Fix audit2allow output to better align analysys with the allow rules
- Apply Miroslav Grepl patch to clean up sepolicy generate usage - Apply Miroslav Grepl patch to fixupt handing of admin_user generation - Update Tranlslations
This commit is contained in:
parent
8e3bfe0949
commit
e9b167e78d
@ -983,6 +983,189 @@ index e84995e..a60b20e 100644
|
||||
|
||||
#: booleans.py:233
|
||||
msgid "Allow xguest users to mount removable media"
|
||||
diff --git a/policycoreutils/po/gu.po b/policycoreutils/po/gu.po
|
||||
index 165b892..074abad 100644
|
||||
--- a/policycoreutils/po/gu.po
|
||||
+++ b/policycoreutils/po/gu.po
|
||||
@@ -5,13 +5,14 @@
|
||||
# Translators:
|
||||
# Ankit Patel <ankit@redhat.com>, 2006-2008.
|
||||
# Sweta Kothari <swkothar@redhat.com>, 2008-2010,2012.
|
||||
+# <swkothar@redhat.com>, 2013.
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: Policycoreutils\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2013-01-04 12:01-0500\n"
|
||||
-"PO-Revision-Date: 2013-01-04 17:02+0000\n"
|
||||
-"Last-Translator: dwalsh <dwalsh@redhat.com>\n"
|
||||
+"PO-Revision-Date: 2013-03-26 08:31+0000\n"
|
||||
+"Last-Translator: sweta <swkothar@redhat.com>\n"
|
||||
"Language-Team: Gujarati <trans-gu@lists.fedoraproject.org>\n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
@@ -287,7 +288,7 @@ msgstr "MLS/MCS વિસ્તાર"
|
||||
|
||||
#: ../semanage/seobject.py:672
|
||||
msgid "Service"
|
||||
-msgstr ""
|
||||
+msgstr "સેવા"
|
||||
|
||||
#: ../semanage/seobject.py:698 ../semanage/seobject.py:729
|
||||
#: ../semanage/seobject.py:796 ../semanage/seobject.py:853
|
||||
@@ -424,7 +425,7 @@ msgstr "પ્રકાર જરૂરી છે"
|
||||
#: ../semanage/seobject.py:1814
|
||||
#, python-format
|
||||
msgid "Type %s is invalid, must be a port type"
|
||||
-msgstr ""
|
||||
+msgstr "પ્રકાર %s અયોગ્ય છે, પોર્ટ પ્રકાર હોવુ જ જોઇએ"
|
||||
|
||||
#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062
|
||||
#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123
|
||||
@@ -546,12 +547,12 @@ msgstr "અજ્ઞાત અથવા ગેરહાજર પ્રોટો
|
||||
|
||||
#: ../semanage/seobject.py:1256
|
||||
msgid "SELinux node type is required"
|
||||
-msgstr ""
|
||||
+msgstr "SELinux નોડ પ્રકારની જરૂરિયાત છે"
|
||||
|
||||
#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327
|
||||
#, python-format
|
||||
msgid "Type %s is invalid, must be a node type"
|
||||
-msgstr ""
|
||||
+msgstr "પ્રકાર %s અયોગ્ય છે, નોડ પ્રકાર હોવુ જ જોઇએ"
|
||||
|
||||
#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331
|
||||
#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465
|
||||
@@ -785,7 +786,7 @@ msgstr "ફાઇલ સ્પષ્ટીકરણ %s સરખા નિયમ
|
||||
#: ../semanage/seobject.py:1755
|
||||
#, python-format
|
||||
msgid "Type %s is invalid, must be a file or device type"
|
||||
-msgstr ""
|
||||
+msgstr "પ્રકાર %s અયોગ્ય છે, ફાઇલ અથવા ઉપકરણ પ્રકાર હોવુ જ જોઇએ"
|
||||
|
||||
#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768
|
||||
#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906
|
||||
@@ -2173,7 +2174,7 @@ msgstr "પેચ કે જેમાં ઉત્પન્ન થયેલ SELi
|
||||
|
||||
#: ../sepolicy/sepolicy.py:207
|
||||
msgid "name of the OS for man pages"
|
||||
-msgstr ""
|
||||
+msgstr "મુખ્ય પાનાં માટે OS નું નામ"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:209
|
||||
msgid "Generate HTML man pages structure for selected SELinux man page"
|
||||
