[policycoreutils] Ignore permissive commands in interfaces
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Sep 29 14:56:52 UTC 2011
commit b6236f90238a2594b2eb288143be0e014a9702d1
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Sep 29 10:56:39 2011 -0400
Ignore permissive commands in interfaces
policycoreutils-sepolgen.patch | 39 +++++++++++++++++++++++++++++++++++++++
policycoreutils.spec | 5 ++++-
2 files changed, 43 insertions(+), 1 deletions(-)
---
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index 03f07da..ee09b7c 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -181,3 +181,42 @@ index 0e6b502..6ce892c 100644
self.module.children.append(rule)
+diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
+index 1a2eec8..955784d 100644
+--- a/sepolgen/src/sepolgen/refparser.py
++++ b/sepolgen/src/sepolgen/refparser.py
+@@ -109,6 +109,7 @@ tokens = (
+ 'DONTAUDIT',
+ 'AUDITALLOW',
+ 'NEVERALLOW',
++ 'PERMISSIVE',
+ 'TYPE_TRANSITION',
+ 'TYPE_CHANGE',
+ 'TYPE_MEMBER',
+@@ -170,6 +171,7 @@ reserved = {
+ 'dontaudit' : 'DONTAUDIT',
+ 'auditallow' : 'AUDITALLOW',
+ 'neverallow' : 'NEVERALLOW',
++ 'permissive' : 'PERMISSIVE',
+ 'type_transition' : 'TYPE_TRANSITION',
+ 'type_change' : 'TYPE_CHANGE',
+ 'type_member' : 'TYPE_MEMBER',
+@@ -490,6 +492,7 @@ def p_policy_stmt(p):
+ | interface_call
+ | role_def
+ | role_allow
++ | permissive
+ | type_def
+ | typealias_def
+ | attribute_def
+@@ -747,6 +750,10 @@ def p_role_allow(p):
+ r.tgt_roles = p[3]
+ p[0] = r
+
++def p_permissive(p):
++ 'permissive : PERMISSIVE names SEMI'
++ t.skip(1)
++
+ def p_avrule_def(p):
+ '''avrule_def : ALLOW names names COLON names names SEMI
+ | DONTAUDIT names names COLON names names SEMI
diff --git a/policycoreutils.spec b/policycoreutils.spec
index aa63752..86d15e1 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.6
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Sep 29 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.6-3
+- Ignore permissive commands in interfaces
+
* Thu Sep 29 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.6-2
- Remove gnome requirement from polgengui
More information about the scm-commits
mailing list