From e973847bf688583e536f3a3a93f8cd4b3070c97f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 18 Nov 2009 22:20:42 +0000 Subject: [PATCH] * Wed Nov 18 2009 Dan Walsh 2.0.76-1 - Update to upstream * Remove setrans management from semanage, as it does not work from Dan Walsh. * Move load_policy from /usr/sbin to /sbin from Dan Walsh. --- .cvsignore | 1 + policycoreutils-rhat.patch | 349 ++++++++++++++----------------------- policycoreutils.spec | 10 +- sources | 3 +- 4 files changed, 137 insertions(+), 226 deletions(-) diff --git a/.cvsignore b/.cvsignore index 1ae5f20..15ad385 100644 --- a/.cvsignore +++ b/.cvsignore @@ -209,3 +209,4 @@ sepolgen-1.0.17.tgz policycoreutils-2.0.73.tgz policycoreutils-2.0.74.tgz policycoreutils-2.0.75.tgz +policycoreutils-2.0.76.tgz diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 64b92a7..244e83f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -39,22 +39,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po # This is the default if no input is specified f = sys.stdin diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.75/load_policy/Makefile ---- nsapolicycoreutils/load_policy/Makefile 2008-08-28 09:34:24.000000000 -0400 +--- nsapolicycoreutils/load_policy/Makefile 2009-11-18 17:06:03.000000000 -0500 +++ policycoreutils-2.0.75/load_policy/Makefile 2009-11-03 09:44:56.000000000 -0500 -@@ -1,6 +1,7 @@ - # Installation directories. - PREFIX ?= ${DESTDIR}/usr --SBINDIR ?= $(PREFIX)/sbin -+SBINDIR ?= $(DESTDIR)/sbin -+USRSBINDIR ?= $(PREFIX)/sbin - MANDIR ?= $(PREFIX)/share/man - LOCALEDIR ?= /usr/share/locale - -@@ -17,6 +18,8 @@ - install -m 755 $(TARGETS) $(SBINDIR) +@@ -19,7 +19,7 @@ test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 install -m 644 load_policy.8 $(MANDIR)/man8/ -+ -mkdir -p $(USRSBINDIR) + -mkdir -p $(USRSBINDIR) +- ln -sf /sbin/load_policy $(USRSBINDIR)/load_policy + ln -s /sbin/load_policy $(USRSBINDIR)/load_policy clean: @@ -2303,9 +2294,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po install: all -mkdir -p $(BINDIR) diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.75/semanage/semanage ---- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400 +--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500 +++ policycoreutils-2.0.75/semanage/semanage 2009-11-03 09:44:56.000000000 -0500 -@@ -39,19 +39,27 @@ +@@ -39,16 +39,25 @@ __builtin__.__dict__['_'] = unicode if __name__ == '__main__': @@ -2323,7 +2314,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po semanage [ -S store ] -i [ input_file | - ] +semanage [ -S store ] -o [ output_file | - ] --semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] +-semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n] +semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n] semanage login -{a|d|m} [-sr] login_name | %groupname semanage user -{a|d|m} [-LrRP] selinux_name @@ -2332,11 +2323,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po +semanage module -{a|d|m} [--enable|--disable] module semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr semanage fcontext -{a|d|m} [-frst] file_spec --semanage translation -{a|d|m} [-T] level semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file - semanage permissive -{d|a} type - semanage dontaudit [ on | off ] -@@ -62,7 +70,9 @@ +@@ -61,7 +70,9 @@ -d, --delete Delete a OBJECT record NAME -m, --modify Modify a OBJECT record NAME -i, --input Input multiple semange commands in a transaction @@ -2346,7 +2334,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -C, --locallist List OBJECTS local customizations -D, --deleteall Remove all OBJECTS local customizations -@@ -85,14 +95,15 @@ +@@ -84,12 +95,15 @@ -F, --file Treat target as an input file for command, change multiple settings -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) -M, --mask Netmask @@ -2354,8 +2342,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -P, --prefix Prefix for home directory labeling -L, --level Default SELinux Level (MLS/MCS Systems only) -R, --roles SELinux Roles (ex: "sysadm_r staff_r") -- -T, --trans SELinux Level Translation (MLS/MCS Systems only) -- -s, --seuser SELinux User Name -t, --type SELinux Type for the object -r, --range MLS/MCS Security Range (MLS/MCS Systems only) @@ -2364,7 +2350,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po """) raise ValueError("%s\n%s" % (text, message)) -@@ -104,7 +115,7 @@ +@@ -101,7 +115,7 @@ def get_options(): valid_option={} @@ -2373,7 +2359,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po valid_option["login"] = [] valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] valid_option["user"] = [] -@@ -115,11 +126,11 @@ +@@ -112,8 +126,10 @@ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] valid_option["node"] = [] valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol'] @@ -2383,12 +2369,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po - valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] + valid_option["fcontext"] += valid_everyone + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] valid_option["dontaudit"] = [ '-S', '--store' ] -- valid_option["translation"] = [] -- valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] valid_option["boolean"] = [] valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] - valid_option["permissive"] = [] -@@ -173,6 +184,8 @@ +@@ -168,6 +184,8 @@ return ret def process_args(argv): @@ -2397,15 +2380,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po serange = "" port = "" proto = "" -@@ -180,7 +193,6 @@ - selevel = "" - setype = "" - ftype = "" -- setrans = "" - roles = "" - seuser = "" - prefix = "user" -@@ -190,10 +202,14 @@ +@@ -184,10 +202,14 @@ modify = False delete = False deleteall = False @@ -2420,11 +2395,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po object = argv[0] option_dict=get_options() -@@ -203,10 +219,14 @@ +@@ -197,10 +219,14 @@ args = argv[1:] gopts, cmds = getopt.getopt(args, -- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:', +- '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:', + '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:', ['add', 'delete', @@ -2436,15 +2411,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po 'ftype=', 'file', 'help', -@@ -225,7 +245,6 @@ - 'level=', - 'roles=', - 'type=', -- 'trans=', - 'prefix=', - 'mask=' - ]) -@@ -235,26 +254,42 @@ +@@ -228,26 +254,42 @@ for o,a in gopts: if o == "-a" or o == "--add": @@ -2494,7 +2461,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if o == "-n" or o == "--noheading": heading = False -@@ -263,8 +298,7 @@ +@@ -256,8 +298,7 @@ locallist = True if o == "-m"or o == "--modify": @@ -2504,15 +2471,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po modify = True if o == "-S" or o == '--store': -@@ -297,14 +331,12 @@ - if o == "-t" or o == "--type": - setype = a - -- if o == "-T" or o == "--trans": -- setrans = a -- - if o == "--on" or o == "-1": - value = "on" +@@ -295,6 +336,7 @@ if o == "--off" or o == "-0": value = "off" @@ -2520,20 +2479,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if object == "login": OBJECT = seobject.loginRecords(store) -@@ -325,9 +357,10 @@ +@@ -315,6 +357,10 @@ if object == "boolean": OBJECT = seobject.booleanRecords(store) + modify = True - -- if object == "translation": -- OBJECT = seobject.setransRecords() ++ + if object == "module": + OBJECT = seobject.moduleRecords(store) if object == "permissive": OBJECT = seobject.permissiveRecords(store) -@@ -343,8 +376,13 @@ +@@ -330,8 +376,13 @@ OBJECT.deleteall() return @@ -2548,17 +2505,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po target = cmds[0] -@@ -358,9 +396,6 @@ - if object == "login": - OBJECT.add(target, seuser, serange) - -- if object == "translation": -- OBJECT.add(target, setrans) -- - if object == "user": - OBJECT.add(target, roles.split(), selevel, serange, prefix) - -@@ -370,11 +405,17 @@ +@@ -354,11 +405,17 @@ if object == "interface": OBJECT.add(target, serange, setype) @@ -2577,14 +2524,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if object == "permissive": OBJECT.add(target) -@@ -387,13 +428,18 @@ - if object == "login": - OBJECT.modify(target, seuser, serange) - -- if object == "translation": -- OBJECT.modify(target, setrans) -- - if object == "user": +@@ -375,6 +432,14 @@ rlist = roles.split() OBJECT.modify(target, rlist, selevel, serange, prefix) @@ -2599,7 +2539,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if object == "port": OBJECT.modify(target, proto, serange, setype) -@@ -404,7 +450,10 @@ +@@ -385,7 +450,10 @@ OBJECT.modify(target, mask, proto, serange, setype) if object == "fcontext": @@ -2611,7 +2551,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po return -@@ -423,12 +472,13 @@ +@@ -404,12 +472,13 @@ return @@ -2626,7 +2566,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po