
|
|
||||||
+ '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
+ | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
+ '''
|
|
||||||
+# x = refpolicy.IfDef(p[4])
|
|
||||||
+# v = True
|
|
||||||
+# collect(p[8], x, val=v)
|
|
||||||
+# if len(p) > 12:
|
|
||||||
+# collect(p[12], x, val=False)
|
|
||||||
+# p[0] = [x]
|
|
||||||
+ pass
|
|
||||||
+
|
|
||||||
+
|
|
||||||
def p_ifdef(p):
|
|
||||||
'''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
| IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
@@ -446,6 +469,7 @@
|
|
||||||
| optional_policy
|
|
||||||
| tunable_policy
|
|
||||||
| ifdef
|
|
||||||
+ | ifelse
|
|
||||||
| conditional
|
|
||||||
'''
|
|
||||||
p[0] = p[1]
|
|
||||||
@@ -844,8 +868,11 @@
|
|
||||||
|
|
||||||
def p_error(tok):
|
|
||||||
global error
|
|
||||||
- error = "Syntax error on line %d %s [type=%s]" % (tok.lineno, tok.value, tok.type)
|
|
||||||
+ global parse_file
|
|
||||||
+ global success
|
|
||||||
+ error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file, tok.lineno, tok.value, tok.type)
|
|
||||||
print error
|
|
||||||
+ success = False
|
|
||||||
|
|
||||||
def prep_spt(spt):
|
|
||||||
if not spt:
|
|
||||||
@@ -892,7 +919,7 @@
|
|
||||||
def list_headers(root):
|
def list_headers(root):
|
||||||
modules = []
|
modules = []
|
||||||
support_macros = None
|
support_macros = None
|
||||||
@ -143,18 +10,3 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py polic
|
|||||||
|
|
||||||
for dirpath, dirnames, filenames in os.walk(root):
|
for dirpath, dirnames, filenames in os.walk(root):
|
||||||
for name in filenames:
|
for name in filenames:
|
||||||
@@ -941,12 +968,14 @@
|
|
||||||
output.write(msg)
|
|
||||||
|
|
||||||
def parse_file(f, module, spt=None):
|
|
||||||
+ global parse_file
|
|
||||||
if debug:
|
|
||||||
o("parsing file %s\n" % f)
|
|
||||||
try:
|
|
||||||
fd = open(f)
|
|
||||||
txt = fd.read()
|
|
||||||
fd.close()
|
|
||||||
+ parse_file = f
|
|
||||||
parse(txt, module, spt, debug)
|
|
||||||
except IOError, e:
|
|
||||||
return
|
|
||||||
|
@ -25,7 +25,7 @@ Patch1: policycoreutils-po.patch
|
|||||||
Patch3: policycoreutils-gui.patch
|
Patch3: policycoreutils-gui.patch
|
||||||
Patch4: policycoreutils-sepolgen.patch
|
Patch4: policycoreutils-sepolgen.patch
|
||||||
|
|
||||||
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||||
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} coreutils audit-libs-python >= %{libauditver} checkpolicy libselinux-python
|
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} coreutils audit-libs-python >= %{libauditver} checkpolicy libselinux-python
|
||||||
Requires(post): /sbin/service /sbin/chkconfig
|
Requires(post): /sbin/service /sbin/chkconfig
|
||||||
@ -196,6 +196,7 @@ fi
|
|||||||
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
|
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
|
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
|
||||||
|
* Merged sepolgen fixes from Dan Walsh.
|
||||||
|
|
||||||
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-5
|
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-5
|
||||||
- handle files with spaces on upgrades
|
- handle files with spaces on upgrades
|
||||||
|
Loading…
Reference in New Issue
Block a user