[policycoreutils] Add back accidently dropped patches for semanage
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 7 14:40:54 UTC 2011
commit 1bb3b98779bf9915477ff9bb465d29bcb532879a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Dec 7 09:40:36 2011 -0500
Add back accidently dropped patches for semanage
policycoreutils-rhat.patch | 569 ++++++++------------------------------------
policycoreutils.spec | 5 +-
2 files changed, 99 insertions(+), 475 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index c75272a..73e48c2 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -271,493 +271,114 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
-index 48d7baa..f601720 100644
+index 48d7baa..2c0cfdd 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
-@@ -39,29 +39,21 @@ except IOError:
- __builtin__.__dict__['_'] = unicode
-
- if __name__ == '__main__':
-- manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"]
-- action = False
-- def set_action(option):
-- global action
-- if action:
-- raise ValueError(_("%s bad option") % option)
-- action = True
-
- def usage(message = ""):
- text = _("""
- semanage [ -S store ] -i [ input_file | - ]
--semanage [ -S store ] -o [ output_file | - ]
--
--semanage login -{a|d|m|l|D|E} [-nsr] login_name | %groupname
--semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name
--semanage port -{a|d|m|l|D|E} [-ntr] [ -p proto ] port | port_range
--semanage interface -{a|d|m|l|D|E} [-ntr] interface_spec
--semanage module -{a|d|m} [--enable|--disable] module
--semanage node -{a|d|m|l|D|E} [-ntr] [ -p protocol ] [-M netmask] addr
--semanage fcontext -{a|d|m|l|D|E} [-efnrst] file_spec
-+
-+semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
-+semanage login -{a|d|m} [-sr] login_name | %groupname
-+semanage user -{a|d|m} [-LrRP] selinux_name
-+semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
-+semanage interface -{a|d|m} [-tr] interface_spec
-+semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
-+semanage fcontext -{a|d|m} [-frst] file_spec
-+semanage translation -{a|d|m} [-T] level
- semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
--semanage permissive -{d|a|l} [-n] type
--semanage dontaudit [ on | off ]
-+semanage permissive -{d|a} type
-
- Primary Options:
-
-@@ -69,9 +61,7 @@ Primary Options:
- -d, --delete Delete a OBJECT record NAME
- -m, --modify Modify a OBJECT record NAME
- -i, --input Input multiple semange commands in a transaction
-- -o, --output Output current customizations as semange commands
- -l, --list List the OBJECTS
-- -E, --extract extract customizable commands
- -C, --locallist List OBJECTS local customizations
- -D, --deleteall Remove all OBJECTS local customizations
-
-@@ -94,15 +84,14 @@ Object-specific Options (see above):
- -F, --file Treat target as an input file for command, change multiple settings
- -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
- -M, --mask Netmask
-- -e, --equal Substitue source path for dest path when labeling
- -P, --prefix Prefix for home directory labeling
- -L, --level Default SELinux Level (MLS/MCS Systems only)
- -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
-+ -T, --trans SELinux Level Translation (MLS/MCS Systems only)
+@@ -20,6 +20,7 @@
+ # 02111-1307 USA
+ #
+ #
++import policycoreutils.default_encoding_utf8
+ import sys, getopt, re
+ import seobject
+ import selinux
+@@ -32,7 +33,7 @@ gettext.textdomain(PROGNAME)
+ try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+- unicode=False,
++ unicode=True,
+ codeset = 'utf-8')
+ except IOError:
+ import __builtin__
+@@ -283,11 +284,14 @@ Object-specific Options (see above):
+ equal = a
+
+ if o == "--enable":
+- set_action(o)
++ if disable:
++ raise ValueError(_("You can't disable and enable at the same time"))
+
- -s, --seuser SELinux User Name
- -t, --type SELinux Type for the object
- -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
-- --enable Enable a module