input = None store = "" -@@ -436,7 +486,7 @@ +@@ -417,7 +486,7 @@ usage(_("Requires 2 or more arguments")) gopts, cmds = getopt.getopt(sys.argv[1:], @@ -2635,7 +2575,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po ['add', 'delete', 'deleteall', -@@ -450,6 +500,7 @@ +@@ -431,6 +500,7 @@ 'localist', 'off', 'on', @@ -2643,7 +2583,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po 'proto=', 'seuser=', 'store=', -@@ -465,6 +516,16 @@ +@@ -438,6 +508,7 @@ + 'level=', + 'roles=', + 'type=', ++ 'trans=', + 'prefix=' + ]) + for o, a in gopts: +@@ -445,6 +516,16 @@ store = a if o == "-i" or o == '--input': input = a @@ -2660,7 +2608,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if input != None: if input == "-": -@@ -474,6 +535,7 @@ +@@ -454,6 +535,7 @@ trans = seobject.semanageRecords(store) trans.start() for l in fd.readlines(): @@ -2668,8 +2616,39 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po process_args(mkargv(l)) trans.finish() else: +diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.75/semanage/semanage.8 +--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500 ++++ policycoreutils-2.0.75/semanage/semanage.8 2009-11-03 09:21:41.000000000 -0500 +@@ -3,7 +3,7 @@ + semanage \- SELinux Policy Management tool + + .SH "SYNOPSIS" +-.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store] ++.B semanage {boolean|login|user|port|interface|node|fcontext|translation} \-{l|D} [\-n] [\-S store] + .br + .B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file + .br +@@ -22,6 +22,8 @@ + .B semanage permissive \-{a|d} type + .br + .B semanage dontaudit [ on | off ] ++.br ++.B semanage translation \-{a|d|m} [\-T] level + .P + + .SH "DESCRIPTION" +@@ -99,6 +101,9 @@ + .TP + .I \-t, \-\-type + SELinux Type for the object ++.TP ++.I \-T, \-\-trans ++SELinux Translation + + .SH EXAMPLE + .nf diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.75/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400 +--- nsapolicycoreutils/semanage/seobject.py 2009-11-18 17:06:03.000000000 -0500 +++ policycoreutils-2.0.75/semanage/seobject.py 2009-11-16 16:52:53.000000000 -0500 @@ -37,40 +37,6 @@ @@ -2712,119 +2691,40 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po file_types = {} file_types[""] = SEMANAGE_FCONTEXT_ALL; file_types["all files"] = SEMANAGE_FCONTEXT_ALL; -@@ -194,127 +160,152 @@ +@@ -194,44 +160,151 @@ return trans else: return raw - --class setransRecords: -- def __init__(self): -- self.filename = selinux.selinux_translations_path() -- try: -- fd = open(self.filename, "r") -- translations = fd.readlines() -- fd.close() -- except IOError, e: -- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) ) -- -- self.ddict = {} -- self.comments = [] -- for r in translations: -- if len(r) == 0: -- continue -- i = r.strip() -- if i == "" or i[0] == "#": -- self.comments.append(r) -- continue -- i = i.split("=") -- if len(i) != 2: -- self.comments.append(r) -- continue -- if self.ddict.has_key(i[0]) == 0: -- self.ddict[i[0]] = i[1] - -- def get_all(self): -- return self.ddict -+class semanageRecords: ++ + class semanageRecords: +- def __init__(self, store): + transaction = False + handle = None - -- def out(self): -- rec = "" -- for c in self.comments: -- rec += c -- keys = self.ddict.keys() -- keys.sort() -- for k in keys: -- rec += "%s=%s\n" % (k, self.ddict[k]) -- return rec -- -- def list(self, heading = 1, locallist = 0): -- if heading: -- print "\n%-25s %s\n" % (_("Level"), _("Translation")) -- keys = self.ddict.keys() -- keys.sort() -- for k in keys: -- print "%-25s %s" % (k, self.ddict[k]) -- -- def add(self, raw, trans): -- if trans.find(" ") >= 0: -- raise ValueError(_("Translations can not contain spaces '%s' ") % trans) ++ + def __init__(self, store): -+ global handle -+ -+ self.sh = self.get_handle(store) - -- if validate_level(raw) == None: -- raise ValueError(_("Invalid Level '%s' ") % raw) -- -- if self.ddict.has_key(raw): -- raise ValueError(_("%s already defined in translations") % raw) -- else: -- self.ddict[raw] = trans -- self.save() -- -- def modify(self, raw, trans): -- if trans.find(" ") >= 0: -+ def get_handle(self, store): -+ global is_mls_enabled - -- raise ValueError(_("Translations can not contain spaces '%s' ") % trans) -- if self.ddict.has_key(raw): -- self.ddict[raw] = trans -- else: -- raise ValueError(_("%s not defined in