Add listing of distribution equivalence class from semanage fcontext -l
Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence Allow ~ as a valid part of a filename in sepolgen
This commit is contained in:
parent
97d6c28e36
commit
e0ffc386e8
@ -609,7 +609,7 @@ index 48d7baa..2c0cfdd 100644
|
|||||||
errorExit(error.args[0])
|
errorExit(error.args[0])
|
||||||
except KeyError, error:
|
except KeyError, error:
|
||||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||||
index a7008fc..e4b6c0d 100644
|
index a7008fc..aae1b59 100644
|
||||||
--- a/policycoreutils/semanage/seobject.py
|
--- a/policycoreutils/semanage/seobject.py
|
||||||
+++ b/policycoreutils/semanage/seobject.py
|
+++ b/policycoreutils/semanage/seobject.py
|
||||||
@@ -30,11 +30,10 @@ from IPy import IP
|
@@ -30,11 +30,10 @@ from IPy import IP
|
||||||
@ -723,7 +723,53 @@ index a7008fc..e4b6c0d 100644
|
|||||||
|
|
||||||
(rc, iface) = semanage_iface_create(self.sh)
|
(rc, iface) = semanage_iface_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1618,7 +1624,8 @@ class fcontextRecords(semanageRecords):
|
@@ -1525,6 +1531,7 @@ class fcontextRecords(semanageRecords):
|
||||||
|
def __init__(self, store = ""):
|
||||||
|
semanageRecords.__init__(self, store)
|
||||||
|
self.equiv = {}
|
||||||
|
+ self.equiv_dist = {}
|
||||||
|
self.equal_ind = False
|
||||||
|
try:
|
||||||
|
fd = open(selinux.selinux_file_context_subs_path(), "r")
|
||||||
|
@@ -1534,6 +1541,14 @@ class fcontextRecords(semanageRecords):
|
||||||
|
fd.close()
|
||||||
|
except IOError:
|
||||||
|
pass
|
||||||
|
+ try:
|
||||||
|
+ fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
|
||||||
|
+ for i in fd.readlines():
|
||||||
|
+ src, dst = i.split()
|
||||||
|
+ self.equiv_dist[src] = dst
|
||||||
|
+ fd.close()
|
||||||
|
+ except IOError:
|
||||||
|
+ pass
|
||||||
|
|
||||||
|
def commit(self):
|
||||||
|
if self.equal_ind:
|
||||||
|
@@ -1589,12 +1604,21 @@ class fcontextRecords(semanageRecords):
|
||||||
|
|
||||||
|
return con
|
||||||
|
|
||||||
|
+ def check_equiv(self, target, fdict):
|
||||||
|
+ for i in fdict:
|
||||||
|
+ if target.startswith(i+"/"):
|
||||||
|
+ t = re.sub(i, fdict[i], target)
|
||||||
|
+ raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
|
||||||
|
+
|
||||||
|
+
|
||||||
|
def validate(self, target):
|
||||||
|
if target == "" or target.find("\n") >= 0:
|
||||||
|
raise ValueError(_("Invalid file specification"))
|
||||||
|
if target.find(" ") != -1:
|
||||||
|
raise ValueError(_("File specification can not include spaces"))
|
||||||
|
-
|
||||||
|
+ self.check_equiv(target, self.equiv)
|
||||||
|
+ self.check_equiv(target, self.equiv_dist)
|
||||||
|
+
|
||||||
|
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
||||||
|
self.validate(target)
|
||||||
|
|
||||||
|
@@ -1618,7 +1642,8 @@ class fcontextRecords(semanageRecords):
|
||||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
|
||||||
if exists:
|
if exists:
|
||||||
@ -733,6 +779,26 @@ index a7008fc..e4b6c0d 100644
|
|||||||
|
|
||||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
|
@@ -1825,9 +1850,17 @@ class fcontextRecords(semanageRecords):
|
||||||
|
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||||
|
else:
|
||||||
|
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||||
|
- if len(self.equiv.keys()) > 0:
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ if len(self.equiv_dist):
|
||||||
|
+ if not locallist:
|
||||||
|
+ if heading:
|
||||||
|
+ print _("\nSELinux Distribution fcontext Equivalence \n")
|
||||||
|
+ for src in self.equiv_dist.keys():
|
||||||
|
+ print "%s = %s" % (src, self.equiv_dist[src])
|
||||||
|
+ if len(self.equiv):
|
||||||
|
if heading:
|
||||||
|
- print _("\nSELinux fcontext Equivalence \n")
|
||||||
|
+ print _("\nSELinux Local fcontext Equivalence \n")
|
||||||
|
|
||||||
|
for src in self.equiv.keys():
|
||||||
|
print "%s = %s" % (src, self.equiv[src])
|
||||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||||
index 9a7d315..e57d34f 100644
|
index 9a7d315..e57d34f 100644
|
||||||
--- a/policycoreutils/setfiles/restore.c
|
--- a/policycoreutils/setfiles/restore.c
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.8
|
Version: 2.1.8
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -352,6 +352,10 @@ fi
|
|||||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-6
|
||||||
|
- Add listing of distribution equivalence class from semanage fcontext -l
|
||||||
|
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
|
||||||
|
|
||||||
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
|
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
|
||||||
- Allow ~ as a valid part of a filename in sepolgen
|
- Allow ~ as a valid part of a filename in sepolgen
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user