Fix semanage module error handling
This commit is contained in:
parent
863699842d
commit
e396b39f10
@ -246698,7 +246698,7 @@ index 0000000..e2befdb
|
|||||||
+ packages=["policycoreutils"],
|
+ packages=["policycoreutils"],
|
||||||
+)
|
+)
|
||||||
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
|
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
|
||||||
index 6e33c85..1b5c89d 100644
|
index 6e33c85..423ee5a 100644
|
||||||
--- a/policycoreutils/semanage/semanage
|
--- a/policycoreutils/semanage/semanage
|
||||||
+++ b/policycoreutils/semanage/semanage
|
+++ b/policycoreutils/semanage/semanage
|
||||||
@@ -1,5 +1,7 @@
|
@@ -1,5 +1,7 @@
|
||||||
@ -246710,7 +246710,7 @@ index 6e33c85..1b5c89d 100644
|
|||||||
# see file 'COPYING' for use and warranty information
|
# see file 'COPYING' for use and warranty information
|
||||||
#
|
#
|
||||||
# semanage is a tool for managing SELinux configuration files
|
# semanage is a tool for managing SELinux configuration files
|
||||||
@@ -19,564 +21,771 @@
|
@@ -19,564 +21,770 @@
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||||
# 02111-1307 USA
|
# 02111-1307 USA
|
||||||
#
|
#
|
||||||
@ -247170,16 +247170,15 @@ index 6e33c85..1b5c89d 100644
|
|||||||
+def handleModule(args):
|
+def handleModule(args):
|
||||||
+ OBJECT = seobject.moduleRecords(store)
|
+ OBJECT = seobject.moduleRecords(store)
|
||||||
+ OBJECT.set_reload(args.noreload)
|
+ OBJECT.set_reload(args.noreload)
|
||||||
+
|
+ if args.action == "add":
|
||||||
+ if args.action is "add":
|
+ OBJECT.add(args.module_name)
|
||||||
+ OBJECT.add(args.module)
|
+ if args.action == "enable":
|
||||||
+ if args.action is "enable":
|
+ OBJECT.enable(args.module_name)
|
||||||
+ OBJECT.enable(args.module)
|
+ if args.action == "disable":
|
||||||
+ if args.action is "disable":
|
+ OBJECT.disable(args.module_name)
|
||||||
+ OBJECT.disable(args.module)
|
+ if args.action == "delete":
|
||||||
+ if args.action is "delete":
|
+ OBJECT.delete(args.module_name)
|
||||||
+ OBJECT.delete(args.module)
|
+ if args.action == "list":
|
||||||
+ if args.action is "list":
|
|
||||||
+ OBJECT.list(args.noheading)
|
+ OBJECT.list(args.noheading)
|
||||||
+
|
+
|
||||||
+def setupModuleParser(subparsers):
|
+def setupModuleParser(subparsers):
|
||||||
@ -249151,7 +249150,7 @@ index 28a9022..90b142e 100644
|
|||||||
+usage: semanage [-h]
|
+usage: semanage [-h]
|
||||||
+
|
+
|
||||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||||
index 85bc37f..eddd414 100644
|
index 85bc37f..d7e6e7f 100644
|
||||||
--- a/policycoreutils/semanage/seobject.py
|
--- a/policycoreutils/semanage/seobject.py
|
||||||
+++ b/policycoreutils/semanage/seobject.py
|
+++ b/policycoreutils/semanage/seobject.py
|
||||||
@@ -32,11 +32,10 @@ from IPy import IP
|
@@ -32,11 +32,10 @@ from IPy import IP
|
||||||
@ -249170,7 +249169,16 @@ index 85bc37f..eddd414 100644
|
|||||||
|
|
||||||
import syslog
|
import syslog
|
||||||
|
|
||||||
@@ -461,7 +460,9 @@ class loginRecords(semanageRecords):
|
@@ -285,6 +284,8 @@ class moduleRecords(semanageRecords):
|
||||||
|
print "%-25s%-10s%s" % (t[0], t[1], disabled)
|
||||||
|
|
||||||
|
def add(self, file):
|
||||||
|
+ if not os.path.exists(file):
|
||||||
|
+ raise ValueError(_("Module does not exists %s ") % file)
|
||||||
|
rc = semanage_module_install_file(self.sh, file);
|
||||||
|
