Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
16
.gitignore
vendored
16
.gitignore
vendored
@ -1,13 +1,7 @@
|
|||||||
SOURCES/gui-po.tgz
|
SOURCES/selinux-3.6.tar.gz
|
||||||
SOURCES/policycoreutils-2.9.tar.gz
|
SOURCES/selinux-gui.zip
|
||||||
SOURCES/policycoreutils-po.tgz
|
SOURCES/selinux-policycoreutils.zip
|
||||||
SOURCES/python-po.tgz
|
SOURCES/selinux-python.zip
|
||||||
SOURCES/restorecond-2.9.tar.gz
|
SOURCES/selinux-sandbox.zip
|
||||||
SOURCES/sandbox-po.tgz
|
|
||||||
SOURCES/selinux-dbus-2.9.tar.gz
|
|
||||||
SOURCES/selinux-gui-2.9.tar.gz
|
|
||||||
SOURCES/selinux-python-2.9.tar.gz
|
|
||||||
SOURCES/selinux-sandbox-2.9.tar.gz
|
|
||||||
SOURCES/semodule-utils-2.9.tar.gz
|
|
||||||
SOURCES/sepolicy-icons.tgz
|
SOURCES/sepolicy-icons.tgz
|
||||||
SOURCES/system-config-selinux.png
|
SOURCES/system-config-selinux.png
|
||||||
|
@ -1,13 +1,7 @@
|
|||||||
3f355f8cbfdf7be6f9a8190153090af95d2c7358 SOURCES/gui-po.tgz
|
c1d6c443723b91295ca887eeea5c2d84a420593f SOURCES/selinux-3.6.tar.gz
|
||||||
6e64d9a38fb516738023eb429eef29af5383f443 SOURCES/policycoreutils-2.9.tar.gz
|
c2957ae26fcabe856439915bc03fb7d25c91b724 SOURCES/selinux-gui.zip
|
||||||
51122ae6029657bf762d72bff94bab38890fd1e7 SOURCES/policycoreutils-po.tgz
|
8aec9d92a940e35756c4cf66891db7b070e00c5c SOURCES/selinux-policycoreutils.zip
|
||||||
c503e61733af54159d5950bbd9fa8080771ee938 SOURCES/python-po.tgz
|
6a9a8a86bf4b66b484533e5a5b91acd9f2ba4ed1 SOURCES/selinux-python.zip
|
||||||
0a34ef54394972870203832c8ce52d4405bd5330 SOURCES/restorecond-2.9.tar.gz
|
c9b684345b0b6940afd38d8679e2838ad7ef5ffe SOURCES/selinux-sandbox.zip
|
||||||
7df1784ab0c6b0823943571d733b856d10a87f76 SOURCES/sandbox-po.tgz
|
|
||||||
8645509cdfc433278c2e4d29ee8f511625c7edcc SOURCES/selinux-dbus-2.9.tar.gz
|
|
||||||
5c155ae47692389d9fabaa154195e7f978f2a3f0 SOURCES/selinux-gui-2.9.tar.gz
|
|
||||||
660e1ab824ef80f7a69f0b70f61e231957fd398e SOURCES/selinux-python-2.9.tar.gz
|
|
||||||
0e208cad193021ad17a445b76b72af3fef8db999 SOURCES/selinux-sandbox-2.9.tar.gz
|
|
||||||
a4414223e60bb664ada4824e54f8d36ab208d599 SOURCES/semodule-utils-2.9.tar.gz
|
|
||||||
d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
|
d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
|
||||||
611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png
|
611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png
|
||||||
|
@ -1,43 +0,0 @@
|
|||||||
From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 5 Mar 2019 17:38:55 +0100
|
|
||||||
Subject: [PATCH] gui: Install polgengui.py to /usr/bin/selinux-polgengui
|
|
||||||
|
|
||||||
polgengui.py is a standalone gui tool which should be in /usr/bin with other
|
|
||||||
tools.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
gui/Makefile | 2 +-
|
|
||||||
gui/modulesPage.py | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gui/Makefile b/gui/Makefile
|
|
||||||
index c2f982de..b2375fbf 100644
|
|
||||||
--- a/gui/Makefile
|
|
||||||
+++ b/gui/Makefile
|
|
||||||
@@ -31,7 +31,7 @@ install: all
|
|
||||||
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
|
||||||
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
|
|
||||||
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
|
|
||||||
- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
|
|
||||||
+ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
|
|
||||||
install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
|
|
||||||
install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
|
|
||||||
install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
|
|
||||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
|
||||||
index 34c5d9e3..cb856b2d 100644
|
|
||||||
--- a/gui/modulesPage.py
|
|
||||||
+++ b/gui/modulesPage.py
|
|
||||||
@@ -118,7 +118,7 @@ class modulesPage(semanagePage):
|
|
||||||
|
|
||||||
def new_module(self, args):
|
|
||||||
try:
|
|
||||||
- Popen(["/usr/share/system-config-selinux/polgengui.py"])
|
|
||||||
+ Popen(["selinux-polgengui"])
|
|
||||||
except ValueError as e:
|
|
||||||
self.error(e.args[0])
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,15 +1,16 @@
|
|||||||
From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001
|
From b1612f0ed2cabdf7f2a5ab44edc5be94ab4b84ed Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
||||||
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
||||||
recent Fedoras
|
recent Fedoras
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
---
|
---
|
||||||
sandbox/sandboxX.sh | 2 +-
|
sandbox/sandboxX.sh | 2 +-
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||||
index eaa500d0..47745280 100644
|
index eaa500d08143..4774528027ef 100644
|
||||||
--- a/sandbox/sandboxX.sh
|
--- a/sandbox/sandboxX.sh
|
||||||
+++ b/sandbox/sandboxX.sh
|
+++ b/sandbox/sandboxX.sh
|
||||||
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
|
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
|
||||||
@ -22,5 +23,5 @@ index eaa500d0..47745280 100644
|
|||||||
cat > ~/seremote << __EOF
|
cat > ~/seremote << __EOF
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
@ -1,7 +1,8 @@
|
|||||||
From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001
|
From 2dade3b4302d6fb6c8abf94227d684ab284216e3 Mon Sep 17 00:00:00 2001
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
From: Dan Walsh <dwalsh@redhat.com>
|
||||||
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
||||||
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
---
|
---
|
||||||
@ -9,10 +10,10 @@ Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
|||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
index 1d367962..24e311a3 100755
|
index 629990194f83..b80a408a8f55 100755
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
@@ -735,10 +735,13 @@ Default Defined Ports:""")
|
@@ -679,10 +679,13 @@ Default Defined Ports:""")
|
||||||
|
|
||||||
def _file_context(self):
|
def _file_context(self):
|
||||||
flist = []
|
flist = []
|
||||||
@ -26,9 +27,9 @@ index 1d367962..24e311a3 100755
|
|||||||
if f in self.fcdict:
|
if f in self.fcdict:
|
||||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||||
if len(mpaths) == 0:
|
if len(mpaths) == 0:
|
||||||
@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
@@ -741,12 +744,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||||
SELinux defines the file context types for the %(domainname)s, if you wanted to
|
SELinux defines the file context types for the %(domainname)s, if you wanted to
|
||||||
store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
|
store files with these types in a different paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk.
|
||||||
|
|
||||||
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
|
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
|
||||||
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
|
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
|
||||||
@ -42,5 +43,5 @@ index 1d367962..24e311a3 100755
|
|||||||
self.fd.write(r"""
|
self.fd.write(r"""
|
||||||
.I The following file types are defined for %(domainname)s:
|
.I The following file types are defined for %(domainname)s:
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 5 Mar 2019 17:25:00 +0100
|
|
||||||
Subject: [PATCH] gui: Install .desktop files to /usr/share/applications by
|
|
||||||
default
|
|
||||||
|
|
||||||
/usr/share/applications is a standard directory for .desktop files.
|
|
||||||
Installation path can be changed using DESKTOPDIR variable in installation
|
|
||||||
phase, e.g.
|
|
||||||
|
|
||||||
make DESKTOPDIR=/usr/local/share/applications install
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
gui/Makefile | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/gui/Makefile b/gui/Makefile
|
|
||||||
index b2375fbf..ca965c94 100644
|
|
||||||
--- a/gui/Makefile
|
|
||||||
+++ b/gui/Makefile
|
|
||||||
@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
|
|
||||||
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
|
||||||
DATADIR ?= $(PREFIX)/share
|
|
||||||
MANDIR ?= $(PREFIX)/share/man
|
|
||||||
+DESKTOPDIR ?= $(PREFIX)/share/applications
|
|
||||||
|
|
||||||
TARGETS= \
|
|
||||||
booleansPage.py \
|
|
||||||
@@ -29,6 +30,7 @@ install: all
|
|
||||||
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
|
|
||||||
-mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
|
|
||||||
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
|
||||||
+ -mkdir -p $(DESTDIR)$(DESKTOPDIR)
|
|
||||||
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
|
|
||||||
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
|
|
||||||
install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
|
|
||||||
@@ -44,7 +46,7 @@ install: all
|
|
||||||
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
|
|
||||||
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
|
|
||||||
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
|
|
||||||
- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
|
|
||||||
+ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR)
|
|
||||||
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
|
|
||||||
install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
|
|
||||||
for i in 16 22 32 48 256; do \
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,27 +1,28 @@
|
|||||||
From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001
|
From 91eebedb3f2af184720bf77f64133a9a2e0dc453 Mon Sep 17 00:00:00 2001
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||||
Date: Mon, 12 May 2014 14:11:22 +0200
|
Date: Mon, 12 May 2014 14:11:22 +0200
|
||||||
Subject: [PATCH] If there is no executable we don't want to print a part of
|
Subject: [PATCH] If there is no executable we don't want to print a part of
|
||||||
STANDARD FILE CONTEXT
|
STANDARD FILE CONTEXT
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
---
|
---
|
||||||
python/sepolicy/sepolicy/manpage.py | 3 ++-
|
python/sepolicy/sepolicy/manpage.py | 3 ++-
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
index 24e311a3..46092be0 100755
|
index b80a408a8f55..70a8ce848900 100755
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
@@ -737,7 +737,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||||
.PP
|
.PP
|
||||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
||||||
|
|
||||||
- self.fd.write(r"""
|
- self.fd.write(r"""
|
||||||
+ if flist_non_exec:
|
+ if flist_non_exec:
|
||||||
+ self.fd.write(r"""
|
+ self.fd.write(r"""
|
||||||
.PP
|
.PP
|
||||||
.B STANDARD FILE CONTEXT
|
.B STANDARD FILE CONTEXT
|
||||||
|
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
@ -1,14 +1,15 @@
|
|||||||
From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001
|
From 06c0d6d8f34becde1a8b4b2532e2a22abe9d4d94 Mon Sep 17 00:00:00 2001
|
||||||
From: Dan Walsh <dwalsh@redhat.com>
|
From: Dan Walsh <dwalsh@redhat.com>
|
||||||
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
||||||
Subject: [PATCH] Don't be verbose if you are not on a tty
|
Subject: [PATCH] Don't be verbose if you are not on a tty
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
---
|
---
|
||||||
policycoreutils/scripts/fixfiles | 1 +
|
policycoreutils/scripts/fixfiles | 1 +
|
||||||
1 file changed, 1 insertion(+)
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||||
index b2779581..53d28c7b 100755
|
index 166af6f360a2..ebe64563c7d7 100755
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
--- a/policycoreutils/scripts/fixfiles
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
+++ b/policycoreutils/scripts/fixfiles
|
||||||
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
||||||
@ -17,8 +18,8 @@ index b2779581..53d28c7b 100755
|
|||||||
VERBOSE="-p"
|
VERBOSE="-p"
|
||||||
+[ -t 1 ] || VERBOSE=""
|
+[ -t 1 ] || VERBOSE=""
|
||||||
FORCEFLAG=""
|
FORCEFLAG=""
|
||||||
|
THREADS=""
|
||||||
RPMFILES=""
|
RPMFILES=""
|
||||||
PREFC=""
|
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
@ -1,7 +1,8 @@
|
|||||||
From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001
|
From ff5572d5cb4ee465b09e353b84a75dc5ec60307d Mon Sep 17 00:00:00 2001
|
||||||
From: Masatake YAMATO <yamato@redhat.com>
|
From: Masatake YAMATO <yamato@redhat.com>
|
||||||
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
||||||
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
Currently only reserved_port_t, port_t and hi_reserved_port_t are
|
Currently only reserved_port_t, port_t and hi_reserved_port_t are
|
||||||
handled as special when making a ports-dictionary. However, as fas as
|
handled as special when making a ports-dictionary. However, as fas as
|
||||||
@ -52,7 +53,7 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha
|
|||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||||
index 7175d36b..93caedee 100644
|
index b6df3e91160b..36a3ea1196b1 100644
|
||||||
--- a/python/sepolicy/sepolicy/generate.py
|
--- a/python/sepolicy/sepolicy/generate.py
|
||||||
+++ b/python/sepolicy/sepolicy/generate.py
|
+++ b/python/sepolicy/sepolicy/generate.py
|
||||||
@@ -100,7 +100,9 @@ def get_all_ports():
|
@@ -100,7 +100,9 @@ def get_all_ports():
|
||||||
@ -67,5 +68,5 @@ index 7175d36b..93caedee 100644
|
|||||||
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
||||||
return dict
|
return dict
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
@ -1,169 +0,0 @@
|
|||||||
From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Thu, 19 Feb 2015 17:45:15 +0100
|
|
||||||
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
|
||||||
system_release is no longer hardcoded and it creates only index.html and html
|
|
||||||
man pages in the directory for the system release.
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/__init__.py | 25 +++--------
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 65 +++-------------------------
|
|
||||||
2 files changed, 13 insertions(+), 77 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index 6aed31bd..88a2b8f6 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -1209,27 +1209,14 @@ def boolean_desc(boolean):
|
|
||||||
|
|
||||||
|
|
||||||
def get_os_version():
|
|
||||||
- os_version = ""
|
|
||||||
- pkg_name = "selinux-policy"
|
|
||||||
+ system_release = ""
|
|
||||||
try:
|
|
||||||
- try:
|
|
||||||
- from commands import getstatusoutput
|
|
||||||
- except ImportError:
|
|
||||||
- from subprocess import getstatusoutput
|
|
||||||
- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
|
|
||||||
- if rc == 0:
|
|
||||||
- os_version = output.split(".")[-2]
|
|
||||||
- except:
|
|
||||||
- os_version = ""
|
|
||||||
-
|
|
||||||
- if os_version[0:2] == "fc":
|
|
||||||
- os_version = "Fedora" + os_version[2:]
|
|
||||||
- elif os_version[0:2] == "el":
|
|
||||||
- os_version = "RHEL" + os_version[2:]
|
|
||||||
- else:
|
|
||||||
- os_version = ""
|
|
||||||
+ with open('/etc/system-release') as f:
|
|
||||||
+ system_release = f.readline()
|
|
||||||
+ except IOError:
|
|
||||||
+ system_release = "Misc"
|
|
||||||
|
|
||||||
- return os_version
|
|
||||||
+ return system_release
|
|
||||||
|
|
||||||
|
|
||||||
def reinit():
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index 46092be0..d60acfaf 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -149,10 +149,6 @@ def prettyprint(f, trim):
|
|
||||||
manpage_domains = []
|
|
||||||
manpage_roles = []
|
|
||||||
|
|
||||||
-fedora_releases = ["Fedora17", "Fedora18"]
|
|
||||||
-rhel_releases = ["RHEL6", "RHEL7"]
|
|
||||||
-
|
|
||||||
-
|
|
||||||
def get_alphabet_manpages(manpage_list):
|
|
||||||
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
|
|
||||||
for i in string.ascii_letters:
|
|
||||||
@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage):
|
|
||||||
class HTMLManPages:
|
|
||||||
|
|
||||||
"""
|
|
||||||
- Generate a HHTML Manpages on an given SELinux domains
|
|
||||||
+ Generate a HTML Manpages on an given SELinux domains
|
|
||||||
"""
|
|
||||||
|
|
||||||
def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
|
||||||
@@ -190,9 +186,9 @@ class HTMLManPages:
|
|
||||||
self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
|
||||||
self.os_version = os_version
|
|
||||||
self.old_path = path + "/"
|
|
||||||
- self.new_path = self.old_path + self.os_version + "/"
|
|
||||||
+ self.new_path = self.old_path
|
|
||||||
|
|
||||||
- if self.os_version in fedora_releases or self.os_version in rhel_releases:
|
|
||||||
+ if self.os_version:
|
|
||||||
self.__gen_html_manpages()
|
|
||||||
else:
|
|
||||||
print("SELinux HTML man pages can not be generated for this %s" % os_version)
|
|
||||||
@@ -201,7 +197,6 @@ class HTMLManPages:
|
|
||||||
def __gen_html_manpages(self):
|
|
||||||
self._write_html_manpage()
|
|
||||||
self._gen_index()
|
|
||||||
- self._gen_body()
|
|
||||||
self._gen_css()
|
|
||||||
|
|
||||||
def _write_html_manpage(self):
|
|
||||||
@@ -219,67 +214,21 @@ class HTMLManPages:
|
|
||||||
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
|
|
||||||
|
|
||||||
def _gen_index(self):
|
|
||||||
- index = self.old_path + "index.html"
|
|
||||||
- fd = open(index, 'w')
|
|
||||||
- fd.write("""
|
|
||||||
-<html>
|
|
||||||
-<head>
|
|
||||||
- <link rel=stylesheet type="text/css" href="style.css" title="style">
|
|
||||||
- <title>SELinux man pages online</title>
|
|
||||||
-</head>
|
|
||||||
-<body>
|
|
||||||
-<h1>SELinux man pages</h1>
|
|
||||||
-<br></br>
|
|
||||||
-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
|
||||||
-<br></br>
|
|
||||||
-<hr>
|
|
||||||
-<h3>Fedora</h3>
|
|
||||||
-<table><tr>
|
|
||||||
-<td valign="middle">
|
|
||||||
-</td>
|
|
||||||
-</tr></table>
|
|
||||||
-<pre>
|
|
||||||
-""")
|
|
||||||
- for f in fedora_releases:
|
|
||||||
- fd.write("""
|
|
||||||
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
|
|
||||||
-
|
|
||||||
- fd.write("""
|
|
||||||
-</pre>
|
|
||||||
-<hr>
|
|
||||||
-<h3>RHEL</h3>
|
|
||||||
-<table><tr>
|
|
||||||
-<td valign="middle">
|
|
||||||
-</td>
|
|
||||||
-</tr></table>
|
|
||||||
-<pre>
|
|
||||||
-""")
|
|
||||||
- for r in rhel_releases:
|
|
||||||
- fd.write("""
|
|
||||||
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
|
|
||||||
-
|
|
||||||
- fd.write("""
|
|
||||||
-</pre>
|
|
||||||
- """)
|
|
||||||
- fd.close()
|
|
||||||
- print("%s has been created" % index)
|
|
||||||
-
|
|
||||||
- def _gen_body(self):
|
|
||||||
html = self.new_path + self.os_version + ".html"
|
|
||||||
fd = open(html, 'w')
|
|
||||||
fd.write("""
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
|
|
||||||
- <title>Linux man-pages online for Fedora18</title>
|
|
||||||
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
|
|
||||||
+ <title>SELinux man pages online</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
-<h1>SELinux man pages for Fedora18</h1>
|
|
||||||
+<h1>SELinux man pages for %s</h1>
|
|
||||||
<hr>
|
|
||||||
<table><tr>
|
|
||||||
<td valign="middle">
|
|
||||||
<h3>SELinux roles</h3>
|
|
||||||
-""")
|
|
||||||
+""" % self.os_version)
|
|
||||||
for letter in self.manpage_roles:
|
|
||||||
if len(self.manpage_roles[letter]):
|
|
||||||
fd.write("""
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
|||||||
From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001
|
From 8d751d18ea748de141880a726339e4aba4b7a437 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
||||||
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
---
|
---
|
||||||
sandbox/sandbox | 4 ++--
|
sandbox/sandbox | 4 ++--
|
||||||
@ -10,10 +11,10 @@ Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
|||||||
3 files changed, 3 insertions(+), 17 deletions(-)
|
3 files changed, 3 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||||
index a12403b3..707959a6 100644
|
index a2762a7d215a..a32a33ea3cf6 100644
|
||||||
--- a/sandbox/sandbox
|
--- a/sandbox/sandbox
|
||||||
+++ b/sandbox/sandbox
|
+++ b/sandbox/sandbox
|
||||||
@@ -268,7 +268,7 @@ class Sandbox:
|
@@ -270,7 +270,7 @@ class Sandbox:
|
||||||
copyfile(f, "/tmp", self.__tmpdir)
|
copyfile(f, "/tmp", self.__tmpdir)
|
||||||
copyfile(f, "/var/tmp", self.__tmpdir)
|
copyfile(f, "/var/tmp", self.__tmpdir)
|
||||||
|
|
||||||
@ -22,7 +23,7 @@ index a12403b3..707959a6 100644
|
|||||||
execfile = self.__homedir + "/.sandboxrc"
|
execfile = self.__homedir + "/.sandboxrc"
|
||||||
fd = open(execfile, "w+")
|
fd = open(execfile, "w+")
|
||||||
if self.__options.session:
|
if self.__options.session:
|
||||||
@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
@@ -369,7 +369,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||||
|
|
||||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||||
type="string",
|
type="string",
|
||||||
@ -32,10 +33,10 @@ index a12403b3..707959a6 100644
|
|||||||
|
|
||||||
parser.add_option("-l", "--level", dest="level",
|
parser.add_option("-l", "--level", dest="level",
|
||||||
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
||||||
index d83fee76..90ef4951 100644
|
index 095b9e27042d..1c1870190e51 100644
|
||||||
--- a/sandbox/sandbox.8
|
--- a/sandbox/sandbox.8
|
||||||
+++ b/sandbox/sandbox.8
|
+++ b/sandbox/sandbox.8
|
||||||
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
@@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||||
\fB\-W\fR \fB\-\-windowmanager\fR
|
\fB\-W\fR \fB\-\-windowmanager\fR
|
||||||
Select alternative window manager to run within
|
Select alternative window manager to run within
|
||||||
.B sandbox \-X.
|
.B sandbox \-X.
|
||||||
@ -45,7 +46,7 @@ index d83fee76..90ef4951 100644
|
|||||||
\fB\-X\fR
|
\fB\-X\fR
|
||||||
Create an X based Sandbox for gui apps, temporary files for
|
Create an X based Sandbox for gui apps, temporary files for
|
||||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||||
index 47745280..c211ebc1 100644
|
index 4774528027ef..c211ebc14549 100644
|
||||||
--- a/sandbox/sandboxX.sh
|
--- a/sandbox/sandboxX.sh
|
||||||
+++ b/sandbox/sandboxX.sh
|
+++ b/sandbox/sandboxX.sh
|
||||||
@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
|
@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
|
||||||
@ -70,5 +71,5 @@ index 47745280..c211ebc1 100644
|
|||||||
export DISPLAY=:$D
|
export DISPLAY=:$D
|
||||||
cat > ~/seremote << __EOF
|
cat > ~/seremote << __EOF
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
178
SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch
Normal file
178
SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch
Normal file
@ -0,0 +1,178 @@
|
|||||||
|
From 5d257019cb4de4681e60f6e15bf2c1be73275b9c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
||||||
|
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
The use of SHA-1 in RHEL9 is deprecated
|
||||||
|
---
|
||||||
|
policycoreutils/setfiles/restorecon.8 | 10 +++++-----
|
||||||
|
policycoreutils/setfiles/restorecon_xattr.8 | 8 ++++----
|
||||||
|
policycoreutils/setfiles/restorecon_xattr.c | 12 ++++++------
|
||||||
|
policycoreutils/setfiles/setfiles.8 | 10 +++++-----
|
||||||
|
4 files changed, 20 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||||
|
index c3cc5c9b0e52..6160aced5922 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon.8
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon.8
|
||||||
|
@@ -95,14 +95,14 @@ display usage information and exit.
|
||||||
|
ignore files that do not exist.
|
||||||
|
.TP
|
||||||
|
.B \-I
|
||||||
|
-ignore digest to force checking of labels even if the stored SHA1 digest
|
||||||
|
-matches the specfiles SHA1 digest. The digest will then be updated provided
|
||||||
|
+ignore digest to force checking of labels even if the stored SHA256 digest
|
||||||
|
+matches the specfiles SHA256 digest. The digest will then be updated provided
|
||||||
|
there are no errors. See the
|
||||||
|
.B NOTES
|
||||||
|
section for further details.
|
||||||
|
.TP
|
||||||
|
.B \-D
|
||||||
|
-Set or update any directory SHA1 digests. Use this option to
|
||||||
|
+Set or update any directory SHA256 digests. Use this option to
|
||||||
|
enable usage of the
|
||||||
|
.IR security.sehash
|
||||||
|
extended attribute.
|
||||||
|
@@ -200,7 +200,7 @@ the
|
||||||
|
.B \-D
|
||||||
|
option to
|
||||||
|
.B restorecon
|
||||||
|
-will cause it to store a SHA1 digest of the default specfiles set in an extended
|
||||||
|
+will cause it to store a SHA256 digest of the default specfiles set in an extended
|
||||||
|
attribute named
|
||||||
|
.IR security.sehash
|
||||||
|
on each directory specified in
|
||||||
|
@@ -217,7 +217,7 @@ for further details.
|
||||||
|
.sp
|
||||||
|
The
|
||||||
|
.B \-I
|
||||||
|
-option will ignore the SHA1 digest from each directory specified in
|
||||||
|
+option will ignore the SHA256 digest from each directory specified in
|
||||||
|
.IR pathname \ ...
|
||||||
|
and provided the
|
||||||
|
.B \-n
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
|
||||||
|
index 51d12a4dbb80..09bfd8c40ab4 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon_xattr.8
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon_xattr.8
|
||||||
|
@@ -23,7 +23,7 @@ or
|
||||||
|
|
||||||
|
.SH "DESCRIPTION"
|
||||||
|
.B restorecon_xattr
|
||||||
|
-will display the SHA1 digests added to extended attributes
|
||||||
|
+will display the SHA256 digests added to extended attributes
|
||||||
|
.I security.sehash
|
||||||
|
or delete the attribute completely. These attributes are set by
|
||||||
|
.BR restorecon (8)
|
||||||
|
@@ -48,12 +48,12 @@ extended attribute and are automatically excluded from searches.
|
||||||
|
.sp
|
||||||
|
By default
|
||||||
|
.B restorecon_xattr
|
||||||
|
-will display the SHA1 digests with "Match" appended if they match the default
|
||||||
|
+will display the SHA256 digests with "Match" appended if they match the default
|
||||||
|
specfile set or the
|
||||||
|
.I specfile
|
||||||
|
set used with the
|
||||||
|
.B \-f
|
||||||
|
-option. Non-matching SHA1 digests will be displayed with "No Match" appended.
|
||||||
|
+option. Non-matching SHA256 digests will be displayed with "No Match" appended.
|
||||||
|
This feature can be disabled by the
|
||||||
|
.B \-n
|
||||||
|
option.
|
||||||
|
@@ -87,7 +87,7 @@ Do not append "Match" or "No Match" to displayed digests.
|
||||||
|
recursively descend directories.
|
||||||
|
.TP
|
||||||
|
.B \-v
|
||||||
|
-display SHA1 digest generated by specfile set (Note that this digest is not
|
||||||
|
+display SHA256 digest generated by specfile set (Note that this digest is not
|
||||||
|
used to match the
|
||||||
|
.I security.sehash
|
||||||
|
directory digest entries, and is shown for reference only).
|
||||||
|
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
|
||||||
|
index 31fb82fd2099..bc22d3fd4560 100644
|
||||||
|
--- a/policycoreutils/setfiles/restorecon_xattr.c
|
||||||
|
+++ b/policycoreutils/setfiles/restorecon_xattr.c
|
||||||
|
@@ -38,7 +38,7 @@ int main(int argc, char **argv)
|
||||||
|
unsigned int xattr_flags = 0, delete_digest = 0, recurse = 0;
|
||||||
|
unsigned int delete_all_digests = 0, ignore_mounts = 0;
|
||||||
|
bool display_digest = false;
|
||||||
|
- char *sha1_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
|
||||||
|
+ char *sha256_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
|
||||||
|
unsigned char *fc_digest = NULL;
|
||||||
|
size_t i, fc_digest_len = 0, num_specfiles;
|
||||||
|
|
||||||
|
@@ -133,8 +133,8 @@ int main(int argc, char **argv)
|
||||||
|
exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- sha1_buf = malloc(fc_digest_len * 2 + 1);
|
||||||
|
- if (!sha1_buf) {
|
||||||
|
+ sha256_buf = malloc(fc_digest_len * 2 + 1);
|
||||||
|
+ if (!sha256_buf) {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Error allocating digest buffer: %s\n",
|
||||||
|
strerror(errno));
|
||||||
|
@@ -143,16 +143,16 @@ int main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < fc_digest_len; i++)
|
||||||
|
- sprintf((&sha1_buf[i * 2]), "%02x", fc_digest[i]);
|
||||||
|
+ sprintf((&sha256_buf[i * 2]), "%02x", fc_digest[i]);
|
||||||
|
|
||||||
|
- printf("specfiles SHA1 digest: %s\n", sha1_buf);
|
||||||
|
+ printf("specfiles SHA256 digest: %s\n", sha256_buf);
|
||||||
|
|
||||||
|
printf("calculated using the following specfile(s):\n");
|
||||||
|
if (specfiles) {
|
||||||
|
for (i = 0; i < num_specfiles; i++)
|
||||||
|
printf("%s\n", specfiles[i]);
|
||||||
|
}
|
||||||
|
- free(sha1_buf);
|
||||||
|
+ free(sha256_buf);
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||||
|
index ee01725050bb..57c663a99d67 100644
|
||||||
|
--- a/policycoreutils/setfiles/setfiles.8
|
||||||
|
+++ b/policycoreutils/setfiles/setfiles.8
|
||||||
|
@@ -95,14 +95,14 @@ display usage information and exit.
|
||||||
|
ignore files that do not exist.
|
||||||
|
.TP
|
||||||
|
.B \-I
|
||||||
|
-ignore digest to force checking of labels even if the stored SHA1 digest
|
||||||
|
-matches the specfiles SHA1 digest. The digest will then be updated provided
|
||||||
|
+ignore digest to force checking of labels even if the stored SHA256 digest
|
||||||
|
+matches the specfiles SHA256 digest. The digest will then be updated provided
|
||||||
|
there are no errors. See the
|
||||||
|
.B NOTES
|
||||||
|
section for further details.
|
||||||
|
.TP
|
||||||
|
.B \-D
|
||||||
|
-Set or update any directory SHA1 digests. Use this option to
|
||||||
|
+Set or update any directory SHA256 digests. Use this option to
|
||||||
|
enable usage of the
|
||||||
|
.IR security.sehash
|
||||||
|
extended attribute.
|
||||||
|
@@ -261,7 +261,7 @@ the
|
||||||
|
.B \-D
|
||||||
|
option to
|
||||||
|
.B setfiles
|
||||||
|
-will cause it to store a SHA1 digest of the
|
||||||
|
+will cause it to store a SHA256 digest of the
|
||||||
|
.B spec_file
|
||||||
|
set in an extended attribute named
|
||||||
|
.IR security.sehash
|
||||||
|
@@ -282,7 +282,7 @@ for further details.
|
||||||
|
.sp
|
||||||
|
The
|
||||||
|
.B \-I
|
||||||
|
-option will ignore the SHA1 digest from each directory specified in
|
||||||
|
+option will ignore the SHA256 digest from each directory specified in
|
||||||
|
.IR pathname \ ...
|
||||||
|
and provided the
|
||||||
|
.B \-n
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Fri, 20 Feb 2015 16:42:01 +0100
|
|
||||||
Subject: [PATCH] We want to remove the trailing newline for
|
|
||||||
/etc/system_release.
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/__init__.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index 88a2b8f6..0c66f4d5 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -1212,7 +1212,7 @@ def get_os_version():
|
|
||||||
system_release = ""
|
|
||||||
try:
|
|
||||||
with open('/etc/system-release') as f:
|
|
||||||
- system_release = f.readline()
|
|
||||||
+ system_release = f.readline().rstrip()
|
|
||||||
except IOError:
|
|
||||||
system_release = "Misc"
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001
|
|
||||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
Date: Fri, 20 Feb 2015 16:42:53 +0100
|
|
||||||
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index d60acfaf..de8184d8 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -220,7 +220,7 @@ class HTMLManPages:
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<link rel=stylesheet type="text/css" href="style.css" title="style">
|
|
||||||
- <title>SELinux man pages online</title>
|
|
||||||
+ <title>SELinux man pages</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1>SELinux man pages for %s</h1>
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
|||||||
From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001
|
From ada7ed4b14f24086a4d1147fc281ca2d61e744eb Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
||||||
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
||||||
file_type_is_entrypoint(f)
|
file_type_is_entrypoint(f)
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
- use direct queries
|
- use direct queries
|
||||||
- load exec_types and entry_types only once
|
- load exec_types and entry_types only once
|
||||||
@ -11,10 +12,10 @@ Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
|||||||
1 file changed, 20 insertions(+), 2 deletions(-)
|
1 file changed, 20 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||||
index de8184d8..f8a94fc0 100755
|
index 70a8ce848900..572c493f6a15 100755
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
--- a/python/sepolicy/sepolicy/manpage.py
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||||
@@ -125,8 +125,24 @@ def gen_domains():
|
@@ -127,8 +127,24 @@ def gen_domains():
|
||||||
domains.sort()
|
domains.sort()
|
||||||
return domains
|
return domains
|
||||||
|
|
||||||
@ -40,7 +41,7 @@ index de8184d8..f8a94fc0 100755
|
|||||||
|
|
||||||
def _gen_types():
|
def _gen_types():
|
||||||
global types
|
global types
|
||||||
@@ -372,6 +388,8 @@ class ManPage:
|
@@ -368,6 +384,8 @@ class ManPage:
|
||||||
self.all_file_types = sepolicy.get_all_file_types()
|
self.all_file_types = sepolicy.get_all_file_types()
|
||||||
self.role_allows = sepolicy.get_all_role_allows()
|
self.role_allows = sepolicy.get_all_role_allows()
|
||||||
self.types = _gen_types()
|
self.types = _gen_types()
|
||||||
@ -49,15 +50,15 @@ index de8184d8..f8a94fc0 100755
|
|||||||
|
|
||||||
if self.source_files:
|
if self.source_files:
|
||||||
self.fcpath = self.root + "file_contexts"
|
self.fcpath = self.root + "file_contexts"
|
||||||
@@ -689,7 +707,7 @@ Default Defined Ports:""")
|
@@ -684,7 +702,7 @@ Default Defined Ports:""")
|
||||||
for f in self.all_file_types:
|
for f in self.all_file_types:
|
||||||
if f.startswith(self.domainname):
|
if f.startswith(self.domainname):
|
||||||
flist.append(f)
|
flist.append(f)
|
||||||
- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
||||||
+ if not f in self.exec_types or not f in self.entry_types:
|
+ if f not in self.exec_types or f not in self.entry_types:
|
||||||
flist_non_exec.append(f)
|
flist_non_exec.append(f)
|
||||||
if f in self.fcdict:
|
if f in self.fcdict:
|
||||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||||
--
|
--
|
||||||
2.21.0
|
2.41.0
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From 5bd2a3a01ee3b645b5b665be4ef95ddae72806ee Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Date: Tue, 30 May 2023 09:07:28 +0200
|
||||||
|
Subject: [PATCH] python/sepolicy: Fix spec file dependencies
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
semanage is part of policycoreutils-python-utils package, selinuxenabled
|
||||||
|
is part of libselinux-utils (required by ^^^) and restorecon/load_policy
|
||||||
|
are part of policycoreutils (also required by policycoreutils-python-utils).
|
||||||
|
|
||||||
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
---
|
||||||
|
python/sepolicy/sepolicy/templates/spec.py | 12 +++++++-----
|
||||||
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/sepolicy/templates/spec.py b/python/sepolicy/sepolicy/templates/spec.py
|
||||||
|
index 433c298a17e0..a6d4508bb670 100644
|
||||||
|
--- a/python/sepolicy/sepolicy/templates/spec.py
|
||||||
|
+++ b/python/sepolicy/sepolicy/templates/spec.py
|
||||||
|
@@ -11,18 +11,20 @@ Version: 1.0
|
||||||
|
Release: 1%{?dist}
|
||||||
|
Summary: SELinux policy module for MODULENAME
|
||||||
|
|
||||||
|
-Group: System Environment/Base
|
||||||
|
-License: GPLv2+
|
||||||
|
+Group: System Environment/Base
|
||||||
|
+License: GPLv2+
|
||||||
|
# This is an example. You will need to change it.
|
||||||
|
+# For a complete guide on packaging your policy
|
||||||
|
+# see https://fedoraproject.org/wiki/SELinux/IndependentPolicy
|
||||||
|
URL: http://HOSTNAME
|
||||||
|
Source0: MODULENAME.pp
|
||||||
|
Source1: MODULENAME.if
|
||||||
|
Source2: DOMAINNAME_selinux.8
|
||||||
|
Source3: DOMAINNAME_u
|
||||||
|
|
||||||
|
-Requires: policycoreutils, libselinux-utils
|
||||||
|
-Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils
|
||||||
|
-Requires(postun): policycoreutils
|
||||||
|
+Requires: policycoreutils-python-utils, libselinux-utils
|
||||||
|
+Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils-python-utils
|
||||||
|
+Requires(postun): policycoreutils-python-utils
|
||||||
|
"""
|
||||||
|
|
||||||
|
mid_section="""\
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,264 @@
|
|||||||
|
From a87290f734ba136e7b648a9ce9754767cbb5eed3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 13 Nov 2023 13:37:36 +0100
|
||||||
|
Subject: [PATCH] Revert "Do not automatically install Russian translations"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
This reverts commit 14f35fde50cd080650ac3b0136234464a3ea6fbe.