@@ -2225,7 +2226,7 @@ msgstr "બુલિયનની જાણકારીને જોવા મા
|
||||
|
||||
#: ../sepolicy/sepolicy.py:280
|
||||
msgid "get all booleans descriptions"
|
||||
-msgstr ""
|
||||
+msgstr "બધા બુલિયન વર્ણનોને મેળવો"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:282
|
||||
msgid "boolean to get description"
|
||||
@@ -2247,11 +2248,11 @@ msgstr "લક્ષ્ય પ્રક્રિયા ડોમેઇન"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:327
|
||||
msgid "Command required for this type of policy"
|
||||
-msgstr ""
|
||||
+msgstr "પોલિસીનાં આ પ્રકાર માટે આદેશ જરૂરી"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:347
|
||||
msgid "List SELinux Policy interfaces"
|
||||
-msgstr ""
|
||||
+msgstr "SELinux પોલિસી ઇન્ટરફેસની યાદી કરો"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:362
|
||||
msgid "Generate SELinux Policy module template"
|
||||
@@ -2289,7 +2290,7 @@ msgstr "પુરાવા માટેના એક્ઝેક્યુટે
|
||||
#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417
|
||||
#, python-format
|
||||
msgid "Generate Policy for %s"
|
||||
-msgstr ""
|
||||
+msgstr "%s માટે પોલિસી ઉત્પન્ન કરો"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:422
|
||||
msgid "commands"
|
||||
@@ -2301,12 +2302,12 @@ msgstr ""
|
||||
|
||||
#: ../sepolicy/sepolicy/__init__.py:48
|
||||
msgid "No SELinux Policy installed"
|
||||
-msgstr ""
|
||||
+msgstr "SELinux પોલિસી સ્થાપિત થયેલ નથી"
|
||||
|
||||
#: ../sepolicy/sepolicy/__init__.py:54
|
||||
#, python-format
|
||||
msgid "Failed to read %s policy file"
|
||||
-msgstr ""
|
||||
+msgstr "%s પોલિસી ફાઇલને વાંચવામાં નિષ્ફળતા"
|
||||
|
||||
#: ../sepolicy/sepolicy/__init__.py:127
|
||||
msgid "unknown"
|
||||
@@ -2318,7 +2319,7 @@ msgstr "ઇન્ટરનેટ સેવા ડિમન"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:177
|
||||
msgid "Existing Domain Type"
|
||||
-msgstr ""
|
||||
+msgstr "હાલનો ડોમેઇન પ્રકાર"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:178
|
||||
msgid "Minimal Terminal Login User Role"
|
||||
@@ -2330,11 +2331,11 @@ msgstr ""
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:180
|
||||
msgid "Desktop Login User Role"
|
||||
-msgstr ""
|
||||
+msgstr "ડેસ્કટોપ લૉગિન વપરાશકર્તા ભૂમિકા"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:181
|
||||
msgid "Administrator Login User Role"
|
||||
-msgstr ""
|
||||
+msgstr "સંચાલક લૉગિન વપરાશકર્તા ભૂમિકા"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:182
|
||||
msgid "Confined Root Administrator Role"
|
||||
@@ -2351,7 +2352,7 @@ msgstr "પોર્ટો નંબરો કે 1 થી %d સુધીના
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:231
|
||||
msgid "You must enter a valid policy type"
|
||||
-msgstr ""
|
||||
+msgstr "તમારે યોગ્ય પોલિસી પ્રકારને દાખલ કરવુ જ જોઇએ"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:234
|
||||
#, python-format
|
||||
@@ -2415,7 +2416,7 @@ msgstr "ફાઈલ સંદર્ભો ફાઈલ"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:1324
|
||||
msgid "Spec file"
|
||||
-msgstr ""
|
||||
+msgstr "Spec ફાઇલ"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:1325
|
||||
msgid "Setup Script"
|
||||
@@ -2455,7 +2456,7 @@ msgstr "radius સર્વરની મદદથી પ્રવેશવા
|
||||
|
||||
#: booleans.py:8
|
||||
msgid "Allow users to login using a yubikey server"
|
||||
-msgstr ""
|
||||
+msgstr "yubikey સર્વરની મદદથી પ્રવેશવા વપરાશકર્તાઓને પરવાનગી આપો"
|
||||
|
||||
#: booleans.py:9
|
||||
msgid "Allow awstats to purge Apache logs"
|
||||
@@ -2527,11 +2528,11 @@ msgstr "ટર્મિનલોને વાંચવા/લખવાની ક
