[policycoreutils] Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Jul 27 13:43:03 UTC 2012
commit 634c0824aff93e265f7c0c144154c612214c5e71
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Jul 27 09:42:59 2012 -0400
Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
policycoreutils-sepolgen.patch | 30 +++++++++++++++++++++++++++---
policycoreutils.spec | 11 ++++++++++-
2 files changed, 37 insertions(+), 4 deletions(-)
---
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index f90795f..219bdc4 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -144,10 +144,34 @@ index c3d665c..cc9f8ea 100644
try:
if ( av.type == audit2why.TERULE and
diff --git a/sepolgen/src/sepolgen/refpolicy.py b/sepolgen/src/sepolgen/refpolicy.py
-index b138e3d..7ce8f9d 100644
+index b138e3d..1399225 100644
--- a/sepolgen/src/sepolgen/refpolicy.py
+++ b/sepolgen/src/sepolgen/refpolicy.py
-@@ -799,7 +799,7 @@ class Require(Leaf):
+@@ -363,7 +363,10 @@ class Role(Leaf):
+ self.types = IdSet()
+
+ def to_string(self):
+- return "role %s types %s;" % (self.role, self.types.to_comma_str())
++ s = ""
++ for t in self.types:
++ s += "role %s types %s;\n" % (self.role, t)
++ return s
+
+ class Type(Leaf):
+ def __init__(self, name="", parent=None):
+@@ -511,7 +514,10 @@ class RoleType(Leaf):
+ self.types = IdSet()
+
+ def to_string(self):
+- return "role %s types %s;" % (self.role, self.types.to_comma_str())
++ s = ""
++ for t in self.types:
++ s += "role %s types %s;\n" % (self.role, t)
++ return s
+
+ class ModuleDeclaration(Leaf):
+ def __init__(self, parent=None):
+@@ -799,7 +805,7 @@ class Require(Leaf):
self.types = IdSet()
self.obj_classes = { }
self.roles = IdSet()
@@ -156,7 +180,7 @@ index b138e3d..7ce8f9d 100644
self.users = IdSet()
def add_obj_class(self, obj_class, perms):
-@@ -816,7 +816,7 @@ class Require(Leaf):
+@@ -816,7 +822,7 @@ class Require(Leaf):
s.append("\tclass %s %s;" % (obj_class, perms.to_space_str()))
for role in self.roles:
s.append("\trole %s;" % role)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index bcdce5b..3d3d16c 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.12
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -340,6 +340,15 @@ fi
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Fri Jul 27 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-5
+- Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
+
+* Thu Jul 19 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-4
+- Fix restorecon to generate a better percentage of completion on restorecon -R /.
+- Have audit2allow look at the constaint violation and tell the user whether it
+- is because of user,role or level
+
+
* Wed Jul 11 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-3
- userapps is generating sandbox code in polgengui
More information about the scm-commits
mailing list