|
||||||
|
---
|
||||||
|
gui/Makefile | 2 +-
|
||||||
|
policycoreutils/load_policy/Makefile | 2 +-
|
||||||
|
policycoreutils/man/Makefile | 2 +-
|
||||||
|
policycoreutils/newrole/Makefile | 2 +-
|
||||||
|
policycoreutils/run_init/Makefile | 2 +-
|
||||||
|
policycoreutils/scripts/Makefile | 2 +-
|
||||||
|
policycoreutils/secon/Makefile | 2 +-
|
||||||
|
policycoreutils/semodule/Makefile | 2 +-
|
||||||
|
policycoreutils/sestatus/Makefile | 2 +-
|
||||||
|
policycoreutils/setfiles/Makefile | 2 +-
|
||||||
|
policycoreutils/setsebool/Makefile | 2 +-
|
||||||
|
python/audit2allow/Makefile | 2 +-
|
||||||
|
python/chcat/Makefile | 2 +-
|
||||||
|
python/semanage/Makefile | 2 +-
|
||||||
|
python/sepolicy/Makefile | 2 +-
|
||||||
|
restorecond/Makefile | 2 +-
|
||||||
|
sandbox/Makefile | 2 +-
|
||||||
|
semodule-utils/semodule_expand/Makefile | 2 +-
|
||||||
|
semodule-utils/semodule_link/Makefile | 2 +-
|
||||||
|
semodule-utils/semodule_package/Makefile | 2 +-
|
||||||
|
20 files changed, 20 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gui/Makefile b/gui/Makefile
|
||||||
|
index b29610d41b52..4035fb21b8c9 100644
|
||||||
|
--- a/gui/Makefile
|
||||||
|
+++ b/gui/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
||||||
|
diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile
|
||||||
|
index ad80d500e53c..c1ba805b6a9a 100644
|
||||||
|
--- a/policycoreutils/load_policy/Makefile
|
||||||
|
+++ b/policycoreutils/load_policy/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/man/Makefile b/policycoreutils/man/Makefile
|
||||||
|
index a4539f243b26..94bbf58652ad 100644
|
||||||
|
--- a/policycoreutils/man/Makefile
|
||||||
|
+++ b/policycoreutils/man/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
MAN5DIR ?= $(MANDIR)/man5
|
||||||
|
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
|
||||||
|
index 4b8145d35a8b..b3ccf671a9ae 100644
|
||||||
|
--- a/policycoreutils/newrole/Makefile
|
||||||
|
+++ b/policycoreutils/newrole/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile
|
||||||
|
index 619ebc1d7554..e86364a496e6 100644
|
||||||
|
--- a/policycoreutils/run_init/Makefile
|
||||||
|
+++ b/policycoreutils/run_init/Makefile
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
|
||||||
|
index 6d8196c672d6..75e75b80a100 100644
|
||||||
|
--- a/policycoreutils/scripts/Makefile
|
||||||
|
+++ b/policycoreutils/scripts/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile
|
||||||
|
index 440503a14682..576a6203dfa3 100644
|
||||||
|
--- a/policycoreutils/secon/Makefile
|
||||||
|
+++ b/policycoreutils/secon/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# secon tool - command-line context
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
|
||||||
|
index 9fbf99d6177e..73801e487a76 100644
|
||||||
|
--- a/policycoreutils/semodule/Makefile
|
||||||
|
+++ b/policycoreutils/semodule/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile
|
||||||
|
index aebf050c2fb9..3dbb792bf5e5 100644
|
||||||
|
--- a/policycoreutils/sestatus/Makefile
|
||||||
|
+++ b/policycoreutils/sestatus/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
|
||||||
|
index 84ffb08bf412..d7670a8ff54b 100644
|
||||||
|
--- a/policycoreutils/setfiles/Makefile
|
||||||
|
+++ b/policycoreutils/setfiles/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= /sbin
|
||||||
|
MANDIR = $(PREFIX)/share/man
|
||||||
|
diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile
|
||||||
|
index fc5b4ff63c01..c1440c1c04c8 100644
|
||||||
|
--- a/policycoreutils/setsebool/Makefile
|
||||||
|
+++ b/policycoreutils/setsebool/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/share/man
|
||||||
|
diff --git a/python/audit2allow/Makefile b/python/audit2allow/Makefile
|
||||||
|
index fb04b8bdc72e..76bf4e37f9a3 100644
|
||||||
|
--- a/python/audit2allow/Makefile
|
||||||
|
+++ b/python/audit2allow/Makefile
|
||||||
|
@@ -2,7 +2,7 @@ PYTHON ?= python3
|
||||||
|
SECILC ?= secilc
|
||||||
|
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
|
||||||
|
index 7b3ee17f49b1..e4873bf4ff8f 100644
|
||||||
|
--- a/python/chcat/Makefile
|
||||||
|
+++ b/python/chcat/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
|
||||||
|
index 628d135a8606..b53ee33db6ac 100644
|
||||||
|
--- a/python/semanage/Makefile
|
||||||
|
+++ b/python/semanage/Makefile
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
PYTHON ?= python3
|
||||||
|
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/share/man
|
||||||
|
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
|
||||||
|
index 1a26cfdce6cc..4e9e93d0779e 100644
|
||||||
|
--- a/python/sepolicy/Makefile
|
||||||
|
+++ b/python/sepolicy/Makefile
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
PYTHON ?= python3
|
||||||
|
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/restorecond/Makefile b/restorecond/Makefile
|
||||||
|
index 1ddfcc9265ce..8e9a5ef1cfa1 100644
|
||||||
|
--- a/restorecond/Makefile
|
||||||
|
+++ b/restorecond/Makefile
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
PKG_CONFIG ?= pkg-config
|
||||||
|
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SBINDIR ?= $(PREFIX)/sbin
|
||||||
|
MANDIR = $(PREFIX)/share/man
|
||||||
|
diff --git a/sandbox/Makefile b/sandbox/Makefile
|
||||||
|
index 360a8bc5c125..84cb5a39bf7e 100644
|
||||||
|
--- a/sandbox/Makefile
|
||||||
|
+++ b/sandbox/Makefile
|
||||||
|
@@ -1,7 +1,7 @@
|
||||||
|
PYTHON ?= python3
|
||||||
|
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
SYSCONFDIR ?= /etc/sysconfig
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-utils/semodule_expand/Makefile
|
||||||
|
index ad776b15166c..e63dcff246d9 100644
|
||||||
|
--- a/semodule-utils/semodule_expand/Makefile
|
||||||
|
+++ b/semodule-utils/semodule_expand/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/semodule-utils/semodule_link/Makefile b/semodule-utils/semodule_link/Makefile
|
||||||
|
index 936d161cc16f..c5cf69cd9ca3 100644
|
||||||
|
--- a/semodule-utils/semodule_link/Makefile
|
||||||
|
+++ b/semodule-utils/semodule_link/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
diff --git a/semodule-utils/semodule_package/Makefile b/semodule-utils/semodule_package/Makefile
|
||||||
|
index 6a289f732a7e..680ab836cfe6 100644
|
||||||
|
--- a/semodule-utils/semodule_package/Makefile
|
||||||
|
+++ b/semodule-utils/semodule_package/Makefile
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
# Installation directories.
|
||||||
|
-LINGUAS ?=
|
||||||
|
+LINGUAS ?= ru
|
||||||
|
PREFIX ?= /usr
|
||||||
|
BINDIR ?= $(PREFIX)/bin
|
||||||
|
MANDIR ?= $(PREFIX)/share/man
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,180 @@
|
|||||||
|
From 3895de8ec117fc9a9368ac34d8cc89805ac65b1e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 13 Nov 2023 13:37:44 +0100
|
||||||
|
Subject: [PATCH] Revert "semodule-utils: Remove the Russian translations"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
This reverts commit 5149c39a4ed20ab170f4c4ae1893ff68cf7b7b21.
|
||||||
|
---
|
||||||
|
.../semodule_expand/ru/semodule_expand.8 | 31 ++++++++++++
|
||||||
|
.../semodule_link/ru/semodule_link.8 | 32 +++++++++++++
|
||||||
|
.../semodule_package/ru/semodule_package.8 | 48 +++++++++++++++++++
|
||||||
|
.../semodule_package/ru/semodule_unpackage.8 | 24 ++++++++++
|
||||||
|
4 files changed, 135 insertions(+)
|
||||||
|
create mode 100644 semodule-utils/semodule_expand/ru/semodule_expand.8
|
||||||
|
create mode 100644 semodule-utils/semodule_link/ru/semodule_link.8
|
||||||
|
create mode 100644 semodule-utils/semodule_package/ru/semodule_package.8
|
||||||
|
create mode 100644 semodule-utils/semodule_package/ru/semodule_unpackage.8
|
||||||
|
|
||||||
|
diff --git a/semodule-utils/semodule_expand/ru/semodule_expand.8 b/semodule-utils/semodule_expand/ru/semodule_expand.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..28b381af6001
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/semodule-utils/semodule_expand/ru/semodule_expand.8
|
||||||
|
@@ -0,0 +1,31 @@
|
||||||
|
+.TH SEMODULE_EXPAND "8" "ноябрь 2005" "Security Enhanced Linux"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+semodule_expand \- расширить пакет модуля политики SELinux
|
||||||
|
+
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B semodule_expand [-V ] [ -a ] [ -c [version]] basemodpkg outputfile
|
||||||
|
+.br
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+semodule_expand - утилита разработки для ручного расширения пакета базового модуля политики в двоичный файл политики ядра.
|
||||||
|
+Это средство не является необходимым для нормальной работы SELinux. Обычно такое расширение выполняется libsemanage внутренним образом в ответ на команды semodule. Пакеты базовых модулей политики можно создавать непосредственно с помощью semodule_package или semodule_link (при связывании набора пакетов в один пакет).
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.B \-V
|
||||||
|
+Показать версию
|
||||||
|
+.TP
|
||||||
|
+.B \-c [version]
|
||||||
|
+Версия политики, которую следует создать
|
||||||
|
+.TP
|
||||||
|
+.B \-a
|
||||||
|
+Не проверять утверждения. При использовании этого параметра политика не будет проверять запрещающие правила (neverallow).
|
||||||
|
+
|
||||||
|
+.SH СМОТРИТЕ ТАКЖЕ
|
||||||
|
+.B checkmodule(8), semodule_package(8), semodule(8), semodule_link(8)
|
||||||
|
+(8),
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+.nf
|
||||||
|
+Эта страница руководства была написана Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
+Программа была написана Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/semodule-utils/semodule_link/ru/semodule_link.8 b/semodule-utils/semodule_link/ru/semodule_link.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..4a8f414e0e8e
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/semodule-utils/semodule_link/ru/semodule_link.8
|
||||||
|
@@ -0,0 +1,32 @@
|
||||||
|
+.TH SEMODULE_LINK "8" "Ноябрь 2005" "Security Enhanced Linux"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+semodule_link \- связать вместе пакеты модулей политики SELinux
|
||||||
|
+
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B semodule_link [-Vv] [-o outfile] basemodpkg modpkg1 [modpkg2]...
|
||||||
|
+.br
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+semodule_link - утилита разработки для ручного связывания набора пакетов модулей политики SELinux в один пакет модулей политики.
|
||||||
|
+Это средство не является необходимым для нормальной работы SELinux. Обычно такое связывание выполняется libsemanage внутренним образом в ответ на команды semodule. Пакеты модулей создаются с помощью semodule_package.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.B \-V
|
||||||
|
+Показать версию
|
||||||
|
+.TP
|
||||||
|
+.B \-v
|
||||||
|
+Подробный режим
|
||||||
|
+.TP
|
||||||
|
+.B \-o <output file>
|
||||||
|
+Связанный пакет модулей политики, созданный с помощью этого средства
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+.SH СМОТРИТЕ ТАКЖЕ
|
||||||
|
+.B checkmodule(8), semodule_package(8), semodule(8), semodule_expand(8)
|
||||||
|
+(8),
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+.nf
|
||||||
|
+Эта страница руководства была написана Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
+Программа была написана Karl MacMillan <kmacmillan@tresys.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/semodule-utils/semodule_package/ru/semodule_package.8 b/semodule-utils/semodule_package/ru/semodule_package.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..3f4b16a93322
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/semodule-utils/semodule_package/ru/semodule_package.8
|
||||||
|
@@ -0,0 +1,48 @@
|
||||||
|
+.TH SEMODULE_PACKAGE "8" "Ноябрь 2005" "Security Enhanced Linux"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+semodule_package \- создать пакет модуля политики SELinux
|
||||||
|
+
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B semodule_package \-o <output file> \-m <module> [\-f <file contexts>]
|
||||||
|
+.br
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+semodule_package - утилита, которая используется для создания пакета модуля политики SELinux из двоичного модуля политики и (необязательно) других данных, таких как контексты файлов. Команда semodule_package упаковывает двоичные модули политики, созданные с помощью checkmodule. Пакет политики, созданный с помощью semodule_package, затем можно установить через semodule.
|
||||||
|
+
|
||||||
|
+.SH ПРИМЕР
|
||||||
|
+.nf
|
||||||
|
+# Собрать пакет политики для базового модуля.
|
||||||
|
+$ semodule_package \-o base.pp \-m base.mod \-f file_contexts
|
||||||
|
+# Собрать пакет политики для модуля httpd.
|
||||||
|
+$ semodule_package \-o httpd.pp \-m httpd.mod \-f httpd.fc
|
||||||
|
+# Собрать пакет политики для локальных правил принудительного присвоения типов, не включая контексты файлов.
|
||||||
|
+$ semodule_package \-o local.pp \-m local.mod
|
||||||
|
+.fi
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.B \-o \-\-outfile <output file>
|
||||||
|
+Файл пакета модуля политики, созданный этим средством.
|
||||||
|
+.TP
|
||||||
|
+.B \-s \-\-seuser <seuser file>
|
||||||
|
+Файл seuser, который следует включить в пакет.
|
||||||
|
+.TP
|
||||||
|
+.B \-u \-\-user_extra <user extra file>
|
||||||
|
+Файл user_extra, который следует включить в пакет.
|
||||||
|
+.TP
|
||||||
|
+.B \-m \-\-module <Module file>
|
||||||
|
+Файл модуля политики, который следует включить в пакет.
|
||||||
|
+.TP
|
||||||
|
+.B \-f \-\-fc <File context file>
|
||||||
|
+Файл контекстов файлов для модуля (необязательно).
|
||||||
|
+.TP
|
||||||
|
+.B \-n \-\-nc <netfilter context file>
|
||||||
|
+Файл контекста netfilter, который следует включить в пакет.
|
||||||
|
+
|
||||||
|
+.SH СМОТРИТЕ ТАКЖЕ
|
||||||
|
+.B checkmodule(8), semodule(8), semodule_unpackage(8)
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+.nf
|
||||||
|
+Эта страница руководства была написана Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
+Программа была написана Karl MacMillan <kmacmillan@tresys.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/semodule-utils/semodule_package/ru/semodule_unpackage.8 b/semodule-utils/semodule_package/ru/semodule_unpackage.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..057ae3d752f7
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/semodule-utils/semodule_package/ru/semodule_unpackage.8
|
||||||
|
@@ -0,0 +1,24 @@
|
||||||
|
+.TH SEMODULE_PACKAGE "8" "Ноябрь 2005" "Security Enhanced Linux"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+semodule_unpackage \- извлечь модуль политики и файл контекстов файлов из пакета модуля политики SELinux
|
||||||
|
+
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B semodule_unpackage ppfile modfile [fcfile]
|
||||||
|
+.br
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+semodule_unpackage - утилита, которая используется для извлечения файла модуля политики SELinux и файла контекстов файлов из пакета политики SELinux.
|
||||||
|
+
|
||||||
|
+.SH ПРИМЕР
|
||||||
|
+.nf
|
||||||
|
+# Извлечь файл модуля httpd из пакета политики httpd.
|
||||||
|
+$ semodule_unpackage httpd.pp httpd.mod httpd.fc
|
||||||
|
+.fi
|
||||||
|
+
|
||||||
|
+.SH СМОТРИТЕ ТАКЖЕ
|
||||||
|
+.B semodule_package(8)
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+.nf
|
||||||
|
+Эта страница руководства была написана Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
+Программа была написана Stephen Smalley <stephen.smalley.work@gmail.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,53 +0,0 @@
|
|||||||
From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 28 Feb 2017 21:29:46 +0100
|
|
||||||
Subject: [PATCH] sepolicy: Another small optimization for mcs types
|
|
||||||
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
|
|
||||||
1 file changed, 11 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
index f8a94fc0..67d39301 100755
|
|
||||||
--- a/python/sepolicy/sepolicy/manpage.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
|
||||||
@@ -142,6 +142,15 @@ def _gen_entry_types():
|
|
||||||
entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
|
|
||||||
return entry_types
|
|
||||||
|
|
||||||
+mcs_constrained_types = None
|
|
||||||
+
|
|
||||||
+def _gen_mcs_constrained_types():
|
|
||||||
+ global mcs_constrained_types
|
|
||||||
+ if mcs_constrained_types is None:
|
|
||||||
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
|
|
||||||
+ return mcs_constrained_types
|
|
||||||
+
|
|
||||||
+
|
|
||||||
types = None
|
|
||||||
|
|
||||||
def _gen_types():
|
|
||||||
@@ -390,6 +399,7 @@ class ManPage:
|
|
||||||
self.types = _gen_types()
|
|
||||||
self.exec_types = _gen_exec_types()
|
|
||||||
self.entry_types = _gen_entry_types()
|
|
||||||
+ self.mcs_constrained_types = _gen_mcs_constrained_types()
|
|
||||||
|
|
||||||
if self.source_files:
|
|
||||||
self.fcpath = self.root + "file_contexts"
|
|
||||||
@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
|
|
||||||
%s""" % ", ".join(paths))
|
|
||||||
|
|
||||||
def _mcs_types(self):
|
|
||||||
- try:
|
|
||||||
- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
|
|
||||||
- except StopIteration:
|
|
||||||
- return
|
|
||||||
- if self.type not in mcs_constrained_type['types']:
|
|
||||||
+ if self.type not in self.mcs_constrained_types['types']:
|
|
||||||
return
|
|
||||||
self.fd.write ("""
|
|
||||||
.SH "MCS Constrained"
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,515 +0,0 @@
|
|||||||
From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 6 Aug 2018 13:23:00 +0200
|
|
||||||
Subject: [PATCH] Move po/ translation files into the right sub-directories
|
|
||||||
|
|
||||||
When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
|
|
||||||
sub-directories, po/ translation files stayed in policycoreutils/.
|
|
||||||
|
|
||||||
This commit split original policycoreutils/po directory into
|
|
||||||
policycoreutils/po
|
|
||||||
python/po
|
|
||||||
gui/po
|
|
||||||
sandbox/po
|
|
||||||
|
|
||||||
See https://github.com/fedora-selinux/selinux/issues/43
|
|
||||||
---
|
|
||||||
gui/Makefile | 3 ++
|
|
||||||
gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
|
|
||||||
gui/po/POTFILES | 17 ++++++++
|
|
||||||
policycoreutils/po/Makefile | 70 ++-----------------------------
|
|
||||||
policycoreutils/po/POTFILES | 9 ++++
|
|
||||||
python/Makefile | 2 +-
|
|
||||||
python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++
|
|
||||||
python/po/POTFILES | 10 +++++
|
|
||||||
sandbox/Makefile | 2 +
|
|
||||||
sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
|
|
||||||
sandbox/po/POTFILES | 1 +
|
|
||||||
11 files changed, 293 insertions(+), 68 deletions(-)
|
|
||||||
create mode 100644 gui/po/Makefile
|
|
||||||
create mode 100644 gui/po/POTFILES
|
|
||||||
create mode 100644 policycoreutils/po/POTFILES
|
|
||||||
create mode 100644 python/po/Makefile
|
|
||||||
create mode 100644 python/po/POTFILES
|
|
||||||
create mode 100644 sandbox/po/Makefile
|
|
||||||
create mode 100644 sandbox/po/POTFILES
|
|
||||||
|
|
||||||
diff --git a/gui/Makefile b/gui/Makefile
|
|
||||||
index ca965c94..5a5bf6dc 100644
|
|
||||||
--- a/gui/Makefile
|
|
||||||
+++ b/gui/Makefile
|
|
||||||
@@ -22,6 +22,7 @@ system-config-selinux.ui \
|
|
||||||
usersPage.py
|
|
||||||
|
|
||||||
all: $(TARGETS) system-config-selinux.py polgengui.py
|
|
||||||
+ (cd po && $(MAKE) $@)
|
|
||||||
|
|
||||||
install: all
|
|
||||||
-mkdir -p $(DESTDIR)$(MANDIR)/man8
|
|
||||||
@@ -54,6 +55,8 @@ install: all
|
|
||||||
install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
|
|
||||||
done
|
|
||||||
install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
|
||||||
+ (cd po && $(MAKE) $@)
|
|
||||||
+
|
|
||||||
clean:
|
|
||||||
|
|
||||||
indent:
|
|
||||||
diff --git a/gui/po/Makefile b/gui/po/Makefile
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..a0f5439f
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/gui/po/Makefile
|
|
||||||
@@ -0,0 +1,82 @@
|
|
||||||
+#
|
|
||||||
+# Makefile for the PO files (translation) catalog
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+PREFIX ?= /usr
|
|
||||||
+
|
|
||||||
+# What is this package?
|
|
||||||
+NLSPACKAGE = gui
|
|
||||||
+POTFILE = $(NLSPACKAGE).pot
|
|
||||||
+INSTALL = /usr/bin/install -c -p
|
|
||||||
+INSTALL_DATA = $(INSTALL) -m 644
|
|
||||||
+INSTALL_DIR = /usr/bin/install -d
|
|
||||||
+
|
|
||||||
+# destination directory
|
|
||||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
|
||||||
+
|
|
||||||
+# PO catalog handling
|
|
||||||
+MSGMERGE = msgmerge
|
|
||||||
+MSGMERGE_FLAGS = -q
|
|
||||||
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
|
|
||||||
+MSGFMT = msgfmt
|
|
||||||
+
|
|
||||||
+# All possible linguas
|
|
||||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
|
||||||
+
|
|
||||||
+# Only the files matching what the user has set in LINGUAS
|
|
||||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
|
||||||
+
|
|
||||||
+# if no valid LINGUAS, build all languages
|
|
||||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
|
||||||
+
|
|
||||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
|
||||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
|
||||||
+POTFILES = $(shell cat POTFILES)
|
|
||||||
+
|
|
||||||
+#default:: clean
|
|
||||||
+
|
|
||||||
+all:: $(MOFILES)
|
|
||||||
+
|
|
||||||
+$(POTFILE): $(POTFILES)
|
|
||||||
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
|
||||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
|
||||||
+ rm -f $(NLSPACKAGE).po; \
|
|
||||||
+ else \
|
|
||||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
|
||||||
+ fi; \
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+refresh-po: Makefile
|
|
||||||
+ for cat in $(POFILES); do \
|
|
||||||
+ lang=`basename $$cat .po`; \
|
|
||||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
|
||||||
+ mv -f $$lang.pot $$lang.po ; \
|
|
||||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
|
||||||
+ else \
|
|
||||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
|
||||||
+ rm -f $$lang.pot ; \
|
|
||||||
+ fi \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+clean:
|
|
||||||
+ @rm -fv *mo *~ .depend
|
|
||||||
+ @rm -rf tmp
|
|
||||||
+
|
|
||||||
+install: $(MOFILES)
|
|
||||||
+ @for n in $(MOFILES); do \
|
|
||||||
+ l=`basename $$n .mo`; \
|
|
||||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
|
||||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+%.mo: %.po
|
|
||||||
+ $(MSGFMT) -o $@ $<
|
|
||||||
+report:
|
|
||||||
+ @for cat in $(wildcard *.po); do \
|
|
||||||
+ echo -n "$$cat: "; \
|
|
||||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+.PHONY: missing depend
|
|
||||||
+
|
|
||||||
+relabel:
|
|
||||||
diff --git a/gui/po/POTFILES b/gui/po/POTFILES
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..1795c5c1
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/gui/po/POTFILES
|
|
||||||
@@ -0,0 +1,17 @@
|
|
||||||
+../booleansPage.py
|
|
||||||
+../domainsPage.py
|
|
||||||
+../fcontextPage.py
|
|
||||||
+../loginsPage.py
|
|
||||||
+../modulesPage.py
|
|
||||||
+../org.selinux.config.policy
|
|
||||||
+../polgengui.py
|
|
||||||
+../polgen.ui
|
|
||||||
+../portsPage.py
|
|
||||||
+../selinux-polgengui.desktop
|
|
||||||
+../semanagePage.py
|
|
||||||
+../sepolicy.desktop
|
|
||||||
+../statusPage.py
|
|
||||||
+../system-config-selinux.desktop
|
|
||||||
+../system-config-selinux.py
|
|
||||||
+../system-config-selinux.ui
|
|
||||||
+../usersPage.py
|
|
||||||
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
|
|
||||||
index 575e1431..18bc1dff 100644
|
|
||||||
--- a/policycoreutils/po/Makefile
|
|
||||||
+++ b/policycoreutils/po/Makefile
|
|
||||||
@@ -3,7 +3,6 @@
|
|
||||||
#
|
|
||||||
|
|
||||||
PREFIX ?= /usr
|
|
||||||
-TOP = ../..
|
|
||||||
|
|
||||||
# What is this package?
|
|
||||||
NLSPACKAGE = policycoreutils
|
|
||||||
@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
|
||||||
|
|
||||||
POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
|
||||||
MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
|
||||||
-POTFILES = \
|
|
||||||
- ../run_init/open_init_pty.c \
|
|
||||||
- ../run_init/run_init.c \
|
|
||||||
- ../semodule_link/semodule_link.c \
|
|
||||||
- ../audit2allow/audit2allow \
|
|
||||||
- ../semanage/seobject.py \
|
|
||||||
- ../setsebool/setsebool.c \
|
|
||||||
- ../newrole/newrole.c \
|
|
||||||
- ../load_policy/load_policy.c \
|
|
||||||
- ../sestatus/sestatus.c \
|
|
||||||
- ../semodule/semodule.c \
|
|
||||||
- ../setfiles/setfiles.c \
|
|
||||||
- ../semodule_package/semodule_package.c \
|
|
||||||
- ../semodule_deps/semodule_deps.c \
|
|
||||||
- ../semodule_expand/semodule_expand.c \
|
|
||||||
- ../scripts/chcat \
|
|
||||||
- ../scripts/fixfiles \
|
|
||||||
- ../restorecond/stringslist.c \
|
|
||||||
- ../restorecond/restorecond.h \
|
|
||||||
- ../restorecond/utmpwatcher.h \
|
|
||||||
- ../restorecond/stringslist.h \
|
|
||||||
- ../restorecond/restorecond.c \
|
|
||||||
- ../restorecond/utmpwatcher.c \
|
|
||||||
- ../gui/booleansPage.py \
|
|
||||||
- ../gui/fcontextPage.py \
|
|
||||||
- ../gui/loginsPage.py \
|
|
||||||
- ../gui/mappingsPage.py \
|
|
||||||
- ../gui/modulesPage.py \
|
|
||||||
- ../gui/polgen.glade \
|
|
||||||
- ../gui/polgengui.py \
|
|
||||||
- ../gui/portsPage.py \
|
|
||||||
- ../gui/semanagePage.py \
|
|
||||||
- ../gui/statusPage.py \
|
|
||||||
- ../gui/system-config-selinux.glade \
|
|
||||||
- ../gui/system-config-selinux.py \
|
|
||||||
- ../gui/usersPage.py \
|
|
||||||
- ../secon/secon.c \
|
|
||||||
- booleans.py \
|
|
||||||
- ../sepolicy/sepolicy.py \
|
|
||||||
- ../sepolicy/sepolicy/communicate.py \
|
|
||||||
- ../sepolicy/sepolicy/__init__.py \
|
|
||||||
- ../sepolicy/sepolicy/network.py \
|
|
||||||
- ../sepolicy/sepolicy/generate.py \
|
|
||||||
- ../sepolicy/sepolicy/sepolicy.glade \
|
|
||||||
- ../sepolicy/sepolicy/gui.py \
|
|
||||||
- ../sepolicy/sepolicy/manpage.py \
|
|
||||||
- ../sepolicy/sepolicy/transition.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/executable.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/__init__.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/network.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/rw.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/script.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/semodule.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/tmp.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/user.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/var_lib.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/var_log.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/var_run.py \
|
|
||||||
- ../sepolicy/sepolicy/templates/var_spool.py
|
|
||||||
+POTFILES = $(shell cat POTFILES)
|
|
||||||
|
|
||||||
#default:: clean
|
|
||||||
|
|
||||||
-all:: $(MOFILES)
|
|
||||||
+all:: $(POTFILE) $(MOFILES)
|
|
||||||
|
|
||||||
-booleans.py:
|
|
||||||
- sepolicy booleans -a > booleans.py
|
|
||||||
-
|
|
||||||
-$(POTFILE): $(POTFILES) booleans.py
|
|
||||||
+$(POTFILE): $(POTFILES)
|
|
||||||
$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
|
||||||
@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
|
||||||
rm -f $(NLSPACKAGE).po; \
|
|
||||||
@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
|
|
||||||
mv -f $(NLSPACKAGE).po $(POTFILE); \
|
|
||||||
fi; \
|
|
||||||
|
|
||||||
-update-po: Makefile $(POTFILE) refresh-po
|
|
||||||
- @rm -f booleans.py
|
|
||||||
|
|
||||||
refresh-po: Makefile
|
|
||||||
for cat in $(POFILES); do \
|
|
||||||
diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..12237dc6
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/policycoreutils/po/POTFILES
|
|
||||||
@@ -0,0 +1,9 @@
|
|
||||||
+../run_init/open_init_pty.c
|
|
||||||
+../run_init/run_init.c
|
|
||||||
+../setsebool/setsebool.c
|
|
||||||
+../newrole/newrole.c
|
|
||||||
+../load_policy/load_policy.c
|
|
||||||
+../sestatus/sestatus.c
|
|
||||||
+../semodule/semodule.c
|
|
||||||
+../setfiles/setfiles.c
|
|
||||||
+../secon/secon.c
|
|
||||||
diff --git a/python/Makefile b/python/Makefile
|
|
||||||
index 9b66d52f..00312dbd 100644
|
|
||||||
--- a/python/Makefile
|
|
||||||
+++ b/python/Makefile
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
|
|
||||||
+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
|
|
||||||
|
|
||||||
all install relabel clean indent test:
|
|
||||||
@for subdir in $(SUBDIRS); do \
|
|
||||||
diff --git a/python/po/Makefile b/python/po/Makefile
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..4e052d5a
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/python/po/Makefile
|
|
||||||
@@ -0,0 +1,83 @@
|
|
||||||
+#
|
|
||||||
+# Makefile for the PO files (translation) catalog
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+PREFIX ?= /usr
|
|
||||||
+
|
|
||||||
+# What is this package?
|
|
||||||
+NLSPACKAGE = python
|
|
||||||
+POTFILE = $(NLSPACKAGE).pot
|
|
||||||
+INSTALL = /usr/bin/install -c -p
|
|
||||||
+INSTALL_DATA = $(INSTALL) -m 644
|
|
||||||
+INSTALL_DIR = /usr/bin/install -d
|
|
||||||
+
|
|
||||||
+# destination directory
|
|
||||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
|
||||||
+
|
|
||||||
+# PO catalog handling
|
|
||||||
+MSGMERGE = msgmerge
|
|
||||||
+MSGMERGE_FLAGS = -q
|
|
||||||
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
|
|
||||||
+MSGFMT = msgfmt
|
|
||||||
+
|
|
||||||
+# All possible linguas
|
|
||||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
|
||||||
+
|
|
||||||
+# Only the files matching what the user has set in LINGUAS
|
|
||||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
|
||||||
+
|
|
||||||
+# if no valid LINGUAS, build all languages
|
|
||||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
|
||||||
+
|
|
||||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
|
||||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
|
||||||
+POTFILES = $(shell cat POTFILES)
|
|
||||||
+
|
|
||||||
+#default:: clean
|
|
||||||
+
|
|
||||||
+all:: $(MOFILES)
|
|
||||||
+
|
|
||||||
+$(POTFILE): $(POTFILES)
|
|
||||||
+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
|
|
||||||
+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
|
|
||||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
|
||||||
+ rm -f $(NLSPACKAGE).po; \
|
|
||||||
+ else \
|
|
||||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
|
||||||
+ fi; \
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+refresh-po: Makefile
|
|
||||||
+ for cat in $(POFILES); do \
|
|
||||||
+ lang=`basename $$cat .po`; \
|
|
||||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
|
||||||
+ mv -f $$lang.pot $$lang.po ; \
|
|
||||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
|
||||||
+ else \
|
|
||||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
|
||||||
+ rm -f $$lang.pot ; \
|
|
||||||
+ fi \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+clean:
|
|
||||||
+ @rm -fv *mo *~ .depend
|
|
||||||
+ @rm -rf tmp
|
|
||||||
+
|
|
||||||
+install: $(MOFILES)
|
|
||||||
+ @for n in $(MOFILES); do \
|
|
||||||
+ l=`basename $$n .mo`; \
|
|
||||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
|
||||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+%.mo: %.po
|
|
||||||
+ $(MSGFMT) -o $@ $<
|
|
||||||
+report:
|
|
||||||
+ @for cat in $(wildcard *.po); do \
|
|
||||||
+ echo -n "$$cat: "; \
|
|
||||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+.PHONY: missing depend
|
|
||||||
+
|
|
||||||
+relabel:
|
|
||||||
diff --git a/python/po/POTFILES b/python/po/POTFILES
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..128eb870
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/python/po/POTFILES
|
|
||||||
@@ -0,0 +1,10 @@
|
|
||||||
+../audit2allow/audit2allow
|
|
||||||
+../chcat/chcat
|
|
||||||
+../semanage/semanage
|
|
||||||
+../semanage/seobject.py
|
|
||||||
+../sepolgen/src/sepolgen/interfaces.py
|
|
||||||
+../sepolicy/sepolicy/generate.py
|
|
||||||
+../sepolicy/sepolicy/gui.py
|
|
||||||
+../sepolicy/sepolicy/__init__.py
|
|
||||||
+../sepolicy/sepolicy/interface.py
|
|
||||||
+../sepolicy/sepolicy.py
|
|
||||||
diff --git a/sandbox/Makefile b/sandbox/Makefile
|
|
||||||
index 9da5e58d..b817824e 100644
|
|
||||||
--- a/sandbox/Makefile
|
|
||||||
+++ b/sandbox/Makefile
|
|
||||||
@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
|
|
||||||
SEUNSHARE_OBJS = seunshare.o
|
|
||||||
|
|
||||||
all: sandbox seunshare sandboxX.sh start
|
|
||||||
+ (cd po && $(MAKE) $@)
|
|
||||||
|
|
||||||
seunshare: $(SEUNSHARE_OBJS)
|
|
||||||
|
|
||||||
@@ -39,6 +40,7 @@ install: all
|
|
||||||
install -m 755 start $(DESTDIR)$(SHAREDIR)
|
|
||||||
-mkdir -p $(DESTDIR)$(SYSCONFDIR)
|
|
||||||
install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
|
|
||||||
+ (cd po && $(MAKE) $@)
|
|
||||||
|
|
||||||
test:
|
|
||||||
@$(PYTHON) test_sandbox.py -v
|
|
||||||
diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..0556bbe9
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/sandbox/po/Makefile
|
|
||||||
@@ -0,0 +1,82 @@
|
|
||||||
+#
|
|
||||||
+# Makefile for the PO files (translation) catalog
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+PREFIX ?= /usr
|
|
||||||
+
|
|
||||||
+# What is this package?
|
|
||||||
+NLSPACKAGE = sandbox
|
|
||||||
+POTFILE = $(NLSPACKAGE).pot
|
|
||||||
+INSTALL = /usr/bin/install -c -p
|
|
||||||
+INSTALL_DATA = $(INSTALL) -m 644
|
|
||||||
+INSTALL_DIR = /usr/bin/install -d
|
|
||||||
+
|
|
||||||
+# destination directory
|
|
||||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
|
||||||
+
|
|
||||||
+# PO catalog handling
|
|
||||||
+MSGMERGE = msgmerge
|
|
||||||
+MSGMERGE_FLAGS = -q
|
|
||||||
+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
|
|
||||||
+MSGFMT = msgfmt
|
|
||||||
+
|
|
||||||
+# All possible linguas
|
|
||||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
|
||||||
+
|
|
||||||
+# Only the files matching what the user has set in LINGUAS
|
|
||||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
|
||||||
+
|
|
||||||
+# if no valid LINGUAS, build all languages
|
|
||||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
|
||||||
+
|
|
||||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
|
||||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
|
||||||
+POTFILES = $(shell cat POTFILES)
|
|
||||||
+
|
|
||||||
+#default:: clean
|
|
||||||
+
|
|
||||||
+all:: $(POTFILE) $(MOFILES)
|
|
||||||
+
|
|
||||||
+$(POTFILE): $(POTFILES)
|
|
||||||
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
|
||||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
|
||||||
+ rm -f $(NLSPACKAGE).po; \
|
|
||||||
+ else \
|
|
||||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
|
||||||
+ fi; \
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+refresh-po: Makefile
|
|
||||||
+ for cat in $(POFILES); do \
|
|
||||||
+ lang=`basename $$cat .po`; \
|
|
||||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
|
||||||
+ mv -f $$lang.pot $$lang.po ; \
|
|
||||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
|
||||||
+ else \
|
|
||||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
|
||||||
+ rm -f $$lang.pot ; \
|
|
||||||
+ fi \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+clean:
|
|
||||||
+ @rm -fv *mo *~ .depend
|
|
||||||
+ @rm -rf tmp
|
|
||||||
+
|
|
||||||
+install: $(MOFILES)
|
|
||||||
+ @for n in $(MOFILES); do \
|
|
||||||
+ l=`basename $$n .mo`; \
|
|
||||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
|
||||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+%.mo: %.po
|
|
||||||
+ $(MSGFMT) -o $@ $<
|
|
||||||
+report:
|
|
||||||
+ @for cat in $(wildcard *.po); do \
|
|
||||||
+ echo -n "$$cat: "; \
|
|
||||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
|
||||||
+ done
|
|
||||||
+
|
|
||||||
+.PHONY: missing depend
|
|
||||||
+
|
|
||||||
+relabel:
|
|
||||||
diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
|
|
||||||
new file mode 100644
|
|
||||||
index 00000000..deff3f2f
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/sandbox/po/POTFILES
|
|
||||||
@@ -0,0 +1 @@
|
|
||||||
+../sandbox
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -0,0 +1,221 @@
|
|||||||
|
From 77b0ab65d1440d47395ec9d2091c15f63ef07c4a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 13 Nov 2023 13:37:46 +0100
|
||||||
|
Subject: [PATCH] Revert "sandbox: Remove the Russian translations"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
This reverts commit 8b2148f23853891eda00a4758cef2370880eb90c.
|
||||||
|
---
|
||||||
|
sandbox/ru/sandbox.5 | 42 +++++++++++++++++
|
||||||
|
sandbox/ru/sandbox.8 | 100 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
sandbox/ru/seunshare.8 | 42 +++++++++++++++++
|
||||||
|
3 files changed, 184 insertions(+)
|
||||||
|
create mode 100644 sandbox/ru/sandbox.5
|
||||||
|
create mode 100644 sandbox/ru/sandbox.8
|
||||||
|
create mode 100644 sandbox/ru/seunshare.8
|
||||||
|
|
||||||
|
diff --git a/sandbox/ru/sandbox.5 b/sandbox/ru/sandbox.5
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..69e822d8ad22
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sandbox/ru/sandbox.5
|
||||||
|
@@ -0,0 +1,42 @@
|
||||||
|
+.TH sandbox.conf "5" "Июнь 2010" "sandbox.conf" "Администрирование системы Linux"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+sandbox.conf \- файл конфигурации пользователей для изолированной среды SELinux
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+Если изолированная среда запускается с аргументом -C, она будет ограничена с помощью групп управления. Системный администратор может указать, как именно ограничить изолированную среду.
|
||||||
|
+
|
||||||
|
+.PP
|
||||||
|
+Весь текст после "#" игнорируется, как и пустые строки. Все аргументы должны быть разделены пробелами и иметь знаки равенства ("=").
|
||||||
|
+
|
||||||
|
+.PP
|
||||||
|
+Эти ключевые слова разрешены.
|
||||||
|
+
|
||||||
|
+.RS
|
||||||
|
+.TP
|
||||||
|
+.B NAME
|
||||||
|
+Имя группы управления изолированной средой. По умолчанию: "sandbox".