|
||||
|
||||
#: booleans.py:25
|
||||
msgid "Allow dan to manage user files"
|
||||
-msgstr ""
|
||||
+msgstr "વપરાશકર્તા ફાઇલોને સંચાલિત કરવા માટે dan ને પરવાનગી આપો"
|
||||
|
||||
#: booleans.py:26
|
||||
msgid "Allow dan to read user files"
|
||||
-msgstr ""
|
||||
+msgstr "વપરાશકર્તા ફાઇલોને વાંચવા માટે dan ને પરવાનગી આપો"
|
||||
|
||||
#: booleans.py:27
|
||||
msgid "Allow dbadm to manage files in users home directories"
|
||||
diff --git a/policycoreutils/po/ja.po b/policycoreutils/po/ja.po
|
||||
index 72ae12d..649d288 100644
|
||||
--- a/policycoreutils/po/ja.po
|
||||
@ -2302,7 +2485,7 @@ index 0000000..3ecf3eb
|
||||
@@ -0,0 +1 @@
|
||||
+.so man8/sepolicy-generate.8
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||
index 82fea52..29f9428 100644
|
||||
index 82fea52..c969e0d 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
|
||||
@@ -81,7 +81,7 @@ _sepolicy () {
|
||||
@ -2314,7 +2497,26 @@ index 82fea52..29f9428 100644
|
||||
[network]='-h --help -d --domain -l --list -p --port -t --type '
|
||||
[transition]='-h --help -s --source -t --target'
|
||||
)
|
||||
@@ -156,6 +156,10 @@ _sepolicy () {
|
||||
@@ -130,9 +130,6 @@ _sepolicy () {
|
||||
COMPREPLY=( $( compgen -d -- "$cur") )
|
||||
compopt -o filenames
|
||||
return 0
|
||||
- elif [ "$prev" = "--type" -o "$prev" = "-t" ]; then
|
||||
- COMPREPLY=( $(compgen -W '0 1 2 3 4 5 6 7 8 9 10 11' -- "$cur") )
|
||||
- return 0
|
||||
elif [ "$prev" = "--domain" -o "$prev" = "-d" ]; then
|
||||
COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
|
||||
return 0
|
||||
@@ -140,7 +137,7 @@ _sepolicy () {
|
||||
COMPREPLY=( $(compgen -W "$( __get_all_admin_interaces ) " -- "$cur") )
|
||||
return 0
|
||||
elif [ "$prev" = "--user" -o "$prev" = "-u" ]; then
|
||||
- COMPREPLY=( $(compgen -W "$( __get_all_users ) " -- "$cur") )
|
||||
+ COMPREPLY=( $(compgen -W "$( __get_all_users )" -- "$cur") )
|
||||
return 0
|
||||
elif [[ "$cur" == "$verb" || "$cur" == "" || "$cur" == -* ]]; then
|
||||
COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
||||
@@ -156,6 +153,10 @@ _sepolicy () {
|
||||
if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
|
||||
COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
|
||||
return 0
|
||||
@ -2325,6 +2527,20 @@ index 82fea52..29f9428 100644
|
||||
elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
|
||||
return 0
|
||||
elif test "$prev" = "-p" || test "$prev" = "--path" ; then
|
||||
@@ -167,11 +168,11 @@ _sepolicy () {
|
||||
return 0
|
||||
elif [ "$verb" = "network" ]; then
|
||||
if [ "$prev" = "-t" -o "$prev" = "--type" ]; then
|
||||
- COMPREPLY=( $(compgen -W "$( __get_all_port_types ) " -- "$cur") )
|
||||
+ COMPREPLY=( $(compgen -W "$( __get_all_port_types )" -- "$cur") )
|
||||
return 0
|
||||
fi
|
||||
if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
|
||||
- COMPREPLY=( $(compgen -W "$( __get_all_domain_types ) " -- "$cur") )
|
||||
+ COMPREPLY=( $(compgen -W "$( __get_all_domain_types )" -- "$cur") )
|
||||
return 0
|
||||
fi
|
||||
COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy-generate.8 b/policycoreutils/sepolicy/sepolicy-generate.8
|
||||
index fb84af6..c2fa601 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy-generate.8
|
||||
@ -2382,7 +2598,7 @@ index b6abdf5..c05c943 100644
|
||||
Generate an additional HTML man pages for the specified domain(s).
