Fix semanage module error handling
This commit is contained in:
parent
863699842d
commit
e396b39f10
@ -246698,7 +246698,7 @@ index 0000000..e2befdb
|
||||
+ packages=["policycoreutils"],
|
||||
+)
|
||||
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
|
||||
index 6e33c85..1b5c89d 100644
|
||||
index 6e33c85..423ee5a 100644
|
||||
--- a/policycoreutils/semanage/semanage
|
||||
+++ b/policycoreutils/semanage/semanage
|
||||
@@ -1,5 +1,7 @@
|
||||
@ -246710,7 +246710,7 @@ index 6e33c85..1b5c89d 100644
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# semanage is a tool for managing SELinux configuration files
|
||||
@@ -19,564 +21,771 @@
|
||||
@@ -19,564 +21,770 @@
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
# 02111-1307 USA
|
||||
#
|
||||
@ -247170,16 +247170,15 @@ index 6e33c85..1b5c89d 100644
|
||||
+def handleModule(args):
|
||||
+ OBJECT = seobject.moduleRecords(store)
|
||||
+ OBJECT.set_reload(args.noreload)
|
||||
+
|
||||
+ if args.action is "add":
|
||||
+ OBJECT.add(args.module)
|
||||
+ if args.action is "enable":
|
||||
+ OBJECT.enable(args.module)
|
||||
+ if args.action is "disable":
|
||||
+ OBJECT.disable(args.module)
|
||||
+ if args.action is "delete":
|
||||
+ OBJECT.delete(args.module)
|
||||
+ if args.action is "list":
|
||||
+ if args.action == "add":
|
||||
+ OBJECT.add(args.module_name)
|
||||
+ if args.action == "enable":
|
||||
+ OBJECT.enable(args.module_name)
|
||||
+ if args.action == "disable":
|
||||
+ OBJECT.disable(args.module_name)
|
||||
+ if args.action == "delete":
|
||||
+ OBJECT.delete(args.module_name)
|
||||
+ if args.action == "list":
|
||||
+ OBJECT.list(args.noheading)
|
||||
+
|
||||
+def setupModuleParser(subparsers):
|
||||
@ -249151,7 +249150,7 @@ index 28a9022..90b142e 100644
|
||||
+usage: semanage [-h]
|
||||
+
|
||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||
index 85bc37f..eddd414 100644
|
||||
index 85bc37f..d7e6e7f 100644
|
||||
--- a/policycoreutils/semanage/seobject.py
|
||||
+++ b/policycoreutils/semanage/seobject.py
|
||||
@@ -32,11 +32,10 @@ from IPy import IP
|
||||
@ -249170,7 +249169,16 @@ index 85bc37f..eddd414 100644
|
||||
|
||||
import syslog
|
||||
|
||||
@@ -461,7 +460,9 @@ class loginRecords(semanageRecords):
|
||||
@@ -285,6 +284,8 @@ class moduleRecords(semanageRecords):
|
||||
print "%-25s%-10s%s" % (t[0], t[1], disabled)
|
||||
|
||||
def add(self, file):
|
||||
+ if not os.path.exists(file):
|
||||
+ raise ValueError(_("Module does not exists %s ") % file)
|
||||
rc = semanage_module_install_file(self.sh, file);
|
||||
if rc >= 0:
|
||||
self.commit()
|
||||
@@ -461,7 +462,9 @@ class loginRecords(semanageRecords):
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||
if exists:
|
||||
@ -249181,7 +249189,7 @@ index 85bc37f..eddd414 100644
|
||||
if name[0] == '%':
|
||||
try:
|
||||
grp.getgrnam(name[1:])
|
||||
@@ -731,7 +732,8 @@ class seluserRecords(semanageRecords):
|
||||
@@ -731,7 +734,8 @@ class seluserRecords(semanageRecords):
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
||||
if exists:
|
||||
@ -249191,7 +249199,7 @@ index 85bc37f..eddd414 100644
|
||||
|
||||
(rc, u) = semanage_user_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1274,7 +1276,8 @@ class nodeRecords(semanageRecords):
|
||||
@@ -1274,7 +1278,8 @@ class nodeRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_node_exists(self.sh, k)
|
||||