if rc >= 0:
|
||||||
|
self.commit()
|
||||||
|
@@ -461,7 +462,9 @@ class loginRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||||
if exists:
|
if exists:
|
||||||
@ -249181,7 +249189,7 @@ index 85bc37f..eddd414 100644
|
|||||||
if name[0] == '%':
|
if name[0] == '%':
|
||||||
try:
|
try:
|
||||||
grp.getgrnam(name[1:])
|
grp.getgrnam(name[1:])
|
||||||
@@ -731,7 +732,8 @@ class seluserRecords(semanageRecords):
|
@@ -731,7 +734,8 @@ class seluserRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
||||||
if exists:
|
if exists:
|
||||||
@ -249191,7 +249199,7 @@ index 85bc37f..eddd414 100644
|
|||||||
|
|
||||||
(rc, u) = semanage_user_create(self.sh)
|
(rc, u) = semanage_user_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1274,7 +1276,8 @@ class nodeRecords(semanageRecords):
|
@@ -1274,7 +1278,8 @@ class nodeRecords(semanageRecords):
|
||||||
|
|
||||||
(rc, exists) = semanage_node_exists(self.sh, k)
|
(rc, exists) = semanage_node_exists(self.sh, k)
|
||||||
if exists:
|
if exists:
|
||||||
@ -249201,7 +249209,7 @@ index 85bc37f..eddd414 100644
|
|||||||
|
|
||||||
(rc, node) = semanage_node_create(self.sh)
|
(rc, node) = semanage_node_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1475,7 +1478,8 @@ class interfaceRecords(semanageRecords):
|
@@ -1475,7 +1480,8 @@ class interfaceRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||||
if exists:
|
if exists:
|
||||||
@ -249211,7 +249219,7 @@ index 85bc37f..eddd414 100644
|
|||||||
|
|
||||||
(rc, iface) = semanage_iface_create(self.sh)
|
(rc, iface) = semanage_iface_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1777,7 +1781,8 @@ class fcontextRecords(semanageRecords):
|
@@ -1777,7 +1783,8 @@ class fcontextRecords(semanageRecords):
|
||||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
|
||||||
if exists:
|
if exists:
|
||||||
@ -249221,7 +249229,7 @@ index 85bc37f..eddd414 100644
|
|||||||
|
|
||||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1970,7 +1975,7 @@ class fcontextRecords(semanageRecords):
|
@@ -1970,7 +1977,7 @@ class fcontextRecords(semanageRecords):
|
||||||
|
|
||||||
if len(self.equiv):
|
if len(self.equiv):
|
||||||
for target in self.equiv.keys():
|
for target in self.equiv.keys():
|
||||||
@ -249230,7 +249238,7 @@ index 85bc37f..eddd414 100644
|
|||||||
return l
|
return l
|
||||||
|
|
||||||
def list(self, heading = 1, locallist = 0 ):
|
def list(self, heading = 1, locallist = 0 ):
|
||||||
@@ -2156,7 +2161,7 @@ class booleanRecords(semanageRecords):
|
@@ -2156,7 +2163,7 @@ class booleanRecords(semanageRecords):
|
||||||
keys.sort()
|
keys.sort()
|
||||||
for k in keys:
|
for k in keys:
|
||||||
if ddict[k]:
|
if ddict[k]:
|
||||||
@ -250323,7 +250331,7 @@ index b25d3b2..f38c17c 100755
|
|||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
index 5e7415c..08c371a 100644
|
index 5e7415c..1454071 100644
|
||||||
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
|
||||||
@@ -7,6 +7,9 @@ import _policy
|
@@ -7,6 +7,9 @@ import _policy
|
||||||
@ -250336,7 +250344,7 @@ index 5e7415c..08c371a 100644
|
|||||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||||
gettext.textdomain(PROGNAME)
|
gettext.textdomain(PROGNAME)
|
||||||
try:
|
try:
|
||||||
@@ -37,9 +40,162 @@ CLASS = 'class'
|
@@ -37,9 +40,176 @@ CLASS = 'class'
|
||||||
TRANSITION = 'transition'
|
TRANSITION = 'transition'