-- --disable Disable a module
- """)
- raise ValueError("%s\n%s" % (text, message))
-
-@@ -114,25 +103,23 @@ Object-specific Options (see above):
+ enable = True
- def get_options():
- valid_option={}
-- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-S', '--store' ]
-- valid_local=[ '-E', '--extract', '-C', '--locallist', '-D', '--deleteall']
-+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
- valid_option["login"] = []
-- valid_option["login"] += valid_everyone + valid_local + [ '-s', '--seuser', '-r', '--range']
-+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
- valid_option["user"] = []
-- valid_option["user"] += valid_everyone + valid_local + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
-+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
- valid_option["port"] = []
-- valid_option["port"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
-+ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
- valid_option["interface"] = []
-- valid_option["interface"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range']
-+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
- valid_option["node"] = []
-- valid_option["node"] += valid_everyone + valid_local + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
-- valid_option["module"] = []
-- valid_option["module"] += valid_everyone + [ '--enable', '--disable']
-+ valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
- valid_option["fcontext"] = []
-- valid_option["fcontext"] += valid_everyone + valid_local + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
-- valid_option["dontaudit"] = [ '-S', '--store' ]
-+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
-+ valid_option["translation"] = []
-+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
- valid_option["boolean"] = []
-- valid_option["boolean"] += valid_everyone + valid_local + [ '--on', "--off", "-1", "-0", "-F", "--file"]
-+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
- valid_option["permissive"] = []
- valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
- return valid_option
-@@ -184,8 +171,6 @@ Object-specific Options (see above):
- return ret
-
- def process_args(argv):
-- global action
-- action = False
- serange = ""
- port = ""
- proto = ""
-@@ -193,6 +178,7 @@ Object-specific Options (see above):
- selevel = ""
- setype = ""
- ftype = ""
-+ setrans = ""
- roles = ""
- seuser = ""
- prefix = "user"
-@@ -202,17 +188,11 @@ Object-specific Options (see above):
- modify = False
- delete = False
- deleteall = False
-- enable = False
-- extract = False
-- disable = False
- list = False
- locallist = False
- use_file = False
- store = ""
-- equal = ""
--
-- if len(argv) == 0:
-- return
-+
- object = argv[0]
- option_dict=get_options()
- if object not in option_dict.keys():
-@@ -220,81 +200,59 @@ Object-specific Options (see above):
-
- args = argv[1:]
-
-- try:
-- gopts, cmds = getopt.getopt(args,
-- '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
-- ['add',
-- 'delete',
-- 'deleteall',
-- 'enable',
-- 'equal=',
-- 'extract',
-- 'disable',
-- 'ftype=',
-- 'file',
-- 'help',
-- 'input=',
-- 'list',
-- 'modify',
-- 'noheading',
-- 'localist',
-- 'off',
-- 'on',
-- 'proto=',
-- 'seuser=',
-- 'store=',
-- 'range=',
-- 'locallist=',
-- 'level=',
-- 'roles=',
-- 'type=',
-- 'prefix=',
-- 'mask='
-- ])
-- except getopt.error, error:
-- usage(_("Options Error %s ") % error.msg)
--
-+ gopts, cmds = getopt.getopt(args,
-+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
-+ ['add',
-+ 'delete',
-+ 'deleteall',
-+ 'ftype=',
-+ 'file',
-+ 'help',
-+ 'input=',
-+ 'list',
-+ 'modify',
-+ 'noheading',
-+ 'localist',
-+ 'off',
-+ 'on',
-+ 'proto=',
-+ 'seuser=',
-+ 'store=',
-+ 'range=',
-+ 'locallist=',
-+ 'level=',
-+ 'roles=',
-+ 'type=',
-+ 'trans=',
-+ 'prefix=',
-+ 'mask='
-+ ])
- for o, a in gopts:
- if o not in option_dict[object]:
- sys.stderr.write(_("%s not valid for %s objects\n") % ( o, object) );
