[policycoreutils/f14/master] Fix semange node handling of ipv6 addresses
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Mar 24 21:53:03 UTC 2011
commit b19892214d011afa0220086c19954566043d9047
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Mar 24 17:52:53 2011 -0400
Fix semange node handling of ipv6 addresses
policycoreutils-rhat.patch | 66 ++++++++++++++++++++++----------------------
policycoreutils.spec | 5 ++-
2 files changed, 37 insertions(+), 34 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 99d6c4d..6955be6 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -4211,7 +4211,7 @@ index 70d1a20..fb6a79b 100644
+.br
Examples by Thomas Bleher <ThomasBleher at gmx.de>.
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index b7d257b..d5920aa 100644
+index b7d257b..4462c9e 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -25,51 +25,17 @@ import pwd, grp, string, selinux, tempfile, os, re, sys, stat
@@ -4593,18 +4593,18 @@ index b7d257b..d5920aa 100644
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -958,21 +1094,35 @@ class portRecords(semanageRecords):
+@@ -958,21 +1094,36 @@ class portRecords(semanageRecords):
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
--
-- def __add(self, addr, mask, proto, serange, ctype):
+ self.protocol = ["ipv4", "ipv6"]
+
+ def validate(self, addr, mask, protocol):
-+ newaddr=""
-+ newmask=""
++ newaddr=addr
++ newmask=mask
+ newprotocol=""
+
+- def __add(self, addr, mask, proto, serange, ctype):
if addr == "":
raise ValueError(_("Node Address is required"))
@@ -4619,14 +4619,14 @@ index b7d257b..d5920aa 100644
+ # verify valid comination
+ if len(mask) == 0 or mask[0] == "/":
+ i = IP(addr + mask)
-+ else:
-+ i = IP(addr + "/" + mask)
-+ newaddr = i.strNormal(0)
-+ newmask = str(i.netmask())
-+ if protocol == "":
++ newaddr = i.strNormal(0)
++ newmask = str(i.netmask())
++ if newmask == "0.0.0.0" and i.version() == 6:
++ newmask = "::"
++
+ protocol = "ipv%d" % i.version()
-+
-+ try:
++
++ try:
+ newprotocol = self.protocol.index(protocol)
+ except:
raise ValueError(_("Unknown or missing protocol"))
@@ -4639,7 +4639,7 @@ index b7d257b..d5920aa 100644
if is_mls_enabled == 1:
if serange == "":
-@@ -991,11 +1141,13 @@ class nodeRecords(semanageRecords):
+@@ -991,11 +1142,13 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -4654,7 +4654,7 @@ index b7d257b..d5920aa 100644
rc = semanage_node_set_addr(self.sh, node, proto, addr)
(rc, con) = semanage_context_create(self.sh)
-@@ -1005,8 +1157,7 @@ class nodeRecords(semanageRecords):
+@@ -1005,8 +1158,7 @@ class nodeRecords(semanageRecords):
rc = semanage_node_set_mask(self.sh, node, proto, mask)
if rc < 0:
raise ValueError(_("Could not set mask for %s") % addr)
@@ -4664,7 +4664,7 @@ index b7d257b..d5920aa 100644
rc = semanage_context_set_user(self.sh, con, "system_u")
if rc < 0:
raise ValueError(_("Could not set user in addr context for %s") % addr)
-@@ -1042,18 +1193,8 @@ class nodeRecords(semanageRecords):
+@@ -1042,18 +1194,8 @@ class nodeRecords(semanageRecords):
self.commit()
def __modify(self, addr, mask, proto, serange, setype):
@@ -4684,7 +4684,7 @@ index b7d257b..d5920aa 100644
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
-@@ -1068,12 +1209,11 @@ class nodeRecords(semanageRecords):
+@@ -1068,12 +1210,11 @@ class nodeRecords(semanageRecords):
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
@@ -4698,7 +4698,7 @@ index b7d257b..d5920aa 100644
if serange != "":
semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
-@@ -1092,18 +1232,8 @@ class nodeRecords(semanageRecords):
+@@ -1092,18 +1233,8 @@ class nodeRecords(semanageRecords):
self.commit()
def __delete(self, addr, mask, proto):
@@ -4718,7 +4718,7 @@ index b7d257b..d5920aa 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
-@@ -1132,6 +1262,16 @@ class nodeRecords(semanageRecords):
+@@ -1132,6 +1263,16 @@ class nodeRecords(semanageRecords):
self.__delete(addr, mask, proto)
self.commit()
@@ -4735,7 +4735,7 @@ index b7d257b..d5920aa 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist :
-@@ -1145,15 +1285,20 @@ class nodeRecords(semanageRecords):