if exists:
|
||||
@ -249201,7 +249209,7 @@ index 85bc37f..eddd414 100644
|
||||
|
||||
(rc, node) = semanage_node_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1475,7 +1478,8 @@ class interfaceRecords(semanageRecords):
|
||||
@@ -1475,7 +1480,8 @@ class interfaceRecords(semanageRecords):
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||
if exists:
|
||||
@ -249211,7 +249219,7 @@ index 85bc37f..eddd414 100644
|
||||
|
||||
(rc, iface) = semanage_iface_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1777,7 +1781,8 @@ class fcontextRecords(semanageRecords):
|
||||
@@ -1777,7 +1783,8 @@ class fcontextRecords(semanageRecords):
|
||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
|
||||
if exists:
|
||||
@ -249221,7 +249229,7 @@ index 85bc37f..eddd414 100644
|
||||
|
||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||
if rc < 0:
|
||||
@@ -1970,7 +1975,7 @@ class fcontextRecords(semanageRecords):
|
||||
@@ -1970,7 +1977,7 @@ class fcontextRecords(semanageRecords):
|
||||
|
||||
if len(self.equiv):
|
||||
for target in self.equiv.keys():
|
||||
@ -249230,7 +249238,7 @@ index 85bc37f..eddd414 100644
|
||||
return l
|
||||
|
||||
def list(self, heading = 1, locallist = 0 ):
|
||||
@@ -2156,7 +2161,7 @@ class booleanRecords(semanageRecords):
|
||||
@@ -2156,7 +2163,7 @@ class booleanRecords(semanageRecords):
|
||||
keys.sort()
|
||||
for k in keys:
|
||||
if ddict[k]:
|
||||
@ -250323,7 +250331,7 @@ index b25d3b2..f38c17c 100755
|
||||
except KeyboardInterrupt:
|
||||
sys.exit(0)
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
index 5e7415c..08c371a 100644
|
||||
index 5e7415c..1454071 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||
@@ -7,6 +7,9 @@ import _policy
|
||||
@ -250336,7 +250344,7 @@ index 5e7415c..08c371a 100644
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
try:
|
||||
@@ -37,9 +40,162 @@ CLASS = 'class'
|
||||
@@ -37,9 +40,176 @@ CLASS = 'class'
|
||||
TRANSITION = 'transition'
|
||||
ROLE_ALLOW = 'role_allow'
|
||||
|
||||
@ -250410,10 +250418,22 @@ index 5e7415c..08c371a 100644
|
||||
+ return mpaths
|
||||
+
|
||||
+import os, pprint, re, sys
|
||||
+def find_file(reg, path):
|
||||
+def find_file(reg):
|
||||
+ if os.path.exists(reg):
|
||||
+ return [ reg ]
|
||||
+ pat = re.compile(r"%s$" % reg)
|
||||
+ p = reg
|
||||
+ if p.endswith("(/.*)?"):
|
||||
+ p = p[:-6] + "/"
|
||||
+
|
||||
+ path = os.path.dirname(p)
|
||||
+
|
||||
+ if path[-1] != "/":
|
||||
+ path += "/"
|
||||
+
|
||||
+ try:
|
||||
+ pat = re.compile(r"%s$" % reg)
|
||||
+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path)))
|
||||
+ return filter(pat.match, map(lambda x: path + x, os.listdir(path)))
|
||||
+ except:
|
||||
+ return []
|
||||
+
|
||||
@ -250441,9 +250461,8 @@ index 5e7415c..08c371a 100644
|
||||
+ t = rec[-1].split(":")[2]
|
||||
+ if t in fcdict:
|
||||
+ fcdict[t]["regex"].append(rec[0])
|
||||
+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
|
||||
+ else:
|
||||
+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype}
|
||||
+ fcdict[t] = { "regex": [ rec[0] ], "ftype": ftype}
|
||||
+ except:
|
||||
+ pass
|
||||
+ fcdict["logfile"] = { "regex" : [ "all log files" ]}
|
||||
@ -250465,13 +250484,15 @@ index 5e7415c..08c371a 100644
|
||||
+ return None
|
||||
+
|
||||
+def get_transitions(setype):
|
||||
try:
|
||||
- path = selinux.selinux_binary_policy_path()
|
||||
+ try:
|
