[policycoreutils] sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 6 14:16:58 UTC 2012
commit 4933c11cf05b2c99df6394d88c7732bfb28fd594
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Dec 6 09:16:30 2012 -0500
sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
policycoreutils-rhat.patch | 26 ++++++++++++++++++++++----
policycoreutils.spec | 5 ++++-
2 files changed, 26 insertions(+), 5 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 11931c3..ae29b3d 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -333541,10 +333541,10 @@ index 0000000..57018a6
+ sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644
-index 0000000..ece5b4b
+index 0000000..212c3aa
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,137 @@
+@@ -0,0 +1,155 @@
+#!/usr/bin/python
+
+# Author: Thomas Liu <tliu at redhat.com>
@@ -333584,10 +333584,28 @@ index 0000000..ece5b4b
+TRANSITION = 'transition'
+ROLE_ALLOW = 'role_allow'
+
++def __get_installed_policy():
++ i = selinux.security_policyvers()
++ path = selinux.selinux_binary_policy_path()
++ while i > 0:
++ newpath = "%s.%s" % (path, i)
++ if os.path.exists(newpath):
++ return newpath
++ i -= 1
++ raise ValueError(_("No SELinux Policy installed"))
++
+def policy(policy_file):
-+ _policy.policy(policy_file)
++ try:
++ _policy.policy(policy_file)
++ except:
++ raise ValueError(_("Failed to read % policy file") % policy_file)
++
++
++if selinux.is_selinux_enabled():
++ policy_file = selinux.selinux_current_policy_path()
++else:
++ policy_file = __get_installed_policy()
+
-+policy_file = selinux.selinux_current_policy_path()
+policy(policy_file)
+
+def search(types, info = {} ):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2810fad..b9659e2 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 42%{?dist}
+Release: 43%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-43
+- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
+
* Wed Dec 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-42
- Update Translations
- sepolicy network -d needs to accept multiple domains
More information about the scm-commits
mailing list