|
||||
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
||||
index b25d3b2..1146bb3 100755
|
||||
index b25d3b2..c353021 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy.py
|
||||
@@ -22,6 +22,8 @@
|
||||
@ -2452,7 +2668,7 @@ index b25d3b2..1146bb3 100755
|
||||
newval = getattr(namespace, self.dest)
|
||||
if not newval:
|
||||
newval = []
|
||||
@@ -140,19 +162,18 @@ class CheckPolicyType(argparse.Action):
|
||||
@@ -140,19 +162,30 @@ class CheckPolicyType(argparse.Action):
|
||||
|
||||
class CheckUser(argparse.Action):
|
||||
def __call__(self, parser, namespace, value, option_string=None):
|
||||
@ -2467,6 +2683,18 @@ index b25d3b2..1146bb3 100755
|
||||
newval.append(value)
|
||||
setattr(namespace, self.dest, newval)
|
||||
|
||||
+def generate_custom_usage(usage_text,usage_dict):
|
||||
+ sorted_keys = []
|
||||
+ for i in usage_dict.keys():
|
||||
+ sorted_keys.append(i)
|
||||
+ sorted_keys.sort()
|
||||
+ for k in sorted_keys:
|
||||
+ usage_text += "%s %s |" % (k,(" ".join(usage_dict[k])))
|
||||
+ usage_text = usage_text[:-1] + "]"
|
||||
+ usage_text = _(usage_text)
|
||||
+
|
||||
+ return usage_text
|
||||
+
|
||||
def _print_net(src, protocol, perm):
|
||||
- from sepolicy.network import get_network_connect
|
||||
- portdict = get_network_connect(src, protocol, perm)
|
||||
@ -2475,7 +2703,7 @@ index b25d3b2..1146bb3 100755
|
||||
if len(portdict) > 0:
|
||||
print "%s: %s %s" % (src, protocol, perm)
|
||||
for p in portdict:
|
||||
@@ -160,7 +181,7 @@ def _print_net(src, protocol, perm):
|
||||
@@ -160,7 +193,7 @@ def _print_net(src, protocol, perm):
|
||||
print "\t" + recs
|
||||
|
||||
def network(args):
|
||||
@ -2484,7 +2712,7 @@ index b25d3b2..1146bb3 100755
|
||||
if args.list_ports:
|
||||
all_ports = []
|
||||
for i in portrecs:
|
||||
@@ -201,41 +222,41 @@ def manpage(args):
|
||||
@@ -201,41 +234,41 @@ def manpage(args):
|
||||
from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
|
||||
|
||||
path = args.path
|
||||
@ -2549,7 +2777,7 @@ index b25d3b2..1146bb3 100755
|
||||
|
||||
def gen_network_args(parser):
|
||||
net = parser.add_parser("network",
|
||||
@@ -283,7 +304,6 @@ def gen_communicate_args(parser):
|
||||
@@ -283,7 +316,6 @@ def gen_communicate_args(parser):
|
||||
comm.set_defaults(func=communicate)
|
||||
|
||||
def booleans(args):
|
||||
@ -2557,7 +2785,7 @@ index b25d3b2..1146bb3 100755
|
||||
from sepolicy import boolean_desc
|
||||
if args.all:
|
||||
rc, args.booleans = selinux.security_get_boolean_names()