|
||||||
ROLE_ALLOW = 'role_allow'
|
ROLE_ALLOW = 'role_allow'
|
||||||
|
|
||||||
@ -250410,10 +250418,22 @@ index 5e7415c..08c371a 100644
|
|||||||
+ return mpaths
|
+ return mpaths
|
||||||
+
|
+
|
||||||
+import os, pprint, re, sys
|
+import os, pprint, re, sys
|
||||||
+def find_file(reg, path):
|
+def find_file(reg):
|
||||||
|
+ if os.path.exists(reg):
|
||||||
|
+ return [ reg ]
|
||||||
|
+ pat = re.compile(r"%s$" % reg)
|
||||||
|
+ p = reg
|
||||||
|
+ if p.endswith("(/.*)?"):
|
||||||
|
+ p = p[:-6] + "/"
|
||||||
|
+
|
||||||
|
+ path = os.path.dirname(p)
|
||||||
|
+
|
||||||
|
+ if path[-1] != "/":
|
||||||
|
+ path += "/"
|
||||||
|
+
|
||||||
+ try:
|
+ try:
|
||||||
+ pat = re.compile(r"%s$" % reg)
|
+ pat = re.compile(r"%s$" % reg)
|
||||||
+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path)))
|
+ return filter(pat.match, map(lambda x: path + x, os.listdir(path)))
|
||||||
+ except:
|
+ except:
|
||||||
+ return []
|
+ return []
|
||||||
+
|
+
|
||||||
@ -250441,9 +250461,8 @@ index 5e7415c..08c371a 100644
|
|||||||
+ t = rec[-1].split(":")[2]
|
+ t = rec[-1].split(":")[2]
|
||||||
+ if t in fcdict:
|
+ if t in fcdict:
|
||||||
+ fcdict[t]["regex"].append(rec[0])
|
+ fcdict[t]["regex"].append(rec[0])
|
||||||
+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
|
|
||||||
+ else:
|
+ else:
|
||||||
+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype}
|
+ fcdict[t] = { "regex": [ rec[0] ], "ftype": ftype}
|
||||||
+ except:
|
+ except:
|
||||||
+ pass
|
+ pass
|
||||||
+ fcdict["logfile"] = { "regex" : [ "all log files" ]}
|
+ fcdict["logfile"] = { "regex" : [ "all log files" ]}
|
||||||
@ -250465,13 +250484,15 @@ index 5e7415c..08c371a 100644
|
|||||||
+ return None
|
+ return None
|
||||||
+
|
+
|
||||||
+def get_transitions(setype):
|
+def get_transitions(setype):
|
||||||
try:
|
+ try:
|
||||||
- path = selinux.selinux_binary_policy_path()
|
|
||||||
+ return search([TRANSITION],{'source':setype, 'class':'process'})
|
+ return search([TRANSITION],{'source':setype, 'class':'process'})
|
||||||
+ except TypeError:
|
+ except TypeError:
|
||||||
+ pass
|
+ pass
|
||||||
+ return None
|
+ return None
|
||||||
+
|
+
|
||||||
|
+def get_all_entrypoints():
|
||||||
|
+ return get_types_from_attribute("entry_type")
|
||||||
|
+
|
||||||
+def get_entrypoint_types(setype):
|
+def get_entrypoint_types(setype):
|
||||||
+ entrypoints = None
|
+ entrypoints = None
|
||||||
+ entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'}))
|
+ entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'}))
|
||||||
@ -250485,7 +250506,7 @@ index 5e7415c..08c371a 100644
|
|||||||
+ pass
|
+ pass
|
||||||
+ return None
|
+ return None
|
||||||
+
|
+
|
||||||
+def get_all_entrypoints(setype):
|
+def get_entrypoints(setype):
|
||||||
+ fcdict = get_fcdict()
|
+ fcdict = get_fcdict()
|
||||||
+ mpaths = {}
|
+ mpaths = {}
|
||||||
+ for f in get_entrypoint_types(setype):
|
+ for f in get_entrypoint_types(setype):
|
||||||
@ -250496,12 +250517,13 @@ index 5e7415c..08c371a 100644
|
|||||||
+ return mpaths
|
+ return mpaths
|
||||||
+
|
+
|
||||||
+def get_installed_policy(root = "/"):
|
+def get_installed_policy(root = "/"):
|
||||||
+ try:
|
try:
|
||||||
|
- path = selinux.selinux_binary_policy_path()
|
||||||
+ path = root + selinux.selinux_binary_policy_path()
|