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+.B CPUAFFINITY
|
||||||
|
+Определяет, каким процессорам назначить изолированную среду. По умолчанию она назначается всем процессорам (ALL), но пользователи могут указать разделённый запятыми список с дефисами ("-"), чтобы представить диапазоны. Пример: 0-2,5
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+.B MEMUSAGE
|
||||||
|
+Определяет, сколько памяти разрешается использовать изолированной среде. Значение по умолчанию: 80%. Пользователи могут указать либо процентное значение, либо значение в виде числа, за которым следует суффикс K, M, G, для соответствующего обозначения килобайтов, мегабайтов или гигабайтов. Пример: 50% или 100M
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+.B CPUUSAGE
|
||||||
|
+Процент использования ЦП, разрешённый для изолированной среды. По умолчанию: 80%. Укажите значение, за которым следует знак процента ("%"). Пример: 50%
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+.TP
|
||||||
|
+sandbox(8)
|
||||||
|
+.PP
|
||||||
|
+
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+Эта страница руководства была написана
|
||||||
|
+.I Thomas Liu <tliu@fedoraproject.org>.
|
||||||
|
+Перевод на русский язык выполнила
|
||||||
|
+.I Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/sandbox/ru/sandbox.8 b/sandbox/ru/sandbox.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..5e6e0aad57e8
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sandbox/ru/sandbox.8
|
||||||
|
@@ -0,0 +1,100 @@
|
||||||
|
+.TH SANDBOX "8" "Май 2010" "sandbox" "Команды пользователя"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+sandbox \- выполнить приложение cmd в изолированной среде SELinux
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B sandbox
|
||||||
|
+[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] cmd
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sandbox
|
||||||
|
+[\-C] [\-s] [ \-d DPI ] [\-l level ] [[\-M | \-X] \-H homedir \-T tempdir ] [\-I includefile ] [ \-W windowmanager ] [ \-w windowsize ] [[\-i file ]...] [ \-t type ] \-S
|
||||||
|
+.br
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+Выполнить приложение
|
||||||
|
+.I cmd
|
||||||
|
+в строго ограниченном домене SELinux. По умолчанию в домене изолированной среды приложения могут только читать и записывать stdin, stdout и любые другие передаваемые дескрипторы файлов. Открывать другие файлы нельзя. Параметр \-M позволяет смонтировать альтернативные домашний каталог и временный каталог, которые будут использоваться изолированной средой.
|
||||||
|
+
|
||||||
|
+Если установлен пакет
|
||||||
|
+.I policycoreutils-sandbox,
|
||||||
|
+можно использовать параметр \-X и параметр \-M.
|
||||||
|
+.B sandbox \-X
|
||||||
|
+позволяет запускать приложения X в изолированной среде. Эти приложения запускаются на своём собственном X-сервере и создают временные домашний каталог и каталог /tmp. Политика SELinux по умолчанию не разрешает использовать какие-либо средства для управления привилегиями или осуществлять доступ к сети. Она также предотвращает доступ к другим процессам и файлам пользователей. Указанные в команде файлы, которые находятся в домашнем каталоге или каталоге /tmp, будут скопированы в каталоги изолированной среды.
|
||||||
|
+
|
||||||
|
+Если каталоги указаны с параметром \-H или \-T, их контекст будет изменён chcon(1) (если только с помощью параметра \-l не указан уровень). Если уровень безопасности MLS/MCS указан, пользователь должен установить правильные метки.
|
||||||
|
+.PP
|
||||||
|
+.TP
|
||||||
|
+\fB\-h\ \fB\-\-help\fR
|
||||||
|
+Показать сведения об использовании
|
||||||
|
+.TP
|
||||||
|
+\fB\-H\ \fB\-\-homedir\fR
|
||||||
|
+Указать альтернативный домашний каталог для монтирования вместо вашего домашнего каталога. По умолчанию используется временный каталог. Требуется \-X или \-M.
|
||||||
|
+.TP
|
||||||
|
+\fB\-i\fR \fB\-\-include\fR
|
||||||
|
+Копировать этот файл в соответствующий временный каталог изолированной среды. Команду можно повторять.
|
||||||
|
+.TP
|
||||||
|
+\fB\-I\fR \fB\-\-includefile\fR
|
||||||
|
+Копировать все файлы, перечисленные во входном файле (inputfile), в соответствующие временные каталоги изолированной среды.
|
||||||
|
+.TP
|
||||||
|
+\fB\-l\fR \fB\-\-level\fR
|
||||||
|
+Указать уровень безопасности MLS/MCS, с которым следует запускать изолированную среду. По умолчанию используется случайное значение.
|
||||||
|
+.TP
|
||||||
|
+\fB\-M\fR \fB\-\-mount\fR
|
||||||
|
+Создать изолированную среду с временными файлами для $HOME и /tmp.
|
||||||
|
+.TP
|
||||||
|
+\fB\-s\fR \fB\-\-shred\fR
|
||||||
|
+Уничтожить временные файлы, созданные в $HOME в /tmp, перед удалением.
|
||||||
|
+.TP
|
||||||
|
+\fB\-t\fR \fB\-\-type\fR
|
||||||
|
+Использовать альтернативный тип изолированной среды. По умолчанию: sandbox_t или sandbox_x_t для \-X.
|
||||||
|
+
|
||||||
|
+\fBПримеры:\fR
|
||||||
|
+.br
|
||||||
|
+sandbox_t \- без X, без доступа к сети, без открытия, чтение/запись передаются в дескрипторах файлов.
|
||||||
|
+.br
|
||||||
|
+sandbox_min_t \- без доступа к сети
|
||||||
|
+.br
|
||||||
|
+sandbox_x_t \- порты для X-приложений, которые следует запустить локально
|
||||||
|
+.br
|
||||||
|
+sandbox_web_t \- порты, необходимые для работы в Интернете
|
||||||
|
+.br
|
||||||
|
+sandbox_net_t \- сетевые порты (для серверного ПО)
|
||||||
|
+.br
|
||||||
|
+sandbox_net_client_t \- все сетевые порты
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+\fB\-T\fR \fB\-\-tmpdir\fR
|
||||||
|
+Использовать альтернативный временный каталог для монтирования в /tmp. По умолчанию: tmpfs. Требуется \-X или \-M.
|
||||||
|
+.TP
|
||||||
|
+\fB\-S\fR \fB\-\-session\fR
|
||||||
|
+Запустить полный сеанс рабочего стола. Требуется уровень, домашний каталог и временный каталог.
|
||||||
|
+.TP
|
||||||
|
+\fB\-w\fR \fB\-\-windowsize\fR
|
||||||
|
+Указать размер окна при создании изолированной среды на основе X. По умолчанию: 1000x700.
|
||||||
|
+.TP
|
||||||
|
+\fB\-W\fR \fB\-\-windowmanager\fR
|
||||||
|
+Выбрать альтернативный диспетчер окон для запуска в
|
||||||
|
+.B sandbox \-X.
|
||||||
|
+По умолчанию: /usr/bin/openbox.
|
||||||
|
+.TP
|
||||||
|
+\fB\-X\fR
|
||||||
|
+Создать изолированную среду на основе X для приложений графического интерфейса пользователя, временные файлы для $HOME и /tmp, дополнительный X-сервер. По умолчанию: sandbox_x_t
|
||||||
|
+.TP
|
||||||
|
+\fB\-d\fR \fB\-\-dpi\fR
|
||||||
|
+Указать значение разрешения (DPI) для X-сервера изолированной среды. По умолчанию используется значение разрешения текущего X-сервера.
|
||||||
|
+.TP
|
||||||
|
+\fB\-C\fR \fB\-\-capabilities\fR
|
||||||
|
+Использовать средства для управления привилегиями внутри изолированной среды. По умолчанию приложениям, которые выполняются в изолированной среде, запрещено использовать средства для управления привилегиями (setuid apps), но с флагом \-C можно использовать программы, которым необходимы средства для управления привилегиями.
|
||||||
|
+.PP
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+.TP
|
||||||
|
+runcon(1), seunshare(8), selinux(8)
|
||||||
|
+.PP
|
||||||
|
+
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+Эта страница руководства была написана
|
||||||
|
+.I Dan Walsh <dwalsh@redhat.com>
|
||||||
|
+и
|
||||||
|
+.I Thomas Liu <tliu@fedoraproject.org>.
|
||||||
|
+Перевод на русский язык выполнила
|
||||||
|
+.I Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/sandbox/ru/seunshare.8 b/sandbox/ru/seunshare.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..f604b9eb28c5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sandbox/ru/seunshare.8
|
||||||
|
@@ -0,0 +1,42 @@
|
||||||
|
+.TH SEUNSHARE "8" "Май 2010" "seunshare" "Команды пользователя"
|
||||||
|
+.SH ИМЯ
|
||||||
|
+seunshare \- выполнить cmd с другим домашним каталогом (homedir), временным каталогом (tmpdir) и/или контекстом SELinux
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B seunshare
|
||||||
|
+[ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
|
||||||
|
+.br
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+.PP
|
||||||
|
+Запустите исполняемый файл
|
||||||
|
+.I executable
|
||||||
|
+в указанном контексте, используя альтернативный домашний каталог и каталог /tmp. Команда seunshare отменяет общий доступ из пространства имён по умолчанию, затем монтирует указанные домашний каталог и временный каталог вместо домашнего каталога и временного каталога по умолчанию. После этого команда сообщает ядру, что следует выполнить приложение в указанном контексте SELinux.
|
||||||
|
+
|
||||||
|
+.TP
|
||||||
|
+\fB\-h homedir\fR
|
||||||
|
+Альтернативный домашний каталог для использования приложением. Пользователь должен быть владельцем домашнего каталога.
|
||||||
|
+.TP
|
||||||
|
+\fB\-t\ tmpdir
|
||||||
|
+Использовать альтернативный временный каталог для монтирования в /tmp. Пользователь должен быть владельцем временного каталога.
|
||||||
|
+.TP
|
||||||
|
+\fB\-C --capabilities\fR
|
||||||
|
+Разрешить приложениям, исполняемым в пространстве имён, использовать средства для управления привилегиям. По умолчанию использование средств для управления привилегиями запрещено.
|
||||||
|
+.TP
|
||||||
|
+\fB\-k --kill\fR
|
||||||
|
+Завершить все процессы с соответствующим уровнем MCS.
|
||||||
|
+.TP
|
||||||
|
+\fB\-Z\ context
|
||||||
|
+Использовать альтернативный контекст SELinux при запуске исполняемого файла.
|
||||||
|
+.TP
|
||||||
|
+\fB\-v\fR
|
||||||
|
+Подробный вывод
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+.TP
|
||||||
|
+runcon(1), sandbox(8), selinux(8)
|
||||||
|
+.PP
|
||||||
|
+.SH АВТОРЫ
|
||||||
|
+Эта страница руководства была написана
|
||||||
|
+.I Dan Walsh <dwalsh@redhat.com>
|
||||||
|
+и
|
||||||
|
+.I Thomas Liu <tliu@fedoraproject.org>.
|
||||||
|
+Перевод на русский язык выполнила
|
||||||
|
+.I Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -0,0 +1,62 @@
|
|||||||
|
From 066b9c9505aa545ea341efc06eb757f2a6000858 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 13 Nov 2023 13:37:48 +0100
|
||||||
|
Subject: [PATCH] Revert "restorecond: Remove the Russian translations"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
This reverts commit 7021ccd4fbecb8092e2a127944444a8eeb179357.
|
||||||
|
---
|
||||||
|
restorecond/ru/restorecond.8 | 41 ++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 41 insertions(+)
|
||||||
|
create mode 100644 restorecond/ru/restorecond.8
|
||||||
|
|
||||||
|
diff --git a/restorecond/ru/restorecond.8 b/restorecond/ru/restorecond.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..72d9119950eb
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/restorecond/ru/restorecond.8
|
||||||
|
@@ -0,0 +1,41 @@
|
||||||
|
+.TH "restorecond" "8" "2002031409" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+restorecond \- внутренняя служба, которая отслеживает создание файлов и затем задаёт для них SELinux-контекст по умолчанию
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+.B restorecond [\-d] [-h] [\-f restorecond_file ] [\-u] [\-v]
|
||||||
|
+.P
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Эта страница руководства содержит описание программы
|
||||||
|
+.BR restorecond.
|
||||||
|
+.P
|
||||||
|
+Эта внутренняя служба использует inotify для отслеживания файлов, перечисленных в /etc/selinux/restorecond.conf. После создания этих файлов эта служба обеспечивает присвоение им правильного контекста, связанного с политикой.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.B \-d
|
||||||
|
+Включить режим отладки. Приложение останется на переднем плане, будет показано много отладочных сообщений.
|
||||||
|
+.TP
|
||||||
|
+. B \-h
|
||||||
|
+Вывести сведения об использовании.
|
||||||
|
+.TP
|
||||||
|
+.B \-f restorecond_file
|
||||||
|
+Использовать альтернативный файл restorecond.conf.
|
||||||
|
+.TP
|
||||||
|
+.B \-u
|
||||||
|
+Включить пользовательский режим. Запускает restorecond в сеансе пользователя и выполняет чтение /etc/selinux/restorecond_user.conf. Использует dbus, чтобы удостовериться, что в одном сеансе пользователя запущен только один экземпляр restorecond.
|
||||||
|
+.TP
|
||||||
|
+.B \-v
|
||||||
|
+Включить отладку с подробным выводом. (Сообщать об отсутствующих файлах)
|
||||||
|
+
|
||||||
|
+.SH "ФАЙЛЫ"
|
||||||
|
+/etc/selinux/restorecond.conf
|
||||||
|
+/etc/selinux/restorecond_user.conf
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+.BR restorecon (8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница и программа были написаны Dan Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,306 +0,0 @@
|
|||||||
From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 6 Aug 2018 13:37:07 +0200
|
|
||||||
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
|
|
||||||
|
|
||||||
https://github.com/fedora-selinux/selinux/issues/43
|
|
||||||
---
|
|
||||||
gui/booleansPage.py | 2 +-
|
|
||||||
gui/domainsPage.py | 2 +-
|
|
||||||
gui/fcontextPage.py | 2 +-
|
|
||||||
gui/loginsPage.py | 2 +-
|
|
||||||
gui/modulesPage.py | 2 +-
|
|
||||||
gui/polgengui.py | 2 +-
|
|
||||||
gui/portsPage.py | 2 +-
|
|
||||||
gui/semanagePage.py | 2 +-
|
|
||||||
gui/statusPage.py | 2 +-
|
|
||||||
gui/system-config-selinux.py | 2 +-
|
|
||||||
gui/usersPage.py | 2 +-
|
|
||||||
python/chcat/chcat | 2 +-
|
|
||||||
python/semanage/semanage | 2 +-
|
|
||||||
python/semanage/seobject.py | 2 +-
|
|
||||||
python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +-
|
|
||||||
python/sepolicy/sepolicy.py | 2 +-
|
|
||||||
python/sepolicy/sepolicy/__init__.py | 2 +-
|
|
||||||
python/sepolicy/sepolicy/generate.py | 2 +-
|
|
||||||
python/sepolicy/sepolicy/gui.py | 2 +-
|
|
||||||
python/sepolicy/sepolicy/interface.py | 2 +-
|
|
||||||
sandbox/sandbox | 2 +-
|
|
||||||
21 files changed, 21 insertions(+), 21 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gui/booleansPage.py b/gui/booleansPage.py
|
|
||||||
index 7849bea2..dd12b6d6 100644
|
|
||||||
--- a/gui/booleansPage.py
|
|
||||||
+++ b/gui/booleansPage.py
|
|
||||||
@@ -38,7 +38,7 @@ DISABLED = 2
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/domainsPage.py b/gui/domainsPage.py
|
|
||||||
index bad5140d..6bbe4de5 100644
|
|
||||||
--- a/gui/domainsPage.py
|
|
||||||
+++ b/gui/domainsPage.py
|
|
||||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
|
||||||
index 370bbee4..e424366d 100644
|
|
||||||
--- a/gui/fcontextPage.py
|
|
||||||
+++ b/gui/fcontextPage.py
|
|
||||||
@@ -47,7 +47,7 @@ class context:
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/loginsPage.py b/gui/loginsPage.py
|
|
||||||
index b67eb8bc..cbfb0cc2 100644
|
|
||||||
--- a/gui/loginsPage.py
|
|
||||||
+++ b/gui/loginsPage.py
|
|
||||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
|
||||||
index cb856b2d..26ac5404 100644
|
|
||||||
--- a/gui/modulesPage.py
|
|
||||||
+++ b/gui/modulesPage.py
|
|
||||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/polgengui.py b/gui/polgengui.py
|
|
||||||
index b1cc9937..46a1bd2c 100644
|
|
||||||
--- a/gui/polgengui.py
|
|
||||||
+++ b/gui/polgengui.py
|
|
||||||
@@ -63,7 +63,7 @@ def get_all_modules():
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/portsPage.py b/gui/portsPage.py
|
|
||||||
index 30f58383..a537ecc8 100644
|
|
||||||
--- a/gui/portsPage.py
|
|
||||||
+++ b/gui/portsPage.py
|
|
||||||
@@ -35,7 +35,7 @@ from semanagePage import *
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/semanagePage.py b/gui/semanagePage.py
|
|
||||||
index 4127804f..5361d69c 100644
|
|
||||||
--- a/gui/semanagePage.py
|
|
||||||
+++ b/gui/semanagePage.py
|
|
||||||
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/statusPage.py b/gui/statusPage.py
|
|
||||||
index 766854b1..a8f079b9 100644
|
|
||||||
--- a/gui/statusPage.py
|
|
||||||
+++ b/gui/statusPage.py
|
|
||||||
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
|
|
||||||
index c42301b6..1e0d5eb1 100644
|
|
||||||
--- a/gui/system-config-selinux.py
|
|
||||||
+++ b/gui/system-config-selinux.py
|
|
||||||
@@ -45,7 +45,7 @@ import selinux
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/gui/usersPage.py b/gui/usersPage.py
|
|
||||||
index 26794ed5..d15d4c5a 100644
|
|
||||||
--- a/gui/usersPage.py
|
|
||||||
+++ b/gui/usersPage.py
|
|
||||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-gui"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/chcat/chcat b/python/chcat/chcat
|
|
||||||
index ba398684..df2509f2 100755
|
|
||||||
--- a/python/chcat/chcat
|
|
||||||
+++ b/python/chcat/chcat
|
|
||||||
@@ -30,7 +30,7 @@ import getopt
|
|
||||||
import selinux
|
|
||||||
import seobject
|
|
||||||
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index 144cc000..56db3e0d 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -27,7 +27,7 @@ import traceback
|
|
||||||
import argparse
|
|
||||||
import seobject
|
|
||||||
import sys
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
||||||
index 13fdf531..b90b1070 100644
|
|
||||||
--- a/python/semanage/seobject.py
|
|
||||||
+++ b/python/semanage/seobject.py
|
|
||||||
@@ -29,7 +29,7 @@ import sys
|
|
||||||
import stat
|
|
||||||
import socket
|
|
||||||
from semanage import *
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
import sepolicy
|
|
||||||
import setools
|
|
||||||
from IPy import IP
|
|
||||||
diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
|
||||||
index 998c4356..56ebd807 100644
|
|
||||||
--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
|
||||||
+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
|
||||||
@@ -19,7 +19,7 @@
|
|
||||||
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
- t = gettext.translation( 'yumex' )
|
|
||||||
+ t = gettext.translation( 'selinux-python' )
|
|
||||||
_ = t.gettext
|
|
||||||
except:
|
|
||||||
def _(str):
|
|
||||||
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
|
|
||||||
index 1934cd86..8bd6a579 100755
|
|
||||||
--- a/python/sepolicy/sepolicy.py
|
|
||||||
+++ b/python/sepolicy/sepolicy.py
|
|
||||||
@@ -27,7 +27,7 @@ import selinux
|
|
||||||
import sepolicy
|
|
||||||
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
|
|
||||||
import argparse
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index 0c66f4d5..b6ca57c3 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -13,7 +13,7 @@ import os
|
|
||||||
import re
|
|
||||||
import gzip
|
|
||||||
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
|
||||||
index 019e7836..7175d36b 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/generate.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/generate.py
|
|
||||||
@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
|
|
||||||
index 00fd7a11..805cee67 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/gui.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/gui.py
|
|
||||||
@@ -41,7 +41,7 @@ import os
|
|
||||||
import re
|
|
||||||
import unicodedata
|
|
||||||
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
|
|
||||||
index 583091ae..e2b8d23b 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/interface.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/interface.py
|
|
||||||
@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
|
|
||||||
##
|
|
||||||
## I18N
|
|
||||||
##
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
|
||||||
index 1dec07ac..a12403b3 100644
|
|
||||||
--- a/sandbox/sandbox
|
|
||||||
+++ b/sandbox/sandbox
|
|
||||||
@@ -37,7 +37,7 @@ import sepolicy
|
|
||||||
|
|
||||||
SEUNSHARE = "/usr/sbin/seunshare"
|
|
||||||
SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
|
|
||||||
-PROGNAME = "policycoreutils"
|
|
||||||
+PROGNAME = "selinux-sandbox"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
kwargs = {}
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
645
SOURCES/0014-Revert-python-Remove-the-Russian-translations.patch
Normal file
645
SOURCES/0014-Revert-python-Remove-the-Russian-translations.patch
Normal file
@ -0,0 +1,645 @@
|
|||||||
|
From 9f8bc9f0bdcd5fffeb1f68a9761ade647b16a504 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 13 Nov 2023 13:37:50 +0100
|
||||||
|
Subject: [PATCH] Revert "python: Remove the Russian translations"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
This reverts commit cb0b5f3aebbee84924413f8530d4f2c0e2609791.
|
||||||
|
---
|
||||||
|
python/sepolicy/ru/sepolgen.8 | 1 +
|
||||||
|
python/sepolicy/ru/sepolicy-booleans.8 | 29 ++++
|
||||||
|
python/sepolicy/ru/sepolicy-communicate.8 | 40 +++++
|
||||||
|
python/sepolicy/ru/sepolicy-generate.8 | 173 ++++++++++++++++++++++
|
||||||
|
python/sepolicy/ru/sepolicy-gui.8 | 29 ++++
|
||||||
|
python/sepolicy/ru/sepolicy-interface.8 | 41 +++++
|
||||||
|
python/sepolicy/ru/sepolicy-manpage.8 | 38 +++++
|
||||||
|
python/sepolicy/ru/sepolicy-network.8 | 90 +++++++++++
|
||||||
|
python/sepolicy/ru/sepolicy-transition.8 | 34 +++++
|
||||||
|
python/sepolicy/ru/sepolicy.8 | 77 ++++++++++
|
||||||
|
10 files changed, 552 insertions(+)
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolgen.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-booleans.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-communicate.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-generate.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-gui.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-interface.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-manpage.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-network.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy-transition.8
|
||||||
|
create mode 100644 python/sepolicy/ru/sepolicy.8
|
||||||
|
|
||||||
|
diff --git a/python/sepolicy/ru/sepolgen.8 b/python/sepolicy/ru/sepolgen.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..3ecf3eb2969b
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolgen.8
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+.so man8/sepolicy-generate.8
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-booleans.8 b/python/sepolicy/ru/sepolicy-booleans.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..0f8f8ef68235
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-booleans.8
|
||||||
|
@@ -0,0 +1,29 @@
|
||||||
|
+.TH "sepolicy-booleans" "8" "20121112" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-booleans \- запросить описание логических переключателей из политики SELinux
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy booleans [\-h] [ \-a | \-b booleanname ... ]
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Утилита sepolicy booleans показывает все логические переключатели и их описание (либо можно вывести описание для отдельных логических переключателей)
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-a, \-\-all
|
||||||
|
+показать все описания логических переключателей
|
||||||
|
+.TP
|
||||||
|
+.I \-b, \-\-boolean
|
||||||
|
+логический переключатель, для которого следует получить описание
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8), getsebool(8), setsebool(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-communicate.8 b/python/sepolicy/ru/sepolicy-communicate.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..3a8c535cb75a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-communicate.8
|
||||||
|
@@ -0,0 +1,40 @@
|
||||||
|
+.TH "sepolicy-communicate" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-communicate \- создать отчёт, который покажет, могут ли связываться два домена политики SELinux
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy communicate [\-h] \-s SOURCE \-t TARGET [\-c TCLASS] [\-S SOURCEACCESS] [\-T TARGETACCESS]
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Команда sepolicy communicate позволяет проанализировать политику SELinux, чтобы узнать, может ли исходный домен SELinux связываться с целевым доменом SELinux.
|
||||||
|
+Команда по умолчанию проверяет, имеются ли какие-либо типы файлов, которые может записывать исходный домен и читать целевой домен.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-c, \-\-class
|
||||||
|
+Указать класс SELinux, который исходный домен попытается использовать для связи с целевым доменом. По умолчанию: file.
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-s, \-\-source
|
||||||
|
+Указать тип исходного домена SELinux
|
||||||
|
+.TP
|
||||||
|
+.I \-S, \-\-sourceaccess
|
||||||
|
+Указать список доступов, используемых типом исходного домена SELinux для связи с целевым доменом. По умолчанию: Open, Write.
|
||||||
|
+.TP
|
||||||
|
+.I \-t, \-\-target
|
||||||
|
+Указать тип целевого домена SELinux
|
||||||
|
+.TP
|
||||||
|
+.I \-T, \-\-targetaccess
|
||||||
|
+Указать список доступов, используемых типом целевого домена SELinux для получения обращений от исходного домена. По умолчанию: Open, Read.
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
+
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-generate.8 b/python/sepolicy/ru/sepolicy-generate.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..d2e98861881a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-generate.8
|
||||||
|
@@ -0,0 +1,173 @@
|
||||||
|
+.TH "sepolicy-generate" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-generate \- создать исходный шаблон модуля политики SELinux.
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+Общие параметры
|
||||||
|
+
|
||||||
|
+.B sepolicy generate [\-h ] [\-p PATH]
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+Ограниченные приложения
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-application [\-n NAME] [\-u USER ]command [\-w WRITE_PATH ]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-cgi [\-n NAME] command [\-w WRITE_PATH ]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-dbus [\-n NAME] command [\-w WRITE_PATH ]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-inetd [\-n NAME] command [\-w WRITE_PATH ]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-init [\-n NAME] command [\-w WRITE_PATH ]
|
||||||
|
+
|
||||||
|
+Ограниченные пользователи
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-admin_user [\-r TRANSITION_ROLE] \-n NAME
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-confined_admin \-n NAME [\-a ADMIN_DOMAIN] [\-u USER] [\-n NAME] [\-w WRITE_PATH]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-desktop_user \-n NAME [\-w WRITE_PATH]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-term_user \-n NAME [\-w WRITE_PATH]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-x_user \-n NAME [\-w WRITE_PATH]
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+Разное
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-customize \-d DOMAIN \-n NAME [\-a ADMIN_DOMAIN]
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-newtype \-t type \-n NAME
|
||||||
|
+.br
|
||||||
|
+.B sepolicy generate \-\-sandbox \-n NAME
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Используйте команду \fBsepolicy generate\fP для создания модуля политики SELinux.
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+\fBsepolicy generate\fP создаст 5 файлов.
|
||||||
|
+
|
||||||
|
+При указании \fBconfined application\fP необходимо указать путь. Команда \fBsepolicy generate\fP будет использовать полезную нагрузку rpm-пакета приложения вместе с \fBnm \-D APPLICATION\fP, чтобы создать типы и правила политики для ваших файлов политики.
|
||||||
|
+
|
||||||
|
+.B Файл принудительного назначения типов NAME.te
|
||||||
|
+.br
|
||||||
|
+Этот файл можно использовать, чтобы определить для конкретного домена все правила типов.
|
||||||
|
+
|
||||||
|
+.I Примечание:
|
||||||
|
+Политика, созданная с помощью команды \fBsepolicy generate\fP, автоматически добавит разрешительный домен (DOMAIN) в ваш файл .te. Когда вы закончите настройку политики, из файла .te будет необходимо удалить разрешительную строку, чтобы запустить домен в принудительном режиме.
|
||||||
|
+
|
||||||
|
+.B Файл интерфейсов NAME.if
|
||||||
|
+.br
|
||||||
|
+Этот файл определяет интерфейсы для созданных в файле .te типов, которые могут использоваться другими доменами политики.
|
||||||
|
+
|
||||||
|
+.B Контексты файлов NAME.fc
|
||||||
|
+.br
|
||||||
|
+Этот файл определяет контексты файлов по умолчанию для системы; он берёт типы файлов, созданные в файле .te, и связывает пути файлов с этими типами. Такие утилиты, как restorecon и RPM, будут использовать эти пути для проставления меток.
|
||||||
|
+
|
||||||
|
+.B Файл спецификации RPM NAME_selinux.spec
|
||||||
|
+.br
|
||||||
|
+Этот файл - файл СПЕЦИФИКАЦИИ, который можно использовать для установки политики SELinux на компьютеры и настройки проставления меток. Файл спецификации также устанавливает файл интерфейсов и man-страницу с описанием политики. Для создания man-страницы можно использовать команду \fBsepolicy manpage \-d NAME\fP.
|
||||||
|
+
|
||||||
|
+.B Файл оболочки NAME.sh
|
||||||
|
+.br
|
||||||
|
+Это вспомогательный сценарий оболочки для компиляции, установки и исправления меток в тестовой системе. Он также создаёт man-страницу на основе установленной политики, компилирует и собирает RPM, который подходит для установки на других компьютерах.
|
||||||
|
+
|
||||||
|
+Если создание возможно, эта утилита выведет на экран все пути создания из исходного домена в целевой домен
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-d, \-\-domain
|
||||||
|
+Ввести тип домена, который будет расширен
|
||||||
|
+.TP
|
||||||
|
+.I \-n, \-\-name
|
||||||
|
+Указать альтернативное имя политики. По умолчанию: указанный исполняемый файл или имя.
|
||||||
|
+.TP
|
||||||
|
+.I \-p, \-\-path
|
||||||
|
+Указать каталог для сохранения созданных файлов политики. По умолчанию: текущий рабочий каталог.
|
||||||
|
+Необязательные аргументы:
|
||||||
|
+.TP
|
||||||
|
+.I \-r, \-\-role
|
||||||
|
+Ввести роль (роли), в которую перейдёт этот администратор
|
||||||
|
+.TP
|
||||||
|
+.I \-t, \-\-type
|
||||||
|
+Ввести тип (типы), для которого создаётся новое определение и правило (правила)
|
||||||
|
+.TP
|
||||||
|
+.I \-u, \-\-user
|
||||||
|
+Пользователь (пользователи) SELinux, который перейдёт в этот домен
|
||||||
|
+.TP
|
||||||
|
+.I \-w, \-\-writepath
|
||||||
|
+Путь (пути), который требуется для записи ограниченным процессам
|
||||||
|
+.TP
|
||||||
|
+.I \-a, \-\-admin
|
||||||
|
+Домен (домены), который будет администрировать ограниченный администратор
|
||||||
|
+.TP
|
||||||
|
+.I \-\-admin_user
|
||||||
|
+Создать политику для роли авторизации администратора
|
||||||
|
+.TP
|
||||||
|
+.I \-\-application
|
||||||
|
+Создать политику для приложения пользователя
|
||||||
|
+.TP
|
||||||
|
+.I \-\-cgi
|
||||||
|
+Создать политику для веб-приложения/сценария (CGI)
|
||||||
|
+.TP
|
||||||
|
+.I \-\-confined_admin
|
||||||
|
+Создать политику для роли ограниченного администратора root
|
||||||
|
+.TP
|
||||||
|
+.I \-\-customize
|
||||||
|
+Создать политику для типа существующего домена
|
||||||
|
+.TP
|
||||||
|
+.I \-\-dbus
|
||||||
|
+Создать политику для системной внутренней службы DBUS
|
||||||
|
+.TP
|
||||||
|
+.I \-\-desktop_user
|
||||||
|
+Создать политику для роли авторизации на рабочем столе
|
||||||
|
+.TP
|
||||||
|
+.I \-\-inetd
|
||||||
|
+Создать политику для внутренней службы Интернет-служб
|
||||||
|
+.TP
|
||||||
|
+.I \-\-init
|
||||||
|
+Создать политику для стандартной внутренней службы init (по умолчанию)
|
||||||
|
+.TP
|
||||||
|
+.I \-\-newtype
|
||||||
|
+Создать политику для новых типов, которые будут добавлены в существующую политику.
|
||||||
|
+.TP
|
||||||
|
+.I \-\-sandbox
|
||||||
|
+Создать политику для изолированной среды
|
||||||
|
+.TP
|
||||||
|
+.I \-\-term_user
|
||||||
|
+Создать политику для минимальной роли авторизации пользователя терминала
|
||||||
|
+.TP
|
||||||
|
+.I \-\-x_user
|
||||||
|
+Создать политику для минимальной роли авторизации пользователя X Windows
|
||||||
|
+
|
||||||
|
+.SH "ПРИМЕР"
|
||||||
|
+.B > sepolicy generate --init /usr/sbin/rwhod
|
||||||
|
+.br
|
||||||
|
+Создание политики для /usr/sbin/rwhod с именем rwhod
|
||||||
|
+.br
|
||||||
|
+Созданы следующие файлы:
|
||||||
|
+.br
|
||||||
|
+rwhod.te # файл принудительного присвоения типов
|
||||||
|
+.br
|
||||||
|
+rwhod.if # файл интерфейсов
|
||||||
|
+.br
|
||||||
|
+rwhod.fc # файл контекстов файлов
|
||||||
|
+.br
|
||||||
|
+rwhod_selinux.spec # файл спецификации
|
||||||
|
+.br
|
||||||
|
+rwhod.sh # сценарий настройки
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-gui.8 b/python/sepolicy/ru/sepolicy-gui.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..1912c58b30e1
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-gui.8
|
||||||
|
@@ -0,0 +1,29 @@
|
||||||
|
+.TH "sepolicy-gui" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-gui \- графический интерфейс пользователя политики SELinux
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+Общие параметры
|
||||||
|
+
|
||||||
|
+.B sepolicy gui [\-h ] [ \-d DOMAIN ]
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Используйте утилиту \fBsepolicy gui\fP для запуска графического интерфейса пользователя, с помощью которого можно посмотреть, как SELinux ограничивает различные домены процессов.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-d, \-\-domain
|
||||||
|
+Инициализировать для выбранного домена графический интерфейс пользователя
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-interface.8 b/python/sepolicy/ru/sepolicy-interface.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..b78a7925fd5e
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-interface.8
|
||||||
|
@@ -0,0 +1,41 @@
|
||||||
|
+.TH "sepolicy-interface" "8" "20121222" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-interface \- вывести сведения об интерфейсах на основе установленной политики SELinux
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy interface [\-h] [\-c] [\-v] [\-a | \-u | \-l | \-i INTERFACE [INTERFACE ... ]]
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Используйте утилиту sepolicy interface для вывода сведений об интерфейсах на основе политики SELinux.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-a, \-\-list_admin
|
||||||
|
+Вывести список всех доменов с интерфейсом администратора
|
||||||
|
+.TP
|
||||||
|
+.I \-c, \-\-compile
|
||||||
|
+Проверить сборку интерфейсов
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-i, \-\-interface
|
||||||
|
+Интерфейс (интерфейсы), которые следует показать
|
||||||
|
+.TP
|
||||||
|
+.I \-l, \-\-list
|
||||||
|
+Вывести список всех интерфейсов
|
||||||
|
+.TP
|
||||||
|
+.I \-u, \-\-list_user
|
||||||
|
+Вывести список всех доменов с интерфейсом роли пользователя SELinux
|
||||||
|
+.TP
|
||||||
|
+.I \-v, \-\-verbose
|
||||||
|
+Показать расширенные сведения об интерфейсе, включая параметры и описание (если доступно).
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-manpage.8 b/python/sepolicy/ru/sepolicy-manpage.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..35d7c683d9e6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-manpage.8
|
||||||
|
@@ -0,0 +1,38 @@
|
||||||
|
+.TH "sepolicy-manpage" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-manpage \- создать man-страницу на основе установленной политики SELinux
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy manpage [\-w] [\-h] [\-p PATH ] [\-r ROOTDIR ] [\-a | \-d ]
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Используйте утилиту sepolicy manpage для создания man-страниц на основе политики SELinux.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-a, \-\-all
|
||||||
|
+Создать man-страницы для всех доменов
|
||||||
|
+.TP
|
||||||
|
+.I \-d, \-\-domain
|
||||||
|
+Создать man-страницу для указанного домена. (Поддерживает несколько команд)
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-p, \-\-path
|
||||||
|
+Указать каталог для сохранения созданных man-страниц. (По умолчанию: /tmp)
|
||||||
|
+.TP
|
||||||
|
+.I \-r, \-\-root
|
||||||
|
+Указать альтернативный корневой каталог для создания man-страниц. (По умолчанию: /)
|
||||||
|
+.TP
|
||||||
|
+.I \-w, \-\-web
|
||||||
|
+Создать дополнительные man-страницы в формате HTML для указанного домена (доменов).
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-network.8 b/python/sepolicy/ru/sepolicy-network.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..ba78eced9d90
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-network.8
|
||||||
|
@@ -0,0 +1,90 @@
|
||||||
|
+.TH "sepolicy-network" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-network \- проанализировать политику SELinux и создать отчёт о сети
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy network [\-h] (\-l | \-a application [application ...] | \-p PORT [PORT ...] | \-t TYPE [TYPE ...] | \-d DOMAIN [DOMAIN ...])
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Используйте команду sepolicy network для анализа политики SELinux и создания отчётов о сети.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-a, \-\-application
|
||||||
|
+Создать отчёт с перечнем портов, к которым разрешено подключение и/или привязка указанного приложения инициализации.
|
||||||
|
+.TP
|
||||||
|
+.I \-d, \-\-domain
|
||||||
|
+Создать отчёт с перечнем портов, к которым разрешено подключение и/или привязка указанного домена.
|
||||||
|
+.TP
|
||||||
|
+.I \-l, \-\-list
|
||||||
|
+Вывести список всех типов сетевых портов, определённых в политике SELinux
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-t, \-\-type
|
||||||
|
+Создать отчёт с перечнем номеров портов, связанных с указанным типом портов SELinux.
|
||||||
|
+.TP
|
||||||
|
+.I \-p, \-\-port
|
||||||
|
+Создать отчёт с перечнем типов портов SELinux, связанных с указанным номером порта.
|
||||||
|
+
|
||||||
|
+.SH "ПРИМЕРЫ"
|
||||||
|
+
|
||||||
|
+.B sepolicy network -p 22
|
||||||
|
+.br
|
||||||
|
+22: tcp ssh_port_t 22
|
||||||
|
+.br
|
||||||
|
+22: udp reserved_port_t 1-511
|
||||||
|
+.br
|
||||||
|
+22: tcp reserved_port_t 1-511
|
||||||
|
+
|
||||||
|
+.B sepolicy network -a /usr/sbin/sshd
|
||||||
|
+.br
|
||||||
|
+sshd_t: tcp name_connect
|
||||||
|
+.br
|
||||||
|
+ 111 (portmap_port_t)
|
||||||
|
+.br
|
||||||
|
+ 53 (dns_port_t)
|
||||||
|
+.br
|
||||||
|
+ 88, 750, 4444 (kerberos_port_t)
|
||||||
|
+.br
|
||||||
|
+ 9080 (ocsp_port_t)
|
||||||
|
+.br
|
||||||
|
+ 9180, 9701, 9443-9447 (pki_ca_port_t)
|
||||||
|
+.br
|
||||||
|
+ 32768-61000 (ephemeral_port_t)
|
||||||
|
+.br
|
||||||
|
+ all ports < 1024 (reserved_port_type)
|
||||||
|
+.br
|
||||||
|
+ all ports with out defined types (port_t)
|
||||||
|
+.br
|
||||||
|
+sshd_t: tcp name_bind
|
||||||
|
+.br
|
||||||
|
+ 22 (ssh_port_t)
|
||||||
|
+.br
|
||||||
|
+ 5900-5983, 5985-5999 (vnc_port_t)
|
||||||
|
+.br
|
||||||
|
+ 6000-6020 (xserver_port_t)
|
||||||
|
+.br
|
||||||
|
+ 32768-61000 (ephemeral_port_t)
|
||||||
|
+.br
|
||||||
|
+ all ports > 500 and < 1024 (rpc_port_type)
|
||||||
|
+.br
|
||||||
|
+ all ports with out defined types (port_t)
|
||||||
|
+.br
|
||||||
|
+sshd_t: udp name_bind
|
||||||
|
+.br
|
||||||
|
+ 32768-61000 (ephemeral_port_t)
|
||||||
|
+.br
|
||||||
|
+ all ports > 500 and < 1024 (rpc_port_type)
|
||||||
|
+.br
|
||||||
|
+ all ports with out defined types (port_t)
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8), semanage(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy-transition.8 b/python/sepolicy/ru/sepolicy-transition.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..77c2520376dc
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy-transition.8
|
||||||
|
@@ -0,0 +1,34 @@
|
||||||
|
+.TH "sepolicy-transition" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy-transition \- проанализировать политику SELinux и создать отчёт о переходах процессов
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy transition [\-h] \-s SOURCE
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+.B sepolicy transition [\-h] \-s SOURCE \-t TARGET
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+Утилита sepolicy transition покажет все домены, в которые может перейти указанный исходный домен SELinux, включая точку входа.
|
||||||
|
+
|
||||||
|
+Если указан целевой домен, команда sepolicy transition проанализирует политику на предмет наличия путей перехода из исходного домена в целевой домен и выведет список этих путей. Если переход возможен, эта утилита выведет все пути перехода из исходного домена в целевой домен.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+.TP
|
||||||
|
+.I \-s, \-\-source
|
||||||
|
+Указать тип исходного домена SELinux
|
||||||
|
+.TP
|
||||||
|
+.I \-t, \-\-target
|
||||||
|
+Указать тип целевого домена SELinux
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+sepolicy(8), selinux(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/python/sepolicy/ru/sepolicy.8 b/python/sepolicy/ru/sepolicy.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..1d8d39112e15
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/python/sepolicy/ru/sepolicy.8
|
||||||
|
@@ -0,0 +1,77 @@
|
||||||
|
+.TH "sepolicy" "8" "20121005" "" ""
|
||||||
|
+.SH "ИМЯ"
|
||||||
|
+sepolicy \- утилита анализа политики SELinux
|
||||||
|
+
|
||||||
|
+.SH "ОБЗОР"
|
||||||
|
+.B sepolicy [-h] [-P policy_path ] {booleans,communicate,generate,interface,manpage,network,transition} OPTIONS
|
||||||
|
+
|
||||||
|
+.br
|
||||||
|
+Аргументы:
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B booleans
|
||||||
|
+.br
|
||||||
|
+Отправить запрос к политике SELinux, чтобы просмотреть описание логических переключателей
|
||||||
|
+.B sepolicy-boolean(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B communicate
|
||||||
|
+.br
|
||||||
|
+Отправить запрос к политике SELinux, чтобы узнать, могут ли домены связываться друг с другом
|
||||||
|
+.B sepolicy-communicate(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B generate
|
||||||
|
+.br
|
||||||
|
+Создать шаблон модуля политики SELinux
|
||||||
|
+.B sepolicy-generate(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B gui
|
||||||
|
+.br
|
||||||
|
+Запустить графический интерфейс пользователя политики SELinux (требуется пакет policycoreutils-gui)
|
||||||
|
+.B sepolicy-gui(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B interface
|
||||||
|
+.br
|
||||||
|
+.br
|
||||||
|
+Вывести сведения интерфейса политики SELinux
|
||||||
|
+.B sepolicy-interface(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B manpage
|
||||||
|
+.br
|
||||||
|
+Создать man-страницы SELinux
|
||||||
|
+.B sepolicy-manpage(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B network
|
||||||
|
+.br
|
||||||
|
+Запросить сведения о сети политики SELinux
|
||||||
|
+.B sepolicy-network(8)
|
||||||
|
+.br
|
||||||
|
+
|
||||||
|
+.B transition
|
||||||
|
+.br
|
||||||
|
+Отправить запрос к политике SELinux, чтобы узнать, как исходный домен процесса может перейти в целевой домен процесса
|
||||||
|
+.B sepolicy-transition(8)
|
||||||
|
+
|
||||||
|
+.SH "ОПИСАНИЕ"
|
||||||
|
+sepolicy - это набор средств, опрашивающих установленную политику SELinux и создающих полезные отчёты, man-страницы или даже новые модули политики.
|
||||||
|
+Параметры и их описание доступны на man-страницах соответствующих аргументов.
|
||||||
|
+
|
||||||
|
+.SH "ПАРАМЕТРЫ"
|
||||||
|
+.TP
|
||||||
|
+.I \-P, \-\-policy
|
||||||
|
+Альтернативная политика для анализа. (По умолчанию: текущая установленная политика /sys/fs/selinux/policy)
|
||||||
|
+.TP
|
||||||
|
+.I \-h, \-\-help
|
||||||
|
+Показать справочное сообщение
|
||||||
|
+
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8),sepolicy-gui(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8)
|
||||||
|
+
|
||||||
|
+.SH "АВТОРЫ"
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>.
|
||||||
|
+Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
1325
SOURCES/0015-Revert-python-Remove-the-Russian-translations.patch
Normal file
1325
SOURCES/0015-Revert-python-Remove-the-Russian-translations.patch
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,30 +0,0 @@
|
|||||||
From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 21 Mar 2018 08:51:31 +0100
|
|
||||||
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
|
|
||||||
|
|
||||||
The "-q" switch is becoming obsolete (completely unused in fedora) and
|
|
||||||
debug output ("-d" switch) makes sense in any scenario. Therefore both
|
|
||||||
options can be specified at once.
|
|
||||||
|
|
||||||
Resolves: rhbz#1271327
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/setfiles.8 | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
|
||||||
index ccaaf4de..a8a76c86 100644
|
|
||||||
--- a/policycoreutils/setfiles/setfiles.8
|
|
||||||
+++ b/policycoreutils/setfiles/setfiles.8
|
|
||||||
@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
|
|
||||||
.TP
|
|
||||||
.B \-d
|
|
||||||
show what specification matched each file (do not abort validation
|
|
||||||
-after ABORT_ON_ERRORS errors).
|
|
||||||
+after ABORT_ON_ERRORS errors). Not affected by "\-q"
|
|
||||||
.TP
|
|
||||||
.BI \-e \ directory
|
|
||||||
directory to exclude (repeat option for more than one directory).