|
||||
@@ -300,6 +320,7 @@ def gen_booleans_args(parser):
|
||||
@@ -300,6 +332,7 @@ def gen_booleans_args(parser):
|
||||
action="store_true",
|
||||
help=_("get all booleans descriptions"))
|
||||
group.add_argument("-b", "--boolean", dest="booleans", nargs="+",
|
||||
@ -2565,7 +2793,7 @@ index b25d3b2..1146bb3 100755
|
||||
help=_("boolean to get description"))
|
||||
bools.set_defaults(func=booleans)
|
||||
|
||||
@@ -320,7 +341,7 @@ def gen_transition_args(parser):
|
||||
@@ -320,7 +353,7 @@ def gen_transition_args(parser):
|
||||
trans.set_defaults(func=transition)
|
||||
|
||||
def interface(args):
|
||||
@ -2574,7 +2802,7 @@ index b25d3b2..1146bb3 100755
|
||||
if args.list_admin:
|
||||
for a in get_admin():
|
||||
print a
|
||||
@@ -328,13 +349,13 @@ def interface(args):
|
||||
@@ -328,13 +361,16 @@ def interface(args):
|
||||
for a in get_user():
|
||||
print a
|
||||
if args.list:
|
||||
@ -2583,14 +2811,37 @@ index b25d3b2..1146bb3 100755
|
||||
print m
|
||||
|
||||
def generate(args):
|
||||
from sepolicy.generate import policy, USERS, SANDBOX, APPLICATIONS, NEWTYPE
|
||||
- from sepolicy.generate import policy, USERS, SANDBOX, APPLICATIONS, NEWTYPE
|
||||
+ from sepolicy.generate import policy, AUSER, RUSER, EUSER, USERS, SANDBOX, APPLICATIONS, NEWTYPE
|
||||
cmd = None
|
||||
- if args.policytype not in USERS + [ SANDBOX, NEWTYPE]:
|
||||
+# numbers present POLTYPE defined in sepolicy.generate
|
||||
+ conflict_args = {'TYPES':(NEWTYPE,), 'DOMAIN':(EUSER,), 'ADMIN_DOMAIN':(AUSER, RUSER,)}
|
||||
+
|
||||
+ if args.policytype in APPLICATIONS:
|
||||
if not args.command:
|
||||
raise ValueError(_("Command required for this type of policy"))
|
||||
cmd = os.path.realpath(args.command)
|
||||
@@ -368,10 +389,10 @@ def gen_interface_args(parser):
|
||||
@@ -346,8 +382,18 @@ def generate(args):
|
||||
mypolicy.set_program(cmd)
|
||||
|
||||
if args.types:
|
||||
+ if args.policytype not in conflict_args['TYPES']:
|
||||
+ raise ValueError(_("-t option can not be used with this option. Read usage for more details."))
|
||||
mypolicy.set_types(args.types)
|
||||
|
||||
+ if args.domain:
|
||||
+ if args.policytype not in conflict_args['DOMAIN']:
|
||||
+ raise ValueError(_("-d option can not be used with this option. Read usage for more details."))
|
||||
+
|
||||
+ if args.admin_domain:
|
||||
+ if args.policytype not in conflict_args['ADMIN_DOMAIN']:
|
||||
+ raise ValueError(_("-a option can not be used with this option. Read usage for more details."))
