rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ab34faefd5
selinux-policy/process-modules-filtered.py
Petr Lautrbach 8dea43b936 Build selinux-policy-extra 
In 40.13.26-1 modules related to EPEL repository were filtered out and
shipped in selinux-policy-epel in EPEL repository. But it was not
possible to let epel-release to automatically install
selinux-policy-epel when it was enabled.

With this change:
- EPEL related modules are build in repository again
- selinux-policy-extra is introduced to require -targeted-extra or
  -mls-extra when -targeted or -mls are installed
- some modules which are related to 3rd party and which are already
  dropped in selinux-policy-epel are filtered out completely

Resolves: RHEL-89587
2025-05-21 10:03:16 +02:00

41 lines
1.0 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python3
"""read modules-filtered.lst and update modules.conf
Usage:
# enable only modules listed in the modules-filtered.lst file
./process-modules-filtered.py ../../modules-filtered.lst dist/targeted/modules.conf enabled > policy/modules.conf
# disable modules listed in the modules-filtered.lst file
./process-modules-filtered.py ../../modules-filtered.lst dist/targeted/modules.conf disabled > policy/modules.conf
"""
import sys
modules = []
for line in open(sys.argv[1]):
if line[0] != "#":
modules.append(line.strip())
for line in open(sys.argv[2]):
if len(line) == 1 or line[0] == "#":
print(line, end='')
continue
(name, sep, state) = line.partition(" = ")
if state.rstrip() == "base":
print(line, end='')
continue
if not name in modules and sys.argv[3] == "enabled":
print(name, " = off", sep='')
continue
if name in modules and sys.argv[3] == "disabled":
print(name, " = off", sep='')
continue
print(line, end='')
Reference in New Issue View Git Blame Copy Permalink