+@@ -1145,15 +1286,20 @@ class nodeRecords(semanageRecords):
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@@ -4761,7 +4761,7 @@ index b7d257b..d5920aa 100644
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1193,7 +1338,8 @@ class interfaceRecords(semanageRecords):
+@@ -1193,7 +1339,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -4771,7 +4771,7 @@ index b7d257b..d5920aa 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1307,6 +1453,16 @@ class interfaceRecords(semanageRecords):
+@@ -1307,6 +1454,16 @@ class interfaceRecords(semanageRecords):
self.__delete(interface)
self.commit()
@@ -4788,7 +4788,7 @@ index b7d257b..d5920aa 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -1322,6 +1478,15 @@ class interfaceRecords(semanageRecords):
+@@ -1322,6 +1479,15 @@ class interfaceRecords(semanageRecords):
return ddict
@@ -4804,7 +4804,7 @@ index b7d257b..d5920aa 100644
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1338,6 +1503,48 @@ class interfaceRecords(semanageRecords):
+@@ -1338,6 +1504,48 @@ class interfaceRecords(semanageRecords):
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -4853,7 +4853,7 @@ index b7d257b..d5920aa 100644
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1364,6 +1571,8 @@ class fcontextRecords(semanageRecords):
+@@ -1364,6 +1572,8 @@ class fcontextRecords(semanageRecords):
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@@ -4862,7 +4862,7 @@ index b7d257b..d5920aa 100644
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
-@@ -1388,7 +1597,8 @@ class fcontextRecords(semanageRecords):
+@@ -1388,7 +1598,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -4872,7 +4872,7 @@ index b7d257b..d5920aa 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1504,9 +1714,16 @@ class fcontextRecords(semanageRecords):
+@@ -1504,9 +1715,16 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -4889,7 +4889,7 @@ index b7d257b..d5920aa 100644
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1561,12 +1778,22 @@ class fcontextRecords(semanageRecords):
+@@ -1561,12 +1779,22 @@ class fcontextRecords(semanageRecords):
return ddict
@@ -4914,7 +4914,7 @@ index b7d257b..d5920aa 100644
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1575,6 +1802,12 @@ class fcontextRecords(semanageRecords):
+@@ -1575,6 +1803,12 @@ class fcontextRecords(semanageRecords):
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -4927,7 +4927,7 @@ index b7d257b..d5920aa 100644
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
-@@ -1587,6 +1820,18 @@ class booleanRecords(semanageRecords):
+@@ -1587,6 +1821,18 @@ class booleanRecords(semanageRecords):
self.dict["1"] = 1
self.dict["0"] = 0
@@ -4946,7 +4946,7 @@ index b7d257b..d5920aa 100644
def __mod(self, name, value):
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
-@@ -1606,9 +1851,10 @@ class booleanRecords(semanageRecords):
+@@ -1606,9 +1852,10 @@ class booleanRecords(semanageRecords):
else:
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
@@ -4960,7 +4960,7 @@ index b7d257b..d5920aa 100644
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
-@@ -1691,8 +1937,12 @@ class booleanRecords(semanageRecords):
+@@ -1691,8 +1938,12 @@ class booleanRecords(semanageRecords):
value = []
name = semanage_bool_get_name(boolean)
value.append(semanage_bool_get_value(boolean))
@@ -4975,7 +4975,7 @@ index b7d257b..d5920aa 100644
ddict[name] = value
return ddict
-@@ -1706,6 +1956,16 @@ class booleanRecords(semanageRecords):
+@@ -1706,6 +1957,16 @@ class booleanRecords(semanageRecords):
else:
return _("unknown")
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 5aa1eec..c73a2cd 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
-Release: 26%{?dist}
+Release: 27%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -318,6 +318,9 @@ fi
exit 0
%changelog
+* Thu Mar 24 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-27
+- Fix semange node handling of ipv6 addresses
+
* Wed Mar 23 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-26
- Fix sepolgen-ifgen call, add -p option
More information about the scm-commits
mailing list