[policycoreutils] Allow ~ as a valid part of a filename in sepolgen
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Nov 16 16:26:15 UTC 2011
commit 97d6c28e36cff06534ddadc9de5e0ed1f1f69dcc
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Nov 16 11:26:11 2011 -0500
Allow ~ as a valid part of a filename in sepolgen
policycoreutils-sepolgen.patch | 54 +++++++++++++++++++++++-----------------
policycoreutils.spec | 5 +++-
2 files changed, 35 insertions(+), 24 deletions(-)
---
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index d6fdfdb..0482ee2 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -1,26 +1,8 @@
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
-index 898fbc3..631bab5 100644
+index 898fbc3..9fdfafa 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
-@@ -68,6 +68,17 @@ def get_dmesg_msgs():
- stdout=subprocess.PIPE).communicate()[0]
- return output
-
-+def get_log_msgs():
-+ """Obtain all of the avc and policy load messages from /var/log/messages.
-+
-+ Returns:
-+ string contain all of the audit messages returned by /var/log/messages.
-+ """
-+ import subprocess
-+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
-+ stdout=subprocess.PIPE).communicate()[0]
-+ return output
-+
- # Classes representing audit messages
-
- class AuditMessage:
-@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
+@@ -127,6 +127,9 @@ class PathMessage(AuditMessage):
if fields[0] == "path":
self.path = fields[1][1:-1]
return
@@ -30,7 +12,7 @@ index 898fbc3..631bab5 100644
class AVCMessage(AuditMessage):
"""AVC message representing an access denial or granted message.
-@@ -168,6 +182,8 @@ class AVCMessage(AuditMessage):
+@@ -168,6 +171,8 @@ class AVCMessage(AuditMessage):
self.name = ""
self.accesses = []
self.denial = True
@@ -39,7 +21,7 @@ index 898fbc3..631bab5 100644
def __parse_access(self, recs, start):
# This is kind of sucky - the access that is in a space separated
-@@ -229,7 +245,31 @@ class AVCMessage(AuditMessage):
+@@ -229,7 +234,31 @@ class AVCMessage(AuditMessage):
if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -72,7 +54,7 @@ index 898fbc3..631bab5 100644
class PolicyLoadMessage(AuditMessage):
"""Audit message indicating that the policy was reloaded."""
def __init__(self, message):
-@@ -472,10 +512,10 @@ class AuditParser:
+@@ -472,10 +501,10 @@ class AuditParser:
if avc_filter:
if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
@@ -181,3 +163,29 @@ index 0e6b502..4882999 100644
self.module.children.append(rule)
+diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
+index 955784d..9a79340 100644
+--- a/sepolgen/src/sepolgen/refparser.py
++++ b/sepolgen/src/sepolgen/refparser.py
+@@ -245,7 +245,7 @@ def t_refpolicywarn(t):
+ t.lexer.lineno += 1
+
+ def t_IDENTIFIER(t):
+- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
++ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*'
+ # Handle any keywords
+ t.type = reserved.get(t.value,'IDENTIFIER')
+ return t
+diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
+index 58332de..2f3c09d 100644
+--- a/sepolgen/src/sepolgen/yacc.py
++++ b/sepolgen/src/sepolgen/yacc.py
+@@ -594,7 +594,7 @@ class MiniProduction:
+ pass
+
+ # regex matching identifiers
+-_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
++_is_identifier = re.compile(r'^[a-zA-Z0-9_-~]+$')
+
+ # -----------------------------------------------------------------------------
+ # add_production()
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fc43712..6098c28 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.8
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-5
+- Allow ~ as a valid part of a filename in sepolgen
+
* Fri Nov 11 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-4
- sandbox init script should always return 0
- sandbox command needs to check range of categories and report error if not big enough
More information about the scm-commits
mailing list