[policycoreutils/f18] sepolicy transition was blowing up. Also cleanup output when only source is specified.

Daniel J Walsh dwalsh at fedoraproject.org
Mon Dec 17 18:24:36 UTC 2012 

commit 73e99578c74450a6105f3b84bb1221df67faedfc
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Dec 17 13:24:24 2012 -0500

    sepolicy transition was blowing up. Also cleanup output when only source is specified.
    
    - sepolicy generate should allow policy modules names that include - or _

 policycoreutils-rhat.patch |   70 +++++++++++++++++++++++++------------------
 policycoreutils.spec       |   11 ++++++-
 2 files changed, 51 insertions(+), 30 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 9b87cb6..e690a5c 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -333230,10 +333230,10 @@ index 0000000..a40f37d
 +selinux(8), sepolicy-generate(8), sepolicy-communicate(8), sepolicy-generate(8),  sepolicy-network(8), sepolicy-transition(8)
 diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
 new file mode 100755
-index 0000000..57018a6
+index 0000000..2f562b0
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -0,0 +1,334 @@
+@@ -0,0 +1,338 @@
 +#! /usr/bin/python -Es
 +# Copyright (C) 2012 Red Hat
 +# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -333493,13 +333493,17 @@ index 0000000..57018a6
 +
 +def transition(args):
 +    from sepolicy.transition import setrans
-+    source = args.source[0]
++    source = args.source
 +    if args.target:
-+        target = args.target[0]
++        for l in setrans(source, args.target):
++            print " --> ".join(l)
 +    else:
-+        target = None
-+    for l in setrans(source, target):
-+        print " --> ".join(l)
++        for l in setrans(source):
++            msg = l[0]
++            for i in range(1, len(l)-1, 2):
++                msg = "%s @ %s --> %s" % (msg, l[i], l[i+1])
++            print msg
++
 +
 +def gen_transition_args(parser):
 +    trans = parser.add_parser("transition",
@@ -333833,7 +333837,7 @@ index 0000000..a179d95
 +
 diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
 new file mode 100644
-index 0000000..209568c
+index 0000000..7fd6dd6
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/generate.py
 @@ -0,0 +1,1302 @@
@@ -334183,7 +334187,7 @@ index 0000000..209568c
 +( self.generate_root_user_types, self.generate_root_user_rules))
 +		if name == "":
 +			raise ValueError(_("You must enter a name for your confined process/user"))
-+                if not name.isalnum():
++                if not re.match(r"^[a-zA-Z0-9-_]+$", name):
 +                    raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
 +
 +		if type == CGI:
@@ -335141,10 +335145,10 @@ index 0000000..209568c
 +            return out
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
 new file mode 100755
-index 0000000..a8db937
+index 0000000..a50ba21
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -0,0 +1,1353 @@
+@@ -0,0 +1,1363 @@
 +#! /usr/bin/python -Es
 +# Copyright (C) 2012 Red Hat
 +# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -335313,18 +335317,27 @@ index 0000000..a8db937
 +	return role_allows
 +
 +users = None
++users_range = None
 +def get_all_users():
 +	global users
-+	if users:
-+		return users
++	global users_range
++	if users and users_range:
++		return users, users_range
 +
 +	users = []
-+	allusers = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
++	users_range ={}
++	allusers = []
++	allusers_info = sepolicy.info(sepolicy.USER)
++
++	for d in allusers_info:
++		allusers.append(d['name'])
++		users_range[d['name'].split("_")[0]] = d['range']
++
 +	for u in allusers:
 +		if u not in [ "system_u", "root", "unconfined_u" ]:
 +			users.append(u.replace("_u",""))
 +	users.sort()
-+	return users
++	return users, users_range
 +
 +types = None
 +def _gen_types():
@@ -335627,7 +335640,8 @@ index 0000000..a8db937
 +    all_bools = get_all_bools()
 +    all_port_types = get_all_port_types()
 +    all_roles = get_all_roles()
-+    all_users = get_all_users()
++    all_users = get_all_users()[0]
++    all_users_range = get_all_users()[1]
 +    all_file_types = get_all_file_types()
 +    types = _gen_types()
 +    modules_dict = None
@@ -336247,7 +336261,7 @@ index 0000000..a8db937
 +
 +The SELinux user will usually login to a system with a context that looks like:
 +
-+.B %(user)s_u:%(user)s_r:%(user)s_t:s0-s0:c0.c1023
++.B %(user)s_u:%(user)s_r:%(user)s_t:%(range)s
 +
 +Linux users are automatically assigned an SELinux users at login.
 +Login programs use the SELinux User to assign initial context to the user's shell.
@@ -336266,7 +336280,7 @@ index 0000000..a8db937
 +
 +.B semanage login -m -s %(user)s_u __default__
 +
-+""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname})
++""" % {'desc': self.desc, 'type':self.type, 'user':self.domainname,'range':self.all_users_range[self.domainname]})
 +
 +	if "login_userdomain" in self.attributes and "login_userdomain" in self.all_attributes:
 +	    self.fd.write("""
@@ -339046,7 +339060,7 @@ index 0000000..1edb4fd
 +
 +setup(name = "sepolicy", version="1.1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh at redhat.com", ext_modules=[policy], packages=["sepolicy", "sepolicy.templates"])
 diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index 4c62b41..a3ce406 100644
+index 4c62b41..a0e5415 100644
 --- a/policycoreutils/setfiles/restore.c
 +++ b/policycoreutils/setfiles/restore.c
 @@ -100,20 +100,31 @@ static int match(const char *name, struct stat *sb, char **con)
@@ -339061,7 +339075,7 @@ index 4c62b41..a3ce406 100644
  	security_context_t curcon = NULL, newcon = NULL;
 +	float progress;
 +	if (match(my_file, ftsent->fts_statp, &newcon) < 0) {
-+		if ((errno == ENOENT) && (!recurse))
++		if ((errno == ENOENT) && ((!recurse) || (r_opts->verbose)))
 +			fprintf(stderr, "%s:  Warning no default label for %s\n", r_opts->progname, my_file);
  
