[policycoreutils] Additional fixes for disabled SELinux Box
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 6 19:57:54 UTC 2012
commit ceff76e0173289acf0f1f76f6b3acc6ab2b734f9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Dec 6 14:57:17 2012 -0500
Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
policycoreutils-rhat.patch | 54 +++++++++++++++++++++++++++++++++----------
policycoreutils.spec | 6 ++++-
2 files changed, 46 insertions(+), 14 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index ae29b3d..9b87cb6 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -7647,6 +7647,35 @@ index 0000000..2f0c1cc
@@ -0,0 +1,2 @@
+#!/bin/sh
+sepolicy generate $*
+diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py
+index e561de1..2069635 100644
+--- a/policycoreutils/gui/statusPage.py
++++ b/policycoreutils/gui/statusPage.py
+@@ -158,8 +158,22 @@ class statusPage:
+ self.enabled = enabled
+
+ def write_selinux_config(self, enforcing, type):
+- import commands
+- commands.getstatusoutput("/usr/sbin/lokkit --selinuxtype=%s --selinux=%s" % (type, enforcing))
++ path = selinux.selinux_path() + "config"
++ backup_path = path + ".bck"
++ fd = open(path)
++ lines = fd.readlines()
++ fd.close()
++ fd = open(backup_path, "w")
++ for l in lines:
++ if l.startswith("SELINUX="):
++ fd.write("SELINUX=%s\n" % enforcing)
++ continue
++ if l.startswith("SELINUXTYPE="):
++ fd.write("SELINUXTYPE=%s\n" % type)
++ continue
++ fd.write(l)
++ fd.close()
++ os.rename(backup_path, path)
+
+ def read_selinux_config(self):
+ self.initialtype = selinux.selinux_getpolicytype()[1]
diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py
index 85e8b7f..bc3027e 100644
--- a/policycoreutils/gui/system-config-selinux.py
@@ -333541,17 +333570,17 @@ index 0000000..57018a6
+ sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644
-index 0000000..212c3aa
+index 0000000..fd0848e
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,155 @@
+@@ -0,0 +1,154 @@
+#!/usr/bin/python
+
+# Author: Thomas Liu <tliu at redhat.com>
+# Author: Dan Walsh <dwalsh at redhat.com>
+
+import _policy
-+import selinux
++import selinux, glob
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -333585,13 +333614,13 @@ index 0000000..212c3aa
+ROLE_ALLOW = 'role_allow'
+
+def __get_installed_policy():
-+ i = selinux.security_policyvers()
-+ path = selinux.selinux_binary_policy_path()
-+ while i > 0:
-+ newpath = "%s.%s" % (path, i)
-+ if os.path.exists(newpath):
-+ return newpath
-+ i -= 1
++ try:
++ path = selinux.selinux_binary_policy_path()
++ policies = glob.glob ("%s.*" % path )
++ policies.sort()
++ return policies[-1]
++ except:
++ pass
+ raise ValueError(_("No SELinux Policy installed"))
+
+def policy(policy_file):
@@ -333601,9 +333630,8 @@ index 0000000..212c3aa
+ raise ValueError(_("Failed to read % policy file") % policy_file)
+
+
-+if selinux.is_selinux_enabled():
-+ policy_file = selinux.selinux_current_policy_path()
-+else:
++policy_file = selinux.selinux_current_policy_path()
++if not policy_file:
+ policy_file = __get_installed_policy()
+
+policy(policy_file)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index b9659e2..75131f8 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 43%{?dist}
+Release: 44%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-44
+- Additional fixes for disabled SELinux Box
+- system-config-selinux no longer relies on lokkit for /etc/selinux/config
+
* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-43
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
More information about the scm-commits
mailing list