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
100
SOURCES/0017-Revert-gui-Remove-the-Russian-translations.patch
Normal file
100
SOURCES/0017-Revert-gui-Remove-the-Russian-translations.patch
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
From c22c5bfc40dd572e18352ba418570a12aa335796 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 13 Nov 2023 13:38:04 +0100
|
||||||
|
Subject: [PATCH] Revert "gui: Remove the Russian translations"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
This reverts commit fb58fa97359c9206bccdb1088f92245d6fa0095e.
|
||||||
|
---
|
||||||
|
gui/ru/selinux-polgengui.8 | 35 +++++++++++++++++++++++++++++++++
|
||||||
|
gui/ru/system-config-selinux.8 | 36 ++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 71 insertions(+)
|
||||||
|
create mode 100644 gui/ru/selinux-polgengui.8
|
||||||
|
create mode 100644 gui/ru/system-config-selinux.8
|
||||||
|
|
||||||
|
diff --git a/gui/ru/selinux-polgengui.8 b/gui/ru/selinux-polgengui.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..a8e692a64d38
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/gui/ru/selinux-polgengui.8
|
||||||
|
@@ -0,0 +1,35 @@
|
||||||
|
+.TH "selinux-polgengui" "8" "8 апреля 2013" "Руководство по утилитам настройки системы"
|
||||||
|
+
|
||||||
|
+.SH ИМЯ
|
||||||
|
+selinux\-polgengui \- утилита для создания политики SELinux
|
||||||
|
+
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B selinux-polgengui
|
||||||
|
+
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+\fBselinux-polgengui\fP - графическая утилита, которую можно использовать, чтобы создать платформу для сборки политики SELinux.
|
||||||
|
+.SH ПАРАМЕТРЫ
|
||||||
|
+Нет
|
||||||
|
+
|
||||||
|
+.SH ФАЙЛЫ
|
||||||
|
+\fi/usr/bin/selinux-polgengui\fP
|
||||||
|
+
|
||||||
|
+.SH Примеры
|
||||||
|
+Чтобы запустить программу, введите:
|
||||||
|
+
|
||||||
|
+selinux-polgengui
|
||||||
|
+
|
||||||
|
+.PP
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+.TP
|
||||||
|
+selinux(1), sepolicy(8), sepolicy-generate(8)
|
||||||
|
+.PP
|
||||||
|
+
|
||||||
|
+.SH СООБЩЕНИЯ ОБ ОШИБКАХ
|
||||||
|
+Отправляйте сообщения об ошибках по адресу <http://bugzilla.redhat.com>.
|
||||||
|
+
|
||||||
|
+.SH ЛИЦЕНЗИЯ И АВТОРЫ
|
||||||
|
+\fBselinux-polgengui\fP распространяется на условиях Стандартной Общественной Лицензии
|
||||||
|
+GNU, авторские права принадлежат Red Hat, Inc.
|
||||||
|
+.br
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>. Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
diff --git a/gui/ru/system-config-selinux.8 b/gui/ru/system-config-selinux.8
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..0b91a3bd62fc
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/gui/ru/system-config-selinux.8
|
||||||
|
@@ -0,0 +1,36 @@
|
||||||
|
+.TH "system-config-selinux" "8" "8 апреля 2013" "Руководство по утилитам настройки системы"
|
||||||
|
+
|
||||||
|
+.SH ИМЯ
|
||||||
|
+system\-config\-selinux \- утилита для управления SELinux
|
||||||
|
+
|
||||||
|
+.SH ОБЗОР
|
||||||
|
+.B system-config-selinux
|
||||||
|
+
|
||||||
|
+.SH ОПИСАНИЕ
|
||||||
|
+Утилита \fBsystem-config-selinux\fP предоставляет графический интерфейс для управления конфигурацией SELinux.
|
||||||
|
+
|
||||||
|
+.SH ПАРАМЕТРЫ
|
||||||
|
+Нет
|
||||||
|
+
|
||||||
|
+.SH ФАЙЛЫ
|
||||||
|
+\fi/usr/bin/system-config-selinux\fP
|
||||||
|
+
|
||||||
|
+.SH Примеры
|
||||||
|
+Чтобы запустить программу, введите:
|
||||||
|
+
|
||||||
|
+system-config-selinux
|
||||||
|
+
|
||||||
|
+.PP
|
||||||
|
+.SH "СМОТРИТЕ ТАКЖЕ"
|
||||||
|
+.TP
|
||||||
|
+selinux(1), semanage(8)
|
||||||
|
+.PP
|
||||||
|
+
|
||||||
|
+.SH СООБЩЕНИЯ ОБ ОШИБКАХ
|
||||||
|
+Отправляйте сообщения об ошибках по адресу <http://bugzilla.redhat.com>.
|
||||||
|
+
|
||||||
|
+.SH ЛИЦЕНЗИЯ И АВТОРЫ
|
||||||
|
+\fBsystem-config-selinux\fP распространяется на условиях Стандартной Общественной Лицензии
|
||||||
|
+GNU, авторские права принадлежат Red Hat, Inc.
|
||||||
|
+.br
|
||||||
|
+Эта man-страница была написана Daniel Walsh <dwalsh@redhat.com>. Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,7 +1,8 @@
|
|||||||
From 108a7d43dd8fa4f5cb682f9df9c15304fa4eddea Mon Sep 17 00:00:00 2001
|
From 78e4c9f2c2e97d23a67254647339d3c75bb7986d Mon Sep 17 00:00:00 2001
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Date: Wed, 14 Feb 2024 13:08:40 +0100
|
Date: Wed, 14 Feb 2024 13:08:40 +0100
|
||||||
Subject: [PATCH] python/semanage: Allow modifying records on "add"
|
Subject: [PATCH] python/semanage: Allow modifying records on "add"
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
When trying to add a record with a key that already exists, modify
|
When trying to add a record with a key that already exists, modify
|
||||||
the existing record instead.
|
the existing record instead.
|
||||||
@ -20,17 +21,16 @@ Fixes:
|
|||||||
login, ibpkey, ibendport, node, interface and fcontext.
|
login, ibpkey, ibendport, node, interface and fcontext.
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
---
|
||||||
python/semanage/semanage | 2 +-
|
python/semanage/semanage | 2 +-
|
||||||
python/semanage/seobject.py | 208 +++++++++++++++++++++++++-----------
|
python/semanage/seobject.py | 208 +++++++++++++++++++++++++-----------
|
||||||
2 files changed, 147 insertions(+), 63 deletions(-)
|
2 files changed, 147 insertions(+), 63 deletions(-)
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||||
index 1f170f60..f55751b6 100644
|
index 4fdb490f7df4..b269b9fca65b 100644
|
||||||
--- a/python/semanage/semanage
|
--- a/python/semanage/semanage
|
||||||
+++ b/python/semanage/semanage
|
+++ b/python/semanage/semanage
|
||||||
@@ -316,7 +316,7 @@ def handleFcontext(args):
|
@@ -322,7 +322,7 @@ def handleFcontext(args):
|
||||||
OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser)
|
OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser)
|
||||||
if args.action == "modify":
|
if args.action == "modify":
|
||||||
if args.equal:
|
if args.equal:
|
||||||
@ -40,10 +40,10 @@ index 1f170f60..f55751b6 100644
|
|||||||
OBJECT.modify(args.file_spec, args.type, args.ftype, args.range, args.seuser)
|
OBJECT.modify(args.file_spec, args.type, args.ftype, args.range, args.seuser)
|
||||||
if args.action == "delete":
|
if args.action == "delete":
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||||
index dd915a69..f6c559a7 100644
|
index cc944ae202c9..12133b53fe91 100644
|
||||||
--- a/python/semanage/seobject.py
|
--- a/python/semanage/seobject.py
|
||||||
+++ b/python/semanage/seobject.py
|
+++ b/python/semanage/seobject.py
|
||||||
@@ -560,11 +560,6 @@ class loginRecords(semanageRecords):
|
@@ -557,11 +557,6 @@ class loginRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create a key for %s") % name)
|
raise ValueError(_("Could not create a key for %s") % name)
|
||||||
|
|
||||||
@ -55,7 +55,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
if name[0] == '%':
|
if name[0] == '%':
|
||||||
try:
|
try:
|
||||||
grp.getgrnam(name[1:])
|
grp.getgrnam(name[1:])
|
||||||
@@ -603,11 +598,29 @@ class loginRecords(semanageRecords):
|
@@ -600,11 +595,29 @@ class loginRecords(semanageRecords):
|
||||||
def add(self, name, sename, serange):
|
def add(self, name, sename, serange):
|
||||||
try:
|
try:
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -86,7 +86,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
def __modify(self, name, sename="", serange=""):
|
def __modify(self, name, sename="", serange=""):
|
||||||
rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
|
rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
|
||||||
if sename == "" and serange == "":
|
if sename == "" and serange == "":
|
||||||
@@ -824,12 +837,6 @@ class seluserRecords(semanageRecords):
|
@@ -821,12 +834,6 @@ class seluserRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create a key for %s") % name)
|
raise ValueError(_("Could not create a key for %s") % name)
|
||||||
|
|
||||||
@ -99,7 +99,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
(rc, u) = semanage_user_create(self.sh)
|
(rc, u) = semanage_user_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create SELinux user for %s") % name)
|
raise ValueError(_("Could not create SELinux user for %s") % name)
|
||||||
@@ -869,12 +876,28 @@ class seluserRecords(semanageRecords):
|
@@ -866,12 +873,28 @@ class seluserRecords(semanageRecords):
|
||||||
def add(self, name, roles, selevel, serange, prefix):
|
def add(self, name, roles, selevel, serange, prefix):
|
||||||
try:
|
try:
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -129,20 +129,20 @@ index dd915a69..f6c559a7 100644
|
|||||||
def __modify(self, name, roles=[], selevel="", serange="", prefix=""):
|
def __modify(self, name, roles=[], selevel="", serange="", prefix=""):
|
||||||
oldserole = ""
|
oldserole = ""
|
||||||
oldserange = ""
|
oldserange = ""
|
||||||
@@ -1102,12 +1125,6 @@ class portRecords(semanageRecords):
|
@@ -1103,12 +1126,6 @@ class portRecords(semanageRecords):
|
||||||
|
|
||||||
(k, proto_d, low, high) = self.__genkey(port, proto)
|
(k, proto_d, low, high) = self.__genkey(port, proto)
|
||||||
|
|
||||||
- (rc, exists) = semanage_port_exists(self.sh, k)
|
- (rc, exists) = semanage_port_exists(self.sh, k)
|
||||||
- if rc < 0:
|
- if rc < 0:
|
||||||
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
- raise ValueError(_("Could not check if port {proto}/{port} is defined").format(proto=proto, port=port))
|
||||||
- if exists:
|
- if exists:
|
||||||
- raise ValueError(_("Port %s/%s already defined") % (proto, port))
|
- raise ValueError(_("Port {proto}/{port} already defined").format(proto=proto, port=port))
|
||||||
-
|
-
|
||||||
(rc, p) = semanage_port_create(self.sh)
|
(rc, p) = semanage_port_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create port for %s/%s") % (proto, port))
|
raise ValueError(_("Could not create port for {proto}/{port}").format(proto=proto, port=port))
|
||||||
@@ -1151,9 +1168,23 @@ class portRecords(semanageRecords):
|
@@ -1152,9 +1169,23 @@ class portRecords(semanageRecords):
|
||||||
|
|
||||||
def add(self, port, proto, serange, type):
|
def add(self, port, proto, serange, type):
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -167,20 +167,20 @@ index dd915a69..f6c559a7 100644
|
|||||||
def __modify(self, port, proto, serange, setype):
|
def __modify(self, port, proto, serange, setype):
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
@@ -1376,12 +1407,6 @@ class ibpkeyRecords(semanageRecords):
|
@@ -1377,12 +1408,6 @@ class ibpkeyRecords(semanageRecords):
|
||||||
|
|
||||||
(k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix)
|
(k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix)
|
||||||
|
|
||||||
- (rc, exists) = semanage_ibpkey_exists(self.sh, k)
|
- (rc, exists) = semanage_ibpkey_exists(self.sh, k)
|
||||||
- if rc < 0:
|
- if rc < 0:
|
||||||
- raise ValueError(_("Could not check if ibpkey %s/%s is defined") % (subnet_prefix, pkey))
|
- raise ValueError(_("Could not check if ibpkey {subnet_prefix}/{pkey} is defined").formnat(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||||
- if exists:
|
- if exists:
|
||||||
- raise ValueError(_("ibpkey %s/%s already defined") % (subnet_prefix, pkey))
|
- raise ValueError(_("ibpkey {subnet_prefix}/{pkey} already defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||||
-
|
-
|
||||||
(rc, p) = semanage_ibpkey_create(self.sh)
|
(rc, p) = semanage_ibpkey_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create ibpkey for %s/%s") % (subnet_prefix, pkey))
|
raise ValueError(_("Could not create ibpkey for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||||
@@ -1423,9 +1448,23 @@ class ibpkeyRecords(semanageRecords):
|
@@ -1424,9 +1449,23 @@ class ibpkeyRecords(semanageRecords):
|
||||||
|
|
||||||
def add(self, pkey, subnet_prefix, serange, type):
|
def add(self, pkey, subnet_prefix, serange, type):
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -205,20 +205,20 @@ index dd915a69..f6c559a7 100644
|
|||||||
def __modify(self, pkey, subnet_prefix, serange, setype):
|
def __modify(self, pkey, subnet_prefix, serange, setype):
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
@@ -1630,12 +1669,6 @@ class ibendportRecords(semanageRecords):
|
@@ -1631,12 +1670,6 @@ class ibendportRecords(semanageRecords):
|
||||||
raise ValueError(_("Type %s is invalid, must be an ibendport type") % type)
|
raise ValueError(_("Type %s is invalid, must be an ibendport type") % type)
|
||||||
(k, ibendport, port) = self.__genkey(ibendport, ibdev_name)
|
(k, ibendport, port) = self.__genkey(ibendport, ibdev_name)
|
||||||
|
|
||||||
- (rc, exists) = semanage_ibendport_exists(self.sh, k)
|
- (rc, exists) = semanage_ibendport_exists(self.sh, k)
|
||||||
- if rc < 0:
|
- if rc < 0:
|
||||||
- raise ValueError(_("Could not check if ibendport %s/%s is defined") % (ibdev_name, port))
|
- raise ValueError(_("Could not check if ibendport {ibdev_name}/{port} is defined").format(ibdev_name=ibdev_name, port=port))
|
||||||
- if exists:
|
- if exists:
|
||||||
- raise ValueError(_("ibendport %s/%s already defined") % (ibdev_name, port))
|
- raise ValueError(_("ibendport {ibdev_name}/{port} already defined").format(ibdev_name=ibdev_name, port=port))
|
||||||
-
|
-
|
||||||
(rc, p) = semanage_ibendport_create(self.sh)
|
(rc, p) = semanage_ibendport_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create ibendport for %s/%s") % (ibdev_name, port))
|
raise ValueError(_("Could not create ibendport for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||||
@@ -1677,9 +1710,23 @@ class ibendportRecords(semanageRecords):
|
@@ -1678,9 +1711,23 @@ class ibendportRecords(semanageRecords):
|
||||||
|
|
||||||
def add(self, ibendport, ibdev_name, serange, type):
|
def add(self, ibendport, ibdev_name, serange, type):
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -243,20 +243,20 @@ index dd915a69..f6c559a7 100644
|
|||||||
def __modify(self, ibendport, ibdev_name, serange, setype):
|
def __modify(self, ibendport, ibdev_name, serange, setype):
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
@@ -1891,12 +1938,6 @@ class nodeRecords(semanageRecords):
|
@@ -1902,12 +1949,6 @@ class nodeRecords(semanageRecords):
|
||||||
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create key for %s") % addr)
|
raise ValueError(_("Could not create key for %s") % addr)
|
||||||
|
|
||||||
|
- (rc, exists) = semanage_node_exists(self.sh, k)
|
||||||
- if rc < 0:
|
- if rc < 0:
|
||||||
- raise ValueError(_("Could not check if addr %s is defined") % addr)
|
- raise ValueError(_("Could not check if addr %s is defined") % addr)
|
||||||
-
|
|
||||||
- (rc, exists) = semanage_node_exists(self.sh, k)
|
|
||||||
- if exists:
|
- if exists:
|
||||||
- raise ValueError(_("Addr %s already defined") % addr)
|
- raise ValueError(_("Addr %s already defined") % addr)
|
||||||
|
-
|
||||||
(rc, node) = semanage_node_create(self.sh)
|
(rc, node) = semanage_node_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1945,9 +1986,27 @@ class nodeRecords(semanageRecords):
|
raise ValueError(_("Could not create addr for %s") % addr)
|
||||||
|
@@ -1955,9 +1996,27 @@ class nodeRecords(semanageRecords):
|
||||||
|
|
||||||
def add(self, addr, mask, proto, serange, ctype):
|
def add(self, addr, mask, proto, serange, ctype):
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -269,7 +269,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
+ def __exists(self, addr, mask, proto):
|
+ def __exists(self, addr, mask, proto):
|
||||||
+ addr, mask, proto = self.validate(addr, mask, proto)
|
+ addr, mask, proto, audit_proto = self.validate(addr, mask, proto)
|
||||||
+
|
+
|
||||||
+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
||||||
+ if rc < 0:
|
+ if rc < 0:
|
||||||
@ -283,9 +283,9 @@ index dd915a69..f6c559a7 100644
|
|||||||
+ return exists
|
+ return exists
|
||||||
+
|
+
|
||||||
def __modify(self, addr, mask, proto, serange, setype):
|
def __modify(self, addr, mask, proto, serange, setype):
|
||||||
addr, mask, proto = self.validate(addr, mask, proto)
|
addr, mask, proto, audit_proto = self.validate(addr, mask, proto)
|
||||||
|
|
||||||
@@ -2102,12 +2161,6 @@ class interfaceRecords(semanageRecords):
|
@@ -2111,12 +2170,6 @@ class interfaceRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create key for %s") % interface)
|
raise ValueError(_("Could not create key for %s") % interface)
|
||||||
|
|
||||||
@ -298,7 +298,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
(rc, iface) = semanage_iface_create(self.sh)
|
(rc, iface) = semanage_iface_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create interface for %s") % interface)
|
raise ValueError(_("Could not create interface for %s") % interface)
|
||||||
@@ -2154,9 +2207,25 @@ class interfaceRecords(semanageRecords):
|
@@ -2163,9 +2216,25 @@ class interfaceRecords(semanageRecords):
|
||||||
|
|
||||||
def add(self, interface, serange, ctype):
|
def add(self, interface, serange, ctype):
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -325,7 +325,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
def __modify(self, interface, serange, setype):
|
def __modify(self, interface, serange, setype):
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
raise ValueError(_("Requires setype or serange"))
|
raise ValueError(_("Requires setype or serange"))
|
||||||
@@ -2344,7 +2413,13 @@ class fcontextRecords(semanageRecords):
|
@@ -2353,7 +2422,13 @@ class fcontextRecords(semanageRecords):
|
||||||
raise ValueError(_("Substitute %s is not valid. Substitute is not allowed to end with '/'") % substitute)
|
raise ValueError(_("Substitute %s is not valid. Substitute is not allowed to end with '/'") % substitute)
|
||||||
|
|
||||||
if target in self.equiv.keys():
|
if target in self.equiv.keys():
|
||||||
@ -340,7 +340,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
self.validate(target)
|
self.validate(target)
|
||||||
|
|
||||||
for fdict in (self.equiv, self.equiv_dist):
|
for fdict in (self.equiv, self.equiv_dist):
|
||||||
@@ -2420,18 +2495,6 @@ class fcontextRecords(semanageRecords):
|
@@ -2429,18 +2504,6 @@ class fcontextRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create key for %s") % target)
|
raise ValueError(_("Could not create key for %s") % target)
|
||||||
|
|
||||||
@ -359,7 +359,7 @@ index dd915a69..f6c559a7 100644
|
|||||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create file context for %s") % target)
|
raise ValueError(_("Could not create file context for %s") % target)
|
||||||
@@ -2470,9 +2533,30 @@ class fcontextRecords(semanageRecords):
|
@@ -2479,9 +2542,30 @@ class fcontextRecords(semanageRecords):
|
||||||
|
|
||||||
def add(self, target, type, ftype="", serange="", seuser="system_u"):
|
def add(self, target, type, ftype="", serange="", seuser="system_u"):
|
||||||
self.begin()
|
self.begin()
|
||||||
@ -392,5 +392,5 @@ index dd915a69..f6c559a7 100644
|
|||||||
if serange == "" and setype == "" and seuser == "":
|
if serange == "" and setype == "" and seuser == "":
|
||||||
raise ValueError(_("Requires setype, serange or seuser"))
|
raise ValueError(_("Requires setype, serange or seuser"))
|
||||||
--
|
--
|
||||||
2.43.0
|
2.43.2
|
||||||
|
|
@ -1,24 +0,0 @@
|
|||||||
From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 8 Nov 2018 09:20:58 +0100
|
|
||||||
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
|
|
||||||
|
|
||||||
---
|
|
||||||
semodule-utils/semodule_package/semodule_package.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
|
|
||||||
index 3515234e..7b75b3fd 100644
|
|
||||||
--- a/semodule-utils/semodule_package/semodule_package.c
|
|
||||||
+++ b/semodule-utils/semodule_package/semodule_package.c
|
|
||||||
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
|
|
||||||
}
|
|
||||||
if (!sb.st_size) {
|
|
||||||
*len = 0;
|
|
||||||
+ close(fd);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
|||||||
From b6fa6e77d5d40a5c1b5f4be95500aa1a05147e5b Mon Sep 17 00:00:00 2001
|
From 616db16b5729a9473cf27edc32a03f38eca417e7 Mon Sep 17 00:00:00 2001
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Date: Wed, 7 Feb 2024 15:46:23 +0100
|
Date: Wed, 7 Feb 2024 15:46:23 +0100
|
||||||
Subject: [PATCH] python/semanage: Do not sort local fcontext definitions
|
Subject: [PATCH] python/semanage: Do not sort local fcontext definitions
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
Entries in file_contexts.local are processed from the most recent one to
|
Entries in file_contexts.local are processed from the most recent one to
|
||||||
the oldest, with first match being used. Therefore it is important to
|
the oldest, with first match being used. Therefore it is important to
|
||||||
@ -9,17 +10,16 @@ preserve their order when listing (semanage fcontext -lC) and exporting
|
|||||||
(semanage export).
|
(semanage export).
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
---
|
||||||
gui/fcontextPage.py | 6 +++++-
|
gui/fcontextPage.py | 6 +++++-
|
||||||
python/semanage/seobject.py | 9 +++++++--
|
python/semanage/seobject.py | 9 +++++++--
|
||||||
2 files changed, 12 insertions(+), 3 deletions(-)
|
2 files changed, 12 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
||||||
index e424366d..01a403a2 100644
|
index 767664f26ec8..c88df580400f 100644
|
||||||
--- a/gui/fcontextPage.py
|
--- a/gui/fcontextPage.py
|
||||||
+++ b/gui/fcontextPage.py
|
+++ b/gui/fcontextPage.py
|
||||||
@@ -125,7 +125,11 @@ class fcontextPage(semanagePage):
|
@@ -133,7 +133,11 @@ class fcontextPage(semanagePage):
|
||||||
self.fcontext = seobject.fcontextRecords()
|
self.fcontext = seobject.fcontextRecords()
|
||||||
self.store.clear()
|
self.store.clear()
|
||||||
fcon_dict = self.fcontext.get_all(self.local)
|
fcon_dict = self.fcontext.get_all(self.local)
|
||||||
@ -33,10 +33,10 @@ index e424366d..01a403a2 100644
|
|||||||
continue
|
continue
|
||||||
iter = self.store.append()
|
iter = self.store.append()
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||||
index 0e923a0d..dd915a69 100644
|
index dfb15b1d77e4..25ec43154848 100644
|
||||||
--- a/python/semanage/seobject.py
|
--- a/python/semanage/seobject.py
|
||||||
+++ b/python/semanage/seobject.py
|
+++ b/python/semanage/seobject.py
|
||||||
@@ -2644,7 +2644,7 @@ class fcontextRecords(semanageRecords):
|
@@ -2735,7 +2735,7 @@ class fcontextRecords(semanageRecords):
|
||||||
def customized(self):
|
def customized(self):
|
||||||
l = []
|
l = []
|
||||||
fcon_dict = self.get_all(True)
|
fcon_dict = self.get_all(True)
|
||||||
@ -45,7 +45,7 @@ index 0e923a0d..dd915a69 100644
|
|||||||
if fcon_dict[k]:
|
if fcon_dict[k]:
|
||||||
if fcon_dict[k][3]:
|
if fcon_dict[k][3]:
|
||||||
l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
|
l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
|
||||||
@@ -2661,7 +2661,12 @@ class fcontextRecords(semanageRecords):
|
@@ -2752,7 +2752,12 @@ class fcontextRecords(semanageRecords):
|
||||||
if len(fcon_dict) != 0:
|
if len(fcon_dict) != 0:
|
||||||
if heading:
|
if heading:
|
||||||
print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")))
|
print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")))
|
@ -1,45 +0,0 @@
|
|||||||
From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 3 Dec 2018 14:40:09 +0100
|
|
||||||
Subject: [PATCH] python: Use ipaddress instead of IPy
|
|
||||||
|
|
||||||
ipaddress module was added in python 3.3 and this allows us to drop python3-IPy
|
|
||||||
---
|
|
||||||
python/semanage/seobject.py | 12 ++++++------
|
|
||||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
||||||
index b90b1070..58497e3b 100644
|
|
||||||
--- a/python/semanage/seobject.py
|
|
||||||
+++ b/python/semanage/seobject.py
|
|
||||||
@@ -32,7 +32,7 @@ from semanage import *
|
|
||||||
PROGNAME = "selinux-python"
|
|
||||||
import sepolicy
|
|
||||||
import setools
|
|
||||||
-from IPy import IP
|
|
||||||
+import ipaddress
|
|
||||||
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords):
|
|
||||||
|
|
||||||
# verify valid comination
|
|
||||||
if len(mask) == 0 or mask[0] == "/":
|
|
||||||
- i = IP(addr + mask)
|
|
||||||
- newaddr = i.strNormal(0)
|
|
||||||
- newmask = str(i.netmask())
|
|
||||||
- if newmask == "0.0.0.0" and i.version() == 6:
|
|
||||||
+ i = ipaddress.ip_network(addr + mask)
|
|
||||||
+ newaddr = str(i.network_address)
|
|
||||||
+ newmask = str(i.netmask)
|
|
||||||
+ if newmask == "0.0.0.0" and i.version == 6:
|
|
||||||
newmask = "::"
|
|
||||||
|
|
||||||
- protocol = "ipv%d" % i.version()
|
|
||||||
+ protocol = "ipv%d" % i.version
|
|
||||||
|
|
||||||
try:
|
|
||||||
newprotocol = self.protocol.index(protocol)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,93 +0,0 @@
|
|||||||
From 5938d18536f4c0a76521d1f0721e981e6570b012 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 4 Apr 2019 23:02:56 +0200
|
|
||||||
Subject: [PATCH] python/semanage: Do not traceback when the default policy is
|
|
||||||
not available
|
|
||||||
|
|
||||||
"import seobject" causes "import sepolicy" which crashes when the system policy
|
|
||||||
is not available. It's better to provide an error message instead.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 37 +++++++++++++++++++++----------------
|
|
||||||
1 file changed, 21 insertions(+), 16 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index 56db3e0d..4c766ae3 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -25,7 +25,6 @@
|
|
||||||
|
|
||||||
import traceback
|
|
||||||
import argparse
|
|
||||||
-import seobject
|
|
||||||
import sys
|
|
||||||
PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action):
|
|
||||||
sys.exit(1)
|
|
||||||
setattr(namespace, self.dest, values)
|
|
||||||
|
|
||||||
-# define dictonary for seobject OBEJCTS
|
|
||||||
-object_dict = {
|
|
||||||
- 'login': seobject.loginRecords,
|
|
||||||
- 'user': seobject.seluserRecords,
|
|
||||||
- 'port': seobject.portRecords,
|
|
||||||
- 'module': seobject.moduleRecords,
|
|
||||||
- 'interface': seobject.interfaceRecords,
|
|
||||||
- 'node': seobject.nodeRecords,
|
|
||||||
- 'fcontext': seobject.fcontextRecords,
|
|
||||||
- 'boolean': seobject.booleanRecords,
|
|
||||||
- 'permissive': seobject.permissiveRecords,
|
|
||||||
- 'dontaudit': seobject.dontauditClass,
|
|
||||||
- 'ibpkey': seobject.ibpkeyRecords,
|
|
||||||
- 'ibendport': seobject.ibendportRecords
|
|
||||||
-}
|
|
||||||
|
|
||||||
def generate_custom_usage(usage_text, usage_dict):
|
|
||||||
# generate custom usage from given text and dictonary
|
|
||||||
@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers):
|
|
||||||
|
|
||||||
|
|
||||||
def handleModule(args):
|
|
||||||
+ import seobject
|
|
||||||
OBJECT = seobject.moduleRecords(args)
|
|
||||||
if args.action_add:
|
|
||||||
OBJECT.add(args.action_add[0], args.priority)
|
|
||||||
@@ -846,6 +831,7 @@ def mkargv(line):
|
|
||||||
|
|
||||||
|
|
||||||
def handleImport(args):
|
|
||||||
+ import seobject
|
|
||||||
trans = seobject.semanageRecords(args)
|
|
||||||
trans.start()
|
|
||||||
|
|
||||||
@@ -887,6 +873,25 @@ def createCommandParser():
|
|
||||||
#To add a new subcommand define the parser for it in a function above and call it here.
|
|
||||||
subparsers = commandParser.add_subparsers(dest='subcommand')
|
|
||||||
subparsers.required = True
|
|
||||||
+
|
|
||||||
+ import seobject
|
|
||||||
+ # define dictonary for seobject OBEJCTS
|
|
||||||
+ global object_dict
|
|
||||||
+ object_dict = {
|
|
||||||
+ 'login': seobject.loginRecords,
|
|
||||||
+ 'user': seobject.seluserRecords,
|
|
||||||
+ 'port': seobject.portRecords,
|
|
||||||
+ 'module': seobject.moduleRecords,
|
|
||||||
+ 'interface': seobject.interfaceRecords,
|
|
||||||
+ 'node': seobject.nodeRecords,
|
|
||||||
+ 'fcontext': seobject.fcontextRecords,
|
|
||||||
+ 'boolean': seobject.booleanRecords,
|
|
||||||
+ 'permissive': seobject.permissiveRecords,
|
|
||||||
+ 'dontaudit': seobject.dontauditClass,
|
|
||||||
+ 'ibpkey': seobject.ibpkeyRecords,
|
|
||||||
+ 'ibendport': seobject.ibendportRecords
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
setupImportParser(subparsers)
|
|
||||||
setupExportParser(subparsers)
|
|
||||||
setupLoginParser(subparsers)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,108 +0,0 @@
|
|||||||
From 99582e3bf63475b7af5793bb9230e88d847dc7c8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 2 Jul 2019 17:11:32 +0200
|
|
||||||
Subject: [PATCH] policycoreutils/fixfiles: Fix [-B] [-F] onboot
|
|
||||||
|
|
||||||
Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel"
|
|
||||||
command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
|
|
||||||
`fixfiles -B onboot` to show usage instead of updating /.autorelabel
|
|
||||||
|
|
||||||
The code is restructured to handle -B for different modes correctly.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
# fixfiles -B onboot
|
|
||||||
Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel
|
|
||||||
...
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/scripts/fixfiles | 29 +++++++++++++++--------------
|
|
||||||
1 file changed, 15 insertions(+), 14 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
|
||||||
index 53d28c7b..9dd44213 100755
|
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
|
||||||
@@ -112,7 +112,7 @@ VERBOSE="-p"
|
|
||||||
FORCEFLAG=""
|
|
||||||
RPMFILES=""
|
|
||||||
PREFC=""
|
|
||||||
-RESTORE_MODE="DEFAULT"
|
|
||||||
+RESTORE_MODE=""
|
|
||||||
SETFILES=/sbin/setfiles
|
|
||||||
RESTORECON=/sbin/restorecon
|
|
||||||
FILESYSTEMSRW=`get_rw_labeled_mounts`
|
|
||||||
@@ -214,16 +214,17 @@ restore () {
|
|
||||||
OPTION=$1
|
|
||||||
shift
|
|
||||||
|
|
||||||
-case "$RESTORE_MODE" in
|
|
||||||
- PREFC)
|
|
||||||
- diff_filecontext $*
|
|
||||||
- return
|
|
||||||
- ;;
|
|
||||||
- BOOTTIME)
|
|
||||||
+# [-B | -N time ]
|
|
||||||
+if [ -z "$BOOTTIME" ]; then
|
|
||||||
newer $BOOTTIME $*
|
|
||||||
return
|
|
||||||
- ;;
|
|
||||||
-esac
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
+# -C PREVIOUS_FILECONTEXT
|
|
||||||
+if [ "$RESTORE_MODE" == PREFC ]; then
|
|
||||||
+ diff_filecontext $*
|
|
||||||
+ return
|
|
||||||
+fi
|
|
||||||
|
|
||||||
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
|
||||||
|
|
||||||
@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in
|
|
||||||
FILEPATH)
|
|
||||||
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
|
|
||||||
;;
|
|
||||||
- DEFAULT)
|
|
||||||
+ *)
|
|
||||||
if [ -n "${FILESYSTEMSRW}" ]; then
|
|
||||||
LogReadOnly
|
|
||||||
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
|
|
||||||
@@ -272,7 +273,7 @@ fullrelabel() {
|
|
||||||
|
|
||||||
|
|
||||||
relabel() {
|
|
||||||
- if [ "$RESTORE_MODE" != DEFAULT ]; then
|
|
||||||
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
|
||||||
usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
@@ -306,7 +307,7 @@ case "$1" in
|
|
||||||
verify) restore Verify -n;;
|
|
||||||
relabel) relabel;;
|
|
||||||
onboot)
|
|
||||||
- if [ "$RESTORE_MODE" != DEFAULT ]; then
|
|
||||||
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
|
||||||
usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then
|
|
||||||
fi
|
|
||||||
|
|
||||||
set_restore_mode() {
|
|
||||||
- if [ "$RESTORE_MODE" != DEFAULT ]; then
|
|
||||||
+ if [ -n "$RESTORE_MODE" ]; then
|
|
||||||
# can't specify two different modes
|
|
||||||
usage
|
|
||||||
exit 1
|
|
||||||
@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do
|
|
||||||
case "$i" in
|
|
||||||
B)
|
|
||||||
BOOTTIME=`/bin/who -b | awk '{print $3}'`
|
|
||||||
- set_restore_mode BOOTTIME
|
|
||||||
+ set_restore_mode DEFAULT
|
|
||||||
;;
|
|
||||||
N)
|
|
||||||
BOOTTIME=$OPTARG
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 2 Jul 2019 17:12:07 +0200
|
|
||||||
Subject: [PATCH] policycoreutils/fixfiles: Force full relabel when SELinux is
|
|
||||||
disabled
|
|
||||||
|
|
||||||
The previous check used getfilecon to check whether / slash contains a label,
|
|
||||||
but getfilecon fails only when SELinux is disabled. Therefore it's better to
|
|
||||||
check this using selinuxenabled.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/scripts/fixfiles | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
|
||||||
index 9dd44213..a9d27d13 100755
|
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
|
||||||
@@ -314,8 +314,8 @@ case "$1" in
|
|
||||||
> /.autorelabel || exit $?
|
|
||||||
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
|
||||||
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
|
||||||
- # Force full relabel if / does not have a label on it
|
|
||||||
- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
|
|
||||||
+ # Force full relabel if SELinux is not enabled
|
|
||||||
+ selinuxenabled || echo -F > /.autorelabel
|
|
||||||
echo "System will relabel on next boot"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
From 7383f8fbab82826de21d3013a43680867642e49e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 21 Aug 2019 17:43:25 +0200
|
|
||||||
Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem
|
|
||||||
|
|
||||||
Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix
|
|
||||||
[-B] [-F] onboot"), which broke "fixfiles relabel":
|
|
||||||
|
|
||||||
#fixfiles relabel
|
|
||||||
/sbin/fixfiles: line 151: $1: unbound variable
|
|
||||||
|
|
||||||
Resolves: rhbz#1743213
|
|
||||||
---
|
|
||||||
policycoreutils/scripts/fixfiles | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
|
||||||
index a9d27d13..df0042aa 100755
|
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
|
||||||
@@ -215,7 +215,7 @@ OPTION=$1
|
|
||||||
shift
|
|
||||||
|
|
||||||
# [-B | -N time ]
|
|
||||||
-if [ -z "$BOOTTIME" ]; then
|
|
||||||
+if [ -n "$BOOTTIME" ]; then
|
|
||||||
newer $BOOTTIME $*
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,38 +0,0 @@
|
|||||||
From f6c67c02f25d3a8971dcc5667121236fab85dd65 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 29 Aug 2019 08:58:20 +0200
|
|
||||||
Subject: [PATCH] gui: Fix remove module in system-config-selinux
|
|
||||||
|
|
||||||
When a user tried to remove a policy module with priority other than 400 via
|
|
||||||
GUI, it failed with a message:
|
|
||||||
|
|
||||||
libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
|
|
||||||
|
|
||||||
This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
|
|
||||||
"semodule -r NAME".
|
|
||||||
|
|
||||||
From Jono Hein <fredwacko40@hotmail.com>
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
gui/modulesPage.py | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
|
||||||
index 26ac5404..35a0129b 100644
|
|
||||||
--- a/gui/modulesPage.py
|
|
||||||
+++ b/gui/modulesPage.py
|
|
||||||
@@ -125,9 +125,10 @@ class modulesPage(semanagePage):
|
|
||||||
def delete(self):
|
|
||||||
store, iter = self.view.get_selection().get_selected()
|
|
||||||
module = store.get_value(iter, 0)
|
|
||||||
+ priority = store.get_value(iter, 1)
|
|
||||||
try:
|
|
||||||
self.wait()
|
|
||||||
- status, output = getstatusoutput("semodule -r %s" % module)
|
|
||||||
+ status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module))
|
|
||||||
self.ready()
|
|
||||||
if status != 0:
|
|
||||||
self.error(output)
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From c2e942fc452bff06cc5ed9017afe169c6941f4e4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 3 Sep 2019 15:17:27 +0200
|
|
||||||
Subject: [PATCH] python/semanage: Do not use default s0 range in "semanage
|
|
||||||
login -a"
|
|
||||||
|
|
||||||
Using the "s0" default means that new login mappings are always added with "s0"
|
|
||||||
range instead of the range of SELinux user.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index 4c766ae3..fa78afce 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -221,7 +221,7 @@ def parser_add_level(parser, name):
|
|
||||||
|
|
||||||
|
|
||||||
def parser_add_range(parser, name):
|
|
||||||
- parser.add_argument('-r', '--range', default="s0",
|
|
||||||
+ parser.add_argument('-r', '--range', default='',
|
|
||||||
help=_('''
|
|
||||||
MLS/MCS Security Range (MLS/MCS Systems only)
|
|
||||||
SELinux Range for SELinux login mapping
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
From 4733a594c5df14f64293d19f16498e68dc5e3a98 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 24 Sep 2019 08:41:30 +0200
|
|
||||||
Subject: [PATCH] policycoreutils/fixfiles: Fix "verify" option
|
|
||||||
|
|
||||||
"restorecon -n" (used in the "restore" function) has to be used with
|
|
||||||
"-v" to display the files whose labels would be changed.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
Fixfiles verify does not report misslabelled files unless "-v" option is
|
|
||||||
used.