 -	if (match(my_file, ftsent->fts_statp, &newcon) < 0)
@@ -339214,10 +339228,10 @@ index ac27222..57ae46a 100644
  
  #endif
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
-index ffbb9d1..8659294 100644
+index ffbb9d1..0acf09d 100644
 --- a/policycoreutils/setfiles/restorecon.8
 +++ b/policycoreutils/setfiles/restorecon.8
-@@ -41,28 +41,31 @@ default file context, changing the user, role, range portion as well as the type
+@@ -41,28 +41,27 @@ default file context, changing the user, role, range portion as well as the type
  .TP
  .B \-h, \-?
  display usage information and exit.
@@ -339226,12 +339240,9 @@ index ffbb9d1..8659294 100644
  .B \-i
  ignore files that do not exist.
 -.TP 
-+.TP
- .B \-R, \-r
- change files and directories file labels recursively (descend directories).
+-.B \-R, \-r
+-change files and directories file labels recursively (descend directories).
 -.TP 
-+.br
-+.B Note: restorecon does not report warnings on paths without default labels, when run recursively.
 +.TP
  .B \-n
  don't change any file labels (passive check).
@@ -339243,10 +339254,11 @@ index ffbb9d1..8659294 100644
  .B \-p
 -show progress by printing * every STAR_COUNT files.
 +show progress by printing * every STAR_COUNT files.  (If you relabel the entire OS, this will show you the percentage complete.)
-+
  .TP
  .B \-R, \-r
  change files and directories file labels recursively (descend directories).
++.br
++.B Note: restorecon reports warnings on paths without default labels only when it is non-recursively or in verbose mode.
  .TP
  .B \-v
  show changes in file labels, if type or role are going to be changed.
@@ -339255,7 +339267,7 @@ index ffbb9d1..8659294 100644
  .B \-0
  the separator for the input items is assumed to be the null character
  (instead of the white space).  The quotes and the backslash characters are
-@@ -84,7 +87,7 @@ operate recursively on directories.
+@@ -84,7 +83,7 @@ operate recursively on directories.
  
  .SH "AUTHOR"
  This man page was written by Dan Walsh <dwalsh at redhat.com>.
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 75131f8..b475834 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 44%{?dist}
+Release: 46%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -338,6 +338,15 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Mon Dec 17 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-46
+- sepolicy transition was blowing up. Also cleanup output when only source is specified.
+- sepolicy generate should allow policy modules names that include - or _
+
+* Mon Dec 10 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-45
+- Apply patch from Miroslav to display proper range description in man pages g
+- Should print warning on missing default label when run in recusive mode iff 
+- Remove extra -R description, and fix recursive description
+
 * Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-44
 - Additional fixes for disabled SELinux Box
 - system-config-selinux no longer relies on lokkit for /etc/selinux/config

More information about the scm-commits mailing list