|
||||
+
|
||||
for p in args.writepaths:
|
||||
if os.path.isdir(p):
|
||||
mypolicy.add_dir(p)
|
||||
@@ -368,10 +414,10 @@ def gen_interface_args(parser):
|
||||
help=_('List SELinux Policy interfaces'))
|
||||
group = itf.add_mutually_exclusive_group(required=True)
|
||||
group.add_argument("-a", "--list_admin", dest="list_admin",action="store_true", default=False,
|
||||
@ -2603,7 +2854,105 @@ index b25d3b2..1146bb3 100755
|
||||
group.add_argument("-l", "--list", dest="list",action="store_true",
|
||||
default=False,
|
||||
help="List all interfaces")
|
||||
@@ -461,7 +482,10 @@ if __name__ == '__main__':
|
||||
@@ -379,7 +425,12 @@ def gen_interface_args(parser):
|
||||
|
||||
def gen_generate_args(parser):
|
||||
from sepolicy.generate import DAEMON, get_poltype_desc, poltype, DAEMON, DBUS, INETD, CGI, SANDBOX, USER, EUSER, TUSER, XUSER, LUSER, AUSER, RUSER, NEWTYPE
|
||||
- pol = parser.add_parser("generate",
|
||||
+
|
||||
+ generate_usage = "sepolicy generate [-h] [-n NAME] [-p PATH] [-w [WRITEPATHS [WRITEPATHS ...]]] ["
|
||||
+ generate_usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN',), ' --admin_user':('-a ADMIN_DOMAIN',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
|
||||
+ generate_usage = generate_custom_usage(generate_usage, generate_usage_dict)
|
||||
+
|
||||
+ pol = parser.add_parser("generate", usage = generate_usage,
|
||||
help=_('Generate SELinux Policy module template'))
|
||||
pol.add_argument("-d", "--domain", dest="domain", default=[],
|
||||
action=CheckDomain, nargs="*",
|
||||
@@ -397,53 +448,57 @@ def gen_generate_args(parser):
|
||||
help=argparse.SUPPRESS)
|
||||
pol.add_argument("-t", "--type", dest="types", default=[], nargs="*",
|
||||
action=CheckType,
|
||||
- help=argparse.SUPPRESS)
|
||||
+ help="Enter type(s) for which you will generate new definition and rule(s)")
|
||||
pol.add_argument("-p", "--path", dest="path", default=os.getcwd(),
|
||||
help=_("path in which the generated policy files will be stored"))
|
||||
pol.add_argument("-w", "--writepath", dest="writepaths", nargs="*", default = [],
|
||||
help=_("path to which the confined processes will need to write"))
|
||||
- pol.add_argument("command",nargs="?", default=None,
|
||||
- help=_("executable to confine"))
|
||||
- group = pol.add_mutually_exclusive_group(required=False)
|
||||
- group.add_argument("--newtype", dest="policytype", const=NEWTYPE,
|
||||
+ cmdtype = pol.add_argument_group(_("Policy types which require a command"))
|
||||
+ cmdgroup = cmdtype.add_mutually_exclusive_group(required=True)
|
||||
+ cmdgroup.add_argument("--application", dest="policytype", const=USER,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[NEWTYPE])
|
||||
- group.add_argument("--admin_user", dest="policytype", const=AUSER,
|
||||
+ help=_("Generate '%s' policy") % poltype[USER])
|
||||
+ cmdgroup.add_argument("--cgi", dest="policytype", const=CGI,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[AUSER])
|
||||
- group.add_argument("--application", dest="policytype", const=USER,
|
||||
+ help=_("Generate '%s' policy") % poltype[CGI])
|
||||
+ cmdgroup.add_argument("--dbus", dest="policytype", const=DBUS,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[USER])
|
||||
- group.add_argument("--cgi", dest="policytype", const=CGI,
|
||||
+ help=_("Generate '%s' policy") % poltype[DBUS])
|
||||
+ cmdgroup.add_argument("--inetd", dest="policytype", const=INETD,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[CGI])
|
||||
+ help=_("Generate '%s' policy") % poltype[INETD])
|
||||
+ cmdgroup.add_argument("--init", dest="policytype", const=DAEMON,
|
||||
+ action="store_const", default=DAEMON,
|
||||
+ help=_("Generate '%s' policy") % poltype[DAEMON])
|
||||
+
|
||||
+ type = pol.add_argument_group("Policy types which do not require a command")
|
||||
+ group = type.add_mutually_exclusive_group(required=True)
|
||||
+ group.add_argument("--admin_user", dest="policytype", const=AUSER,
|
||||
+ action="store_const",
|
||||
+ help=_("Generate '%s' policy") % poltype[AUSER])
|
||||
group.add_argument("--confined_admin", dest="policytype", const=RUSER,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[RUSER])