translations") % raw) -- self.save() -- -- def delete(self, raw): -- self.ddict.pop(raw) -- self.save() -- -- def save(self): -- (fd, newfilename) = tempfile.mkstemp('', self.filename) -- os.write(fd, self.out()) -- os.close(fd) -- os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE]) -- os.rename(newfilename, self.filename) -- os.system("/sbin/service mcstrans reload > /dev/null") -+ if semanageRecords.handle: -+ return semanageRecords.handle - --class semanageRecords: -- def __init__(self, store): -- global handle -+ handle = semanage_handle_create() -+ if not handle: -+ raise ValueError(_("Could not create semanage handle")) -+ -+ if store != "": -+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT); + global handle - if handle != None: - self.sh = handle - else: - self.sh = get_handle(store) - self.transaction = False ++ self.sh = self.get_handle(store) ++ ++ def get_handle(self, store): ++ global is_mls_enabled ++ ++ if semanageRecords.handle: ++ return semanageRecords.handle ++ ++ handle = semanage_handle_create() ++ if not handle: ++ raise ValueError(_("Could not create semanage handle")) ++ ++ if store != "": ++ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT); ++ + if not semanage_is_managed(handle): + semanage_handle_destroy(handle) + raise ValueError(_("SELinux policy is not managed or store cannot be accessed.")) @@ -2882,8 +2782,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po raise ValueError(_("Semanage transaction not in progress")) - self.transaction = False + semanageRecords.transaction = False - self.commit() - ++ self.commit() ++ +class moduleRecords(semanageRecords): + def __init__(self, store): + semanageRecords.__init__(self, store) @@ -2947,18 +2847,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + if rc < 0 and rc != -2: + raise ValueError(_("Could not remove module %s (remove failed)") % m) + -+ self.commit() + self.commit() + + def deleteall(self): + l = self.get_all() + if len(l) > 0: + all = " ".join(l[0]) + self.delete(all) -+ + class dontauditClass(semanageRecords): def __init__(self, store): - semanageRecords.__init__(self, store) -@@ -341,6 +332,7 @@ +@@ -259,6 +332,7 @@ name = semanage_module_get_name(mod) if name and name.startswith("permissive_"): l.append(name.split("permissive_")[1]) @@ -2966,7 +2865,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po return l def list(self, heading = 1, locallist = 0): -@@ -425,7 +417,9 @@ +@@ -343,7 +417,9 @@ if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: @@ -2977,7 +2876,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if name[0] == '%': try: grp.getgrnam(name[1:]) -@@ -557,6 +551,16 @@ +@@ -475,6 +551,16 @@ mylog.log(1, "delete SELinux user mapping", name); @@ -2994,7 +2893,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -571,6 +575,15 @@ +@@ -489,6 +575,15 @@ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) return ddict @@ -3010,7 +2909,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def list(self,heading = 1, locallist = 0): ddict = self.get_all(locallist) keys = ddict.keys() -@@ -613,7 +626,8 @@ +@@ -531,7 +626,8 @@ if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: @@ -3020,7 +2919,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po (rc, u) = semanage_user_create(self.sh) if rc < 0: -@@ -764,6 +778,16 @@ +@@ -682,6 +778,16 @@ mylog.log(1,"delete SELinux user record", name) @@ -3037,7 +2936,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -784,6 +808,15 @@ +@@ -702,6 +808,15 @@ return ddict @@ -3053,7 +2952,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): ddict = self.get_all(locallist) keys = ddict.keys() -@@ -822,12 +855,16 @@ +@@ -740,12 +855,16 @@ low = int(ports[0]) high = int(ports[1]) @@ -3070,7 +2969,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -890,6 +927,7 @@ +@@ -808,6 +927,7 @@ self.commit() def __modify(self, port, proto, serange, setype): @@ -3078,7 +2977,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if serange == "" and setype == "": if is_mls_enabled == 1: raise ValueError(_("Requires setype or serange")) -@@ -1024,6 +1062,18 @@ +@@ -942,6 +1062,18 @@ ddict[(ctype,proto_str)].append("%d-%d" % (low, high)) return ddict @@ -3097,7 +2996,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number")) -@@ -1040,7 +1090,8 @@ +@@ -958,7 +1090,8 @@ class nodeRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self,store) @@ -3107,7 +3006,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def __add(self, addr, mask, proto, serange, ctype): if addr == "": raise ValueError(_("Node Address is required")) -@@ -1048,14 +1099,11 @@ +@@ -966,14 +1099,11 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3125,7 +3024,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -1073,7 +1121,8 @@ +@@ -991,7 +1121,8 @@ (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -3135,7 +3034,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1120,7 +1169,7 @@ +@@ -1038,7 +1169,7 @@ def add(self, addr, mask, proto, serange, ctype): self.begin() @@ -3144,7 +3043,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po self.commit() def __modify(self, addr, mask, proto, serange, setype): -@@ -1129,13 +1178,10 @@ +@@ -1047,13 +1178,10 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3162,7 +3061,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) -@@ -1180,11 +1226,9 @@ +@@ -1098,11 +1226,9 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3177,7 +3076,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po raise ValueError(_("Unknown or missing protocol")) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) -@@ -1214,6 +1258,16 @@ +@@ -1132,6 +1258,16 @@ self.__delete(addr, mask, proto) self.commit() @@ -3194,7 +3093,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist : -@@ -1227,15 +1281,20 @@ +@@ -1145,15 +1281,20 @@ con = semanage_node_get_con(node) addr = semanage_node_get_addr(self.sh, node) mask = semanage_node_get_mask(self.sh, node) @@ -3220,7 +3119,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") -@@ -1275,7 +1334,8 @@ +@@ -1193,7 +1334,8 @@ if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -3230,7 +3129,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1389,6 +1449,16 @@ +@@ -1307,6 +1449,16 @@ self.__delete(interface) self.commit() @@ -3247,7 +3146,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -1404,6 +1474,15 @@ +@@ -1322,6 +1474,15 @@ return ddict @@ -3263,7 +3162,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-30s %s\n" % (_("SELinux Interface"), _("Context")) -@@ -1420,6 +1499,48 @@ +@@ -1338,6 +1499,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -3312,7 +3211,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1446,6 +1567,8 @@ +@@ -1364,6 +1567,8 @@ def validate(self, target): if target == "" or target.find("\n") >= 0: raise ValueError(_("Invalid file specification")) @@ -3321,7 +3220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"): self.validate(target) -@@ -1470,7 +1593,8 @@ +@@ -1388,7 +1593,8 @@ raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -3331,7 +3230,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1586,9 +1710,16 @@ +@@ -1504,9 +1710,16 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -3348,7 +3247,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1643,12 +1774,22 @@ +@@ -1561,12 +1774,22 @@ return ddict @@ -3373,7 +3272,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1794,6 +1935,16 @@ +@@ -1712,6 +1935,16 @@ else: return _("unknown") @@ -3609,3 +3508,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po argv[0]); exit(1); } +diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.75/VERSION +--- nsapolicycoreutils/VERSION 2009-11-18 17:06:03.000000000 -0500 ++++ policycoreutils-2.0.75/VERSION 2009-11-03 09:21:41.000000000 -0500 +@@ -1 +1 @@ +-2.0.76 ++2.0.75 diff --git a/policycoreutils.spec b/policycoreutils.spec index af6b9cb..1305dad 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,8 +5,8 @@ %define sepolgenver 1.0.17 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.75 -Release: 3%{?dist} +Version: 2.0.76 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -296,6 +296,12 @@ fi exit 0 %changelog +* Wed Nov 18 2009 Dan Walsh 2.0.76-1 +- Update to upstream + * Remove setrans management from semanage, as it does not work + from Dan Walsh. + * Move load_policy from /usr/sbin to /sbin from Dan Walsh. + * Mon Nov 16 2009 Dan Walsh 2.0.75-3 - Raise exception if user tries to add file context with an embedded space diff --git a/sources b/sources index 55f98c1..94a0c70 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ 480cc64a050735fa1163a87dc89c4f49 sepolgen-1.0.17.tgz -3798f448cdc084e535507f0eee209fc7 policycoreutils-2.0.75.tgz -59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2 +0762f1174561dacad12bc9b30aa12307 policycoreutils-2.0.76.tgz