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/scripts/fixfiles | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
|
||||||
index df0042aa..be19e56c 100755
|
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
|
||||||
@@ -304,7 +304,7 @@ process() {
|
|
||||||
case "$1" in
|
|
||||||
restore) restore Relabel;;
|
|
||||||
check) VERBOSE="-v"; restore Check -n;;
|
|
||||||
- verify) restore Verify -n;;
|
|
||||||
+ verify) VERBOSE="-v"; restore Verify -n;;
|
|
||||||
relabel) relabel;;
|
|
||||||
onboot)
|
|
||||||
if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,102 +0,0 @@
|
|||||||
From 0803fcb2c014b2cedf8f4d92b80fc382916477ee Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Fri, 27 Sep 2019 16:13:47 +0200
|
|
||||||
Subject: [PATCH] python/semanage: Improve handling of "permissive" statements
|
|
||||||
|
|
||||||
- Add "customized" method to permissiveRecords which is than used for
|
|
||||||
"semanage permissive --extract" and "semanage export"
|
|
||||||
- Enable "semanage permissive --deleteall" (already implemented)
|
|
||||||
- Add "permissive" to the list of modules exported using
|
|
||||||
"semanage export"
|
|
||||||
- Update "semanage permissive" man page
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 11 ++++++++---
|
|
||||||
python/semanage/semanage-permissive.8 | 8 +++++++-
|
|
||||||
python/semanage/seobject.py | 3 +++
|
|
||||||
3 files changed, 18 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index fa78afce..b2bd9df9 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -722,6 +722,11 @@ def handlePermissive(args):
|
|
||||||
|
|
||||||
if args.action == "list":
|
|
||||||
OBJECT.list(args.noheading)
|
|
||||||
+ elif args.action == "deleteall":
|
|
||||||
+ OBJECT.deleteall()
|
|
||||||
+ elif args.action == "extract":
|
|
||||||
+ for i in OBJECT.customized():
|
|
||||||
+ print("permissive %s" % str(i))
|
|
||||||
elif args.type is not None:
|
|
||||||
if args.action == "add":
|
|
||||||
OBJECT.add(args.type)
|
|
||||||
@@ -737,9 +742,9 @@ def setupPermissiveParser(subparsers):
|
|
||||||
pgroup = permissiveParser.add_mutually_exclusive_group(required=True)
|
|
||||||
parser_add_add(pgroup, "permissive")
|
|
||||||
parser_add_delete(pgroup, "permissive")
|
|
||||||
+ parser_add_deleteall(pgroup, "permissive")
|
|
||||||
+ parser_add_extract(pgroup, "permissive")
|
|
||||||
parser_add_list(pgroup, "permissive")
|
|
||||||
- #TODO: probably should be also added => need to implement own option handling
|
|
||||||
- #parser_add_deleteall(pgroup)
|
|
||||||
|
|
||||||
parser_add_noheading(permissiveParser, "permissive")
|
|
||||||
parser_add_noreload(permissiveParser, "permissive")
|
|
||||||
@@ -763,7 +768,7 @@ def setupDontauditParser(subparsers):
|
|
||||||
|
|
||||||
|
|
||||||
def handleExport(args):
|
|
||||||
- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"]
|
|
||||||
+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey", "permissive"]
|
|
||||||
for i in manageditems:
|
|
||||||
print("%s -D" % i)
|
|
||||||
for i in manageditems:
|
|
||||||
diff --git a/python/semanage/semanage-permissive.8 b/python/semanage/semanage-permissive.8
|
|
||||||
index 1999a451..5c3364fa 100644
|
|
||||||
--- a/python/semanage/semanage-permissive.8
|
|
||||||
+++ b/python/semanage/semanage-permissive.8
|
|
||||||
@@ -2,7 +2,7 @@
|
|
||||||
.SH "NAME"
|
|
||||||
.B semanage\-permissive \- SELinux Policy Management permissive mapping tool
|
|
||||||
.SH "SYNOPSIS"
|
|
||||||
-.B semanage permissive [\-h] (\-a | \-d | \-l) [\-n] [\-N] [\-S STORE] [type]
|
|
||||||
+.B semanage permissive [\-h] [\-n] [\-N] [\-S STORE] (\-\-add TYPE | \-\-delete TYPE | \-\-deleteall | \-\-extract | \-\-list)
|
|
||||||
|
|
||||||
.SH "DESCRIPTION"
|
|
||||||
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage permissive adds or removes a SELinux Policy permissive module.
|
|
||||||
@@ -18,9 +18,15 @@ Add a record of the specified object type
|
|
||||||
.I \-d, \-\-delete
|
|
||||||
Delete a record of the specified object type
|
|
||||||
.TP
|
|
||||||
+.I \-D, \-\-deleteall
|
|
||||||
+Remove all local customizations of permissive domains
|
|
||||||
+.TP
|
|
||||||
.I \-l, \-\-list
|
|
||||||
List records of the specified object type
|
|
||||||
.TP
|
|
||||||
+.I \-E, \-\-extract
|
|
||||||
+Extract customizable commands, for use within a transaction
|
|
||||||
+.TP
|
|
||||||
.I \-n, \-\-noheading
|
|
||||||
Do not print heading when listing the specified object type
|
|
||||||
.TP
|
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
||||||
index 58497e3b..3959abc8 100644
|
|
||||||
--- a/python/semanage/seobject.py
|
|
||||||
+++ b/python/semanage/seobject.py
|
|
||||||
@@ -478,6 +478,9 @@ class permissiveRecords(semanageRecords):
|
|
||||||
l.append(name.split("permissive_")[1])
|
|
||||||
return l
|
|
||||||
|
|
||||||
+ def customized(self):
|
|
||||||
+ return ["-a %s" % x for x in sorted(self.get_all())]
|
|
||||||
+
|
|
||||||
def list(self, heading=1, locallist=0):
|
|
||||||
all = [y["name"] for y in [x for x in sepolicy.info(sepolicy.TYPE) if x["permissive"]]]
|
|
||||||
if len(all) == 0:
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 7cc31c4799dd94ed516a39d853744bd1ffb6dc69 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 30 Sep 2019 09:49:04 +0200
|
|
||||||
Subject: [PATCH] python/semanage: fix moduleRecords.customized()
|
|
||||||
|
|
||||||
Return value of "customized" has to be iterable.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
"semanage export" with no modules in the system (eg. monolithic policy)
|
|
||||||
crashes:
|
|
||||||
|
|
||||||
Traceback (most recent call last):
|
|
||||||
File "/usr/sbin/semanage", line 970, in <module>
|
|
||||||
do_parser()
|
|
||||||
File "/usr/sbin/semanage", line 949, in do_parser
|
|
||||||
args.func(args)
|
|
||||||
File "/usr/sbin/semanage", line 771, in handleExport
|
|
||||||
for c in OBJECT.customized():
|
|
||||||
TypeError: 'NoneType' object is not iterable
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/seobject.py | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
||||||
index 3959abc8..16edacaa 100644
|
|
||||||
--- a/python/semanage/seobject.py
|
|
||||||
+++ b/python/semanage/seobject.py
|
|
||||||
@@ -380,7 +380,7 @@ class moduleRecords(semanageRecords):
|
|
||||||
def customized(self):
|
|
||||||
all = self.get_all()
|
|
||||||
if len(all) == 0:
|
|
||||||
- return
|
|
||||||
+ return []
|
|
||||||
return ["-d %s" % x[0] for x in [t for t in all if t[1] == 0]]
|
|
||||||
|
|
||||||
def list(self, heading=1, locallist=0):
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
|||||||
From 7cbfcec89a6972f9c700687ed3cef25ff0846461 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 8 Oct 2019 14:22:13 +0200
|
|
||||||
Subject: [PATCH] python/semanage: Add support for DCCP and SCTP protocols
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
# semanage port -a -p sctp -t port_t 1234
|
|
||||||
ValueError: Protocol udp or tcp is required
|
|
||||||
# semanage port -d -p sctp -t port_t 1234
|
|
||||||
ValueError: Protocol udp or tcp is required
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/seobject.py | 14 ++++++++------
|
|
||||||
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
||||||
index 16edacaa..70ebfd08 100644
|
|
||||||
--- a/python/semanage/seobject.py
|
|
||||||
+++ b/python/semanage/seobject.py
|
|
||||||
@@ -1058,13 +1058,15 @@ class portRecords(semanageRecords):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def __genkey(self, port, proto):
|
|
||||||
- if proto == "tcp":
|
|
||||||
- proto_d = SEMANAGE_PROTO_TCP
|
|
||||||
+ protocols = {"tcp": SEMANAGE_PROTO_TCP,
|
|
||||||
+ "udp": SEMANAGE_PROTO_UDP,
|
|
||||||
+ "sctp": SEMANAGE_PROTO_SCTP,
|
|
||||||
+ "dccp": SEMANAGE_PROTO_DCCP}
|
|
||||||
+
|
|
||||||
+ if proto in protocols.keys():
|
|
||||||
+ proto_d = protocols[proto]
|
|
||||||
else:
|
|
||||||
- if proto == "udp":
|
|
||||||
- proto_d = SEMANAGE_PROTO_UDP
|
|
||||||
- else:
|
|
||||||
- raise ValueError(_("Protocol udp or tcp is required"))
|
|
||||||
+ raise ValueError(_("Protocol has to be one of udp, tcp, dccp or sctp"))
|
|
||||||
if port == "":
|
|
||||||
raise ValueError(_("Port is required"))
|
|
||||||
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From 6e5ccf2dd3329b400b70b7806b9c6128c5c50995 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Fri, 15 Nov 2019 09:15:49 +0100
|
|
||||||
Subject: [PATCH] dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot
|
|
||||||
|
|
||||||
When org.selinux.relabel_on_boot(0) was called twice, it failed with
|
|
||||||
FileNotFoundError.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
$ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
|
|
||||||
method return sender=:1.53 -> dest=:1.54 reply_serial=2
|
|
||||||
$ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
|
|
||||||
method return sender=:1.53 -> dest=:1.55 reply_serial=2
|
|
||||||
$ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
|
|
||||||
Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
dbus/selinux_server.py | 5 ++++-
|
|
||||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
|
|
||||||
index b9debc071485..be4f4557a9fa 100644
|
|
||||||
--- a/dbus/selinux_server.py
|
|
||||||
+++ b/dbus/selinux_server.py
|
|
||||||
@@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
|
|
||||||
fd = open("/.autorelabel", "w")
|
|
||||||
fd.close()
|
|
||||||
else:
|
|
||||||
- os.unlink("/.autorelabel")
|
|
||||||
+ try:
|
|
||||||
+ os.unlink("/.autorelabel")
|
|
||||||
+ except FileNotFoundError:
|
|
||||||
+ pass
|
|
||||||
|
|
||||||
def write_selinux_config(self, enforcing=None, policy=None):
|
|
||||||
path = selinux.selinux_path() + "config"
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,200 +0,0 @@
|
|||||||
From 76371721bafed56efcb7a83b3fa3285383ede5b7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Baichuan Kong <kongbaichuan@huawei.com>
|
|
||||||
Date: Thu, 14 Nov 2019 10:48:07 +0800
|
|
||||||
Subject: [PATCH] restorecond: Fix redundant console log output error
|
|
||||||
|
|
||||||
When starting restorecond without any option the following redundant
|
|
||||||
console log is outputed:
|
|
||||||
|
|
||||||
/dev/log 100.0%
|
|
||||||
/var/volatile/run/syslogd.pid 100.0%
|
|
||||||
...
|
|
||||||
|
|
||||||
This is caused by two global variables of same name r_opts. When
|
|
||||||
executes r_opts = opts in restore_init(), it originally intends
|
|
||||||
to assign the address of struct r_opts in "restorecond.c" to the
|
|
||||||
pointer *r_opts in "restore.c".
|
|
||||||
|
|
||||||
However, the address is assigned to the struct r_opts and covers
|
|
||||||
the value of low eight bytes in it. That causes unexpected value
|
|
||||||
of member varibale 'nochange' and 'verbose' in struct r_opts, thus
|
|
||||||
affects value of 'restorecon_flags' and executes unexpected operations
|
|
||||||
when restorecon the files such as the redundant console log output or
|
|
||||||
file label nochange.
|
|
||||||
|
|
||||||
Cause restorecond/restore.c is copied from policycoreutils/setfiles,
|
|
||||||
which share the same pattern. It also has potential risk to generate
|
|
||||||
same problems, So fix it in case.
|
|
||||||
|
|
||||||
Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
|
|
||||||
|
|
||||||
(cherry-picked from SElinuxProject
|
|
||||||
commit ad2208ec220f55877a4d31084be2b4d6413ee082)
|
|
||||||
|
|
||||||
Resolves: rhbz#1626468
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/restore.c | 42 ++++++++++++++----------------
|
|
||||||
restorecond/restore.c | 40 +++++++++++++---------------
|
|
||||||
2 files changed, 37 insertions(+), 45 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
|
||||||
index 9dea5656..d3335d1a 100644
|
|
||||||
--- a/policycoreutils/setfiles/restore.c
|
|
||||||
+++ b/policycoreutils/setfiles/restore.c
|
|
||||||
@@ -17,40 +17,37 @@
|
|
||||||
char **exclude_list;
|
|
||||||
int exclude_count;
|
|
||||||
|
|
||||||
-struct restore_opts *r_opts;
|
|
||||||
-
|
|
||||||
void restore_init(struct restore_opts *opts)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
- r_opts = opts;
|
|
||||||
struct selinux_opt selinux_opts[] = {
|
|
||||||
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
|
|
||||||
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
|
|
||||||
- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
|
|
||||||
+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
|
|
||||||
+ { SELABEL_OPT_PATH, opts->selabel_opt_path },
|
|
||||||
+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
|
|
||||||
};
|
|
||||||
|
|
||||||
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
||||||
- if (!r_opts->hnd) {
|
|
||||||
- perror(r_opts->selabel_opt_path);
|
|
||||||
+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
||||||
+ if (!opts->hnd) {
|
|
||||||
+ perror(opts->selabel_opt_path);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
- r_opts->restorecon_flags = 0;
|
|
||||||
- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
|
|
||||||
- r_opts->progress | r_opts->set_specctx |
|
|
||||||
- r_opts->add_assoc | r_opts->ignore_digest |
|
|
||||||
- r_opts->recurse | r_opts->userealpath |
|
|
||||||
- r_opts->xdev | r_opts->abort_on_error |
|
|
||||||
- r_opts->syslog_changes | r_opts->log_matches |
|
|
||||||
- r_opts->ignore_noent | r_opts->ignore_mounts |
|
|
||||||
- r_opts->mass_relabel;
|
|
||||||
+ opts->restorecon_flags = 0;
|
|
||||||
+ opts->restorecon_flags = opts->nochange | opts->verbose |
|
|
||||||
+ opts->progress | opts->set_specctx |
|
|
||||||
+ opts->add_assoc | opts->ignore_digest |
|
|
||||||
+ opts->recurse | opts->userealpath |
|
|
||||||
+ opts->xdev | opts->abort_on_error |
|
|
||||||
+ opts->syslog_changes | opts->log_matches |
|
|
||||||
+ opts->ignore_noent | opts->ignore_mounts |
|
|
||||||
+ opts->mass_relabel;
|
|
||||||
|
|
||||||
/* Use setfiles, restorecon and restorecond own handles */
|
|
||||||
- selinux_restorecon_set_sehandle(r_opts->hnd);
|
|
||||||
+ selinux_restorecon_set_sehandle(opts->hnd);
|
|
||||||
|
|
||||||
- if (r_opts->rootpath) {
|
|
||||||
- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
|
|
||||||
+ if (opts->rootpath) {
|
|
||||||
+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
|
|
||||||
if (rc) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"selinux_restorecon_set_alt_rootpath error: %s.\n",
|
|
||||||
@@ -81,7 +78,6 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
||||||
size_t i = 0;
|
|
||||||
int len, rc, errors;
|
|
||||||
|
|
||||||
- r_opts = opts;
|
|
||||||
memset(&globbuf, 0, sizeof(globbuf));
|
|
||||||
|
|
||||||
errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
|
|
||||||
@@ -96,7 +92,7 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
||||||
if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
|
|
||||||
continue;
|
|
||||||
rc = selinux_restorecon(globbuf.gl_pathv[i],
|
|
||||||
- r_opts->restorecon_flags);
|
|
||||||
+ opts->restorecon_flags);
|
|
||||||
if (rc < 0)
|
|
||||||
errors = rc;
|
|
||||||
}
|
|
||||||
diff --git a/restorecond/restore.c b/restorecond/restore.c
|
|
||||||
index f6e30001..b93b5fdb 100644
|
|
||||||
--- a/restorecond/restore.c
|
|
||||||
+++ b/restorecond/restore.c
|
|
||||||
@@ -12,39 +12,36 @@
|
|
||||||
char **exclude_list;
|
|
||||||
int exclude_count;
|
|
||||||
|
|
||||||
-struct restore_opts *r_opts;
|
|
||||||
-
|
|
||||||
void restore_init(struct restore_opts *opts)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
- r_opts = opts;
|
|
||||||
struct selinux_opt selinux_opts[] = {
|
|
||||||
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
|
|
||||||
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
|
|
||||||
- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
|
|
||||||
+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
|
|
||||||
+ { SELABEL_OPT_PATH, opts->selabel_opt_path },
|
|
||||||
+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
|
|
||||||
};
|
|
||||||
|
|
||||||
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
||||||
- if (!r_opts->hnd) {
|
|
||||||
- perror(r_opts->selabel_opt_path);
|
|
||||||
+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
||||||
+ if (!opts->hnd) {
|
|
||||||
+ perror(opts->selabel_opt_path);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
- r_opts->restorecon_flags = 0;
|
|
||||||
- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
|
|
||||||
- r_opts->progress | r_opts->set_specctx |
|
|
||||||
- r_opts->add_assoc | r_opts->ignore_digest |
|
|
||||||
- r_opts->recurse | r_opts->userealpath |
|
|
||||||
- r_opts->xdev | r_opts->abort_on_error |
|
|
||||||
- r_opts->syslog_changes | r_opts->log_matches |
|
|
||||||
- r_opts->ignore_noent | r_opts->ignore_mounts;
|
|
||||||
+ opts->restorecon_flags = 0;
|
|
||||||
+ opts->restorecon_flags = opts->nochange | opts->verbose |
|
|
||||||
+ opts->progress | opts->set_specctx |
|
|
||||||
+ opts->add_assoc | opts->ignore_digest |
|
|
||||||
+ opts->recurse | opts->userealpath |
|
|
||||||
+ opts->xdev | opts->abort_on_error |
|
|
||||||
+ opts->syslog_changes | opts->log_matches |
|
|
||||||
+ opts->ignore_noent | opts->ignore_mounts;
|
|
||||||
|
|
||||||
/* Use setfiles, restorecon and restorecond own handles */
|
|
||||||
- selinux_restorecon_set_sehandle(r_opts->hnd);
|
|
||||||
+ selinux_restorecon_set_sehandle(opts->hnd);
|
|
||||||
|
|
||||||
- if (r_opts->rootpath) {
|
|
||||||
- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
|
|
||||||
+ if (opts->rootpath) {
|
|
||||||
+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
|
|
||||||
if (rc) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"selinux_restorecon_set_alt_rootpath error: %s.\n",
|
|
||||||
@@ -75,7 +72,6 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
||||||
size_t i = 0;
|
|
||||||
int len, rc, errors;
|
|
||||||
|
|
||||||
- r_opts = opts;
|
|
||||||
memset(&globbuf, 0, sizeof(globbuf));
|
|
||||||
|
|
||||||
errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
|
|
||||||
@@ -90,7 +86,7 @@ int process_glob(char *name, struct restore_opts *opts)
|
|
||||||
if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
|
|
||||||
continue;
|
|
||||||
rc = selinux_restorecon(globbuf.gl_pathv[i],
|
|
||||||
- r_opts->restorecon_flags);
|
|
||||||
+ opts->restorecon_flags);
|
|
||||||
if (rc < 0)
|
|
||||||
errors = rc;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.21.0
|
|
||||||
|
|
@ -1,55 +0,0 @@
|
|||||||
From 0bed778c53a4f93b1b092b3db33e8c36aabfa39d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 5 Jan 2021 17:00:21 +0100
|
|
||||||
Subject: [PATCH] python/semanage: empty stdout before exiting on
|
|
||||||
BrokenPipeError
|
|
||||||
|
|
||||||
Empty stdout buffer before exiting when BrokenPipeError is
|
|
||||||
encountered. Otherwise python will flush the bufer during exit, which
|
|
||||||
may trigger the exception again.
|
|
||||||
https://docs.python.org/3/library/signal.html#note-on-sigpipe
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
#semanage fcontext -l | egrep -q -e '^/home'
|
|
||||||
BrokenPipeError: [Errno 32] Broken pipe
|
|
||||||
Exception ignored in: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>
|
|
||||||
BrokenPipeError: [Errno 32] Broken pipe
|
|
||||||
|
|
||||||
Note that the error above only appears occasionally (usually only the
|
|
||||||
first line is printed).
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index b2bd9df9..1abe3536 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -26,6 +26,7 @@
|
|
||||||
import traceback
|
|
||||||
import argparse
|
|
||||||
import sys
|
|
||||||
+import os
|
|
||||||
PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
@@ -953,6 +954,13 @@ def do_parser():
|
|
||||||
args = commandParser.parse_args(make_args(sys.argv))
|
|
||||||
args.func(args)
|
|
||||||
sys.exit(0)
|
|
||||||
+ except BrokenPipeError as e:
|
|
||||||
+ sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
||||||
+ # Python flushes standard streams on exit; redirect remaining output
|
|
||||||
+ # to devnull to avoid another BrokenPipeError at shutdown
|
|
||||||
+ devnull = os.open(os.devnull, os.O_WRONLY)
|
|
||||||
+ os.dup2(devnull, sys.stdout.fileno())
|
|
||||||
+ sys.exit(1)
|
|
||||||
except IOError as e:
|
|
||||||
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
|
|
||||||
sys.exit(1)
|
|
||||||
--
|
|
||||||
2.29.2
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 4b0e627d42f9a8e09dcd064a6ae897f4c2e9cf6c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 6 Jan 2021 10:00:07 +0100
|
|
||||||
Subject: [PATCH] python/semanage: Sort imports in alphabetical order
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 8 ++++----
|
|
||||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index 1abe3536..781e8645 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -23,10 +23,12 @@
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
-import traceback
|
|
||||||
import argparse
|
|
||||||
-import sys
|
|
||||||
import os
|
|
||||||
+import re
|
|
||||||
+import sys
|
|
||||||
+import traceback
|
|
||||||
+
|
|
||||||
PROGNAME = "selinux-python"
|
|
||||||
try:
|
|
||||||
import gettext
|
|
||||||
@@ -786,8 +788,6 @@ def setupExportParser(subparsers):
|
|
||||||
exportParser.add_argument('-f', '--output_file', dest='output_file', action=SetExportFile, help=_('Output file'))
|
|
||||||
exportParser.set_defaults(func=handleExport)
|
|
||||||
|
|
||||||
-import re
|
|
||||||
-
|
|
||||||
|
|
||||||
def mkargv(line):
|
|
||||||
dquote = "\""
|
|
||||||
--
|
|
||||||
2.29.2
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From e0a1cdb6181bcf3a23fe63b8e67fd5020e81d05e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Fri, 22 Jan 2021 16:25:52 +0100
|
|
||||||
Subject: [PATCH] python/sepolgen: allow any policy statement in if(n)def
|
|
||||||
|
|
||||||
"ifdef/ifndef" statements can be used to conditionally define
|
|
||||||
an interface, but this syntax is not recognised by sepolgen-ifgen.
|
|
||||||
Fix sepolgen-ifgen to allow any policy statement inside an
|
|
||||||
"ifdef/ifndef" statement.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
$ cat <<EOF > i.if
|
|
||||||
ifndef(`apache_manage_pid_files',`
|
|
||||||
interface(`apache_manage_pid_files',`
|
|
||||||
manage_files_pattern($1, httpd_var_run_t, httpd_var_run_t)
|
|
||||||
')
|
|
||||||
')
|
|
||||||
|
|
||||||
#sepolgen-ifgen --interface=i.if
|
|
||||||
i.if: Syntax error on line 2 interface [type=INTERFACE]
|
|
||||||
i.if: Syntax error on line 4 ' [type=SQUOTE]
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
[OM: s/fidef/ifdef/]
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
---
|
|
||||||
python/sepolgen/src/sepolgen/refparser.py | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
|
|
||||||
index f506dc3a..5d77e2a3 100644
|
|
||||||
--- a/python/sepolgen/src/sepolgen/refparser.py
|
|
||||||
+++ b/python/sepolgen/src/sepolgen/refparser.py
|
|
||||||
@@ -431,9 +431,9 @@ def p_ifelse(p):
|
|
||||||
|
|
||||||
|
|
||||||
def p_ifdef(p):
|
|
||||||
- '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
- | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
- | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi
|
|
||||||
+ '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi
|
|
||||||
+ | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi
|
|
||||||
+ | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi
|
|
||||||
'''
|
|
||||||
x = refpolicy.IfDef(p[4])
|
|
||||||
if p[1] == 'ifdef':
|
|
||||||
--
|
|
||||||
2.29.2
|
|
||||||
|
|
@ -1,68 +0,0 @@
|
|||||||
From 53ccdd55adfbec60fb4277286f2ad94660838504 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Wed, 13 Jan 2021 22:09:47 +0100
|
|
||||||
Subject: [PATCH] setfiles: Do not abort on labeling error
|
|
||||||
|
|
||||||
Commit 602347c7422e ("policycoreutils: setfiles - Modify to use
|
|
||||||
selinux_restorecon") changed behavior of setfiles. Original
|
|
||||||
implementation skipped files which it couldn't set context to while the
|
|
||||||
new implementation aborts on them. setfiles should abort only if it
|
|
||||||
can't validate a context from spec_file.
|
|
||||||
|
|
||||||
Reproducer:
|
|
||||||
|
|
||||||
# mkdir -p r/1 r/2 r/3
|
|
||||||
# touch r/1/1 r/2/1
|
|
||||||
# chattr +i r/2/1
|
|
||||||
# touch r/3/1
|
|
||||||
# setfiles -r r -v /etc/selinux/targeted/contexts/files/file_contexts r
|
|
||||||
Relabeled r from unconfined_u:object_r:mnt_t:s0 to unconfined_u:object_r:root_t:s0
|
|
||||||
Relabeled r/2 from unconfined_u:object_r:mnt_t:s0 to unconfined_u:object_r:default_t:s0
|
|
||||||
setfiles: Could not set context for r/2/1: Operation not permitted
|
|
||||||
|
|
||||||
r/3 and r/1 are not relabeled.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/setfiles.c | 4 +---
|
|
||||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
|
||||||
index bc83c27b4c06..68eab45aa2b4 100644
|
|
||||||
--- a/policycoreutils/setfiles/setfiles.c
|
|
||||||
+++ b/policycoreutils/setfiles/setfiles.c
|
|
||||||
@@ -182,6 +182,7 @@ int main(int argc, char **argv)
|
|
||||||
policyfile = NULL;
|
|
||||||
nerr = 0;
|
|
||||||
|
|
||||||
+ r_opts.abort_on_error = 0;
|
|
||||||
r_opts.progname = strdup(argv[0]);
|
|
||||||
if (!r_opts.progname) {
|
|
||||||
fprintf(stderr, "%s: Out of memory!\n", argv[0]);
|
|
||||||
@@ -194,7 +195,6 @@ int main(int argc, char **argv)
|
|
||||||
* setfiles:
|
|
||||||
* Recursive descent,
|
|
||||||
* Does not expand paths via realpath,
|
|
||||||
- * Aborts on errors during the file tree walk,
|
|
||||||
* Try to track inode associations for conflict detection,
|
|
||||||
* Does not follow mounts (sets SELINUX_RESTORECON_XDEV),
|
|
||||||
* Validates all file contexts at init time.
|
|
||||||
@@ -202,7 +202,6 @@ int main(int argc, char **argv)
|
|
||||||
iamrestorecon = 0;
|
|
||||||
r_opts.recurse = SELINUX_RESTORECON_RECURSE;
|
|
||||||
r_opts.userealpath = 0; /* SELINUX_RESTORECON_REALPATH */
|
|
||||||
- r_opts.abort_on_error = SELINUX_RESTORECON_ABORT_ON_ERROR;
|
|
||||||
r_opts.add_assoc = SELINUX_RESTORECON_ADD_ASSOC;
|
|
||||||
/* FTS_PHYSICAL and FTS_NOCHDIR are always set by selinux_restorecon(3) */
|
|
||||||
r_opts.xdev = SELINUX_RESTORECON_XDEV;
|
|
||||||
@@ -226,7 +225,6 @@ int main(int argc, char **argv)
|
|
||||||
iamrestorecon = 1;
|
|
||||||
r_opts.recurse = 0;
|
|
||||||
r_opts.userealpath = SELINUX_RESTORECON_REALPATH;
|
|
||||||
- r_opts.abort_on_error = 0;
|
|
||||||
r_opts.add_assoc = 0;
|
|
||||||
r_opts.xdev = 0;
|
|
||||||
r_opts.ignore_mounts = 0;
|
|
||||||
--
|
|
||||||
2.30.0
|
|
||||||
|
|
@ -1,110 +0,0 @@
|
|||||||
From 2f135022f4372dc34198c48cfd67b91044e6dfd7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Wed, 13 Jan 2021 22:09:48 +0100
|
|
||||||
Subject: [PATCH] setfiles: drop ABORT_ON_ERRORS and related code
|
|
||||||
|
|
||||||
`setfiles -d` doesn't have any impact on number of errors before it
|
|
||||||
aborts. It always aborts on first invalid context in spec file.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/Makefile | 3 ---
|
|
||||||
policycoreutils/setfiles/ru/setfiles.8 | 2 +-
|
|
||||||
policycoreutils/setfiles/setfiles.8 | 3 +--
|
|
||||||
policycoreutils/setfiles/setfiles.c | 18 ------------------
|
|
||||||
4 files changed, 2 insertions(+), 24 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
|
|
||||||
index bc5a8db789a5..a3bbbe116b7f 100644
|
|
||||||
--- a/policycoreutils/setfiles/Makefile
|
|
||||||
+++ b/policycoreutils/setfiles/Makefile
|
|
||||||
@@ -5,8 +5,6 @@ SBINDIR ?= /sbin
|
|
||||||
MANDIR = $(PREFIX)/share/man
|
|
||||||
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
|
|
||||||
|
|
||||||
-ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
|
|
||||||
-
|
|
||||||
CFLAGS ?= -g -Werror -Wall -W
|
|
||||||
override LDLIBS += -lselinux -lsepol
|
|
||||||
|
|
||||||
@@ -26,7 +24,6 @@ restorecon_xattr: restorecon_xattr.o restore.o
|
|
||||||
|
|
||||||
man:
|
|
||||||
@cp -af setfiles.8 setfiles.8.man
|
|
||||||
- @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man
|
|
||||||
|
|
||||||
install: all
|
|
||||||
[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
|
|
||||||
diff --git a/policycoreutils/setfiles/ru/setfiles.8 b/policycoreutils/setfiles/ru/setfiles.8
|
|
||||||
index 27815a3f1eee..910101452625 100644
|
|
||||||
--- a/policycoreutils/setfiles/ru/setfiles.8
|
|
||||||
+++ b/policycoreutils/setfiles/ru/setfiles.8
|
|
||||||
@@ -47,7 +47,7 @@ setfiles \- установить SELinux-контексты безопаснос
|
|
||||||
проверить действительность контекстов относительно указанной двоичной политики.
|
|
||||||
.TP
|
|
||||||
.B \-d
|
|
||||||
-показать, какая спецификация соответствует каждому из файлов (не прекращать проверку после получения ошибок ABORT_ON_ERRORS).
|
|
||||||
+показать, какая спецификация соответствует каждому из файлов.
|
|
||||||
.TP
|
|
||||||
.BI \-e \ directory
|
|
||||||
исключить каталог (чтобы исключить более одного каталога, этот параметр необходимо использовать соответствующее количество раз).
|
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
|
||||||
index a8a76c860dac..b7d3cefb96ff 100644
|
|
||||||
--- a/policycoreutils/setfiles/setfiles.8
|
|
||||||
+++ b/policycoreutils/setfiles/setfiles.8
|
|
||||||
@@ -56,8 +56,7 @@ option will force a replacement of the entire context.
|
|
||||||
check the validity of the contexts against the specified binary policy.
|
|
||||||
.TP
|
|
||||||
.B \-d
|
|
||||||
-show what specification matched each file (do not abort validation
|
|
||||||
-after ABORT_ON_ERRORS errors). Not affected by "\-q"
|
|
||||||
+show what specification matched each file. Not affected by "\-q"
|
|
||||||
.TP
|
|
||||||
.BI \-e \ directory
|
|
||||||
directory to exclude (repeat option for more than one directory).
|
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
|
||||||
index 68eab45aa2b4..bcbdfbfe53e2 100644
|
|
||||||
--- a/policycoreutils/setfiles/setfiles.c
|
|
||||||
+++ b/policycoreutils/setfiles/setfiles.c
|
|
||||||
@@ -23,14 +23,6 @@ static int nerr;
|
|
||||||
|
|
||||||
#define STAT_BLOCK_SIZE 1
|
|
||||||
|
|
||||||
-/* setfiles will abort its operation after reaching the
|
|
||||||
- * following number of errors (e.g. invalid contexts),
|
|
||||||
- * unless it is used in "debug" mode (-d option).
|
|
||||||
- */
|
|
||||||
-#ifndef ABORT_ON_ERRORS
|
|
||||||
-#define ABORT_ON_ERRORS 10
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
#define SETFILES "setfiles"
|
|
||||||
#define RESTORECON "restorecon"
|
|
||||||
static int iamrestorecon;
|
|
||||||
@@ -57,15 +49,6 @@ static __attribute__((__noreturn__)) void usage(const char *const name)
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
|
|
||||||
-void inc_err(void)
|
|
||||||
-{
|
|
||||||
- nerr++;
|
|
||||||
- if (nerr > ABORT_ON_ERRORS - 1 && !r_opts.debug) {
|
|
||||||
- fprintf(stderr, "Exiting after %d errors.\n", ABORT_ON_ERRORS);
|
|
||||||
- exit(-1);
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
void set_rootpath(const char *arg)
|
|
||||||
{
|
|
||||||
if (strlen(arg) == 1 && strncmp(arg, "/", 1) == 0) {
|
|
||||||
@@ -98,7 +81,6 @@ int canoncon(char **contextp)
|
|
||||||
*contextp = tmpcon;
|
|
||||||
} else if (errno != ENOENT) {
|
|
||||||
rc = -1;
|
|
||||||
- inc_err();
|
|
||||||
}
|
|
||||||
|
|
||||||
return rc;
|
|
||||||
--
|
|
||||||
2.30.0
|
|
||||||
|
|
@ -1,44 +0,0 @@
|
|||||||
From a691da617a2d3c864786ff2742d9a9f87ecc7d05 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Mon, 1 Feb 2021 15:24:32 +0100
|
|
||||||
Subject: [PATCH] policycoreutils/setfiles: Drop unused nerr variable
|
|
||||||
|
|
||||||
Suggested-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/setfiles.c | 5 -----
|
|
||||||
1 file changed, 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
|
||||||
index bcbdfbfe53e2..82d0aaa75893 100644
|
|
||||||
--- a/policycoreutils/setfiles/setfiles.c
|
|
||||||
+++ b/policycoreutils/setfiles/setfiles.c
|
|
||||||
@@ -19,7 +19,6 @@ static int warn_no_match;
|
|
||||||
static int null_terminated;
|
|
||||||
static int request_digest;
|
|
||||||
static struct restore_opts r_opts;
|
|
||||||
-static int nerr;
|
|
||||||
|
|
||||||
#define STAT_BLOCK_SIZE 1
|
|
||||||
|
|
||||||
@@ -162,7 +161,6 @@ int main(int argc, char **argv)
|
|
||||||
warn_no_match = 0;
|
|
||||||
request_digest = 0;
|
|
||||||
policyfile = NULL;
|
|
||||||
- nerr = 0;
|
|
||||||
|
|
||||||
r_opts.abort_on_error = 0;
|
|
||||||
r_opts.progname = strdup(argv[0]);
|
|
||||||
@@ -417,9 +415,6 @@ int main(int argc, char **argv)
|
|
||||||
r_opts.selabel_opt_digest = (request_digest ? (char *)1 : NULL);
|
|
||||||
r_opts.selabel_opt_path = altpath;
|
|
||||||
|
|
||||||
- if (nerr)
|
|
||||||
- exit(-1);
|
|
||||||
-
|
|
||||||
restore_init(&r_opts);
|
|
||||||
|
|
||||||
if (use_input_file) {
|
|
||||||
--
|
|
||||||
2.30.0
|
|
||||||
|
|
@ -1,62 +0,0 @@
|
|||||||
From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 10 Feb 2021 18:05:29 +0100
|
|
||||||
Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions
|
|
||||||
|
|
||||||
Describe which type of regular expression is used in file context
|
|
||||||
definitions and which flags are in effect.
|
|
||||||
|
|
||||||
Explain how local file context modifications are processed.
