[policycoreutils] sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.

Thu Dec 6 14:16:58 UTC 2012

commit 4933c11cf05b2c99df6394d88c7732bfb28fd594
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Dec 6 09:16:30 2012 -0500

    sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.

 policycoreutils-rhat.patch |   26 ++++++++++++++++++++++----
 policycoreutils.spec       |    5 ++++-
 2 files changed, 26 insertions(+), 5 deletions(-)
---

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 11931c3..ae29b3d 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -333541,10 +333541,10 @@ index 0000000..57018a6
 +        sys.exit(0)        
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
 new file mode 100644
-index 0000000..ece5b4b
+index 0000000..212c3aa
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,137 @@
+@@ -0,0 +1,155 @@
 +#!/usr/bin/python
 +
 +# Author: Thomas Liu <tliu at redhat.com>
@@ -333584,10 +333584,28 @@ index 0000000..ece5b4b
 +TRANSITION = 'transition'
 +ROLE_ALLOW = 'role_allow'
 +
++def __get_installed_policy():
++    i = selinux.security_policyvers()
++    path = selinux.selinux_binary_policy_path()
++    while i > 0:
++        newpath = "%s.%s" % (path, i)
++        if os.path.exists(newpath):
++            return newpath
++        i -= 1
++    raise ValueError(_("No SELinux Policy installed"))
++        
 +def policy(policy_file):
-+    _policy.policy(policy_file)
++    try:
++        _policy.policy(policy_file)
++    except:
++        raise ValueError(_("Failed to read % policy file") % policy_file)
++
++
++if selinux.is_selinux_enabled():
++    policy_file = selinux.selinux_current_policy_path()
++else:
++    policy_file = __get_installed_policy()
 +
-+policy_file = selinux.selinux_current_policy_path()
 +policy(policy_file)
 +
 +def search(types, info = {} ):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2810fad..b9659e2 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 42%{?dist}
+Release: 43%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-43
+- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
+
 * Wed Dec 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-42
 - Update Translations
 - sepolicy network -d needs to accept multiple domains