-- return
-
- for o,a in gopts:
- if o == "-a" or o == "--add":
-- set_action(o)
-+ if modify or delete:
-+ raise ValueError(_("%s bad option") % o)
- add = True
-
- if o == "-d" or o == "--delete":
-- set_action(o)
-+ if modify or add:
-+ raise ValueError(_("%s bad option") % o)
- delete = True
--
- if o == "-D" or o == "--deleteall":
+ if o == "--disable":
- set_action(o)
-+ if modify:
-+ raise ValueError(_("%s bad option") % o)
- deleteall = True
--
-- if o == "-E" or o == "--extract":
-- set_action(o)
-- extract = True
--
- if o == "-f" or o == "--ftype":
- ftype=a
++ if enable:
++ raise ValueError(_("You can't disable and enable at the same time"))
+ disable = True
-- if o == "-e" or o == "--equal":
-- equal = a
--
-- if o == "--enable":
-- set_action(o)
-- enable = True
--
-- if o == "--disable":
-- set_action(o)
-- disable = True
--
if o == "-F" or o == "--file":
- use_file = True
-
- if o == "-h" or o == "--help":
-- raise usage()
-+ raise ValueError(_("%s bad option") % o)
-
- if o == "-n" or o == "--noheading":
- heading = False
-@@ -303,7 +261,8 @@ Object-specific Options (see above):
- locallist = True
-
- if o == "-m"or o == "--modify":
-- set_action(o)
-+ if delete or add:
-+ raise ValueError(_("%s bad option") % o)
- modify = True
-
- if o == "-S" or o == '--store':
-@@ -336,13 +295,13 @@ Object-specific Options (see above):
- if o == "-t" or o == "--type":
- setype = a
-
-- if o == "--on" or o == "-1":
-- value = "on"
-- modify = True
-+ if o == "-T" or o == "--trans":
-+ setrans = a
-
-- if o == "--off" or o == "-0":
-- value = "off"
-- modify = True
-+ if o == "--on" or o == "-1":
-+ value = "on"
-+ if o == "--off" or o == "-0":
-+ value = "off"
-
- if object == "login":
- OBJECT = seobject.loginRecords(store)
-@@ -364,12 +323,10 @@ Object-specific Options (see above):
-
- if object == "boolean":
- OBJECT = seobject.booleanRecords(store)
-- if use_file:
-- modify = True
--
-- if object == "module":
-- OBJECT = seobject.moduleRecords(store)
--
-+
-+ if object == "translation":
-+ OBJECT = seobject.setransRecords()
-+
- if object == "permissive":
- OBJECT = seobject.permissiveRecords(store)
-
-@@ -384,98 +341,64 @@ Object-specific Options (see above):
- OBJECT.deleteall()
- return
-
-- if extract:
-- for i in OBJECT.customized():
-- print "%s %s" % (object, str(i))
-- return
--
- if len(cmds) != 1:
-- raise ValueError(_("bad option"))
-+ raise ValueError(_("%s bad option") % o)
-
- target = cmds[0]
-
-- if object == "dontaudit":
-- OBJECT = seobject.dontauditClass(store)
-- OBJECT.toggle(target)
-- return
--
- if add:
- if object == "login":
- OBJECT.add(target, seuser, serange)
-- return
-+
-+ if object == "translation":
-+ OBJECT.add(target, setrans)
-
- if object == "user":
- OBJECT.add(target, roles.split(), selevel, serange, prefix)
-- return
-
- if object == "port":
- OBJECT.add(target, proto, serange, setype)
-- return
-
- if object == "interface":
- OBJECT.add(target, serange, setype)
-- return
--
-- if object == "module":
-- OBJECT.add(target)
-- return
-
- if object == "node":
- OBJECT.add(target, mask, proto, serange, setype)
-- return
-
- if object == "fcontext":
-- if equal == "":
-- OBJECT.add(target, setype, ftype, serange, seuser)
-- else:
-- OBJECT.add_equal(target, equal)
-- return
--
-+ OBJECT.add(target, setype, ftype, serange, seuser)
- if object == "permissive":
- OBJECT.add(target)
-- return
-
-+ return
-+
- if modify:
- if object == "boolean":
-- OBJECT.modify(target, value, use_file)
-- return
-+ OBJECT.modify(target, value, use_file)
-
- if object == "login":
- OBJECT.modify(target, seuser, serange)
-- return
-+
-+ if object == "translation":
-+ OBJECT.modify(target, setrans)
-
- if object == "user":
- rlist = roles.split()
- OBJECT.modify(target, rlist, selevel, serange, prefix)
-- return
--
-- if object == "module":
-- if enable:
-- OBJECT.enable(target)
-- elif disable:
-- OBJECT.disable(target)
-- else:
-- OBJECT.modify(target)
-- return
-
- if object == "port":
- OBJECT.modify(target, proto, serange, setype)
-- return
-
- if object == "interface":
- OBJECT.modify(target, serange, setype)
-- return
-
- if object == "node":
- OBJECT.modify(target, mask, proto, serange, setype)
-- return
-
- if object == "fcontext":
-- if equal == "":
-- OBJECT.modify(target, setype, ftype, serange, seuser)
-- else:
-- OBJECT.modify_equal(target, equal)
-- return
-+ OBJECT.modify(target, setype, ftype, serange, seuser)
-+
-+ return
-
- if delete:
- if object == "port":
-@@ -489,15 +412,15 @@ Object-specific Options (see above):
-
- else:
- OBJECT.delete(target)
-+
- return
-
-- raise ValueError(_("Invalid command: semanage %s") % " ".join(argv))
-+ raise ValueError(_("Invalid command") % " ".join(argv))
-
- #
- #
- #
- try:
-- output = None
- input = None
- store = ""
-
-@@ -505,7 +428,7 @@ Object-specific Options (see above):
+@@ -504,31 +508,36 @@ Object-specific Options (see above):
+ if len(sys.argv) < 3:
usage(_("Requires 2 or more arguments"))
- gopts, cmds = getopt.getopt(sys.argv[1:],
+- gopts, cmds = getopt.getopt(sys.argv[1:],
- '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
-+ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
- ['add',
- 'delete',
- 'deleteall',
-@@ -519,7 +442,6 @@ Object-specific Options (see above):
- 'localist',
- 'off',
- 'on',
+- ['add',
+- 'delete',
+- 'deleteall',
+- 'ftype=',
+- 'file',
+- 'help',
+- 'input=',
+- 'list',
+- 'modify',
+- 'noheading',
+- 'localist',
+- 'off',
+- 'on',
- 'output=',
- 'proto=',
- 'seuser=',
- 'store=',
-@@ -527,6 +449,7 @@ Object-specific Options (see above):
- 'level=',
- 'roles=',
- 'type=',
-+ 'trans=',
- 'prefix='
- ])
+- 'proto=',
+- 'seuser=',
+- 'store=',
+- 'range=',
+- 'level=',
+- 'roles=',
+- 'type=',
+- 'prefix='
+- ])
++ try:
++ gopts, cmds = getopt.getopt(sys.argv[1:],
++ '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
++ ['add',
++ 'delete',
++ 'deleteall',
++ 'ftype=',
++ 'file',
++ 'help',
++ 'input=',
++ 'list',
++ 'modify',
++ 'noheading',
++ 'localist',
++ 'off',
++ 'on',
++ 'output=',
++ 'proto=',
++ 'seuser=',
++ 'store=',
++ 'range=',
++ 'level=',
++ 'roles=',
++ 'type=',
++ 'trans=',
++ 'prefix='
++ ])
++ except getopt.error, error:
++ usage(_("Options Error %s ") % error.msg)
++
for o, a in gopts:
-@@ -534,16 +457,6 @@ Object-specific Options (see above):
+ if o == "-S" or o == '--store':
store = a
- if o == "-i" or o == '--input':
- input = a
-- if o == "-o" or o == '--output':
-- output = a
--
-- if output != None:
-- if output != "-":
-- sys.stdout = open(output, 'w')
-- for i in manageditems:
-- print "%s -D" % i
-- process_args([i, "-E"])
-- sys.exit(0)
-
- if input != None:
- if input == "-":
-@@ -566,7 +479,3 @@ Object-specific Options (see above):
- errorExit(_("Invalid value %s") % error.args[0])
- except IOError, error:
- errorExit(error.args[1])
-- except OSError, error:
-- errorExit(error.args[1])
-- except RuntimeError, error:
-- errorExit(error.args[0])
+@@ -558,8 +567,6 @@ Object-specific Options (see above):
+ else:
+ process_args(sys.argv[1:])
+
+- except getopt.error, error:
+- usage(_("Options Error %s ") % error.msg)
+ except ValueError, error:
+ errorExit(error.args[0])
+ except KeyError, error:
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 2628645..e5b6303 100644
--- a/policycoreutils/semanage/seobject.py
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 0cfb00a..7b96aae 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.9
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -355,6 +355,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Dec 7 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.9-2
+- Add back accidently dropped patches for semanage
+
* Tue Dec 6 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.9-1
- Upgrade to upstream
* sandbox: move sandbox.conf.5 to just sandbox.5
More information about the scm-commits
mailing list