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 2 +-
|
|
||||||
python/semanage/semanage-fcontext.8 | 18 ++++++++++++++++++
|
|
||||||
2 files changed, 19 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index 781e8645..ebb93ea5 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -366,7 +366,7 @@ If you do not specify a file type, the file type will default to "all files".
|
|
||||||
parser_add_seuser(fcontextParser, "fcontext")
|
|
||||||
parser_add_type(fcontextParser, "fcontext")
|
|
||||||
parser_add_range(fcontextParser, "fcontext")
|
|
||||||
- fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec'))
|
|
||||||
+ fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('Path to be labeled (may be in the form of a Perl compatible regular expression)'))
|
|
||||||
fcontextParser.set_defaults(func=handleFcontext)
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8
|
|
||||||
index 561123af..49635ba7 100644
|
|
||||||
--- a/python/semanage/semanage-fcontext.8
|
|
||||||
+++ b/python/semanage/semanage-fcontext.8
|
|
||||||
@@ -11,6 +11,24 @@ SELinux policy without requiring modification to or recompilation
|
|
||||||
from policy sources. semanage fcontext is used to manage the default
|
|
||||||
file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels.
|
|
||||||
|
|
||||||
+FILE_SPEC may contain either a fully qualified path,
|
|
||||||
+or a Perl compatible regular expression (PCRE),
|
|
||||||
+describing fully qualified path(s). The only PCRE flag in use is PCRE2_DOTALL,
|
|
||||||
+which causes a wildcard '.' to match anything, including a new line.
|
|
||||||
+Strings representing paths are processed as bytes (as opposed to Unicode),
|
|
||||||
+meaning that non-ASCII characters are not matched by a single wildcard.
|
|
||||||
+
|
|
||||||
+Note, that file context definitions specified using 'semanage fcontext'
|
|
||||||
+(i.e. local file context modifications stored in file_contexts.local)
|
|
||||||
+have higher priority than those specified in policy modules.
|
|
||||||
+This means that whenever a match for given file path is found in
|
|
||||||
+file_contexts.local, no other file context definitions are considered.
|
|
||||||
+Entries in file_contexts.local are processed from most recent one to the oldest,
|
|
||||||
+with first match being used (as opposed to the most specific match,
|
|
||||||
+which is used when matching other file context definitions).
|
|
||||||
+All regular expressions should therefore be as specific as possible,
|
|
||||||
+to avoid unintentionally impacting other parts of the filesystem.
|
|
||||||
+
|
|
||||||
.SH "OPTIONS"
|
|
||||||
.TP
|
|
||||||
.I \-h, \-\-help
|
|
||||||
--
|
|
||||||
2.29.2
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
|||||||
From d10e773c014a12b17fefd9caef0bd02528d75d18 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Antoine Tenart <antoine.tenart@bootlin.com>
|
|
||||||
Date: Tue, 7 Jul 2020 16:35:01 +0200
|
|
||||||
Subject: [PATCH] policycoreutils: setfiles: do not restrict checks against a
|
|
||||||
binary policy
|
|
||||||
|
|
||||||
The -c option allows to check the validity of contexts against a
|
|
||||||
specified binary policy. Its use is restricted: no pathname can be used
|
|
||||||
when a binary policy is given to setfiles. It's not clear if this is
|
|
||||||
intentional as the built-in help and the man page are not stating the
|
|
||||||
same thing about this (the man page document -c as a normal option,
|
|
||||||
while the built-in help shows it is restricted).
|
|
||||||
|
|
||||||
When generating full system images later used with SELinux in enforcing
|
|
||||||
mode, the extended attributed of files have to be set by the build
|
|
||||||
machine. The issue is setfiles always checks the contexts against a
|
|
||||||
policy (ctx_validate = 1) and using an external binary policy is not
|
|
||||||
currently possible when using a pathname. This ends up in setfiles
|
|
||||||
failing early as the contexts of the target image are not always
|
|
||||||
compatible with the ones of the build machine.
|
|
||||||
|
|
||||||
This patch reworks a check on optind only made when -c is used, that
|
|
||||||
enforced the use of a single argument to allow 1+ arguments, allowing to
|
|
||||||
use setfiles with an external binary policy and pathnames. The following
|
|
||||||
command is then allowed, as already documented in the man page:
|
|
||||||
|
|
||||||
$ setfiles -m -r target/ -c policy.32 file_contexts target/
|
|
||||||
|
|
||||||
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
|
|
||||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
||||||
|
|
||||||
(cherry-picked from SElinuxProject
|
|
||||||
commit: c94e542c98da2f26863c1cbd9d7ad9bc5cca6aff )
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/setfiles.c | 11 +++++------
|
|
||||||
1 file changed, 5 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
|
||||||
index 82d0aaa7..4fd3d756 100644
|
|
||||||
--- a/policycoreutils/setfiles/setfiles.c
|
|
||||||
+++ b/policycoreutils/setfiles/setfiles.c
|
|
||||||
@@ -39,11 +39,10 @@ static __attribute__((__noreturn__)) void usage(const char *const name)
|
|
||||||
name, name);
|
|
||||||
} else {
|
|
||||||
fprintf(stderr,
|
|
||||||
- "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n"
|
|
||||||
- "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n"
|
|
||||||
- "usage: %s -s [-diIDlmnpqvFW] spec_file\n"
|
|
||||||
- "usage: %s -c policyfile spec_file\n",
|
|
||||||
- name, name, name, name);
|
|
||||||
+ "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname...\n"
|
|
||||||
+ "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename\n"
|
|
||||||
+ "usage: %s -s [-diIDlmnpqvFW] spec_file\n",
|
|
||||||
+ name, name, name);
|
|
||||||
}
|
|
||||||
exit(-1);
|
|
||||||
}
|
|
||||||
@@ -376,7 +375,7 @@ int main(int argc, char **argv)
|
|
||||||
|
|
||||||
if (!iamrestorecon) {
|
|
||||||
if (policyfile) {
|
|
||||||
- if (optind != (argc - 1))
|
|
||||||
+ if (optind > (argc - 1))
|
|
||||||
usage(argv[0]);
|
|
||||||
} else if (use_input_file) {
|
|
||||||
if (optind != (argc - 1)) {
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,674 +0,0 @@
|
|||||||
From e748832819b781507903838483376d308c90ca79 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 16 Nov 2021 14:27:11 +0100
|
|
||||||
Subject: [PATCH] semodule: add -m | --checksum option
|
|
||||||
|
|
||||||
Since cil doesn't store module name and module version in module itself,
|
|
||||||
there's no simple way how to compare that installed module is the same
|
|
||||||
version as the module which is supposed to be installed. Even though the
|
|
||||||
version was not used by semodule itself, it was apparently used by some
|
|
||||||
team.
|
|
||||||
|
|
||||||
With `semodule -l --checksum` users get SHA256 hashes of modules and
|
|
||||||
could compare them with their files which is faster than installing
|
|
||||||
modules again and again.
|
|
||||||
|
|
||||||
E.g.
|
|
||||||
|
|
||||||
# time (
|
|
||||||
semodule -l --checksum | grep localmodule
|
|
||||||
/usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
|
|
||||||
)
|
|
||||||
localmodule db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd
|
|
||||||
db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd -
|
|
||||||
|
|
||||||
real 0m0.876s
|
|
||||||
user 0m0.849s
|
|
||||||
sys 0m0.028s
|
|
||||||
|
|
||||||
vs
|
|
||||||
|
|
||||||
# time semodule -i localmodule.pp
|
|
||||||
|
|
||||||
real 0m6.147s
|
|
||||||
user 0m5.800s
|
|
||||||
sys 0m0.231s
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
policycoreutils/semodule/Makefile | 2 +-
|
|
||||||
policycoreutils/semodule/semodule.8 | 6 +
|
|
||||||
policycoreutils/semodule/semodule.c | 95 ++++++++-
|
|
||||||
policycoreutils/semodule/sha256.c | 294 ++++++++++++++++++++++++++++
|
|
||||||
policycoreutils/semodule/sha256.h | 89 +++++++++
|
|
||||||
5 files changed, 480 insertions(+), 6 deletions(-)
|
|
||||||
create mode 100644 policycoreutils/semodule/sha256.c
|
|
||||||
create mode 100644 policycoreutils/semodule/sha256.h
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
|
|
||||||
index 73801e487a76..9875ac383280 100644
|
|
||||||
--- a/policycoreutils/semodule/Makefile
|
|
||||||
+++ b/policycoreutils/semodule/Makefile
|
|
||||||
@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man
|
|
||||||
|
|
||||||
CFLAGS ?= -Werror -Wall -W
|
|
||||||
override LDLIBS += -lsepol -lselinux -lsemanage
|
|
||||||
-SEMODULE_OBJS = semodule.o
|
|
||||||
+SEMODULE_OBJS = semodule.o sha256.o
|
|
||||||
|
|
||||||
all: semodule genhomedircon
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
|
||||||
index 18d4f708661c..3a2fb21c2481 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.8
|
|
||||||
+++ b/policycoreutils/semodule/semodule.8
|
|
||||||
@@ -95,6 +95,9 @@ only modules listed in \-\-extract after this option.
|
|
||||||
.B \-H,\-\-hll
|
|
||||||
Extract module as an HLL file. This only affects the \-\-extract option and
|
|
||||||
only modules listed in \-\-extract after this option.
|
|
||||||
+.TP
|
|
||||||
+.B \-m,\-\-checksum
|
|
||||||
+Add SHA256 checksum of modules to the list output.
|
|
||||||
|
|
||||||
.SH EXAMPLE
|
|
||||||
.nf
|
|
||||||
@@ -130,6 +133,9 @@ $ semodule \-B \-S "/tmp/var/lib/selinux"
|
|
||||||
# Write the HLL version of puppet and the CIL version of wireshark
|
|
||||||
# modules at priority 400 to the current working directory
|
|
||||||
$ semodule \-X 400 \-\-hll \-E puppet \-\-cil \-E wireshark
|
|
||||||
+# Check whether a module in "localmodule.pp" file is same as installed module "localmodule"
|
|
||||||
+$ /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
|
|
||||||
+$ semodule -l -m | grep localmodule
|
|
||||||
.fi
|
|
||||||
|
|
||||||
.SH SEE ALSO
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
||||||
index a76797f505cd..300a97d735cc 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
|
||||||
@@ -24,6 +24,8 @@
|
|
||||||
|
|
||||||
#include <semanage/modules.h>
|
|
||||||
|
|
||||||
+#include "sha256.h"
|
|
||||||
+
|
|
||||||
enum client_modes {
|
|
||||||
NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M,
|
|
||||||
LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M
|
|
||||||
@@ -56,6 +58,7 @@ static semanage_handle_t *sh = NULL;
|
|
||||||
static char *store;
|
|
||||||
static char *store_root;
|
|
||||||
int extract_cil = 0;
|
|
||||||
+static int checksum = 0;
|
|
||||||
|
|
||||||
extern char *optarg;
|
|
||||||
extern int optind;
|
|
||||||
@@ -146,6 +149,7 @@ static void usage(char *progname)
|
|
||||||
printf(" -S,--store-path use an alternate path for the policy store root\n");
|
|
||||||
printf(" -c, --cil extract module as cil. This only affects module extraction.\n");
|
|
||||||
printf(" -H, --hll extract module as hll. This only affects module extraction.\n");
|
|
||||||
+ printf(" -m, --checksum print module checksum (SHA256).\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Sets the global mode variable to new_mode, but only if no other
|
|
||||||
@@ -199,6 +203,7 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
{"disable", required_argument, NULL, 'd'},
|
|
||||||
{"path", required_argument, NULL, 'p'},
|
|
||||||
{"store-path", required_argument, NULL, 'S'},
|
|
||||||
+ {"checksum", 0, NULL, 'm'},
|
|
||||||
{NULL, 0, NULL, 0}
|
|
||||||
};
|
|
||||||
int extract_selected = 0;
|
|
||||||
@@ -209,7 +214,7 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
no_reload = 0;
|
|
||||||
priority = 400;
|
|
||||||
while ((i =
|
|
||||||
- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cH", opts,
|
|
||||||
+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts,
|
|
||||||
NULL)) != -1) {
|
|
||||||
switch (i) {
|
|
||||||
case 'b':
|
|
||||||
@@ -286,6 +291,9 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
case 'd':
|
|
||||||
set_mode(DISABLE_M, optarg);
|
|
||||||
break;
|
|
||||||
+ case 'm':
|
|
||||||
+ checksum = 1;
|
|
||||||
+ break;
|
|
||||||
case '?':
|
|
||||||
default:{
|
|
||||||
usage(argv[0]);
|
|
||||||
@@ -337,6 +345,61 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Get module checksum */
|
|
||||||
+static char *hash_module_data(const char *module_name, const int prio) {
|
|
||||||
+ semanage_module_info_t *extract_info = NULL;
|
|
||||||
+ semanage_module_key_t *modkey = NULL;
|
|
||||||
+ Sha256Context context;
|
|
||||||
+ uint8_t sha256_hash[SHA256_HASH_SIZE];
|
|
||||||
+ char *sha256_buf = NULL;
|
|
||||||
+ void *data;
|
|
||||||
+ size_t data_len = 0, i;
|
|
||||||
+ int result;
|
|
||||||
+
|
|
||||||
+ result = semanage_module_key_create(sh, &modkey);
|
|
||||||
+ if (result != 0) {
|
|
||||||
+ goto cleanup_extract;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ result = semanage_module_key_set_name(sh, modkey, module_name);
|
|
||||||
+ if (result != 0) {
|
|
||||||
+ goto cleanup_extract;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ result = semanage_module_key_set_priority(sh, modkey, prio);
|
|
||||||
+ if (result != 0) {
|
|
||||||
+ goto cleanup_extract;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ result = semanage_module_extract(sh, modkey, 1, &data, &data_len,
|
|
||||||
+ &extract_info);
|
|
||||||
+ if (result != 0) {
|
|
||||||
+ goto cleanup_extract;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ Sha256Initialise(&context);
|
|
||||||
+ Sha256Update(&context, data, data_len);
|
|
||||||
+
|
|
||||||
+ Sha256Finalise(&context, (SHA256_HASH *)sha256_hash);
|
|
||||||
+
|
|
||||||
+ sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1);
|
|
||||||
+
|
|
||||||
+ if (sha256_buf == NULL)
|
|
||||||
+ goto cleanup_extract;
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < SHA256_HASH_SIZE; i++) {
|
|
||||||
+ sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]);
|
|
||||||
+ }
|
|
||||||
+ sha256_buf[i * 2] = 0;
|
|
||||||
+
|
|
||||||
+cleanup_extract:
|
|
||||||
+ semanage_module_info_destroy(sh, extract_info);
|
|
||||||
+ free(extract_info);
|
|
||||||
+ semanage_module_key_destroy(sh, modkey);
|
|
||||||
+ free(modkey);
|
|
||||||
+ return sha256_buf;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
int i, commit = 0;
|
|
||||||
@@ -544,6 +607,8 @@ cleanup_extract:
|
|
||||||
int modinfos_len = 0;
|
|
||||||
semanage_module_info_t *m = NULL;
|
|
||||||
int j = 0;
|
|
||||||
+ char *module_checksum = NULL;
|
|
||||||
+ uint16_t pri = 0;
|
|
||||||
|
|
||||||
if (verbose) {
|
|
||||||
printf
|
|
||||||
@@ -568,7 +633,18 @@ cleanup_extract:
|
|
||||||
result = semanage_module_info_get_name(sh, m, &name);
|
|
||||||
if (result != 0) goto cleanup_list;
|
|
||||||
|
|
||||||
- printf("%s\n", name);
|
|
||||||
+ result = semanage_module_info_get_priority(sh, m, &pri);
|
|
||||||
+ if (result != 0) goto cleanup_list;
|
|
||||||
+
|
|
||||||
+ printf("%s", name);
|
|
||||||
+ if (checksum) {
|
|
||||||
+ module_checksum = hash_module_data(name, pri);
|
|
||||||
+ if (module_checksum) {
|
|
||||||
+ printf(" %s", module_checksum);
|
|
||||||
+ free(module_checksum);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ printf("\n");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if (strcmp(mode_arg, "full") == 0) {
|
|
||||||
@@ -583,11 +659,12 @@ cleanup_extract:
|
|
||||||
}
|
|
||||||
|
|
||||||
/* calculate column widths */
|
|
||||||
- size_t column[4] = { 0, 0, 0, 0 };
|
|
||||||
+ size_t column[5] = { 0, 0, 0, 0, 0 };
|
|
||||||
|
|
||||||
/* fixed width columns */
|
|
||||||
column[0] = sizeof("000") - 1;
|
|
||||||
column[3] = sizeof("disabled") - 1;
|
|
||||||
+ column[4] = 64; /* SHA256_HASH_SIZE * 2 */
|
|
||||||
|
|
||||||
/* variable width columns */
|
|
||||||
const char *tmp = NULL;
|
|
||||||
@@ -610,7 +687,6 @@ cleanup_extract:
|
|
||||||
|
|
||||||
/* print out each module */
|
|
||||||
for (j = 0; j < modinfos_len; j++) {
|
|
||||||
- uint16_t pri = 0;
|
|
||||||
const char *name = NULL;
|
|
||||||
int enabled = 0;
|
|
||||||
const char *lang_ext = NULL;
|
|
||||||
@@ -629,11 +705,20 @@ cleanup_extract:
|
|
||||||
result = semanage_module_info_get_lang_ext(sh, m, &lang_ext);
|
|
||||||
if (result != 0) goto cleanup_list;
|
|
||||||
|
|
||||||
- printf("%0*u %-*s %-*s %-*s\n",
|
|
||||||
+ printf("%0*u %-*s %-*s %-*s",
|
|
||||||
(int)column[0], pri,
|
|
||||||
(int)column[1], name,
|
|
||||||
(int)column[2], lang_ext,
|
|
||||||
(int)column[3], enabled ? "" : "disabled");
|
|
||||||
+ if (checksum) {
|
|
||||||
+ module_checksum = hash_module_data(name, pri);
|
|
||||||
+ if (module_checksum) {
|
|
||||||
+ printf(" %-*s", (int)column[4], module_checksum);
|
|
||||||
+ free(module_checksum);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ printf("\n");
|
|
||||||
+
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000000..fe2aeef07f53
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/policycoreutils/semodule/sha256.c
|
|
||||||
@@ -0,0 +1,294 @@
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// WjCryptLib_Sha256
|
|
||||||
+//
|
|
||||||
+// Implementation of SHA256 hash function.
|
|
||||||
+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
|
||||||
+// Modified by WaterJuice retaining Public Domain license.
|
|
||||||
+//
|
|
||||||
+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// IMPORTS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+#include "sha256.h"
|
|
||||||
+#include <memory.h>
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// MACROS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits))))
|
|
||||||
+
|
|
||||||
+#define MIN(x, y) ( ((x)<(y))?(x):(y) )
|
|
||||||
+
|
|
||||||
+#define STORE32H(x, y) \
|
|
||||||
+ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \
|
|
||||||
+ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); }
|
|
||||||
+
|
|
||||||
+#define LOAD32H(x, y) \
|
|
||||||
+ { x = ((uint32_t)((y)[0] & 255)<<24) | \
|
|
||||||
+ ((uint32_t)((y)[1] & 255)<<16) | \
|
|
||||||
+ ((uint32_t)((y)[2] & 255)<<8) | \
|
|
||||||
+ ((uint32_t)((y)[3] & 255)); }
|
|
||||||
+
|
|
||||||
+#define STORE64H(x, y) \
|
|
||||||
+ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \
|
|
||||||
+ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \
|
|
||||||
+ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \
|
|
||||||
+ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); }
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// CONSTANTS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+// The K array
|
|
||||||
+static const uint32_t K[64] = {
|
|
||||||
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
|
|
||||||
+ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
|
|
||||||
+ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
|
|
||||||
+ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
|
|
||||||
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
|
|
||||||
+ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
|
|
||||||
+ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
|
|
||||||
+ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
|
|
||||||
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
|
|
||||||
+ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
|
|
||||||
+ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
|
|
||||||
+ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
|
||||||
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+#define BLOCK_SIZE 64
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// INTERNAL FUNCTIONS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+// Various logical functions
|
|
||||||
+#define Ch( x, y, z ) (z ^ (x & (y ^ z)))
|
|
||||||
+#define Maj( x, y, z ) (((x | y) & z) | (x & y))
|
|
||||||
+#define S( x, n ) ror((x),(n))
|
|
||||||
+#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n))
|
|
||||||
+#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
|
|
||||||
+#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
|
|
||||||
+#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
|
|
||||||
+#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
|
|
||||||
+
|
|
||||||
+#define Sha256Round( a, b, c, d, e, f, g, h, i ) \
|
|
||||||
+ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
|
|
||||||
+ t1 = Sigma0(a) + Maj(a, b, c); \
|
|
||||||
+ d += t0; \
|
|
||||||
+ h = t0 + t1;
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// TransformFunction
|
|
||||||
+//
|
|
||||||
+// Compress 512-bits
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+static
|
|
||||||
+void
|
|
||||||
+ TransformFunction
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context,
|
|
||||||
+ uint8_t const* Buffer
|
|
||||||
+ )
|
|
||||||
+{
|
|
||||||
+ uint32_t S[8];
|
|
||||||
+ uint32_t W[64];
|
|
||||||
+ uint32_t t0;
|
|
||||||
+ uint32_t t1;
|
|
||||||
+ uint32_t t;
|
|
||||||
+ int i;
|
|
||||||
+
|
|
||||||
+ // Copy state into S
|
|
||||||
+ for( i=0; i<8; i++ )
|
|
||||||
+ {
|
|
||||||
+ S[i] = Context->state[i];
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Copy the state into 512-bits into W[0..15]
|
|
||||||
+ for( i=0; i<16; i++ )
|
|
||||||
+ {
|
|
||||||
+ LOAD32H( W[i], Buffer + (4*i) );
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Fill W[16..63]
|
|
||||||
+ for( i=16; i<64; i++ )
|
|
||||||
+ {
|
|
||||||
+ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16];
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Compress
|
|
||||||
+ for( i=0; i<64; i++ )
|
|
||||||
+ {
|
|
||||||
+ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i );
|
|
||||||
+ t = S[7];
|
|
||||||
+ S[7] = S[6];
|
|
||||||
+ S[6] = S[5];
|
|
||||||
+ S[5] = S[4];
|
|
||||||
+ S[4] = S[3];
|
|
||||||
+ S[3] = S[2];
|
|
||||||
+ S[2] = S[1];
|
|
||||||
+ S[1] = S[0];
|
|
||||||
+ S[0] = t;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Feedback
|
|
||||||
+ for( i=0; i<8; i++ )
|
|
||||||
+ {
|
|
||||||
+ Context->state[i] = Context->state[i] + S[i];
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// PUBLIC FUNCTIONS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Initialise
|
|
||||||
+//
|
|
||||||
+// Initialises a SHA256 Context. Use this to initialise/reset a context.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Initialise
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context // [out]
|
|
||||||
+ )
|
|
||||||
+{
|
|
||||||
+ Context->curlen = 0;
|
|
||||||
+ Context->length = 0;
|
|
||||||
+ Context->state[0] = 0x6A09E667UL;
|
|
||||||
+ Context->state[1] = 0xBB67AE85UL;
|
|
||||||
+ Context->state[2] = 0x3C6EF372UL;
|
|
||||||
+ Context->state[3] = 0xA54FF53AUL;
|
|
||||||
+ Context->state[4] = 0x510E527FUL;
|
|
||||||
+ Context->state[5] = 0x9B05688CUL;
|
|
||||||
+ Context->state[6] = 0x1F83D9ABUL;
|
|
||||||
+ Context->state[7] = 0x5BE0CD19UL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Update
|
|
||||||
+//
|
|
||||||
+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on
|
|
||||||
+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Update
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context, // [in out]
|
|
||||||
+ void const* Buffer, // [in]
|
|
||||||
+ uint32_t BufferSize // [in]
|
|
||||||
+ )
|
|
||||||
+{
|
|
||||||
+ uint32_t n;
|
|
||||||
+
|
|
||||||
+ if( Context->curlen > sizeof(Context->buf) )
|
|
||||||
+ {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ while( BufferSize > 0 )
|
|
||||||
+ {
|
|
||||||
+ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE )
|
|
||||||
+ {
|
|
||||||
+ TransformFunction( Context, (uint8_t*)Buffer );
|
|
||||||
+ Context->length += BLOCK_SIZE * 8;
|
|
||||||
+ Buffer = (uint8_t*)Buffer + BLOCK_SIZE;
|
|
||||||
+ BufferSize -= BLOCK_SIZE;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) );
|
|
||||||
+ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n );
|
|
||||||
+ Context->curlen += n;
|
|
||||||
+ Buffer = (uint8_t*)Buffer + n;
|
|
||||||
+ BufferSize -= n;
|
|
||||||
+ if( Context->curlen == BLOCK_SIZE )
|
|
||||||
+ {
|
|
||||||
+ TransformFunction( Context, Context->buf );
|
|
||||||
+ Context->length += 8*BLOCK_SIZE;
|
|
||||||
+ Context->curlen = 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Finalise
|
|
||||||
+//
|
|
||||||
+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After
|
|
||||||
+// calling this, Sha256Initialised must be used to reuse the context.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Finalise
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context, // [in out]
|
|
||||||
+ SHA256_HASH* Digest // [out]
|
|
||||||
+ )
|
|
||||||
+{
|
|
||||||
+ int i;
|
|
||||||
+
|
|
||||||
+ if( Context->curlen >= sizeof(Context->buf) )
|
|
||||||
+ {
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Increase the length of the message
|
|
||||||
+ Context->length += Context->curlen * 8;
|
|
||||||
+
|
|
||||||
+ // Append the '1' bit
|
|
||||||
+ Context->buf[Context->curlen++] = (uint8_t)0x80;
|
|
||||||
+
|
|
||||||
+ // if the length is currently above 56 bytes we append zeros
|
|
||||||
+ // then compress. Then we can fall back to padding zeros and length
|
|
||||||
+ // encoding like normal.
|
|
||||||
+ if( Context->curlen > 56 )
|
|
||||||
+ {
|
|
||||||
+ while( Context->curlen < 64 )
|
|
||||||
+ {
|
|
||||||
+ Context->buf[Context->curlen++] = (uint8_t)0;
|
|
||||||
+ }
|
|
||||||
+ TransformFunction(Context, Context->buf);
|
|
||||||
+ Context->curlen = 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Pad up to 56 bytes of zeroes
|
|
||||||
+ while( Context->curlen < 56 )
|
|
||||||
+ {
|
|
||||||
+ Context->buf[Context->curlen++] = (uint8_t)0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ // Store length
|
|
||||||
+ STORE64H( Context->length, Context->buf+56 );
|
|
||||||
+ TransformFunction( Context, Context->buf );
|
|
||||||
+
|
|
||||||
+ // Copy output
|
|
||||||
+ for( i=0; i<8; i++ )
|
|
||||||
+ {
|
|
||||||
+ STORE32H( Context->state[i], Digest->bytes+(4*i) );
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Calculate
|
|
||||||
+//
|
|
||||||
+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the
|
|
||||||
+// buffer.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Calculate
|
|
||||||
+ (
|
|
||||||
+ void const* Buffer, // [in]
|
|
||||||
+ uint32_t BufferSize, // [in]
|
|
||||||
+ SHA256_HASH* Digest // [in]
|
|
||||||
+ )
|
|
||||||
+{
|
|
||||||
+ Sha256Context context;
|
|
||||||
+
|
|
||||||
+ Sha256Initialise( &context );
|
|
||||||
+ Sha256Update( &context, Buffer, BufferSize );
|
|
||||||
+ Sha256Finalise( &context, Digest );
|
|
||||||
+}
|
|
||||||
diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000000..406ed869cd82
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/policycoreutils/semodule/sha256.h
|
|
||||||
@@ -0,0 +1,89 @@
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// WjCryptLib_Sha256
|
|
||||||
+//
|
|
||||||
+// Implementation of SHA256 hash function.
|
|
||||||
+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
|
||||||
+// Modified by WaterJuice retaining Public Domain license.
|
|
||||||
+//
|
|
||||||
+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+#pragma once
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// IMPORTS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+#include <stdint.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+
|
|
||||||
+typedef struct
|
|
||||||
+{
|
|
||||||
+ uint64_t length;
|
|
||||||
+ uint32_t state[8];
|
|
||||||
+ uint32_t curlen;
|
|
||||||
+ uint8_t buf[64];
|
|
||||||
+} Sha256Context;
|
|
||||||
+
|
|
||||||
+#define SHA256_HASH_SIZE ( 256 / 8 )
|
|
||||||
+
|
|
||||||
+typedef struct
|
|
||||||
+{
|
|
||||||
+ uint8_t bytes [SHA256_HASH_SIZE];
|
|
||||||
+} SHA256_HASH;
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// PUBLIC FUNCTIONS
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Initialise
|
|
||||||
+//
|
|
||||||
+// Initialises a SHA256 Context. Use this to initialise/reset a context.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Initialise
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context // [out]
|
|
||||||
+ );
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Update
|
|
||||||
+//
|
|
||||||
+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on
|
|
||||||
+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Update
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context, // [in out]
|
|
||||||
+ void const* Buffer, // [in]
|
|
||||||
+ uint32_t BufferSize // [in]
|
|
||||||
+ );
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Finalise
|
|
||||||
+//
|
|
||||||
+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After
|
|
||||||
+// calling this, Sha256Initialised must be used to reuse the context.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Finalise
|
|
||||||
+ (
|
|
||||||
+ Sha256Context* Context, // [in out]
|
|
||||||
+ SHA256_HASH* Digest // [out]
|
|
||||||
+ );
|
|
||||||
+
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+// Sha256Calculate
|
|
||||||
+//
|
|
||||||
+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the
|
|
||||||
+// buffer.
|
|
||||||
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
+void
|
|
||||||
+ Sha256Calculate
|
|
||||||
+ (
|
|
||||||
+ void const* Buffer, // [in]
|
|
||||||
+ uint32_t BufferSize, // [in]
|
|
||||||
+ SHA256_HASH* Digest // [in]
|
|
||||||
+ );
|
|
||||||
--
|
|
||||||
2.33.1
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From 14084bad4f5bcfdb769ba39c9a6f12e4787ab909 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 16 Nov 2021 16:11:22 +0100
|
|
||||||
Subject: [PATCH] semodule: Fix lang_ext column index
|
|
||||||
|
|
||||||
lang_ext is 3. column - index number 2.
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
policycoreutils/semodule/semodule.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
||||||
index 300a97d735cc..c677cc4f1d81 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
|
||||||
@@ -682,7 +682,7 @@ cleanup_extract:
|
|
||||||
if (result != 0) goto cleanup_list;
|
|
||||||
|
|
||||||
size = strlen(tmp);
|
|
||||||
- if (size > column[3]) column[3] = size;
|
|
||||||
+ if (size > column[2]) column[2] = size;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* print out each module */
|
|
||||||
--
|
|
||||||
2.33.1
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
From 61f05b6d26063e1ebdc06609c29a067d44579b41 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Tue, 23 Nov 2021 17:38:51 +0100
|
|
||||||
Subject: [PATCH] semodule: Don't forget to munmap() data
|
|
||||||
|
|
||||||
semanage_module_extract() mmap()'s the module raw data but it leaves on
|
|
||||||
the caller to munmap() them.
|
|
||||||
|
|
||||||
Reported-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
policycoreutils/semodule/semodule.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
||||||
index c677cc4f1d81..dc227058b073 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
|
||||||
@@ -393,6 +393,9 @@ static char *hash_module_data(const char *module_name, const int prio) {
|
|
||||||
sha256_buf[i * 2] = 0;
|
|
||||||
|
|
||||||
cleanup_extract:
|
|
||||||
+ if (data_len > 0) {
|
|
||||||
+ munmap(data, data_len);
|
|
||||||
+ }
|
|
||||||
semanage_module_info_destroy(sh, extract_info);
|
|
||||||
free(extract_info);
|
|
||||||
semanage_module_key_destroy(sh, modkey);
|
|
||||||
--
|
|
||||||
2.33.1
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From 69da6239d8505a9d6ca547187f71a351df17f157 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 10 Jan 2022 18:35:27 +0100
|
|
||||||
Subject: [PATCH] policycoreutils: Improve error message when selabel_open
|
|
||||||
fails
|
|
||||||
|
|
||||||
When selabel_open fails to locate file_context files and
|
|
||||||
selabel_opt_path is not specified (e.g. when the policy type is
|
|
||||||
missconfigured in /etc/selinux/config), perror only prints
|
|
||||||
"No such file or directory".
|
|
||||||
This can be confusing in case of "restorecon" since it's
|
|
||||||
not apparent that the issue is in policy store.
|
|
||||||
|
|
||||||
Before:
|
|
||||||
\# restorecon -v /tmp/foo.txt
|
|
||||||
No such file or directory
|
|
||||||
After:
|
|
||||||
\# restorecon -v /tmp/foo.txt
|
|
||||||
/etc/selinux/yolo/contexts/files/file_contexts: No such file or directory
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/setfiles/restore.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
|
||||||
index d3335d1a..ba2668b3 100644
|
|
||||||
--- a/policycoreutils/setfiles/restore.c
|
|
||||||
+++ b/policycoreutils/setfiles/restore.c
|
|
||||||
@@ -29,7 +29,7 @@ void restore_init(struct restore_opts *opts)
|
|
||||||
|
|
||||||
opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
|
|
||||||
if (!opts->hnd) {
|
|
||||||
- perror(opts->selabel_opt_path);
|
|
||||||
+ perror(opts->selabel_opt_path ? opts->selabel_opt_path : selinux_file_context_path());
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,539 +0,0 @@
|
|||||||
From 066007029b3dd250305d7fac0bfd53aa1e4543cf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Date: Thu, 3 Feb 2022 17:53:23 +0100
|
|
||||||
Subject: [PATCH] semodule,libsemanage: move module hashing into libsemanage
|
|
||||||
|
|
||||||
The main goal of this move is to have the SHA-256 implementation under
|
|
||||||
libsemanage, since upcoming patches will make use of SHA-256 for a
|
|
||||||
different (but similar) purpose in libsemanage. Having the hashing code
|
|
||||||
in libsemanage will reduce code duplication and allow for easier hash
|
|
||||||
algorithm upgrade in the future.
|
|
||||||
|
|
||||||
Note that libselinux currently also contains a hash function
|
|
||||||
implementation (for yet another different purpose). This patch doesn't
|
|
||||||
make any effort to address that duplicity yet.
|
|
||||||
|
|
||||||
This patch also changes the format of the hash string printed by
|
|
||||||
semodule to include the name of the hash. The intent is to avoid
|
|
||||||
ambiguity and potential collisions when the algorithm is potentially
|
|
||||||
changed in the future.
|
|
||||||
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/semodule/Makefile | 2 +-
|
|
||||||
policycoreutils/semodule/semodule.c | 53 ++---
|
|
||||||
policycoreutils/semodule/sha256.c | 294 ----------------------------
|
|
||||||
policycoreutils/semodule/sha256.h | 89 ---------
|
|
||||||
4 files changed, 17 insertions(+), 421 deletions(-)
|
|
||||||
delete mode 100644 policycoreutils/semodule/sha256.c
|
|
||||||
delete mode 100644 policycoreutils/semodule/sha256.h
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
|
|
||||||
index 9875ac38..73801e48 100644
|
|
||||||
--- a/policycoreutils/semodule/Makefile
|
|
||||||
+++ b/policycoreutils/semodule/Makefile
|
|
||||||
@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man
|
|
||||||
|
|
||||||
CFLAGS ?= -Werror -Wall -W
|
|
||||||
override LDLIBS += -lsepol -lselinux -lsemanage
|
|
||||||
-SEMODULE_OBJS = semodule.o sha256.o
|
|
||||||
+SEMODULE_OBJS = semodule.o
|
|
||||||
|
|
||||||
all: semodule genhomedircon
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
||||||
index dc227058..243b1add 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
|
||||||
@@ -24,8 +24,6 @@
|
|
||||||
|
|
||||||
#include <semanage/modules.h>
|
|
||||||
|
|
||||||
-#include "sha256.h"
|
|
||||||
-
|
|
||||||
enum client_modes {
|
|
||||||
NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M,
|
|
||||||
LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M
|
|
||||||
@@ -347,60 +345,38 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
|
|
||||||
/* Get module checksum */
|
|
||||||
static char *hash_module_data(const char *module_name, const int prio) {
|
|
||||||
- semanage_module_info_t *extract_info = NULL;
|
|
||||||
semanage_module_key_t *modkey = NULL;
|
|
||||||
- Sha256Context context;
|
|
||||||
- uint8_t sha256_hash[SHA256_HASH_SIZE];
|
|
||||||
- char *sha256_buf = NULL;
|
|
||||||
- void *data;
|
|
||||||
- size_t data_len = 0, i;
|
|
||||||
+ char *hash_str = NULL;
|
|
||||||
+ void *hash = NULL;
|
|
||||||
+ size_t hash_len = 0;
|
|
||||||
int result;
|
|
||||||
|
|
||||||
result = semanage_module_key_create(sh, &modkey);
|
|
||||||
if (result != 0) {
|
|
||||||
- goto cleanup_extract;
|
|
||||||
+ goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
result = semanage_module_key_set_name(sh, modkey, module_name);
|
|
||||||
if (result != 0) {
|
|
||||||
- goto cleanup_extract;
|
|
||||||
+ goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
result = semanage_module_key_set_priority(sh, modkey, prio);
|
|
||||||
if (result != 0) {
|
|
||||||
- goto cleanup_extract;
|
|
||||||
+ goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- result = semanage_module_extract(sh, modkey, 1, &data, &data_len,
|
|
||||||
- &extract_info);
|
|
||||||
+ result = semanage_module_compute_checksum(sh, modkey, 1, &hash_str,
|
|
||||||
+ &hash_len);
|
|
||||||
if (result != 0) {
|
|
||||||
- goto cleanup_extract;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- Sha256Initialise(&context);
|
|
||||||
- Sha256Update(&context, data, data_len);
|
|
||||||
-
|
|
||||||
- Sha256Finalise(&context, (SHA256_HASH *)sha256_hash);
|
|
||||||
-
|
|
||||||
- sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1);
|
|
||||||
-
|
|
||||||
- if (sha256_buf == NULL)
|
|
||||||
- goto cleanup_extract;
|
|
||||||
-
|
|
||||||
- for (i = 0; i < SHA256_HASH_SIZE; i++) {
|
|
||||||
- sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]);
|
|
||||||
+ goto cleanup;
|
|
||||||
}
|
|
||||||
- sha256_buf[i * 2] = 0;
|
|
||||||
|
|
||||||
-cleanup_extract:
|
|
||||||
- if (data_len > 0) {
|
|
||||||
- munmap(data, data_len);
|
|
||||||
- }
|
|
||||||
- semanage_module_info_destroy(sh, extract_info);
|
|
||||||
- free(extract_info);
|
|
||||||
+cleanup:
|
|
||||||
+ free(hash);
|
|
||||||
semanage_module_key_destroy(sh, modkey);
|
|
||||||
free(modkey);
|
|
||||||
- return sha256_buf;
|
|
||||||
+ return hash_str;
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
|
||||||
@@ -667,7 +643,10 @@ cleanup_extract:
|
|
||||||
/* fixed width columns */
|
|
||||||
column[0] = sizeof("000") - 1;
|
|
||||||
column[3] = sizeof("disabled") - 1;
|
|
||||||
- column[4] = 64; /* SHA256_HASH_SIZE * 2 */
|
|
||||||
+
|
|
||||||
+ result = semanage_module_compute_checksum(sh, NULL, 0, NULL,
|
|
||||||
+ &column[4]);
|
|
||||||
+ if (result != 0) goto cleanup_list;
|
|
||||||
|
|
||||||
/* variable width columns */
|
|
||||||
const char *tmp = NULL;
|
|
||||||
diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c
|
|
||||||
deleted file mode 100644
|
|
||||||
index fe2aeef0..00000000
|
|
||||||
--- a/policycoreutils/semodule/sha256.c
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,294 +0,0 @@
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// WjCryptLib_Sha256
|
|
||||||
-//
|
|
||||||
-// Implementation of SHA256 hash function.
|
|
||||||
-// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
|
||||||
-// Modified by WaterJuice retaining Public Domain license.
|
|
||||||
-//
|
|
||||||
-// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// IMPORTS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-#include "sha256.h"
|
|
||||||
-#include <memory.h>
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// MACROS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits))))
|
|
||||||
-
|
|
||||||
-#define MIN(x, y) ( ((x)<(y))?(x):(y) )
|
|
||||||
-
|
|
||||||
-#define STORE32H(x, y) \
|
|
||||||
- { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \
|
|
||||||
- (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); }
|
|
||||||
-
|
|
||||||
-#define LOAD32H(x, y) \
|
|
||||||
- { x = ((uint32_t)((y)[0] & 255)<<24) | \
|
|
||||||
- ((uint32_t)((y)[1] & 255)<<16) | \
|
|
||||||
- ((uint32_t)((y)[2] & 255)<<8) | \
|
|
||||||
- ((uint32_t)((y)[3] & 255)); }
|
|
||||||
-
|
|
||||||
-#define STORE64H(x, y) \
|
|
||||||
- { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \
|
|
||||||
- (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \
|
|
||||||
- (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \
|
|
||||||
- (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); }
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// CONSTANTS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-// The K array
|
|
||||||
-static const uint32_t K[64] = {
|
|
||||||
- 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
|
|
||||||
- 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
|
|
||||||
- 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
|
|
||||||
- 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
|
|
||||||
- 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
|
|
||||||
- 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
|
|
||||||
- 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
|
|
||||||
- 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
|
|
||||||
- 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
|
|
||||||
- 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
|
|
||||||
- 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
|
|
||||||
- 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
|
||||||
- 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
-#define BLOCK_SIZE 64
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// INTERNAL FUNCTIONS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-// Various logical functions
|
|
||||||
-#define Ch( x, y, z ) (z ^ (x & (y ^ z)))
|
|
||||||
-#define Maj( x, y, z ) (((x | y) & z) | (x & y))
|
|
||||||
-#define S( x, n ) ror((x),(n))
|
|
||||||
-#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n))
|
|
||||||
-#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
|
|
||||||
-#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
|
|
||||||
-#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
|
|
||||||
-#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
|
|
||||||
-
|
|
||||||
-#define Sha256Round( a, b, c, d, e, f, g, h, i ) \
|
|
||||||
- t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
|
|
||||||
- t1 = Sigma0(a) + Maj(a, b, c); \
|
|
||||||
- d += t0; \
|
|
||||||
- h = t0 + t1;
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// TransformFunction
|
|
||||||
-//
|
|
||||||
-// Compress 512-bits
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-static
|
|
||||||
-void
|
|
||||||
- TransformFunction
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context,
|
|
||||||
- uint8_t const* Buffer
|
|
||||||
- )
|
|
||||||
-{
|
|
||||||
- uint32_t S[8];
|
|
||||||
- uint32_t W[64];
|
|
||||||
- uint32_t t0;
|
|
||||||
- uint32_t t1;
|
|
||||||
- uint32_t t;
|
|
||||||
- int i;
|
|
||||||
-
|
|
||||||
- // Copy state into S
|
|
||||||
- for( i=0; i<8; i++ )
|
|
||||||
- {
|
|
||||||
- S[i] = Context->state[i];
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Copy the state into 512-bits into W[0..15]
|
|
||||||
- for( i=0; i<16; i++ )
|
|
||||||
- {
|
|
||||||
- LOAD32H( W[i], Buffer + (4*i) );
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Fill W[16..63]
|
|
||||||
- for( i=16; i<64; i++ )
|
|
||||||
- {
|
|
||||||
- W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16];
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Compress
|
|
||||||
- for( i=0; i<64; i++ )
|
|
||||||
- {
|
|
||||||
- Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i );
|
|
||||||
- t = S[7];
|
|
||||||
- S[7] = S[6];
|
|
||||||
- S[6] = S[5];
|
|
||||||
- S[5] = S[4];
|
|
||||||
- S[4] = S[3];
|
|
||||||
- S[3] = S[2];
|
|
||||||
- S[2] = S[1];
|
|
||||||
- S[1] = S[0];
|
|
||||||
- S[0] = t;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Feedback
|
|
||||||
- for( i=0; i<8; i++ )
|
|
||||||
- {
|
|
||||||
- Context->state[i] = Context->state[i] + S[i];
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// PUBLIC FUNCTIONS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Initialise
|
|
||||||
-//
|
|
||||||
-// Initialises a SHA256 Context. Use this to initialise/reset a context.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Initialise
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context // [out]
|
|
||||||
- )
|
|
||||||
-{
|
|
||||||
- Context->curlen = 0;
|
|
||||||
- Context->length = 0;
|
|
||||||
- Context->state[0] = 0x6A09E667UL;
|
|
||||||
- Context->state[1] = 0xBB67AE85UL;
|
|
||||||
- Context->state[2] = 0x3C6EF372UL;
|
|
||||||
- Context->state[3] = 0xA54FF53AUL;
|
|
||||||
- Context->state[4] = 0x510E527FUL;
|
|
||||||
- Context->state[5] = 0x9B05688CUL;
|
|
||||||
- Context->state[6] = 0x1F83D9ABUL;
|
|
||||||
- Context->state[7] = 0x5BE0CD19UL;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Update
|
|
||||||
-//
|
|
||||||
-// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on
|
|
||||||
-// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Update
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context, // [in out]
|
|
||||||
- void const* Buffer, // [in]
|
|
||||||
- uint32_t BufferSize // [in]
|
|
||||||
- )
|
|
||||||
-{
|
|
||||||
- uint32_t n;
|
|
||||||
-
|
|
||||||
- if( Context->curlen > sizeof(Context->buf) )
|
|
||||||
- {
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- while( BufferSize > 0 )
|
|
||||||
- {
|
|
||||||
- if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE )
|
|
||||||
- {
|
|
||||||
- TransformFunction( Context, (uint8_t*)Buffer );
|
|
||||||
- Context->length += BLOCK_SIZE * 8;
|
|
||||||
- Buffer = (uint8_t*)Buffer + BLOCK_SIZE;
|
|
||||||
- BufferSize -= BLOCK_SIZE;
|
|
||||||
- }
|
|
||||||
- else
|
|
||||||
- {
|
|
||||||
- n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) );
|
|
||||||
- memcpy( Context->buf + Context->curlen, Buffer, (size_t)n );
|
|
||||||
- Context->curlen += n;
|
|
||||||
- Buffer = (uint8_t*)Buffer + n;
|
|
||||||
- BufferSize -= n;
|
|
||||||
- if( Context->curlen == BLOCK_SIZE )
|
|
||||||
- {
|
|
||||||
- TransformFunction( Context, Context->buf );
|
|
||||||
- Context->length += 8*BLOCK_SIZE;
|
|
||||||
- Context->curlen = 0;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Finalise
|
|
||||||
-//
|
|
||||||
-// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After
|
|
||||||
-// calling this, Sha256Initialised must be used to reuse the context.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Finalise
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context, // [in out]
|
|
||||||
- SHA256_HASH* Digest // [out]
|
|
||||||
- )
|
|
||||||
-{
|
|
||||||
- int i;
|
|
||||||
-
|
|
||||||
- if( Context->curlen >= sizeof(Context->buf) )
|
|
||||||
- {
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Increase the length of the message
|
|
||||||
- Context->length += Context->curlen * 8;
|
|
||||||
-
|
|
||||||
- // Append the '1' bit
|
|
||||||
- Context->buf[Context->curlen++] = (uint8_t)0x80;
|
|
||||||
-
|
|
||||||
- // if the length is currently above 56 bytes we append zeros
|
|
||||||
- // then compress. Then we can fall back to padding zeros and length
|
|
||||||
- // encoding like normal.
