Add listing of distribution equivalence class from semanage fcontext -l
Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence Allow ~ as a valid part of a filename in sepolgen
This commit is contained in:
parent
97d6c28e36
commit
e0ffc386e8
@ -609,7 +609,7 @@ index 48d7baa..2c0cfdd 100644
|
||||
errorExit(error.args[0])
|
||||
except KeyError, error:
|
||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||
index a7008fc..e4b6c0d 100644
|
||||
index a7008fc..aae1b59 100644
|
||||
--- a/policycoreutils/semanage/seobject.py
|
||||
+++ b/policycoreutils/semanage/seobject.py
|
||||
@@ -30,11 +30,10 @@ from IPy import IP
|
||||
@ -723,7 +723,53 @@ index a7008fc..e4b6c0d 100644
|
||||
|
||||
(rc, iface) = semanage_iface_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1618,7 +1624,8 @@ class fcontextRecords(semanageRecords):
|
||||
@@ -1525,6 +1531,7 @@ class fcontextRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
self.equiv = {}
|
||||
+ self.equiv_dist = {}
|
||||
self.equal_ind = False
|
||||
try:
|
||||
fd = open(selinux.selinux_file_context_subs_path(), "r")
|
||||
@@ -1534,6 +1541,14 @@ class fcontextRecords(semanageRecords):
|
||||
fd.close()
|
||||
except IOError:
|
||||
pass
|
||||
+ try:
|
||||
+ fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
|
||||
+ for i in fd.readlines():
|
||||
+ src, dst = i.split()
|
||||
+ self.equiv_dist[src] = dst
|
||||
+ fd.close()
|
||||
+ except IOError:
|
||||
+ pass
|
||||
|
||||
def commit(self):
|
||||
if self.equal_ind:
|
||||
@@ -1589,12 +1604,21 @@ class fcontextRecords(semanageRecords):
|
||||
|
||||
return con
|
||||
|
||||
+ def check_equiv(self, target, fdict):
|
||||
+ for i in fdict:
|
||||
+ if target.startswith(i+"/"):
|
||||
+ t = re.sub(i, fdict[i], target)
|
||||
+ raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
|
||||
+
|
||||
+
|
||||
def validate(self, target):
|
||||
if target == "" or target.find("\n") >= 0:
|
||||
raise ValueError(_("Invalid file specification"))
|
||||
if target.find(" ") != -1:
|
||||
raise ValueError(_("File specification can not include spaces"))
|
||||
-
|
||||
+ self.check_equiv(target, self.equiv)
|
||||
+ self.check_equiv(target, self.equiv_dist)
|
||||
+
|
||||
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
||||
self.validate(target)
|
||||
|
||||
@@ -1618,7 +1642,8 @@ class fcontextRecords(semanageRecords):
|
||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
|
||||
if exists:
|
||||
@ -733,6 +779,26 @@ index a7008fc..e4b6c0d 100644
|
||||
|
||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1825,9 +1850,17 @@ class fcontextRecords(semanageRecords):
|
||||
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||
else:
|
||||
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||
- if len(self.equiv.keys()) > 0:
|
||||
+
|
||||
+
|
||||
+ if len(self.equiv_dist):
|
||||
+ if not locallist:
|
||||
+ if heading:
|
||||
+ print _("\nSELinux Distribution fcontext Equivalence \n")
|
||||
+ for src in self.equiv_dist.keys():
|
||||
+ print "%s = %s" % (src, self.equiv_dist[src])
|
||||
+ if len(self.equiv):
|
||||
if heading:
|
||||
- print _("\nSELinux fcontext Equivalence \n")
|
||||
+ print _("\nSELinux Local fcontext Equivalence \n")
|
||||
|
||||
for src in self.equiv.keys():
|
||||
print "%s = %s" % (src, self.equiv[src])
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index 9a7d315..e57d34f 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.8
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -352,6 +352,10 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-6
|
||||
- Add listing of distribution equivalence class from semanage fcontext -l
|
||||
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
|
||||
|
||||
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
|
||||
- Allow ~ as a valid part of a filename in sepolgen
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user