||||
+ return search([TRANSITION],{'source':setype, 'class':'process'})
|
||||
+ except TypeError:
|
||||
+ pass
|
||||
+ return None
|
||||
+
|
||||
+def get_all_entrypoints():
|
||||
+ return get_types_from_attribute("entry_type")
|
||||
+
|
||||
+def get_entrypoint_types(setype):
|
||||
+ entrypoints = None
|
||||
+ entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'}))
|
||||
@ -250485,7 +250506,7 @@ index 5e7415c..08c371a 100644
|
||||
+ pass
|
||||
+ return None
|
||||
+
|
||||
+def get_all_entrypoints(setype):
|
||||
+def get_entrypoints(setype):
|
||||
+ fcdict = get_fcdict()
|
||||
+ mpaths = {}
|
||||
+ for f in get_entrypoint_types(setype):
|
||||
@ -250496,12 +250517,13 @@ index 5e7415c..08c371a 100644
|
||||
+ return mpaths
|
||||
+
|
||||
+def get_installed_policy(root = "/"):
|
||||
+ try:
|
||||
try:
|
||||
- path = selinux.selinux_binary_policy_path()
|
||||
+ path = root + selinux.selinux_binary_policy_path()
|
||||
policies = glob.glob ("%s.*" % path )
|
||||
policies.sort()
|
||||
return policies[-1]
|
||||
@@ -47,6 +203,27 @@ def __get_installed_policy():
|
||||
@@ -47,6 +217,27 @@ def __get_installed_policy():
|
||||
pass
|
||||
raise ValueError(_("No SELinux Policy installed"))
|
||||
|
||||
@ -250529,7 +250551,7 @@ index 5e7415c..08c371a 100644
|
||||
all_types = None
|
||||
def get_all_types():
|
||||
global all_types
|
||||
@@ -54,6 +231,13 @@ def get_all_types():
|
||||
@@ -54,6 +245,13 @@ def get_all_types():
|
||||
all_types = map(lambda x: x['name'], info(TYPE))
|
||||
return all_types
|
||||
|
||||
@ -250543,7 +250565,7 @@ index 5e7415c..08c371a 100644
|
||||
role_allows = None
|
||||
def get_all_role_allows():
|
||||
global role_allows
|
||||
@@ -71,6 +255,7 @@ def get_all_role_allows():
|
||||
@@ -71,6 +269,7 @@ def get_all_role_allows():
|
||||
return role_allows
|
||||
|
||||
def get_all_entrypoint_domains():
|
||||
@ -250551,7 +250573,7 @@ index 5e7415c..08c371a 100644
|
||||
all_domains = []
|
||||
types=get_all_types()
|
||||
types.sort()
|
||||
@@ -81,11 +266,54 @@ def get_all_entrypoint_domains():
|
||||
@@ -81,11 +280,54 @@ def get_all_entrypoint_domains():
|
||||
all_domains.append(m[0])
|
||||
return all_domains
|
||||
|
||||
@ -250607,7 +250629,7 @@ index 5e7415c..08c371a 100644
|
||||
return all_domains
|
||||
|
||||
roles = None
|
||||
@@ -139,50 +367,95 @@ def get_all_attributes():
|
||||
@@ -139,50 +381,95 @@ def get_all_attributes():
|
||||
return all_attributes
|
||||
|
||||
def policy(policy_file):
|
||||
@ -250728,7 +250750,7 @@ index 5e7415c..08c371a 100644
|
||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
global booleans_dict
|
||||
if booleans_dict:
|
||||
@@ -191,7 +464,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
@@ -191,7 +478,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
import re
|
||||
booleans_dict = {}
|
||||
try:
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.14
|
||||
Release: 59%{?dist}
|
||||
Release: 60%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -309,6 +309,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Mon Jun 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-60
|
||||
- Fix semanage module error handling
|
||||
|
||||
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
|
||||
- Add back default exception handling for errors, which argparse rewrite removed.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user