|
|
||||||
- if( Context->curlen > 56 )
|
|
||||||
- {
|
|
||||||
- while( Context->curlen < 64 )
|
|
||||||
- {
|
|
||||||
- Context->buf[Context->curlen++] = (uint8_t)0;
|
|
||||||
- }
|
|
||||||
- TransformFunction(Context, Context->buf);
|
|
||||||
- Context->curlen = 0;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Pad up to 56 bytes of zeroes
|
|
||||||
- while( Context->curlen < 56 )
|
|
||||||
- {
|
|
||||||
- Context->buf[Context->curlen++] = (uint8_t)0;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- // Store length
|
|
||||||
- STORE64H( Context->length, Context->buf+56 );
|
|
||||||
- TransformFunction( Context, Context->buf );
|
|
||||||
-
|
|
||||||
- // Copy output
|
|
||||||
- for( i=0; i<8; i++ )
|
|
||||||
- {
|
|
||||||
- STORE32H( Context->state[i], Digest->bytes+(4*i) );
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Calculate
|
|
||||||
-//
|
|
||||||
-// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the
|
|
||||||
-// buffer.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Calculate
|
|
||||||
- (
|
|
||||||
- void const* Buffer, // [in]
|
|
||||||
- uint32_t BufferSize, // [in]
|
|
||||||
- SHA256_HASH* Digest // [in]
|
|
||||||
- )
|
|
||||||
-{
|
|
||||||
- Sha256Context context;
|
|
||||||
-
|
|
||||||
- Sha256Initialise( &context );
|
|
||||||
- Sha256Update( &context, Buffer, BufferSize );
|
|
||||||
- Sha256Finalise( &context, Digest );
|
|
||||||
-}
|
|
||||||
diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h
|
|
||||||
deleted file mode 100644
|
|
||||||
index 406ed869..00000000
|
|
||||||
--- a/policycoreutils/semodule/sha256.h
|
|
||||||
+++ /dev/null
|
|
||||||
@@ -1,89 +0,0 @@
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// WjCryptLib_Sha256
|
|
||||||
-//
|
|
||||||
-// Implementation of SHA256 hash function.
|
|
||||||
-// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
|
||||||
-// Modified by WaterJuice retaining Public Domain license.
|
|
||||||
-//
|
|
||||||
-// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-#pragma once
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// IMPORTS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-#include <stdint.h>
|
|
||||||
-#include <stdio.h>
|
|
||||||
-
|
|
||||||
-typedef struct
|
|
||||||
-{
|
|
||||||
- uint64_t length;
|
|
||||||
- uint32_t state[8];
|
|
||||||
- uint32_t curlen;
|
|
||||||
- uint8_t buf[64];
|
|
||||||
-} Sha256Context;
|
|
||||||
-
|
|
||||||
-#define SHA256_HASH_SIZE ( 256 / 8 )
|
|
||||||
-
|
|
||||||
-typedef struct
|
|
||||||
-{
|
|
||||||
- uint8_t bytes [SHA256_HASH_SIZE];
|
|
||||||
-} SHA256_HASH;
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// PUBLIC FUNCTIONS
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Initialise
|
|
||||||
-//
|
|
||||||
-// Initialises a SHA256 Context. Use this to initialise/reset a context.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Initialise
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context // [out]
|
|
||||||
- );
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Update
|
|
||||||
-//
|
|
||||||
-// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on
|
|
||||||
-// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Update
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context, // [in out]
|
|
||||||
- void const* Buffer, // [in]
|
|
||||||
- uint32_t BufferSize // [in]
|
|
||||||
- );
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Finalise
|
|
||||||
-//
|
|
||||||
-// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After
|
|
||||||
-// calling this, Sha256Initialised must be used to reuse the context.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Finalise
|
|
||||||
- (
|
|
||||||
- Sha256Context* Context, // [in out]
|
|
||||||
- SHA256_HASH* Digest // [out]
|
|
||||||
- );
|
|
||||||
-
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-// Sha256Calculate
|
|
||||||
-//
|
|
||||||
-// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the
|
|
||||||
-// buffer.
|
|
||||||
-////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
||||||
-void
|
|
||||||
- Sha256Calculate
|
|
||||||
- (
|
|
||||||
- void const* Buffer, // [in]
|
|
||||||
- uint32_t BufferSize, // [in]
|
|
||||||
- SHA256_HASH* Digest // [in]
|
|
||||||
- );
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,144 +0,0 @@
|
|||||||
From e3fc737e43561ecadcb977ce4c9a1db44be636ae Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Date: Thu, 3 Feb 2022 17:53:27 +0100
|
|
||||||
Subject: [PATCH] semodule: add command-line option to detect module changes
|
|
||||||
|
|
||||||
Add a new command-line option "--rebuild-if-modules-changed" to control
|
|
||||||
the newly introduced check_ext_changes libsemanage flag.
|
|
||||||
|
|
||||||
For example, running `semodule --rebuild-if-modules-changed` will ensure
|
|
||||||
that any externally added/removed modules (e.g. by an RPM transaction)
|
|
||||||
are reflected in the compiled policy, while skipping the most expensive
|
|
||||||
part of the rebuild if no module change was deteceted since the last
|
|
||||||
libsemanage transaction.
|
|
||||||
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
---
|
|
||||||
policycoreutils/semodule/semodule.8 | 7 +++++++
|
|
||||||
policycoreutils/semodule/semodule.c | 32 ++++++++++++++++++++++-------
|
|
||||||
2 files changed, 32 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
|
||||||
index 3a2fb21c..d1735d21 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.8
|
|
||||||
+++ b/policycoreutils/semodule/semodule.8
|
|
||||||
@@ -23,6 +23,13 @@ force a reload of policy
|
|
||||||
.B \-B, \-\-build
|
|
||||||
force a rebuild of policy (also reloads unless \-n is used)
|
|
||||||
.TP
|
|
||||||
+.B \-\-rebuild-if-modules-changed
|
|
||||||
+Force a rebuild of the policy if any changes to module content are detected
|
|
||||||
+(by comparing with checksum from the last transaction). One can use this
|
|
||||||
+instead of \-B to ensure that any changes to the module store done by an
|
|
||||||
+external tool (e.g. a package manager) are applied, while automatically
|
|
||||||
+skipping the rebuild if there are no new changes.
|
|
||||||
+.TP
|
|
||||||
.B \-D, \-\-disable_dontaudit
|
|
||||||
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
|
||||||
.TP
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
||||||
index 243b1add..22a42a75 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
|
||||||
@@ -46,6 +46,7 @@ static int verbose;
|
|
||||||
static int reload;
|
|
||||||
static int no_reload;
|
|
||||||
static int build;
|
|
||||||
+static int check_ext_changes;
|
|
||||||
static int disable_dontaudit;
|
|
||||||
static int preserve_tunables;
|
|
||||||
static int ignore_module_cache;
|
|
||||||
@@ -148,6 +149,9 @@ static void usage(char *progname)
|
|
||||||
printf(" -c, --cil extract module as cil. This only affects module extraction.\n");
|
|
||||||
printf(" -H, --hll extract module as hll. This only affects module extraction.\n");
|
|
||||||
printf(" -m, --checksum print module checksum (SHA256).\n");
|
|
||||||
+ printf(" --rebuild-if-modules-changed\n"
|
|
||||||
+ " force policy rebuild if module content changed since\n"
|
|
||||||
+ " last rebuild (based on checksum)\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Sets the global mode variable to new_mode, but only if no other
|
|
||||||
@@ -179,6 +183,7 @@ static void set_mode(enum client_modes new_mode, char *arg)
|
|
||||||
static void parse_command_line(int argc, char **argv)
|
|
||||||
{
|
|
||||||
static struct option opts[] = {
|
|
||||||
+ {"rebuild-if-modules-changed", 0, NULL, '\0'},
|
|
||||||
{"store", required_argument, NULL, 's'},
|
|
||||||
{"base", required_argument, NULL, 'b'},
|
|
||||||
{"help", 0, NULL, 'h'},
|
|
||||||
@@ -206,15 +211,26 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
};
|
|
||||||
int extract_selected = 0;
|
|
||||||
int cil_hll_set = 0;
|
|
||||||
- int i;
|
|
||||||
+ int i, longind;
|
|
||||||
verbose = 0;
|
|
||||||
reload = 0;
|
|
||||||
no_reload = 0;
|
|
||||||
+ check_ext_changes = 0;
|
|
||||||
priority = 400;
|
|
||||||
while ((i =
|
|
||||||
- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts,
|
|
||||||
- NULL)) != -1) {
|
|
||||||
+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm",
|
|
||||||
+ opts, &longind)) != -1) {
|
|
||||||
switch (i) {
|
|
||||||
+ case '\0':
|
|
||||||
+ switch(longind) {
|
|
||||||
+ case 0: /* --rebuild-if-modules-changed */
|
|
||||||
+ check_ext_changes = 1;
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ usage(argv[0]);
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
case 'b':
|
|
||||||
fprintf(stderr, "The --base option is deprecated. Use --install instead.\n");
|
|
||||||
set_mode(INSTALL_M, optarg);
|
|
||||||
@@ -299,13 +315,13 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- if ((build || reload) && num_commands) {
|
|
||||||
+ if ((build || reload || check_ext_changes) && num_commands) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"build or reload should not be used with other commands\n");
|
|
||||||
usage(argv[0]);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
- if (num_commands == 0 && reload == 0 && build == 0) {
|
|
||||||
+ if (num_commands == 0 && reload == 0 && build == 0 && check_ext_changes == 0) {
|
|
||||||
fprintf(stderr, "At least one mode must be specified.\n");
|
|
||||||
usage(argv[0]);
|
|
||||||
exit(1);
|
|
||||||
@@ -392,7 +408,7 @@ int main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
parse_command_line(argc, argv);
|
|
||||||
|
|
||||||
- if (build)
|
|
||||||
+ if (build || check_ext_changes)
|
|
||||||
commit = 1;
|
|
||||||
|
|
||||||
sh = semanage_handle_create();
|
|
||||||
@@ -431,7 +447,7 @@ int main(int argc, char *argv[])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (build) {
|
|
||||||
+ if (build || check_ext_changes) {
|
|
||||||
if ((result = semanage_begin_transaction(sh)) < 0) {
|
|
||||||
fprintf(stderr, "%s: Could not begin transaction: %s\n",
|
|
||||||
argv[0], errno ? strerror(errno) : "");
|
|
||||||
@@ -805,6 +821,8 @@ cleanup_disable:
|
|
||||||
semanage_set_reload(sh, 0);
|
|
||||||
if (build)
|
|
||||||
semanage_set_rebuild(sh, 1);
|
|
||||||
+ if (check_ext_changes)
|
|
||||||
+ semanage_set_check_ext_changes(sh, 1);
|
|
||||||
if (disable_dontaudit)
|
|
||||||
semanage_set_disable_dontaudit(sh, 1);
|
|
||||||
else if (build)
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,64 +0,0 @@
|
|||||||
From 09c944561c76146b1fc11e99e95b6a674366cddf Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 30 May 2022 14:20:21 +0200
|
|
||||||
Subject: [PATCH] python: Split "semanage import" into two transactions
|
|
||||||
|
|
||||||
First transaction applies all deletion operations, so that there are no
|
|
||||||
collisions when applying the rest of the changes.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
# semanage port -a -t http_cache_port_t -r s0 -p tcp 3024
|
|
||||||
# semanage export | semanage import
|
|
||||||
ValueError: Port tcp/3024 already defined
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/semanage/semanage | 21 +++++++++++++++++++--
|
|
||||||
1 file changed, 19 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index ebb93ea5..b8842d28 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -841,10 +841,29 @@ def handleImport(args):
|
|
||||||
trans = seobject.semanageRecords(args)
|
|
||||||
trans.start()
|
|
||||||
|
|
||||||
+ deleteCommands = []
|
|
||||||
+ commands = []
|
|
||||||
+ # separate commands for deletion from the rest so they can be
|
|
||||||
+ # applied in a separate transaction
|
|
||||||
for l in sys.stdin.readlines():
|
|
||||||
if len(l.strip()) == 0:
|
|
||||||
continue
|
|
||||||
+ if "-d" in l or "-D" in l:
|
|
||||||
+ deleteCommands.append(l)
|
|
||||||
+ else:
|
|
||||||
+ commands.append(l)
|
|
||||||
+
|
|
||||||
+ if deleteCommands:
|
|
||||||
+ importHelper(deleteCommands)
|
|
||||||
+ trans.finish()
|
|
||||||
+ trans.start()
|
|
||||||
+
|
|
||||||
+ importHelper(commands)
|
|
||||||
+ trans.finish()
|
|
||||||
|
|
||||||
+
|
|
||||||
+def importHelper(commands):
|
|
||||||
+ for l in commands:
|
|
||||||
try:
|
|
||||||
commandParser = createCommandParser()
|
|
||||||
args = commandParser.parse_args(mkargv(l))
|
|
||||||
@@ -858,8 +877,6 @@ def handleImport(args):
|
|
||||||
except KeyboardInterrupt:
|
|
||||||
sys.exit(0)
|
|
||||||
|
|
||||||
- trans.finish()
|
|
||||||
-
|
|
||||||
|
|
||||||
def setupImportParser(subparsers):
|
|
||||||
importParser = subparsers.add_parser('import', help=_('Import local customizations'))
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,81 +0,0 @@
|
|||||||
From c0ca652dce6b1d5d11e697cc3a4695d87944f9ad Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Date: Wed, 8 Jun 2022 19:09:54 +0200
|
|
||||||
Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh
|
|
||||||
|
|
||||||
After the last commit this option's name and description no longer
|
|
||||||
matches the semantic, so give it a new one and update the descriptions.
|
|
||||||
The old name is still recognized and aliased to the new one for
|
|
||||||
backwards compatibility.
|
|
||||||
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
||||||
---
|
|
||||||
policycoreutils/semodule/semodule.8 | 12 ++++++------
|
|
||||||
policycoreutils/semodule/semodule.c | 13 ++++++++++---
|
|
||||||
2 files changed, 16 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
|
||||||
index d1735d21..c56e580f 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.8
|
|
||||||
+++ b/policycoreutils/semodule/semodule.8
|
|
||||||
@@ -23,12 +23,12 @@ force a reload of policy
|
|
||||||
.B \-B, \-\-build
|
|
||||||
force a rebuild of policy (also reloads unless \-n is used)
|
|
||||||
.TP
|
|
||||||
-.B \-\-rebuild-if-modules-changed
|
|
||||||
-Force a rebuild of the policy if any changes to module content are detected
|
|
||||||
-(by comparing with checksum from the last transaction). One can use this
|
|
||||||
-instead of \-B to ensure that any changes to the module store done by an
|
|
||||||
-external tool (e.g. a package manager) are applied, while automatically
|
|
||||||
-skipping the rebuild if there are no new changes.
|
|
||||||
+.B \-\-refresh
|
|
||||||
+Like \-\-build, but reuses existing linked policy if no changes to module
|
|
||||||
+files are detected (by comparing with checksum from the last transaction).
|
|
||||||
+One can use this instead of \-B to ensure that any changes to the module
|
|
||||||
+store done by an external tool (e.g. a package manager) are applied, while
|
|
||||||
+automatically skipping the module re-linking if there are no module changes.
|
|
||||||
.TP
|
|
||||||
.B \-D, \-\-disable_dontaudit
|
|
||||||
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
|
|
||||||
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
|
|
||||||
index 22a42a75..324ec9fb 100644
|
|
||||||
--- a/policycoreutils/semodule/semodule.c
|
|
||||||
+++ b/policycoreutils/semodule/semodule.c
|
|
||||||
@@ -149,9 +149,12 @@ static void usage(char *progname)
|
|
||||||
printf(" -c, --cil extract module as cil. This only affects module extraction.\n");
|
|
||||||
printf(" -H, --hll extract module as hll. This only affects module extraction.\n");
|
|
||||||
printf(" -m, --checksum print module checksum (SHA256).\n");
|
|
||||||
- printf(" --rebuild-if-modules-changed\n"
|
|
||||||
- " force policy rebuild if module content changed since\n"
|
|
||||||
- " last rebuild (based on checksum)\n");
|
|
||||||
+ printf(" --refresh like --build, but reuses existing linked policy if no\n"
|
|
||||||
+ " changes to module files are detected (via checksum)\n");
|
|
||||||
+ printf("Deprecated options:\n");
|
|
||||||
+ printf(" -b,--base same as --install\n");
|
|
||||||
+ printf(" --rebuild-if-modules-changed\n"
|
|
||||||
+ " same as --refresh\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Sets the global mode variable to new_mode, but only if no other
|
|
||||||
@@ -184,6 +187,7 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
{
|
|
||||||
static struct option opts[] = {
|
|
||||||
{"rebuild-if-modules-changed", 0, NULL, '\0'},
|
|
||||||
+ {"refresh", 0, NULL, '\0'},
|
|
||||||
{"store", required_argument, NULL, 's'},
|
|
||||||
{"base", required_argument, NULL, 'b'},
|
|
||||||
{"help", 0, NULL, 'h'},
|
|
||||||
@@ -224,6 +228,9 @@ static void parse_command_line(int argc, char **argv)
|
|
||||||
case '\0':
|
|
||||||
switch(longind) {
|
|
||||||
case 0: /* --rebuild-if-modules-changed */
|
|
||||||
+ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n");
|
|
||||||
+ /* fallthrough */
|
|
||||||
+ case 1: /* --refresh */
|
|
||||||
check_ext_changes = 1;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,79 +0,0 @@
|
|||||||
From 72c7e9123980b003a21d51e2805529a3e90b2460 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Thu, 13 Oct 2022 17:33:18 +0200
|
|
||||||
Subject: [PATCH] python: Harden tools against "rogue" modules
|
|
||||||
|
|
||||||
Python scripts present in "/usr/sbin" override regular modules.
|
|
||||||
Make sure /usr/sbin is not present in PYTHONPATH.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
#cat > /usr/sbin/audit.py <<EOF
|
|
||||||
import sys
|
|
||||||
print("BAD GUY!", file=sys.stderr)
|
|
||||||
sys.exit(1)
|
|
||||||
EOF
|
|
||||||
#semanage boolean -l
|
|
||||||
BAD GUY!
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/audit2allow/audit2allow | 2 +-
|
|
||||||
python/audit2allow/sepolgen-ifgen | 2 +-
|
|
||||||
python/chcat/chcat | 2 +-
|
|
||||||
python/semanage/semanage | 2 +-
|
|
||||||
python/sepolicy/sepolicy.py | 2 +-
|
|
||||||
5 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow
|
|
||||||
index 09b06f66..eafeea88 100644
|
|
||||||
--- a/python/audit2allow/audit2allow
|
|
||||||
+++ b/python/audit2allow/audit2allow
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
||||||
# Authors: Dan Walsh <dwalsh@redhat.com>
|
|
||||||
#
|
|
||||||
diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen
|
|
||||||
index be2d093b..f25f8af1 100644
|
|
||||||
--- a/python/audit2allow/sepolgen-ifgen
|
|
||||||
+++ b/python/audit2allow/sepolgen-ifgen
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
#
|
|
||||||
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
|
|
||||||
#
|
|
||||||
diff --git a/python/chcat/chcat b/python/chcat/chcat
|
|
||||||
index df2509f2..5671cec6 100755
|
|
||||||
--- a/python/chcat/chcat
|
|
||||||
+++ b/python/chcat/chcat
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
# Copyright (C) 2005 Red Hat
|
|
||||||
# see file 'COPYING' for use and warranty information
|
|
||||||
#
|
|
||||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
|
||||||
index b8842d28..1f170f60 100644
|
|
||||||
--- a/python/semanage/semanage
|
|
||||||
+++ b/python/semanage/semanage
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
# Copyright (C) 2012-2013 Red Hat
|
|
||||||
# AUTHOR: Miroslav Grepl <mgrepl@redhat.com>
|
|
||||||
# AUTHOR: David Quigley <selinux@davequigley.com>
|
|
||||||
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
|
|
||||||
index 8bd6a579..0c1d9641 100755
|
|
||||||
--- a/python/sepolicy/sepolicy.py
|
|
||||||
+++ b/python/sepolicy/sepolicy.py
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
# Copyright (C) 2012 Red Hat
|
|
||||||
# AUTHOR: Dan Walsh <dwalsh@redhat.com>
|
|
||||||
# see file 'COPYING' for use and warranty information
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -1,65 +0,0 @@
|
|||||||
From f33e40265d192e5d725e7b82e5f14f603e1fba48 Mon Sep 17 00:00:00 2001
|
|
||||||
From: James Carter <jwcart2@gmail.com>
|
|
||||||
Date: Wed, 19 Oct 2022 14:20:11 -0400
|
|
||||||
Subject: [PATCH] python: Do not query the local database if the fcontext is
|
|
||||||
non-local
|
|
||||||
|
|
||||||
Vit Mojzis reports that an error message is produced when modifying
|
|
||||||
a non-local fcontext.
|
|
||||||
|
|
||||||
He gives the following example:
|
|
||||||
# semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
|
|
||||||
libsemanage.dbase_llist_query: could not query record value (No such file or directory).
|
|
||||||
|
|
||||||
When modifying an fcontext, the non-local database is checked for the
|
|
||||||
key and then, if it is not found there, the local database is checked.
|
|
||||||
If the key doesn't exist, then an error is raised. If the key exists
|
|
||||||
then the local database is queried first and, if that fails, the non-
|
|
||||||
local database is queried.
|
|
||||||
|
|
||||||
The error is from querying the local database when the fcontext is in
|
|
||||||
the non-local database.
|
|
||||||
|
|
||||||
Instead, if the fcontext is in the non-local database, just query
|
|
||||||
the non-local database. Only query the local database if the
|
|
||||||
fcontext was found in it.
|
|
||||||
|
|
||||||
Reported-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
python/semanage/seobject.py | 15 +++++++++------
|
|
||||||
1 file changed, 9 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
||||||
index 70ebfd08..0e923a0d 100644
|
|
||||||
--- a/python/semanage/seobject.py
|
|
||||||
+++ b/python/semanage/seobject.py
|
|
||||||
@@ -2490,16 +2490,19 @@ class fcontextRecords(semanageRecords):
|
|
||||||
(rc, exists) = semanage_fcontext_exists(self.sh, k)
|
|
||||||
if rc < 0:
|
|
||||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
|
||||||
- if not exists:
|
|
||||||
+ if exists:
|
|
||||||
+ try:
|
|
||||||
+ (rc, fcontext) = semanage_fcontext_query(self.sh, k)
|
|
||||||
+ except OSError:
|
|
||||||
+ raise ValueError(_("Could not query file context for %s") % target)
|
|
||||||
+ else:
|
|
||||||
(rc, exists) = semanage_fcontext_exists_local(self.sh, k)
|
|
||||||
+ if rc < 0:
|
|
||||||
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
|
|
||||||
if not exists:
|
|
||||||
raise ValueError(_("File context for %s is not defined") % target)
|
|
||||||
-
|
|
||||||
- try:
|
|
||||||
- (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
|
|
||||||
- except OSError:
|
|
||||||
try:
|
|
||||||
- (rc, fcontext) = semanage_fcontext_query(self.sh, k)
|
|
||||||
+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
|
|
||||||
except OSError:
|
|
||||||
raise ValueError(_("Could not query file context for %s") % target)
|
|
||||||
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -1,112 +0,0 @@
|
|||||||
From f3ddbd8220d9646072c9a4c9ed37f2dff998a53c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 10 Jan 2023 11:37:26 +0100
|
|
||||||
Subject: [PATCH] python/sepolicy: add missing booleans to man pages
|
|
||||||
|
|
||||||
get_bools should return a list of booleans that can affect given type,
|
|
||||||
but it did not handle non trivial conditional statements properly
|
|
||||||
(returning the whole conditional statement instead of a list of booleans
|
|
||||||
in the statement).
|
|
||||||
|
|
||||||
e.g. for
|
|
||||||
allow httpd_t spamc_t:process transition; [ httpd_can_check_spam && httpd_can_sendmail ]:True
|
|
||||||
get_bools used to return [("httpd_can_check_spam && httpd_can_sendmail", False)] instead of
|
|
||||||
[("httpd_can_check_spam", False), ("httpd_can_sendmail", False)]
|
|
||||||
|
|
||||||
- rename "boolean" in sepolicy rule dictionary to "booleans" to suggest
|
|
||||||
it can contain multiple values and make sure it is populated correctly
|
|
||||||
- add "conditional" key to the rule dictionary to accommodate
|
|
||||||
get_conditionals, which requires the whole conditional statement
|
|
||||||
- extend get_bools search to dontaudit rules so that it covers booleans
|
|
||||||
like httpd_dontaudit_search_dirs
|
|
||||||
|
|
||||||
Note: get_bools uses security_get_boolean_active to get the boolean
|
|
||||||
value, but the value is later used to represent the default.
|
|
||||||
Not ideal, but I'm not aware of a way to get the actual defaults.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
"sepolicy manpage" generates man pages that are missing booleans
|
|
||||||
which are included in non trivial conditional expressions
|
|
||||||
e.g. httpd_selinux(8) does not include httpd_can_check_spam,
|
|
||||||
httpd_tmp_exec, httpd_unified, or httpd_use_gpg
|
|
||||||
|
|
||||||
This fix, however, also adds some not strictly related booleans
|
|
||||||
to some man pages. e.g. use_nfs_home_dirs and
|
|
||||||
use_samba_home_dirs are added to httpd_selinux(8)
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: Jason Zaman <jason@perfinion.com>
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/__init__.py | 21 +++++++++++++--------
|
|
||||||
1 file changed, 13 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index b6ca57c3..0f51174d 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -324,7 +324,12 @@ def _setools_rule_to_dict(rule):
|
|
||||||
pass
|
|
||||||
|
|
||||||
try:
|
|
||||||
- d['boolean'] = [(str(rule.conditional), enabled)]
|
|
||||||
+ d['booleans'] = [(str(b), b.state) for b in rule.conditional.booleans]
|
|
||||||
+ except AttributeError:
|
|
||||||
+ pass
|
|
||||||
+
|
|
||||||
+ try:
|
|
||||||
+ d['conditional'] = str(rule.conditional)
|
|
||||||
except AttributeError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
@@ -426,12 +431,12 @@ def get_conditionals(src, dest, tclass, perm):
|
|
||||||
x['source'] in src_list and
|
|
||||||
x['target'] in dest_list and
|
|
||||||
set(perm).issubset(x[PERMS]) and
|
|
||||||
- 'boolean' in x,
|
|
||||||
+ 'conditional' in x,
|
|
||||||
get_all_allow_rules()))
|
|
||||||
|
|
||||||
try:
|
|
||||||
for i in allows:
|
|
||||||
- tdict.update({'source': i['source'], 'boolean': i['boolean']})
|
|
||||||
+ tdict.update({'source': i['source'], 'conditional': (i['conditional'], i['enabled'])})
|
|
||||||
if tdict not in tlist:
|
|
||||||
tlist.append(tdict)
|
|
||||||
tdict = {}
|
|
||||||
@@ -445,10 +450,10 @@ def get_conditionals_format_text(cond):
|
|
||||||
|
|
||||||
enabled = False
|
|
||||||
for x in cond:
|
|
||||||
- if x['boolean'][0][1]:
|
|
||||||
+ if x['conditional'][1]:
|
|
||||||
enabled = True
|
|
||||||
break
|
|
||||||
- return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['boolean'][0][0], x['boolean'][0][1]), cond))))
|
|
||||||
+ return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['conditional'][0], x['conditional'][1]), cond))))
|
|
||||||
|
|
||||||
|
|
||||||
def get_types_from_attribute(attribute):
|
|
||||||
@@ -703,9 +708,9 @@ def get_boolean_rules(setype, boolean):
|
|
||||||
boollist = []
|
|
||||||
permlist = search([ALLOW], {'source': setype})
|
|
||||||
for p in permlist:
|
|
||||||
- if "boolean" in p:
|
|
||||||
+ if "booleans" in p:
|
|
||||||
try:
|
|
||||||
- for b in p["boolean"]:
|
|
||||||
+ for b in p["booleans"]:
|
|
||||||
if boolean in b:
|
|
||||||
boollist.append(p)
|
|
||||||
except:
|
|
||||||
@@ -1124,7 +1129,7 @@ def get_bools(setype):
|
|
||||||
bools = []
|
|
||||||
domainbools = []
|
|
||||||
domainname, short_name = gen_short_name(setype)
|
|
||||||
- for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x and x['source'] == setype, get_all_allow_rules())):
|
|
||||||
+ for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
|
|
||||||
for b in i:
|
|
||||||
if not isinstance(b, tuple):
|
|
||||||
continue
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -1,73 +0,0 @@
|
|||||||
From 25373db5cac520b85350db91b8a7ed0737d3316c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 24 Jan 2023 21:05:05 +0100
|
|
||||||
Subject: [PATCH] python/sepolicy: Cache conditional rule queries
|
|
||||||
|
|
||||||
Commit 7506771e4b630fe0ab853f96574e039055cb72eb
|
|
||||||
"add missing booleans to man pages" dramatically slowed down
|
|
||||||
"sepolicy manpage -a" by removing caching of setools rule query.
|
|
||||||
Re-add said caching and update the query to only return conditional
|
|
||||||
rules.
|
|
||||||
|
|
||||||
Before commit 7506771e:
|
|
||||||
#time sepolicy manpage -a
|
|
||||||
real 1m43.153s
|
|
||||||
# time sepolicy manpage -d httpd_t
|
|
||||||
real 0m4.493s
|
|
||||||
|
|
||||||
After commit 7506771e:
|
|
||||||
#time sepolicy manpage -a
|
|
||||||
real 1h56m43.153s
|
|
||||||
# time sepolicy manpage -d httpd_t
|
|
||||||
real 0m8.352s
|
|
||||||
|
|
||||||
After this commit:
|
|
||||||
#time sepolicy manpage -a
|
|
||||||
real 1m41.074s
|
|
||||||
# time sepolicy manpage -d httpd_t
|
|
||||||
real 0m7.358s
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/__init__.py | 11 ++++++++++-
|
|
||||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
index 0f51174d..f48231e9 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/__init__.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
|
||||||
@@ -114,6 +114,7 @@ all_attributes = None
|
|
||||||
booleans = None
|
|
||||||
booleans_dict = None
|
|
||||||
all_allow_rules = None
|
|
||||||
+all_bool_rules = None
|
|
||||||
all_transitions = None
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1119,6 +1120,14 @@ def get_all_allow_rules():
|
|
||||||
all_allow_rules = search([ALLOW])
|
|
||||||
return all_allow_rules
|
|
||||||
|
|
||||||
+def get_all_bool_rules():
|
|
||||||
+ global all_bool_rules
|
|
||||||
+ if not all_bool_rules:
|
|
||||||
+ q = setools.TERuleQuery(_pol, boolean=".*", boolean_regex=True,
|
|
||||||
+ ruletype=[ALLOW, DONTAUDIT])
|
|
||||||
+ all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()]
|
|
||||||
+ return all_bool_rules
|
|
||||||
+
|
|
||||||
def get_all_transitions():
|
|
||||||
global all_transitions
|
|
||||||
if not all_transitions:
|
|
||||||
@@ -1129,7 +1138,7 @@ def get_bools(setype):
|
|
||||||
bools = []
|
|
||||||
domainbools = []
|
|
||||||
domainname, short_name = gen_short_name(setype)
|
|
||||||
- for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))):
|
|
||||||
+ for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())):
|
|
||||||
for b in i:
|
|
||||||
if not isinstance(b, tuple):
|
|
||||||
continue
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -1,98 +0,0 @@
|
|||||||
From 7aef364bc6607953a34cb9e8fe9ea51c88379a5c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Wed, 6 Dec 2023 15:31:51 +0100
|
|
||||||
Subject: [PATCH] python: Harden more tools against "rogue" modules
|
|
||||||
|
|
||||||
Python scripts present in the same directory as the tool
|
|
||||||
override regular modules.
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
#cat > /usr/bin/signal.py <<EOF
|
|
||||||
import sys
|
|
||||||
print("BAD GUY!", file=sys.stderr)
|
|
||||||
sys.exit(1)
|
|
||||||
EOF
|
|
||||||
#sandbox date
|
|
||||||
BAD GUY!
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
---
|
|
||||||
dbus/selinux_server.py | 2 +-
|
|
||||||
gui/polgengui.py | 2 +-
|
|
||||||
gui/system-config-selinux.py | 6 +++---
|
|
||||||
sandbox/sandbox | 2 +-
|
|
||||||
sandbox/start | 2 +-
|
|
||||||
5 files changed, 7 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
|
|
||||||
index 97bf91ba..eae38de5 100644
|
|
||||||
--- a/dbus/selinux_server.py
|
|
||||||
+++ b/dbus/selinux_server.py
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
|
|
||||||
import dbus
|
|
||||||
import dbus.service
|
|
||||||
diff --git a/gui/polgengui.py b/gui/polgengui.py
|
|
||||||
index 46a1bd2c..0402e82c 100644
|
|
||||||
--- a/gui/polgengui.py
|
|
||||||
+++ b/gui/polgengui.py
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
#
|
|
||||||
# polgengui.py - GUI for SELinux Config tool in system-config-selinux
|
|
||||||
#
|
|
||||||
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
|
|
||||||
index 1e0d5eb1..c344c076 100644
|
|
||||||
--- a/gui/system-config-selinux.py
|
|
||||||
+++ b/gui/system-config-selinux.py
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
#
|
|
||||||
# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
|
|
||||||
#
|
|
||||||
@@ -32,6 +32,8 @@ except RuntimeError as e:
|
|
||||||
print("This is a graphical application and requires DISPLAY to be set.")
