[policycoreutils/f14/master] - Catch TypeError exception on sandbox processing -I files
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Sep 27 13:45:33 UTC 2010
commit 7ca35f44e14522a2e0f1636613c6236ee7854fc4
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Sep 27 09:45:34 2010 -0400
- Catch TypeError exception on sandbox processing -I files
policycoreutils-rhat.patch | 95 +++++++++++++++++++++++++++++---------------
policycoreutils.spec | 5 ++-
2 files changed, 67 insertions(+), 33 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index d4db5bc..cb3187c 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1722,7 +1722,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
@python test_sandbox.py -v
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-13 11:40:20.000000000 -0400
++++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-27 09:42:59.000000000 -0400
@@ -1,5 +1,6 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@@ -1822,7 +1822,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __validdir(self, option, opt, value, parser):
if not os.path.isdir(value):
-@@ -218,7 +232,7 @@
+@@ -194,6 +208,8 @@
+ self.__include(option, opt, i[:-1], parser)
+ except IOError, e:
+ sys.stderr.write(str(e))
++ except TypeError, e:
++ sys.stderr.write(str(e))
+ fd.close()
+
+ def __copyfiles(self):
+@@ -218,7 +234,7 @@
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
%s &
WM_PID=$!
@@ -1831,7 +1840,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
kill -TERM $WM_PID 2> /dev/null
""" % (command, wm, command))
fd.close()
-@@ -230,9 +244,9 @@
+@@ -230,9 +246,9 @@
def __parse_options(self):
from optparse import OptionParser
usage = _("""
@@ -1843,7 +1852,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
""")
parser = OptionParser(version=self.VERSION, usage=usage)
-@@ -268,6 +282,10 @@
+@@ -268,6 +284,10 @@
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
@@ -1854,7 +1863,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +294,17 @@
+@@ -276,13 +296,17 @@
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -1873,7 +1882,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if self.__options.setype:
self.setype = self.__options.setype
-@@ -299,6 +321,9 @@
+@@ -299,6 +323,9 @@
self.__options.X_ind = True
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
@@ -1883,7 +1892,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
else:
if len(cmds) == 0:
self.usage(_("Command required"))
-@@ -351,22 +376,24 @@
+@@ -351,22 +378,24 @@
def __execute(self):
try:
@@ -3283,8 +3292,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ errorExit(error.args[1])
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.83/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/semanage/semanage.8 2010-09-23 15:43:58.000000000 -0400
-@@ -1,29 +1,65 @@
++++ policycoreutils-2.0.83/semanage/semanage.8 2010-09-23 16:46:29.000000000 -0400
+@@ -1,29 +1,69 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
.SH "NAME"
@@ -3298,12 +3307,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.B semanage [ -S store ] -o [ output_file | - ]
+
+Input local customizations
-+.br
+ .br
+-.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
+.B semanage [ -S store ] -i [ input_file | - ]
+
+Manage booleans. Booleans allow the administrator to modify the confinement of
+processes based on his configuration.
-+.br
+ .br
+-.B semanage user \-{a|d|m} [\-LrRP] selinux_name
+.B semanage boolean [\-S store] \-{d|m|l|n|D} \-[\-on|\-off|\1|0] -F boolean | boolean_file
+
+Manage SELinux confined users (Roles and levels for an SELinux user)
@@ -3311,45 +3322,47 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.B semanage user [\-S store] \-{a|d|m|l|n|D} [\-LrRP] selinux_name
+
+Manage login mappings between linux users and SELinux confined users.
- .br
--.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
++.br
+.B semanage login [\-S store] \-{a|d|m|l|n|D} [\-sr] login_name | %groupname
+
++Manage policy modules.
++.br
++.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name
++
+Manage network port type definitions
- .br
--.B semanage user \-{a|d|m} [\-LrRP] selinux_name
++.br
+.B semanage port [\-S store] \-{a|d|m|l|n|D} [\-tr] [\-p proto] port | port_range
- .br
--.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
++.br
+
+Manage network interface type definitions
- .br
--.B semanage interface \-{a|d|m} [\-tr] interface_spec
++.br
+.B semanage interface [\-S store] \-{a|d|m|l|n|D} [\-tr] interface_spec
+
+Manage network node type definitions
- .br
--.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
++.br
+.B semanage node [\-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address
- .br
--.B semanage fcontext \-{a|d|m} [\-frst] file_spec
++.br
+
+Manage file context mapping definitions
.br
--.B semanage permissive \-{a|d} type
+-.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec
-+.br
+ .br
+-.B semanage interface \-{a|d|m} [\-tr] interface_spec
+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target
-+.br
+ .br
+-.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
+
+Manage processes type enforcement mode
.br
--.B semanage dontaudit [ on | off ]
+-.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+.B semanage permissive [\-S store] \-{a|d|l|n|D} type
-+.br
+ .br
+-.B semanage permissive \-{a|d} type
+
+Disable/Enable dontaudit rules in policy
-+.br
+ .br
+-.B semanage dontaudit [ on | off ]
+.B semanage dontaudit [\-S store] [ on | off ]
.P
@@ -3361,10 +3374,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.SH "DESCRIPTION"
semanage is used to configure certain elements of
SELinux policy without requiring modification to or recompilation
-@@ -52,6 +88,12 @@
+@@ -52,6 +92,22 @@
.I \-D, \-\-deleteall
Remove all OBJECTS local customizations
.TP
++.I \-\-disable
++Disable a policy module, requires -m option
++
++Currently modules only.
++.TP
++.I \-\-enable
++Enable a disabled policy module, requires -m option
++
++Currently modules only.
++.TP
+.I \-e, \-\-equal
+Substitute target path with sourcepath when generating default label. This is used with
+fcontext. Requires source and target path arguments. The context
@@ -3374,7 +3397,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
-@@ -76,6 +118,9 @@
+@@ -60,6 +116,7 @@
+ Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
+
+ Currently booleans only.
++
+ .TP
+ .I \-h, \-\-help
+ display this message
+@@ -76,6 +133,9 @@
.I \-m, \-\-modify
Modify a OBJECT record NAME
.TP
@@ -3384,7 +3415,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.I \-n, \-\-noheading
Do not print heading when listing OBJECTS.
.TP
-@@ -99,26 +144,67 @@
+@@ -99,26 +159,67 @@
.TP
.I \-t, \-\-type
SELinux Type for the object
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 65b6928..da31f45 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.83
-Release: 29%{?dist}
+Release: 30%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -315,6 +315,9 @@ fi
exit 0
%changelog
+* Mon Sep 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-30
+- Catch TypeError exception on sandbox processing -I files
+
* Thu Sep 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-29
- Fix semanage man page
More information about the scm-commits
mailing list