+ path = root + selinux.selinux_binary_policy_path()
|
||||||
policies = glob.glob ("%s.*" % path )
|
policies = glob.glob ("%s.*" % path )
|
||||||
policies.sort()
|
policies.sort()
|
||||||
return policies[-1]
|
return policies[-1]
|
||||||
@@ -47,6 +203,27 @@ def __get_installed_policy():
|
@@ -47,6 +217,27 @@ def __get_installed_policy():
|
||||||
pass
|
pass
|
||||||
raise ValueError(_("No SELinux Policy installed"))
|
raise ValueError(_("No SELinux Policy installed"))
|
||||||
|
|
||||||
@ -250529,7 +250551,7 @@ index 5e7415c..08c371a 100644
|
|||||||
all_types = None
|
all_types = None
|
||||||
def get_all_types():
|
def get_all_types():
|
||||||
global all_types
|
global all_types
|
||||||
@@ -54,6 +231,13 @@ def get_all_types():
|
@@ -54,6 +245,13 @@ def get_all_types():
|
||||||
all_types = map(lambda x: x['name'], info(TYPE))
|
all_types = map(lambda x: x['name'], info(TYPE))
|
||||||
return all_types
|
return all_types
|
||||||
|
|
||||||
@ -250543,7 +250565,7 @@ index 5e7415c..08c371a 100644
|
|||||||
role_allows = None
|
role_allows = None
|
||||||
def get_all_role_allows():
|
def get_all_role_allows():
|
||||||
global role_allows
|
global role_allows
|
||||||
@@ -71,6 +255,7 @@ def get_all_role_allows():
|
@@ -71,6 +269,7 @@ def get_all_role_allows():
|
||||||
return role_allows
|
return role_allows
|
||||||
|
|
||||||
def get_all_entrypoint_domains():
|
def get_all_entrypoint_domains():
|
||||||
@ -250551,7 +250573,7 @@ index 5e7415c..08c371a 100644
|
|||||||
all_domains = []
|
all_domains = []
|
||||||
types=get_all_types()
|
types=get_all_types()
|
||||||
types.sort()
|
types.sort()
|
||||||
@@ -81,11 +266,54 @@ def get_all_entrypoint_domains():
|
@@ -81,11 +280,54 @@ def get_all_entrypoint_domains():
|
||||||
all_domains.append(m[0])
|
all_domains.append(m[0])
|
||||||
return all_domains
|
return all_domains
|
||||||
|
|
||||||
@ -250607,7 +250629,7 @@ index 5e7415c..08c371a 100644
|
|||||||
return all_domains
|
return all_domains
|
||||||
|
|
||||||
roles = None
|
roles = None
|
||||||
@@ -139,50 +367,95 @@ def get_all_attributes():
|
@@ -139,50 +381,95 @@ def get_all_attributes():
|
||||||
return all_attributes
|
return all_attributes
|
||||||
|
|
||||||
def policy(policy_file):
|
def policy(policy_file):
|
||||||
@ -250728,7 +250750,7 @@ index 5e7415c..08c371a 100644
|
|||||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||||
global booleans_dict
|
global booleans_dict
|
||||||
if booleans_dict:
|
if booleans_dict:
|
||||||
@@ -191,7 +464,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
@@ -191,7 +478,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||||
import re
|
import re
|
||||||
booleans_dict = {}
|
booleans_dict = {}
|
||||||
try:
|
try:
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.14
|
Version: 2.1.14
|
||||||
Release: 59%{?dist}
|
Release: 60%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -309,6 +309,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-60
|
||||||
|
- Fix semanage module error handling
|
||||||
|
|
||||||
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
|
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
|
||||||
- Add back default exception handling for errors, which argparse rewrite removed.
|
- Add back default exception handling for errors, which argparse rewrite removed.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user