|
||||
+ help=_("Generate '%s' policy") % poltype[RUSER])
|
||||
group.add_argument("--customize", dest="policytype", const=EUSER,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[EUSER])
|
||||
- group.add_argument("--dbus", dest="policytype", const=DBUS,
|
||||
- action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[DBUS])
|
||||
+ help=_("Generate '%s' policy") % poltype[EUSER])
|
||||
group.add_argument("--desktop_user", dest="policytype", const=LUSER,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[LUSER])
|
||||
- group.add_argument("--inetd", dest="policytype", const=INETD,
|
||||
+ help=_("Generate '%s' policy ") % poltype[LUSER])
|
||||
+ group.add_argument("--newtype", dest="policytype", const=NEWTYPE,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[INETD])
|
||||
- group.add_argument("--init", dest="policytype", const=DAEMON,
|
||||
- action="store_const", default=DAEMON,
|
||||
- help=_("Generate Policy for %s") % poltype[DAEMON])
|
||||
+ help=_("Generate '%s' policy") % poltype[NEWTYPE])
|
||||
group.add_argument("--sandbox", dest="policytype", const=SANDBOX,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[SANDBOX])
|
||||
+ help=_("Generate '%s' policy") % poltype[SANDBOX])
|
||||
group.add_argument("--term_user", dest="policytype", const=TUSER,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[TUSER])
|
||||
+ help=_("Generate '%s' policy") % poltype[TUSER])
|
||||
group.add_argument("--x_user", dest="policytype", const=XUSER,
|
||||
action="store_const",
|
||||
- help=_("Generate Policy for %s") % poltype[XUSER])
|
||||
+ help=_("Generate '%s' policy") % poltype[XUSER])
|
||||
+ pol.add_argument("command",nargs="?", default=None,
|
||||
+ help=_("executable to confine"))
|
||||
pol.set_defaults(func=generate)
|
||||
|
||||
if __name__ == '__main__':
|
||||
@@ -461,7 +516,10 @@ if __name__ == '__main__':
|
||||
gen_transition_args(subparsers)
|
||||
|
||||
try:
|
||||
@ -2823,7 +3172,7 @@ index 5e7415c..5267ed9 100644
|
||||
booleans_dict = None
|
||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
index 26f8390..95b3ac0 100644
|
||||
index 26f8390..c83883f 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
@@ -63,20 +63,6 @@ except IOError:
|
||||
@ -2865,7 +3214,30 @@ index 26f8390..95b3ac0 100644
|
||||
line = "%s(%s_t)\n" % (method, self.name)
|
||||
else:
|
||||
line = """
|
||||
@@ -1030,14 +1016,15 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
@@ -765,7 +751,7 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
|
||||
return newte
|
||||
|
||||
- if self.type == RUSER:
|
||||
+ if self.type == RUSER or self.type == AUSER:
|
||||
newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
|
||||
|
||||
for app in self.admin_domains:
|
||||
@@ -875,6 +861,13 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
if t.endswith(i):
|
||||
newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
|
||||
break
|
||||
+
|
||||
+ if NEWTYPE and newte == "":
|
||||
+ default_ext = []
|
||||
+ for i in self.DEFAULT_EXT:
|
||||
+ default_ext.append(i)
|
||||
+ raise ValueError(_("You need to define a new type which ends with: \n %s") % "\n ".join(default_ext))
|
||||
+
|
||||
return newte
|
||||
|
||||
def generate_new_rules(self):
|
||||
@@ -1030,14 +1023,15 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
if len(self.DEFAULT_DIRS[d][1]) > 0:
|
||||
# CGI scripts already have a rw_t
|
||||
if self.type != CGI or d != "rw":
|
||||
@ -2883,7 +3255,7 @@ index 26f8390..95b3ac0 100644
|
||||
newte += self.generate_capabilities()
|
||||
newte += self.generate_process()
|
||||
newte += self.generate_network_types()
|
||||
@@ -1048,11 +1035,20 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
@@ -1048,11 +1042,20 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
|
||||
for d in self.DEFAULT_KEYS:
|
||||
if len(self.DEFAULT_DIRS[d][1]) > 0:
|
||||
@ -2909,7 +3281,7 @@ index 26f8390..95b3ac0 100644
|
||||
|
||||
newte += self.generate_tmp_rules()
|
||||
newte += self.generate_network_rules()
|
||||
@@ -1079,7 +1075,7 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
@@ -1079,7 +1082,7 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