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
+sys.path.append('/usr/share/system-config-selinux')
|
|
||||||
+
|
|
||||||
from gi.repository import GObject
|
|
||||||
import statusPage
|
|
||||||
import booleansPage
|
|
||||||
@@ -65,8 +67,6 @@ except:
|
|
||||||
|
|
||||||
version = "1.0"
|
|
||||||
|
|
||||||
-sys.path.append('/usr/share/system-config-selinux')
|
|
||||||
-
|
|
||||||
|
|
||||||
##
|
|
||||||
## Pull in the Glade file
|
|
||||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
|
||||||
index 707959a6..e276e594 100644
|
|
||||||
--- a/sandbox/sandbox
|
|
||||||
+++ b/sandbox/sandbox
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
# Authors: Dan Walsh <dwalsh@redhat.com>
|
|
||||||
# Authors: Thomas Liu <tliu@fedoraproject.org>
|
|
||||||
# Authors: Josh Cogliati
|
|
||||||
diff --git a/sandbox/start b/sandbox/start
|
|
||||||
index 4ed3cb5c..3c1a1783 100644
|
|
||||||
--- a/sandbox/start
|
|
||||||
+++ b/sandbox/start
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-#!/usr/bin/python3 -Es
|
|
||||||
+#!/usr/bin/python3 -EsI
|
|
||||||
try:
|
|
||||||
from subprocess import getstatusoutput
|
|
||||||
except ImportError:
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -1,95 +0,0 @@
|
|||||||
From ea93da38a16eb44307b522f8a26f2d8f967fcc01 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
Date: Wed, 22 Nov 2023 12:29:43 +0100
|
|
||||||
Subject: [PATCH] sepolicy: port to dnf4 python API
|
|
||||||
|
|
||||||
yum module is not available since RHEL 7.
|
|
||||||
|
|
||||||
Drop -systemd related code as it's obsoleted these days - only 2
|
|
||||||
packages ship their .service in -systemd subpackage
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
|
||||||
Acked-by: James Carter <jwcart2@gmail.com>
|
|
||||||
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
---
|
|
||||||
python/sepolicy/sepolicy/generate.py | 56 +++++++++++++---------------
|
|
||||||
1 file changed, 25 insertions(+), 31 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
|
||||||
index 93caedee..c841a499 100644
|
|
||||||
--- a/python/sepolicy/sepolicy/generate.py
|
|
||||||
+++ b/python/sepolicy/sepolicy/generate.py
|
|
||||||
@@ -1265,24 +1265,20 @@ allow %s_t %s_t:%s_socket name_%s;
|
|
||||||
return fcfile
|
|
||||||
|
|
||||||
def __extract_rpms(self):
|
|
||||||
- import yum
|
|
||||||
- yb = yum.YumBase()
|
|
||||||
- yb.setCacheDir()
|
|
||||||
-
|
|
||||||
- for pkg in yb.rpmdb.searchProvides(self.program):
|
|
||||||
- self.rpms.append(pkg.name)
|
|
||||||
- for fname in pkg.dirlist + pkg.filelist + pkg.ghostlist:
|
|
||||||
- for b in self.DEFAULT_DIRS:
|
|
||||||
- if b == "/etc":
|
|
||||||
- continue
|
|
||||||
- if fname.startswith(b):
|
|
||||||
- if os.path.isfile(fname):
|
|
||||||
- self.add_file(fname)
|
|
||||||
- else:
|
|
||||||
- self.add_dir(fname)
|
|
||||||
+ import dnf
|
|
||||||
+
|
|
||||||
+ with dnf.Base() as base:
|
|
||||||
+ base.read_all_repos()
|
|
||||||
+ base.fill_sack(load_system_repo=True)
|
|
||||||
+
|
|
||||||
+ query = base.sack.query()
|
|
||||||
|
|
||||||
- for bpkg in yb.rpmdb.searchNames([pkg.base_package_name]):
|
|
||||||
- for fname in bpkg.dirlist + bpkg.filelist + bpkg.ghostlist:
|
|
||||||
+ pq = query.available()
|
|
||||||
+ pq = pq.filter(file=self.program)
|
|
||||||
+
|
|
||||||
+ for pkg in pq:
|
|
||||||
+ self.rpms.append(pkg.name)
|
|
||||||
+ for fname in pkg.files:
|
|
||||||
for b in self.DEFAULT_DIRS:
|
|
||||||
if b == "/etc":
|
|
||||||
continue
|
|
||||||
@@ -1291,20 +1287,18 @@ allow %s_t %s_t:%s_socket name_%s;
|
|
||||||
self.add_file(fname)
|
|
||||||
else:
|
|
||||||
self.add_dir(fname)
|
|
||||||
-
|
|
||||||
- # some packages have own systemd subpackage
|
|
||||||
- # tor-systemd for example
|
|
||||||
- binary_name = self.program.split("/")[-1]
|
|
||||||
- for bpkg in yb.rpmdb.searchNames(["%s-systemd" % binary_name]):
|
|
||||||
- for fname in bpkg.filelist + bpkg.ghostlist + bpkg.dirlist:
|
|
||||||
- for b in self.DEFAULT_DIRS:
|
|
||||||
- if b == "/etc":
|
|
||||||
- continue
|
|
||||||
- if fname.startswith(b):
|
|
||||||
- if os.path.isfile(fname):
|
|
||||||
- self.add_file(fname)
|
|
||||||
- else:
|
|
||||||
- self.add_dir(fname)
|
|
||||||
+ sq = query.available()
|
|
||||||
+ sq = sq.filter(provides=pkg.source_name)
|
|
||||||
+ for bpkg in sq:
|
|
||||||
+ for fname in bpkg.files:
|
|
||||||
+ for b in self.DEFAULT_DIRS:
|
|
||||||
+ if b == "/etc":
|
|
||||||
+ continue
|
|
||||||
+ if fname.startswith(b):
|
|
||||||
+ if os.path.isfile(fname):
|
|
||||||
+ self.add_file(fname)
|
|
||||||
+ else:
|
|
||||||
+ self.add_dir(fname)
|
|
||||||
|
|
||||||
def gen_writeable(self):
|
|
||||||
try:
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -51,9 +51,15 @@ relabel_selinux() {
|
|||||||
echo $"*** Relabeling could take a very long time, depending on file"
|
echo $"*** Relabeling could take a very long time, depending on file"
|
||||||
echo $"*** system size and speed of hard drives."
|
echo $"*** system size and speed of hard drives."
|
||||||
|
|
||||||
FORCE=`cat /.autorelabel`
|
OPTS=`cat /.autorelabel`
|
||||||
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
|
# by default, use as many threads as there are available
|
||||||
/sbin/fixfiles $FORCE restore
|
# another -T X in $OPTS will override the default value
|
||||||
|
OPTS="-T 0 $OPTS"
|
||||||
|
|
||||||
|
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
|
||||||
|
echo
|
||||||
|
echo $"Running: /sbin/fixfiles $OPTS restore"
|
||||||
|
/sbin/fixfiles $OPTS restore
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -f /.autorelabel
|
rm -f /.autorelabel
|
||||||
|
@ -18,6 +18,15 @@ fi
|
|||||||
set_target ()
|
set_target ()
|
||||||
{
|
{
|
||||||
ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
|
ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
|
||||||
|
AUTORELABEL="1"
|
||||||
|
source /etc/selinux/config
|
||||||
|
if [ "$AUTORELABEL" = "0" ]; then
|
||||||
|
mkdir -p "$earlydir/selinux-autorelabel.service.d"
|
||||||
|
cat > "$earlydir/selinux-autorelabel.service.d/tty.conf" <<EOF
|
||||||
|
[Service]
|
||||||
|
StandardInput=tty
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
if selinuxenabled; then
|
if selinuxenabled; then
|
||||||
|
@ -1,8 +1,7 @@
|
|||||||
%global libauditver 3.0
|
%global libauditver 3.0
|
||||||
%global libsepolver 2.9-1
|
%global libsepolver 3.6-1
|
||||||
%global libsemanagever 2.9-7
|
%global libsemanagever 3.6-1
|
||||||
%global libselinuxver 2.9-1
|
%global libselinuxver 3.6-1
|
||||||
%global sepolgenver 2.9
|
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
|
|
||||||
@ -11,17 +10,11 @@
|
|||||||
|
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.9
|
Version: 3.6
|
||||||
Release: 26%{?dist}
|
Release: 2.1%{?dist}
|
||||||
License: GPLv2
|
License: GPL-2.0-or-later
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/selinux-3.6.tar.gz
|
||||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz
|
|
||||||
Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz
|
|
||||||
Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz
|
|
||||||
Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz
|
|
||||||
Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz
|
|
||||||
Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz
|
|
||||||
URL: https://github.com/SELinuxProject/selinux
|
URL: https://github.com/SELinuxProject/selinux
|
||||||
Source13: system-config-selinux.png
|
Source13: system-config-selinux.png
|
||||||
Source14: sepolicy-icons.tgz
|
Source14: sepolicy-icons.tgz
|
||||||
@ -30,71 +23,39 @@ Source16: selinux-autorelabel.service
|
|||||||
Source17: selinux-autorelabel-mark.service
|
Source17: selinux-autorelabel-mark.service
|
||||||
Source18: selinux-autorelabel.target
|
Source18: selinux-autorelabel.target
|
||||||
Source19: selinux-autorelabel-generator.sh
|
Source19: selinux-autorelabel-generator.sh
|
||||||
Source20: policycoreutils-po.tgz
|
# Drop this when upstream updates translations and the package is rebased
|
||||||
Source21: python-po.tgz
|
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/policycoreutils --output ./
|
||||||
Source22: gui-po.tgz
|
Source20: selinux-policycoreutils.zip
|
||||||
Source23: sandbox-po.tgz
|
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/python --output ./
|
||||||
# https://gitlab.cee.redhat.com/SELinux/selinux
|
Source21: selinux-python.zip
|
||||||
# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/gui --output ./
|
||||||
|
Source22: selinux-gui.zip
|
||||||
|
# wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./
|
||||||
|
Source23: selinux-sandbox.zip
|
||||||
|
# https://github.com/fedora-selinux/selinux
|
||||||
|
# $ git format-patch -N 3.6 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||||
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
||||||
Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
|
# Patch list start
|
||||||
Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch
|
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||||
Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
||||||
Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
||||||
Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
Patch0004: 0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
||||||
Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
Patch0005: 0005-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||||
Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
Patch0006: 0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||||
Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch
|
Patch0007: 0007-Use-SHA-2-instead-of-SHA-1.patch
|
||||||
Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
||||||
Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
Patch0009: 0009-python-sepolicy-Fix-spec-file-dependencies.patch
|
||||||
Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch
|
Patch0010: 0010-Revert-Do-not-automatically-install-Russian-translat.patch
|
||||||
Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch
|
Patch0011: 0011-Revert-semodule-utils-Remove-the-Russian-translation.patch
|
||||||
Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
Patch0012: 0012-Revert-sandbox-Remove-the-Russian-translations.patch
|
||||||
Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch
|
Patch0013: 0013-Revert-restorecond-Remove-the-Russian-translations.patch
|
||||||
# this is too big and it's covered by sources 20 - 23
|
Patch0014: 0014-Revert-python-Remove-the-Russian-translations.patch
|
||||||
# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch
|
Patch0015: 0015-Revert-python-Remove-the-Russian-translations.patch
|
||||||
Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
Patch0016: 0016-Revert-policycoreutils-Remove-the-Russian-translatio.patch
|
||||||
Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch
|
Patch0017: 0017-Revert-gui-Remove-the-Russian-translations.patch
|
||||||
Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
Patch0018: 0018-python-semanage-Allow-modifying-records-on-add.patch
|
||||||
Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
Patch0019: 0019-python-semanage-Do-not-sort-local-fcontext-definitio.patch
|
||||||
Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
|
# Patch list end
|
||||||
Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
|
|
||||||
Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
|
|
||||||
Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
|
|
||||||
Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
|
|
||||||
Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch
|
|
||||||
Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
|
|
||||||
Patch0027: 0027-policycoreutils-fixfiles-Fix-verify-option.patch
|
|
||||||
Patch0028: 0028-python-semanage-Improve-handling-of-permissive-state.patch
|
|
||||||
Patch0029: 0029-python-semanage-fix-moduleRecords.customized.patch
|
|
||||||
Patch0030: 0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch
|
|
||||||
Patch0031: 0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch
|
|
||||||
Patch0032: 0032-restorecond-Fix-redundant-console-log-output-error.patch
|
|
||||||
Patch0033: 0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch
|
|
||||||
Patch0034: 0034-python-semanage-Sort-imports-in-alphabetical-order.patch
|
|
||||||
Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch
|
|
||||||
Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch
|
|
||||||
Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch
|
|
||||||
Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch
|
|
||||||
Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch
|
|
||||||
Patch0040: 0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch
|
|
||||||
Patch0041: 0041-semodule-add-m-checksum-option.patch
|
|
||||||
Patch0042: 0042-semodule-Fix-lang_ext-column-index.patch
|
|
||||||
Patch0043: 0043-semodule-Don-t-forget-to-munmap-data.patch
|
|
||||||
Patch0044: 0044-policycoreutils-Improve-error-message-when-selabel_o.patch
|
|
||||||
Patch0045: 0045-semodule-libsemanage-move-module-hashing-into-libsem.patch
|
|
||||||
Patch0046: 0046-semodule-add-command-line-option-to-detect-module-ch.patch
|
|
||||||
Patch0047: 0047-python-Split-semanage-import-into-two-transactions.patch
|
|
||||||
Patch0048: 0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch
|
|
||||||
Patch0049: 0049-python-Harden-tools-against-rogue-modules.patch
|
|
||||||
Patch0050: 0050-python-Do-not-query-the-local-database-if-the-fconte.patch
|
|
||||||
Patch0051: 0051-python-sepolicy-add-missing-booleans-to-man-pages.patch
|
|
||||||
Patch0052: 0052-python-sepolicy-Cache-conditional-rule-queries.patch
|
|
||||||
Patch0053: 0053-python-Harden-more-tools-against-rogue-modules.patch
|
|
||||||
Patch0054: 0054-sepolicy-port-to-dnf4-python-API.patch
|
|
||||||
Patch0056: 0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch
|
|
||||||
Patch0057: 0056-python-semanage-Allow-modifying-records-on-add.patch
|
|
||||||
|
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||||
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
||||||
@ -102,12 +63,12 @@ Conflicts: initscripts < 9.66
|
|||||||
Provides: /sbin/fixfiles
|
Provides: /sbin/fixfiles
|
||||||
Provides: /sbin/restorecon
|
Provides: /sbin/restorecon
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc make
|
||||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel python3-pip
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
BuildRequires: git
|
BuildRequires: git-core
|
||||||
Requires: util-linux grep gawk diffutils rpm sed
|
Requires: util-linux grep gawk diffutils rpm sed
|
||||||
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
|
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
|
||||||
|
|
||||||
@ -128,26 +89,7 @@ load_policy to load policies, setfiles to label filesystems, newrole
|
|||||||
to switch roles.
|
to switch roles.
|
||||||
|
|
||||||
%prep -p /usr/bin/bash
|
%prep -p /usr/bin/bash
|
||||||
# create selinux/ directory and extract sources
|
%autosetup -p 1 -n selinux-%{version}
|
||||||
%autosetup -S git -N -c -n selinux
|
|
||||||
%autosetup -S git -N -T -D -a 1 -n selinux
|
|
||||||
%autosetup -S git -N -T -D -a 2 -n selinux
|
|
||||||
%autosetup -S git -N -T -D -a 3 -n selinux
|
|
||||||
%autosetup -S git -N -T -D -a 4 -n selinux
|
|
||||||
%autosetup -S git -N -T -D -a 5 -n selinux
|
|
||||||
%autosetup -S git -N -T -D -a 6 -n selinux
|
|
||||||
|
|
||||||
for i in *; do
|
|
||||||
git mv $i ${i/-%{version}/}
|
|
||||||
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
|
|
||||||
done
|
|
||||||
|
|
||||||
for i in selinux-*; do
|
|
||||||
git mv $i ${i#selinux-}
|
|
||||||
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i#selinux-}"
|
|
||||||
done
|
|
||||||
|
|
||||||
git am %{_sourcedir}/[0-9]*.patch
|
|
||||||
|
|
||||||
cp %{SOURCE13} gui/
|
cp %{SOURCE13} gui/
|
||||||
tar -xvf %{SOURCE14} -C python/sepolicy/
|
tar -xvf %{SOURCE14} -C python/sepolicy/
|
||||||
@ -156,16 +98,20 @@ tar -xvf %{SOURCE14} -C python/sepolicy/
|
|||||||
# For more information see README.translations
|
# For more information see README.translations
|
||||||
# First remove old translation files
|
# First remove old translation files
|
||||||
rm -f policycoreutils/po/*.po python/po/*.po gui/po/*.po sandbox/po/*.po
|
rm -f policycoreutils/po/*.po python/po/*.po gui/po/*.po sandbox/po/*.po
|
||||||
tar -x -f %{SOURCE20} -C policycoreutils -z
|
unzip %{SOURCE20}
|
||||||
tar -x -f %{SOURCE21} -C python -z
|
cp -r selinux/policycoreutils/po policycoreutils
|
||||||
tar -x -f %{SOURCE22} -C gui -z
|
unzip %{SOURCE21}
|
||||||
tar -x -f %{SOURCE23} -C sandbox -z
|
cp -r selinux/python/po python
|
||||||
|
unzip %{SOURCE22}
|
||||||
|
cp -r selinux/gui/po gui
|
||||||
|
unzip %{SOURCE23}
|
||||||
|
cp -r selinux/sandbox/po sandbox
|
||||||
|
|
||||||
%build
|
%Build
|
||||||
%set_build_flags
|
%set_build_flags
|
||||||
export PYTHON=%{__python3}
|
export PYTHON=%{__python3}
|
||||||
|
|
||||||
make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
make -C policycoreutils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||||
make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||||
make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||||
make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||||
@ -181,19 +127,19 @@ mkdir -p %{buildroot}%{_mandir}/man5
|
|||||||
mkdir -p %{buildroot}%{_mandir}/man8
|
mkdir -p %{buildroot}%{_mandir}/man8
|
||||||
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
|
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
|
||||||
|
|
||||||
make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
%make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||||
|
|
||||||
# Fix perms on newrole so that objcopy can process it
|
# Fix perms on newrole so that objcopy can process it
|
||||||
chmod 0755 %{buildroot}%{_bindir}/newrole
|
chmod 0755 %{buildroot}%{_bindir}/newrole
|
||||||
@ -218,27 +164,6 @@ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
|
|||||||
install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
|
install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
|
||||||
install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
|
install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
|
||||||
|
|
||||||
# change /usr/bin/python to %%{__python3} in policycoreutils-python3
|
|
||||||
pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
|
|
||||||
|
|
||||||
# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils
|
|
||||||
pathfix.py -i "%{__python3} -EsI" -p \
|
|
||||||
%{buildroot}%{_sbindir}/semanage \
|
|
||||||
%{buildroot}%{_bindir}/chcat \
|
|
||||||
%{buildroot}%{_bindir}/sandbox \
|
|
||||||
%{buildroot}%{_datadir}/sandbox/start \
|
|
||||||
%{buildroot}%{_bindir}/audit2allow \
|
|
||||||
%{buildroot}%{_bindir}/sepolicy \
|
|
||||||
%{buildroot}%{_bindir}/sepolgen-ifgen \
|
|
||||||
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
|
|
||||||
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
|
|
||||||
%nil
|
|
||||||
|
|
||||||
# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
|
|
||||||
find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
|
|
||||||
%{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
|
|
||||||
-type f -name '*~' | xargs rm -f
|
|
||||||
|
|
||||||
# Manually invoke the python byte compile macro for each path that needs byte
|
# Manually invoke the python byte compile macro for each path that needs byte
|
||||||
# compilation.
|
# compilation.
|
||||||
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
|
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
|
||||||
@ -261,7 +186,6 @@ an SELinux environment.
|
|||||||
%files python-utils
|
%files python-utils
|
||||||
%{_sbindir}/semanage
|
%{_sbindir}/semanage
|
||||||
%{_bindir}/chcat
|
%{_bindir}/chcat
|
||||||
%{_bindir}/sandbox
|
|
||||||
%{_bindir}/audit2allow
|
%{_bindir}/audit2allow
|
||||||
%{_bindir}/audit2why
|
%{_bindir}/audit2why
|
||||||
%{_mandir}/man1/audit2allow.1*
|
%{_mandir}/man1/audit2allow.1*
|
||||||
@ -271,8 +195,6 @@ an SELinux environment.
|
|||||||
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
|
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
|
||||||
%{_mandir}/man8/chcat.8*
|
%{_mandir}/man8/chcat.8*
|
||||||
%{_mandir}/ru/man8/chcat.8*
|
%{_mandir}/ru/man8/chcat.8*
|
||||||
%{_mandir}/man8/sandbox.8*
|
|
||||||
%{_mandir}/ru/man8/sandbox.8*
|
|
||||||
%{_mandir}/man8/semanage*.8*
|
%{_mandir}/man8/semanage*.8*
|
||||||
%{_mandir}/ru/man8/semanage*.8*
|
%{_mandir}/ru/man8/semanage*.8*
|
||||||
%{_datadir}/bash-completion/completions/semanage
|
%{_datadir}/bash-completion/completions/semanage
|
||||||
@ -280,7 +202,8 @@ an SELinux environment.
|
|||||||
%package dbus
|
%package dbus
|
||||||
Summary: SELinux policy core DBUS api
|
Summary: SELinux policy core DBUS api
|
||||||
Requires: python3-policycoreutils = %{version}-%{release}
|
Requires: python3-policycoreutils = %{version}-%{release}
|
||||||
Requires: python3-slip-dbus
|
Requires: python3-gobject-base
|
||||||
|
Requires: polkit
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
%description dbus
|
%description dbus
|
||||||
@ -308,7 +231,8 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
|
|||||||
# no python3-audit-libs yet
|
# no python3-audit-libs yet
|
||||||
Requires:audit-libs-python3 >= %{libauditver}
|
Requires:audit-libs-python3 >= %{libauditver}
|
||||||
Requires: checkpolicy
|
Requires: checkpolicy
|
||||||
Requires: python3-setools >= 4.1.1
|
Requires: python3-setools >= 4.4.0
|
||||||
|
Requires: python3-distro
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
%description -n python3-policycoreutils
|
%description -n python3-policycoreutils
|
||||||
@ -339,7 +263,7 @@ by python 3 in an SELinux environment.
|
|||||||
Summary: SELinux policy core policy devel utilities
|
Summary: SELinux policy core policy devel utilities
|
||||||
Requires: policycoreutils-python-utils = %{version}-%{release}
|
Requires: policycoreutils-python-utils = %{version}-%{release}
|
||||||
Requires: /usr/bin/make dnf
|
Requires: /usr/bin/make dnf
|
||||||
Requires: selinux-policy-devel
|
Requires: (selinux-policy-devel if selinux-policy)
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
|
The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
|
||||||
@ -383,8 +307,11 @@ sandboxes
|
|||||||
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||||
%{_mandir}/man8/seunshare.8*
|
%{_mandir}/man8/seunshare.8*
|
||||||
%{_mandir}/ru/man8/seunshare.8*
|
%{_mandir}/ru/man8/seunshare.8*
|
||||||
|
%{_bindir}/sandbox
|
||||||
%{_mandir}/man5/sandbox.5*
|
%{_mandir}/man5/sandbox.5*
|
||||||
%{_mandir}/ru/man5/sandbox.5*
|
%{_mandir}/ru/man5/sandbox.5*
|
||||||
|
%{_mandir}/man8/sandbox.8*
|
||||||
|
%{_mandir}/ru/man8/sandbox.8*
|
||||||
|
|
||||||
%package newrole
|
%package newrole
|
||||||
Summary: The newrole application for RBAC/MLS
|
Summary: The newrole application for RBAC/MLS
|
||||||
@ -447,12 +374,14 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%{_sbindir}/genhomedircon
|
%{_sbindir}/genhomedircon
|
||||||
%{_sbindir}/setsebool
|
%{_sbindir}/setsebool
|
||||||
%{_sbindir}/semodule
|
%{_sbindir}/semodule
|
||||||
|
# symlink to %%{_bindir}/sestatus
|
||||||
%{_sbindir}/sestatus
|
%{_sbindir}/sestatus
|
||||||
%{_bindir}/secon
|
%{_bindir}/secon
|
||||||
%{_bindir}/semodule_expand
|
%{_bindir}/semodule_expand
|
||||||
%{_bindir}/semodule_link
|
%{_bindir}/semodule_link
|
||||||
%{_bindir}/semodule_package
|
%{_bindir}/semodule_package
|
||||||
%{_bindir}/semodule_unpackage
|
%{_bindir}/semodule_unpackage
|
||||||
|
%{_bindir}/sestatus
|
||||||
%{_libexecdir}/selinux/hll
|
%{_libexecdir}/selinux/hll
|
||||||
%{_libexecdir}/selinux/selinux-autorelabel
|
%{_libexecdir}/selinux/selinux-autorelabel
|
||||||
%{_unitdir}/selinux-autorelabel-mark.service
|
%{_unitdir}/selinux-autorelabel-mark.service
|
||||||
@ -495,7 +424,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||||||
%dir %{_datadir}/bash-completion
|
%dir %{_datadir}/bash-completion
|
||||||
%{_datadir}/bash-completion/completions/setsebool
|
%{_datadir}/bash-completion/completions/setsebool
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license policycoreutils/COPYING
|
%license policycoreutils/LICENSE
|
||||||
%doc %{_usr}/share/doc/%{name}
|
%doc %{_usr}/share/doc/%{name}
|
||||||
|
|
||||||
%package restorecond
|
%package restorecond
|
||||||
@ -508,14 +437,16 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%files restorecond
|
%files restorecond
|
||||||
%{_sbindir}/restorecond
|
%{_sbindir}/restorecond
|
||||||
%{_unitdir}/restorecond.service
|
%{_unitdir}/restorecond.service
|
||||||
|
%{_userunitdir}/restorecond_user.service
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
|
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
|
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
|
||||||
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
||||||
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
||||||
%{_mandir}/man8/restorecond.8*
|
%{_mandir}/man8/restorecond.8*
|
||||||
%{_mandir}/ru/man8/restorecond.8*
|
%{_mandir}/ru/man8/restorecond.8*
|
||||||
|
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license policycoreutils/COPYING
|
%license policycoreutils/LICENSE
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%systemd_post selinux-autorelabel-mark.service
|
%systemd_post selinux-autorelabel-mark.service
|
||||||
@ -533,171 +464,303 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Mar 06 2024 Vit Mojzis <vmojzis@redhat.com> - 2.9-26
|
* Mon Feb 19 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.6-2.1
|
||||||
- python/semanage: Allow modifying records on "add" (RHEL-28167)
|
- semanage: Allow modifying records on "add"
|
||||||
- python/semanage: Do not sort local fcontext definitions (RHEL-24461)
|
- semanage: Do not sort local fcontext definitions
|
||||||
|
|
||||||
* Tue Feb 06 2024 Vit Mojzis <vmojzis@redhat.com> - 2.9-25
|
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
|
||||||
- Harden more tools against "rogue" modules (RHEL-17351)
|
- SELinux userspace 3.6 release
|
||||||
- sepolicy: port to dnf4 python API (RHEL-17398)
|
|
||||||
|
|
||||||
* Wed Feb 15 2023 Vit Mojzis <vmojzis@redhat.com> - 2.9-24
|
* Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.0-0.rc1.1
|
||||||
- Update translations (#2124826)
|
- SELinux userspace 3.6-rc1 release
|
||||||
|
|
||||||
* Wed Feb 08 2023 Vit Mojzis <vmojzis@redhat.com> - 2.9-23
|
* Mon Oct 30 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-3
|
||||||
- python/sepolicy: Cache conditional rule queries (#2155540)
|
- Update translations
|
||||||
|
https://translate.fedoraproject.org/projects/selinux/
|
||||||
|
|
||||||
* Mon Jan 09 2023 Vit Mojzis <vmojzis@redhat.com> - 2.9-22
|
* Tue Jun 27 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-2
|
||||||
- python/sepolicy: add missing booleans to man pages (#2155540)
|
- Improve man pages (RHEL-672)
|
||||||
|
- Unwrap strings - remove hard returns and initial white spaces from strings (RHEL-606)
|
||||||
|
|
||||||
* Mon Dec 19 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-21.1
|
* Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
|
||||||
- python: Harden tools against "rogue" modules (#2128976)
|
- SELinux userspace 3.5 release
|
||||||
- Update "pathfix" arguments to match ^^^ (#2128976)
|
|
||||||
- python: Do not query the local database if the fcontext is non-local (#2124825)
|
|
||||||
|
|
||||||
* Thu Jul 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-20
|
* Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1.1
|
||||||
|
- SELinux userspace 3.5-rc3 release
|
||||||
|
|
||||||
|
* Wed Feb 8 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.3
|
||||||
|
- Attach tty to selinux-autorelabel.service when AUTORELABEL=0
|
||||||
|
|
||||||
|
* Thu Jan 26 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-0.rc2.2
|
||||||
|
- python/sepolicy: Cache conditional rule queries
|
||||||
|
|
||||||
|
* Tue Jan 17 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
|
||||||
|
- SELinux userspace 3.5-rc2 release
|
||||||
|
|
||||||
|
* Mon Jan 2 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.2
|
||||||
|
- SELinux userspace 3.5-rc1 release
|
||||||
|
|
||||||
|
* Tue Sep 06 2022 Vit Mojzis <vmojzis@redhat.com> - 3.4-4
|
||||||
|
- Update translations (#2062630)
|
||||||
|
|
||||||
|
* Mon Aug 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
|
||||||
|
- Run autorelabel in parallel by default
|
||||||
|
https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel
|
||||||
|
|
||||||
|
* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
|
||||||
|
- gettext: handle unsupported languages properly (#2100378)
|
||||||
|
- semodule: rename --rebuild-if-modules-changed to --refresh
|
||||||
- python: Split "semanage import" into two transactions (#2063353)
|
- python: Split "semanage import" into two transactions (#2063353)
|
||||||
- semodule: rename --rebuild-if-modules-changed to --refresh (#2089802)
|
|
||||||
- selinux-autorelabel: Do not force reboot (#2093133)
|
- selinux-autorelabel: Do not force reboot (#2093133)
|
||||||
|
|
||||||
* Thu Feb 17 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-19
|
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
|
||||||
- semodule: move module hashing into libsemanage (requires libsemanage-2.9-7)
|
- SELinux userspace 3.4 release
|
||||||
- semodule: add command-line option to detect module changes (#2049189)
|
|
||||||
|
|
||||||
* Fri Jan 14 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-18
|
* Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-4.2
|
||||||
- Improve error message when selabel_open fails (#1926511)
|
- semodule: add command-line option to detect module changes
|
||||||
|
|
||||||
* Tue Nov 30 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-17
|
* Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-5
|
||||||
|
- Improve error message when selabel_open fails
|
||||||
|
|
||||||
|
* Mon Feb 14 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-3
|
||||||
|
- fixfiles: Use parallel relabeling
|
||||||
|
|
||||||
|
* Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
|
||||||
|
- setfiles/restorecon: support parallel relabeling with -T <N> option
|
||||||
- semodule: add -m | --checksum option
|
- semodule: add -m | --checksum option
|
||||||
|
|
||||||
* Thu Sep 16 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-16
|
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
|
||||||
- Update translations (#1962009)
|
- SELinux userspace 3.3 release
|
||||||
|
|
||||||
* Mon Jul 19 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-15
|
* Mon Oct 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
|
||||||
- setfiles: do not restrict checks against a binary policy (#1973754)
|
- SELinux userspace 3.3-rc3 release
|
||||||
|
|
||||||
* Tue Mar 09 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-14
|
* Wed Sep 29 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3-0.rc2.2
|
||||||
- Update translations (#1899695)
|
- Update translations (#2003127)
|
||||||
|
|
||||||
* Mon Feb 22 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-13
|
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
|
||||||
- selinux(8,5): Describe fcontext regular expressions (#1904059)
|
- SELinux userspace 3.3-rc2 release
|
||||||
|
|
||||||
* Tue Feb 2 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-12
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-7
|
||||||
- setfiles: Do not abort on labeling error (#1794518)
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Wed Jan 27 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-11
|
* Tue Aug 3 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-6
|
||||||
- python/sepolgen: allow any policy statement in if(n)def (#1868717)
|
- Drop forgotten ru/ man pages from -restorecond
|
||||||
|
|
||||||
* Sat Jan 16 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-10
|
* Fri Jul 30 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-5
|
||||||
- python/semanage: Sort imports in alphabetical order
|
- Use SHA-2 instead of SHA-1 (#1934964)
|
||||||
- python/semanage: empty stdout before exiting on BrokenPipeError (#1822100)
|
- Fix COPY_PASTE_ERROR (CWE-398)
|
||||||
|
|
||||||
* Fri Jan 17 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-9
|
* Thu May 13 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
|
||||||
- Update translations (#1754978)
|
- policycoreutils-dbus requires polkit
|
||||||
|
- fixfiles: do not exclude /dev and /run in -C mode
|
||||||
|
- dbus: use GLib.MainLoop
|
||||||
|
|
||||||
* Thu Nov 21 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-8
|
* Fri Apr 23 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3.1
|
||||||
- restorecond: Fix redundant console log output error (#1626468)
|
- Do not use Python slip (#1949841)
|
||||||
|
|
||||||
* Tue Nov 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
|
||||||
- dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot (#1754873)
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
* Tue Nov 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
|
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
|
||||||
- Configure autorelabel service to output to journal and to console if set (#1766578)
|
- SELinux userspace 3.2 release
|
||||||
|
|
||||||
* Wed Nov 06 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-5
|
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.2-0.rc2.1.1
|
||||||
- fixfiles: Fix "verify" option (#1647532)
|
- Rebuilt for updated systemd-rpm-macros
|
||||||
- semanage: Improve handling of "permissive" statements (#1417455)
|
See https://pagure.io/fesco/issue/2583.
|
||||||
- semanage: fix moduleRecords.customized()
|
|
||||||
- semanage: Add support for DCCP and SCTP protocols (#1563742)
|
|
||||||
|
|
||||||
* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-4
|
* Fri Feb 5 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
|
||||||
- semanage: Do not use default s0 range in "semanage login -a" (#1554360)
|
- SELinux userspace 3.2-rc2 release
|
||||||
- gui: Fix remove module in system-config-selinux (#1748763)
|
|
||||||
|
|
||||||
* Thu Aug 22 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
|
||||||
- fixfiles: Fix unbound variable problem (#1743213)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
* Tue Jul 2 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2
|
* Wed Jan 20 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
|
||||||
- Update transition
|
- SELinux userspace 3.2-rc1 release
|
||||||
|
|
||||||
|
* Tue Nov 24 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-8
|
||||||
|
- Fix BuildRequires to libsemanage-devel
|
||||||
|
|
||||||
|
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
|
||||||
|
- python/sepolicy: allow to override manpage date
|
||||||
|
- selinux_config(5): add a note that runtime disable is deprecated
|
||||||
|
|
||||||
|
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
||||||
|
- Require latest setools
|
||||||
|
|
||||||
|
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
|
||||||
|
- Build with libsepol.so.1 and libsemanage.so.2
|
||||||
|
- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
|
||||||
|
- fixfiles: correctly restore context of mountpoints
|
||||||
|
- sepolgen: print extended permissions in hexadecimal
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-4
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||||
|
- SELinux userspace 3.1 release
|
||||||
|
|
||||||
|
* Mon Jun 1 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-4
|
||||||
|
- policycoreutils-dbus requires python3-gobject-base
|
||||||
|
|
||||||
|
* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-3
|
||||||
|
- Rebuilt for Python 3.9
|
||||||
|
|
||||||
|
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||||
|
- SELinux userspace 3.0 release
|
||||||
|
|
||||||
|
* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
|
||||||
|
- semanage: Do not use default s0 range in "semanage login -a" (#1312283)
|
||||||
|
|
||||||
|
* Thu Aug 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
|
||||||
|
- gui: Fix remove module in system-config-selinux (#1740936)
|
||||||
|
|
||||||
|
* Fri Aug 23 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
|
||||||
|
- fixfiles: Fix unbound variable problem
|
||||||
|
|
||||||
|
* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-4
|
||||||
|
- Rebuilt for Python 3.8
|
||||||
|
|
||||||
|
* Mon Aug 5 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
|
||||||
|
- Drop python2-policycoreutils
|
||||||
|
- Update ru man page translations
|
||||||
- fixfiles: Fix [-B] [-F] onboot
|
- fixfiles: Fix [-B] [-F] onboot
|
||||||
|
|
||||||
|
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
||||||
- SELinux userspace 2.9 release
|
- SELinux userspace 2.9 release
|
||||||
|
|
||||||
* Fri Dec 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-16.1
|
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
|
||||||
- semanage: move valid_types initialisations to class constructors
|
- SELinux userspace 2.9-rc2 release
|
||||||
- semanage: import sepolicy only when it's needed
|
|
||||||
- sepolicy: Add sepolicy.load_store_policy(store)
|
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
|
||||||
|
- SELinux userspace 2.9-rc1 release candidate
|
||||||
|
|
||||||
|
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-17
|
||||||
|
- python2-policycoreutils requires python2-ipaddress (#1669230)
|
||||||
|
|
||||||
|
* Tue Jan 22 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-16
|
||||||
|
- restorecond: Install DBUS service file with 644 permissions
|
||||||
|
|
||||||
|
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-15
|
||||||
|
- setsebool: support use of -P on SELinux-disabled hosts
|
||||||
|
- sepolicy: initialize mislabeled_files in __init__()
|
||||||
|
- audit2allow: use local sepolgen-ifgen-attr-helper for tests
|
||||||
|
- audit2allow: allow using audit2why as non-root user
|
||||||
|
- audit2allow/sepolgen-ifgen: show errors on stderr
|
||||||
|
- audit2allow/sepolgen-ifgen: add missing \n to error message
|
||||||
|
- sepolgen: close /etc/selinux/sepolgen.conf after parsing it
|
||||||
|
- sepolicy: Make policy files sorting more robust
|
||||||
|
- semanage: Load a store policy and set the store SELinux policy root
|
||||||
|
|
||||||
|
* Thu Dec 20 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-14
|
||||||
|
- chcat: fix removing categories on users with Fedora default setup
|
||||||
|
- semanage: Include MCS/MLS range when exporting local customizations
|
||||||
- semanage: Start exporting "ibendport" and "ibpkey" entries
|
- semanage: Start exporting "ibendport" and "ibpkey" entries
|
||||||
|
- semanage: do not show "None" levels when using a non-MLS policy
|
||||||
|
- sepolicy: Add sepolicy.load_store_policy(store)
|
||||||
|
- semanage: import sepolicy only when it's needed
|
||||||
|
- semanage: move valid_types initialisations to class constructors
|
||||||
|
|
||||||
* Wed Dec 5 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-15
|
* Mon Dec 10 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-13
|
||||||
- chcat: use check_call instead of getstatusoutput
|
- chcat: use check_call instead of getstatusoutput
|
||||||
- semanage: Use standard argparse.error() method
|
- Use matchbox-window-manager instead of openbox
|
||||||
|
- Use ipaddress python module instead of IPy
|
||||||
- semanage: Fix handling of -a/-e/-d/-r options
|
- semanage: Fix handling of -a/-e/-d/-r options
|
||||||
|
- semanage: Use standard argparse.error() method
|
||||||
|
|
||||||
* Tue Dec 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-14
|
* Mon Nov 12 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-12
|
||||||
- Update translations
|
- sepolicy,semanage: replace aliases with corresponding type names
|
||||||
|
- sepolicy-generate: Handle more reserved port types
|
||||||
* Mon Dec 3 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-13
|
|
||||||
- Use ipaddress module instead of IPy
|
|
||||||
|
|
||||||
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-12
|
|
||||||
- Handle more reserved port types
|
|
||||||
- Replace aliases with corresponding type names
|
|
||||||
|
|
||||||
* Thu Nov 8 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-11.1
|
|
||||||
- Fix RESOURCE_LEAK coverity scan defects
|
- Fix RESOURCE_LEAK coverity scan defects
|
||||||
|
|
||||||
* Thu Oct 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
|
* Tue Oct 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-11
|
||||||
- sepolicy: Update to work with setools-4.2.0
|
|
||||||
- gui: Make all polgen button labels translatable
|
|
||||||
|
|
||||||
* Tue Oct 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
|
|
||||||
- sepolicy: Fix get_real_type_name to handle query failure properly
|
- sepolicy: Fix get_real_type_name to handle query failure properly
|
||||||
|
|
||||||
* Mon Oct 15 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-8
|
|
||||||
- sepolicy: search() for dontaudit rules as well
|
- sepolicy: search() for dontaudit rules as well
|
||||||
|
|
||||||
* Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
|
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
|
||||||
- setfiles: Improve description of -d switch
|
- semanage: "semanage user" does not use -s, fix documentation
|
||||||
- Fix typo in newrole.1 manpage
|
- semanage: add a missing space in ibendport help
|
||||||
|
- sepolicy: Update to work with setools-4.2.0
|
||||||
|
|
||||||
|
* Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
|
||||||
- semanage: Stop rejecting aliases in semanage commands
|
- semanage: Stop rejecting aliases in semanage commands
|
||||||
- sepolicy: Stop rejecting aliases in sepolicy commands
|
- sepolicy: Stop rejecting aliases in sepolicy commands
|
||||||
- sepolicy: Fix "info" to search aliases as well
|
- sepolicy: Fix "info" to search aliases as well
|
||||||
- sepolgen: fix refpolicy parsing of "permissive"
|
- setfiles: Improve description of -d switch
|
||||||
- sepolgen: return NotImplemented instead of raising it
|
|
||||||
- semanage: fix Python syntax of catching several exceptions
|
|
||||||
- semanage: Replace bare except with specific one
|
|
||||||
- semanage: Fix logger class definition
|
|
||||||
- semanage: Stop logging loginRecords changes
|
|
||||||
- add xperms support to audit2allow
|
|
||||||
- sepolgen: fix access vector initialization
|
|
||||||
- sepolgen: print all AV rules correctly
|
|
||||||
|
|
||||||
* Thu Sep 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6.1
|
* Wed Sep 12 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-8
|
||||||
- Update translations
|
- Update translations
|
||||||
|
|
||||||
* Tue Jul 24 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
|
* Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
|
||||||
- sandbox: Use matchbox-window-manager instead of openbox (#1568295)
|
- Fix typo in newrole.1 manpage
|
||||||
|
- sepolgen: print all AV rules correctly
|
||||||
|
- sepolgen: fix access vector initialization
|
||||||
|
- Add xperms support to audit2allow
|
||||||
|
- semanage: Stop logging loginRecords changes
|
||||||
|
- semanage: Fix logger class definition
|
||||||
|
- semanage: Replace bare except with specific one
|
||||||
|
- semanage: fix Python syntax of catching several exceptions
|
||||||
|
- sepolgen: return NotImplemented instead of raising it
|
||||||
|
- sepolgen: fix refpolicy parsing of "permissive"
|
||||||
|
|
||||||
* Thu Jul 19 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
|
* Mon Aug 6 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
|
||||||
|
- Use split translation files
|
||||||
|
https://github.com/fedora-selinux/selinux/issues/43
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8-4
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
|
* Mon Jun 18 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
|
||||||
- selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221)
|
- selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221)
|
||||||
- selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221)
|
- selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221)
|
||||||
- Do not require libcgroup - it's not used anymore
|
|
||||||
|
|
||||||
* Tue Jun 26 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
|
* Fri Jun 15 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8-2
|
||||||
- Do not use symlinks to enable selinux-autorelabel-mark.service (#1589720)
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
* Wed Jun 6 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-2
|
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
|
||||||
- Don't build the Python 2 subpackages (#1567354)
|
|
||||||
|
|
||||||
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1.1
|
|
||||||
- SELinux userspace 2.8 release
|
- SELinux userspace 2.8 release
|
||||||
|
|
||||||
* Tue May 22 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-19
|
* Tue May 22 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.2
|
||||||
- selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
|
- selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
|
||||||
- selinux-autorelabel: synchronize cached writes before reboot (#1385272)
|
- selinux-autorelabel: synchronize cached writes before reboot (#1385272)
|
||||||
|
|
||||||
|
* Tue May 15 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.1
|
||||||
|
- SELinux userspace 2.8-rc2 release candidate
|
||||||
|
|
||||||
|
* Fri May 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc2.1
|
||||||
|
- SELinux userspace 2.8-rc2 release candidate
|
||||||
|
|
||||||
|
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
|
||||||
|
- SELinux userspace 2.8-rc1 release candidate
|
||||||
|
|
||||||
|
* Thu Apr 19 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-20
|
||||||
|
- Drop python2 sepolicy gui files from policycoreutils-gui (#1566618)
|
||||||
|
|
||||||
|
* Wed Apr 18 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 2.7-19
|
||||||
|
- Update Python 2 dependency declarations to new packaging standards
|
||||||
|
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||||
|
|
||||||
* Tue Apr 3 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-18
|
* Tue Apr 3 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-18
|
||||||
- Move semodule_* utilities to policycoreutils package (#1562549)
|
- Move semodule_* utilities to policycoreutils package (#1562549)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user