[policycoreutils/f18] sepolicy transition was blowing up. Also cleanup output when only source is specified.
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Dec 17 18:24:36 UTC 2012
commit 73e99578c74450a6105f3b84bb1221df67faedfc
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Dec 17 13:24:24 2012 -0500
sepolicy transition was blowing up. Also cleanup output when only source is specified.
- sepolicy generate should allow policy modules names that include - or _
policycoreutils-rhat.patch | 70 +++++++++++++++++++++++++------------------
policycoreutils.spec | 11 ++++++-
2 files changed, 51 insertions(+), 30 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 9b87cb6..e690a5c 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -333230,10 +333230,10 @@ index 0000000..a40f37d
+selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-network(8), sepolicy-transition(8)
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
new file mode 100755
-index 0000000..57018a6
+index 0000000..2f562b0
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -0,0 +1,334 @@
+@@ -0,0 +1,338 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -333493,13 +333493,17 @@ index 0000000..57018a6
+
+def transition(args):
+ from sepolicy.transition import setrans
-+ source = args.source[0]
++ source = args.source
+ if args.target:
-+ target = args.target[0]
++ for l in setrans(source, args.target):
++ print " --> ".join(l)
+ else:
-+ target = None
-+ for l in setrans(source, target):
-+ print " --> ".join(l)
++ for l in setrans(source):
++ msg = l[0]
++ for i in range(1, len(l)-1, 2):
++ msg = "%s @ %s --> %s" % (msg, l[i], l[i+1])
++ print msg
++
+
+def gen_transition_args(parser):
+ trans = parser.add_parser("transition",
@@ -333833,7 +333837,7 @@ index 0000000..a179d95
+
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
new file mode 100644
-index 0000000..209568c
+index 0000000..7fd6dd6
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
@@ -0,0 +1,1302 @@
@@ -334183,7 +334187,7 @@ index 0000000..209568c
+( self.generate_root_user_types, self.generate_root_user_rules))
+ if name == "":
+ raise ValueError(_("You must enter a name for your confined process/user"))
-+ if not name.isalnum():
++ if not re.match(r"^[a-zA-Z0-9-_]+$", name):
+ raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
+
+ if type == CGI:
@@ -335141,10 +335145,10 @@ index 0000000..209568c
+ return out
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
new file mode 100755
-index 0000000..a8db937
+index 0000000..a50ba21
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -0,0 +1,1353 @@
+@@ -0,0 +1,1363 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -335313,18 +335317,27 @@ index 0000000..a8db937
+ return role_allows
+
+users = None
++users_range = None
+def get_all_users():
+ global users
-+ if users:
-+ return users
++ global users_range
++ if users and users_range:
++ return users, users_range
+
+ users = []
-+ allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
++ users_range ={}
++ allusers = []
++ allusers_info = sepolicy.info(sepolicy.USER)
++
++ for d in allusers_info:
++ allusers.append(d['name'])
++ users_range[d['name'].split("_")[0]] = d['range']
++
+ for u in allusers:
+ if u not in [ "system_u", "root", "unconfined_u" ]:
+ users.append(u.replace("_u",""))
+ users.sort()
-+ return users
++ return users, users_range
+
+types = None
+def _gen_types():
@@ -335627,7 +335640,8 @@ index 0000000..a8db937
+ all_bools = get_all_bools()
+ all_port_types = get_all_port_types()
+ all_roles = get_all_roles()
-+ all_users = get_all_users()
++ all_users = get_all_users()[0]
++ all_users_range = get_all_users()[1]
+ all_file_types = get_all_file_types()
+ types = _gen_types()
+ modules_dict = None
@@ -336247,7 +336261,7 @@ index 0000000..a8db937
+
+The SELinux user will usually login to a system with a context that looks like:
+
-+.B %(user)s_u:%(user)s_r:%(user)s_t:s0-s0:c0.c1023
++.B %(user)s_u:%(user)s_r:%(user)s_t:%(range)s
+
+Linux users are automatically assigned an SELinux users at login.
+Login programs use the SELinux User to assign initial context to the user's shell.
@@ -336266,7 +336280,7 @@ index 0000000..a8db937
+
+.B semanage login -m -s %(user)s_u __default__
+
-+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
++""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self.all_users_range[self.domainname]})
+
+ if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
+ self.fd.write("""
@@ -339046,7 +339060,7 @@ index 0000000..1edb4fd
+
+setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh at redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"])
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index 4c62b41..a3ce406 100644
+index 4c62b41..a0e5415 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -100,20 +100,31 @@ static int match(const char *name, struct stat *sb, char **con)
@@ -339061,7 +339075,7 @@ index 4c62b41..a3ce406 100644
security_context_t curcon = NULL, newcon = NULL;
+ float progress;
+ if (match(my_file, ftsent->fts_statp, &newcon) < 0) {
-+ if ((errno == ENOENT) && (!recurse))
++ if ((errno == ENOENT) && ((!recurse) || (r_opts->verbose)))
+ fprintf(stderr, "%s: Warning no default label for %s\n", r_opts->progname, my_file);
- if (match(my_file, ftsent->fts_statp, &newcon) < 0)
@@ -339214,10 +339228,10 @@ index ac27222..57ae46a 100644
#endif
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
-index ffbb9d1..8659294 100644
+index ffbb9d1..0acf09d 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
-@@ -41,28 +41,31 @@ default file context, changing the user, role, range portion as well as the type
+@@ -41,28 +41,27 @@ default file context, changing the user, role, range portion as well as the type
.TP
.B \-h, \-?
display usage information and exit.
@@ -339226,12 +339240,9 @@ index ffbb9d1..8659294 100644
.B \-i
ignore files that do not exist.
-.TP
-+.TP
- .B \-R, \-r
- change files and directories file labels recursively (descend directories).
+-.B \-R, \-r
+-change files and directories file labels recursively (descend directories).
-.TP
-+.br
-+.B Note: restorecon does not report warnings on paths without default labels, when run recursively.
+.TP
.B \-n
don't change any file labels (passive check).
@@ -339243,10 +339254,11 @@ index ffbb9d1..8659294 100644
.B \-p
-show progress by printing * every STAR_COUNT files.
+show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.)
-+
.TP
.B \-R, \-r
change files and directories file labels recursively (descend directories).
++.br
++.B Note: restorecon reports warnings on paths without default labels only when it is non-recursively or in verbose mode.
.TP
.B \-v
show changes in file labels, if type or role are going to be changed.
@@ -339255,7 +339267,7 @@ index ffbb9d1..8659294 100644
.B \-0
the separator for the input items is assumed to be the null character
(instead of the white space). The quotes and the backslash characters are
-@@ -84,7 +87,7 @@ operate recursively on directories.
+@@ -84,7 +83,7 @@ operate recursively on directories.
.SH "AUTHOR"
This man page was written by Dan Walsh <dwalsh at redhat.com>.
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 75131f8..b475834 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 44%{?dist}
+Release: 46%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,15 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Mon Dec 17 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-46
+- sepolicy transition was blowing up. Also cleanup output when only source is specified.
+- sepolicy generate should allow policy modules names that include - or _
+
+* Mon Dec 10 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-45
+- Apply patch from Miroslav to display proper range description in man pages g
+- Should print warning on missing default label when run in recusive mode iff
+- Remove extra -R description, and fix recursive description
+
* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-44
- Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
More information about the scm-commits
mailing list