fclist = []
|
||||
if self.type in USERS + [ SANDBOX ]:
|
||||
return executable.fc_user
|
||||
@ -2918,6 +3290,15 @@ index 26f8390..95b3ac0 100644
|
||||
raise ValueError(_("You must enter the executable path for your confined process"))
|
||||
|
||||
if self.program:
|
||||
@@ -1123,7 +1126,7 @@ allow %s_t %s_t:%s_socket name_%s;
|
||||
tmp = re.sub("TEMPLATETYPE", self.name, script.users)
|
||||
newsh += re.sub("ROLES", roles, tmp)
|
||||
|
||||
- if self.type == RUSER:
|
||||
+ if self.type == RUSER or self.type == AUSER:
|
||||
for u in self.transition_users:
|
||||
tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans)
|
||||
newsh += re.sub("USER", u, tmp)
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
|
||||
index 8b063ca..c9036c3 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy/interface.py
|
||||
|
@ -21,24 +21,51 @@ index d636091..56919be 100644
|
||||
avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
|
||||
|
||||
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
|
||||
index cc9f8ea..24062a1 100644
|
||||
index cc9f8ea..ce643e5 100644
|
||||
--- a/sepolgen/src/sepolgen/policygen.py
|
||||
+++ b/sepolgen/src/sepolgen/policygen.py
|
||||
@@ -172,10 +172,10 @@ class PolicyGenerator:
|
||||
rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
|
||||
@@ -161,21 +161,21 @@ class PolicyGenerator:
|
||||
if self.explain:
|
||||
rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
|
||||
if av.type == audit2why.ALLOW:
|
||||
- rule.comment += "#!!!! This avc is allowed in the current policy\n"
|
||||
+ rule.comment += "\n#!!!! This avc is allowed in the current policy"
|
||||
if av.type == audit2why.DONTAUDIT:
|
||||
- rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
|
||||
+ rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy"
|
||||
|
||||
if av.type == audit2why.BOOLEAN:
|
||||
if len(av.data) > 1:
|
||||
- rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: x[0], av.data))
|
||||
+ rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join(map(lambda x: x[0], av.data))
|
||||
else:
|
||||
- rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
|
||||
+ rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0]
|
||||
|
||||
if av.type == audit2why.CONSTRAINT:
|
||||
- rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
||||
- rule.comment += "#Constraint rule: "
|
||||
- for reason in av.data:
|
||||
- rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason
|
||||
+ rule.comment += "#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
|
||||
+ rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
|
||||
+ rule.comment += "#Constraint rule: \n\t" + av.data[0]
|
||||
+ for reason in av.data[1:]:
|
||||
+ rule.comment += "#\tPossible cause is the source %s and target %s are different.\n\b" % reason
|
||||
+ rule.comment += "#\tPossible cause is the source %s and target %s are different." % reason
|
||||
|
||||
try:
|
||||
if ( av.type == audit2why.TERULE and
|
||||
@@ -189,9 +189,9 @@ class PolicyGenerator:
|
||||
if i not in self.domains:
|
||||
types.append(i)
|
||||
if len(types) == 1:
|
||||
- rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
elif len(types) >= 1:
|
||||
- rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
except:
|
||||
pass
|
||||
self.module.children.append(rule)
|
||||
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
|
||||
index 7b76261..a05d9d1 100644
|
||||
--- a/sepolgen/src/sepolgen/refparser.py
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.14
|
||||
Release: 27%{?dist}
|
||||
Release: 28%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -309,6 +309,12 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Wed Mar 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-28
|
||||
- Fix audit2allow output to better align analysys with the allow rules
|
||||
- Apply Miroslav Grepl patch to clean up sepolicy generate usage
|
||||
- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
|
||||
- Update Tranlslations
|
||||
|
||||
* Wed Mar 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-27
|
||||
- Allow semanage fcontext -a -t "<<none>>" ... to work
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user