[policycoreutils/f13/master] - Fix sandbox copyfile when copying a dir with a socket, print error
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Sep 13 15:43:06 UTC 2010
commit cf96c73364552adad94bad05c898c107881c8491
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Sep 13 11:42:53 2010 -0400
- Fix sandbox copyfile when copying a dir with a socket, print error
policycoreutils-gui.patch | 44 ++++++++++++++++++++++++++++++--------------
policycoreutils-rhat.patch | 28 ++++++++++++++++------------
policycoreutils.spec | 10 ++++++++--
3 files changed, 54 insertions(+), 28 deletions(-)
---
diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 51b4347..d5c3964 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -5783,8 +5783,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy
+</glade-project>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.83/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.83/gui/polgengui.py 2010-08-05 17:40:33.000000000 -0400
-@@ -0,0 +1,650 @@
++++ policycoreutils-2.0.83/gui/polgengui.py 2010-09-10 11:45:24.000000000 -0400
+@@ -0,0 +1,657 @@
+#!/usr/bin/python -Es
+#
+# polgengui.py - GUI for SELinux Config tool in system-config-selinux
@@ -5878,8 +5878,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+
+ def __init__(self):
+ self.xml = xml
-+ self.all_types=polgen.get_all_types()
-+ self.all_modules=polgen.get_all_modules()
++ try:
++ self.all_types = polgen.get_all_types()
++ self.all_modules = polgen.get_all_modules()
++ self.all_roles = polgen.get_all_roles()
++ self.all_users = polgen.get_all_users()
++ except RuntimeError, e:
++ self.all_types = []
++ self.all_modules = []
++ self.all_roles = []
++ self.all_users = []
++ self.error(str(e))
++
+ self.name=""
+ xml.signal_connect("on_delete_clicked", self.delete)
+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
@@ -5970,13 +5980,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
+ self.existing_user_treeview.append_column(col)
+
-+ roles = polgen.get_all_roles()
-+ for i in roles:
++ for i in self.all_roles:
+ iter = self.role_store.append()
+ self.role_store.set_value(iter, 0, i[:-2])
+
-+ self.types = polgen.get_all_types()
-+
+ self.transition_treeview = self.xml.get_widget("transition_treeview")
+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.transition_treeview.set_model(self.transition_store)
@@ -5993,7 +6000,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
+ self.user_transition_treeview.append_column(col)
+
-+ for i in polgen.get_all_users():
++ for i in self.all_users:
+ iter = self.user_transition_store.append()
+ self.user_transition_store.set_value(iter, 0, i[:-2])
+ iter = self.existing_user_store.append()
@@ -6010,7 +6017,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ for i in polgen.methods:
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
+ if len(m) > 0:
-+ if "%s_exec_t" % m[0] in self.types:
++ if "%s_exec_t" % m[0] in self.all_types:
+ iter = self.transition_store.append()
+ self.transition_store.set_value(iter, 0, m[0])
+ continue
@@ -6437,8 +6444,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.83/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.83/gui/polgen.py 2010-08-05 17:40:15.000000000 -0400
-@@ -0,0 +1,1309 @@
++++ policycoreutils-2.0.83/gui/polgen.py 2010-09-10 11:45:43.000000000 -0400
+@@ -0,0 +1,1318 @@
+#!/usr/bin/python -Es
+#
+# Copyright (C) 2007-2010 Red Hat
@@ -6638,6 +6645,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.ports = get_all_ports()
+ except ValueError, e:
+ print "Can not get port types, must be root for this information"
++ except RuntimeError, e:
++ print "Can not get port types", e
+
+ self.symbols = {}
+ self.symbols["openlog"] = "set_use_kerberos(True)"
@@ -6786,7 +6795,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.transition_domains = []
+ self.transition_users = []
+ self.roles = []
-+ self.all_roles = get_all_roles()
+
+ def __isnetset(self, l):
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
@@ -7157,10 +7165,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
+ newte += re.sub("APPLICATION", app, tmp)
+
++ all_roles = []
++ try:
++ all_roles = get_all_roles()
++ except ValueError, e:
++ print "Can not get all roles, must be root for this information"
++ except RuntimeError, e:
++ print "Can not get all roles", e
++
+ for u in self.transition_users:
+ role = u.split("_u")[0]
+
-+ if (role + "_r") in self.all_roles:
++ if (role + "_r") in all_roles:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
+ newte += re.sub("USER", role, tmp)
+
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 84e96dd..f886068 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1647,7 +1647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
@python test_sandbox.py -v
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-09 16:28:25.000000000 -0400
++++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-13 11:40:20.000000000 -0400
@@ -1,5 +1,6 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@@ -1704,16 +1704,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if not os.path.exists(newdir):
os.makedirs(newdir)
dest = newdir + "/" + bname
-@@ -83,7 +87,7 @@
+@@ -81,9 +85,10 @@
+ shutil.copytree(file, dest)
+ else:
shutil.copy2(file, dest)
++
except shutil.Error, elist:
- for e in elist:
+- for e in elist:
- sys.stderr.write(e[1])
-+ sys.stderr.write(str(e[1]))
++ for e in elist.message:
++ sys.stderr.write(e[2])
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
-@@ -161,10 +165,10 @@
+@@ -161,10 +166,10 @@
if not self.__options.homedir or not self.__options.tmpdir:
self.usage(_("Homedir and tempdir required for level mounts"))
@@ -1727,7 +1731,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __mount_callback(self, option, opt, value, parser):
self.__mount = True
-@@ -172,6 +176,15 @@
+@@ -172,6 +177,15 @@
def __x_callback(self, option, opt, value, parser):
self.__mount = True
setattr(parser.values, option.dest, True)
@@ -1743,7 +1747,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __validdir(self, option, opt, value, parser):
if not os.path.isdir(value):
-@@ -218,7 +231,7 @@
+@@ -218,7 +232,7 @@
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
%s &
WM_PID=$!
@@ -1752,7 +1756,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
kill -TERM $WM_PID 2> /dev/null
""" % (command, wm, command))
fd.close()
-@@ -230,9 +243,9 @@
+@@ -230,9 +244,9 @@
def __parse_options(self):
from optparse import OptionParser
usage = _("""
@@ -1764,7 +1768,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
""")
parser = OptionParser(version=self.VERSION, usage=usage)
-@@ -268,6 +281,10 @@
+@@ -268,6 +282,10 @@
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
@@ -1775,7 +1779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +293,17 @@
+@@ -276,13 +294,17 @@
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -1794,7 +1798,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if self.__options.setype:
self.setype = self.__options.setype
-@@ -299,6 +320,9 @@
+@@ -299,6 +321,9 @@
self.__options.X_ind = True
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
@@ -1804,7 +1808,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
else:
if len(cmds) == 0:
self.usage(_("Command required"))
-@@ -351,22 +375,24 @@
+@@ -351,22 +376,24 @@
def __execute(self):
try:
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 1df53c5..64127ba 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.83
-Release: 25%{?dist}
+Release: 27%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -315,7 +315,13 @@ fi
exit 0
%changelog
-* Thu Sep 8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-25
+* Mon Sep 13 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-27
+- Fix sandbox copyfile when copying a dir with a socket, print error
+
+* Fri Sep 10 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-26
+- Stop polgengui from crashing if selinux policy is not installed
+
+* Thu Sep 9 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-25
- Fix bug preventing sandbox from using -l
* Tue Sep 7 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-24
More information about the scm-commits
mailing list