[policycoreutils] Add listing of distribution equivalence class from semanage fcontext -l Add checking to semanage fco

Daniel J Walsh dwalsh at fedoraproject.org
Wed Nov 16 20:41:28 UTC 2011 

commit e0ffc386e83a86089a54f50fc456bfb9a80c7db7
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed Nov 16 15:41:18 2011 -0500

    Add listing of distribution equivalence class from semanage fcontext -l
    Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
    
    Allow ~ as a valid part of a filename in sepolgen

 policycoreutils-rhat.patch |   70 ++++++++++++++++++++++++++++++++++++++++++-
 policycoreutils.spec       |    6 +++-
 2 files changed, 73 insertions(+), 3 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index cbe9f63..83c0d52 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -609,7 +609,7 @@ index 48d7baa..2c0cfdd 100644
  		errorExit(error.args[0])
  	except KeyError, error:
 diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index a7008fc..e4b6c0d 100644
+index a7008fc..aae1b59 100644
 --- a/policycoreutils/semanage/seobject.py
 +++ b/policycoreutils/semanage/seobject.py
 @@ -30,11 +30,10 @@ from IPy import IP
@@ -723,7 +723,53 @@ index a7008fc..e4b6c0d 100644
  
  		(rc, iface) = semanage_iface_create(self.sh)
  		if rc < 0:
-@@ -1618,7 +1624,8 @@ class fcontextRecords(semanageRecords):
+@@ -1525,6 +1531,7 @@ class fcontextRecords(semanageRecords):
+ 	def __init__(self, store = ""):
+ 		semanageRecords.__init__(self, store)
+                 self.equiv = {}
++                self.equiv_dist = {}
+                 self.equal_ind = False
+                 try:
+                        fd = open(selinux.selinux_file_context_subs_path(), "r")
+@@ -1534,6 +1541,14 @@ class fcontextRecords(semanageRecords):
+                        fd.close()
+                 except IOError:
+                        pass
++                try:
++                       fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
++                       for i in fd.readlines():
++                              src, dst = i.split()
++                              self.equiv_dist[src] = dst
++                       fd.close()
++                except IOError:
++                       pass
+ 
+         def commit(self):
+                 if self.equal_ind:
+@@ -1589,12 +1604,21 @@ class fcontextRecords(semanageRecords):
+ 
+                 return con
+                
++        def check_equiv(self, target, fdict):
++		for i in fdict:
++			if target.startswith(i+"/"):
++				t = re.sub(i, fdict[i], target)
++				raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
++
++			
+         def validate(self, target):
+                if target == "" or target.find("\n") >= 0:
+                       raise ValueError(_("Invalid file specification"))
+                if target.find(" ") != -1:
+                       raise ValueError(_("File specification can not include spaces"))
+-                      
++	       self.check_equiv(target, self.equiv)
++	       self.check_equiv(target, self.equiv_dist)
++			       
+ 	def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+                 self.validate(target)
+ 
+@@ -1618,7 +1642,8 @@ class fcontextRecords(semanageRecords):
                                raise ValueError(_("Could not check if file context for %s is defined") % target)
  
                  if exists:
@@ -733,6 +779,26 @@ index a7008fc..e4b6c0d 100644
  
  		(rc, fcontext) = semanage_fcontext_create(self.sh)
  		if rc < 0:
+@@ -1825,9 +1850,17 @@ class fcontextRecords(semanageRecords):
+ 					print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
+ 			else:
+ 				print "%-50s %-18s <<None>>" % (k[0], k[1])
+-                if len(self.equiv.keys()) > 0:
++
++
++		if len(self.equiv_dist):
++		       if not locallist:
++			       if heading:
++				       print _("\nSELinux Distribution fcontext Equivalence \n")
++			       for src in self.equiv_dist.keys():
++				       print "%s = %s" % (src, self.equiv_dist[src])
++		if len(self.equiv):
+                        if heading:
+-                              print _("\nSELinux fcontext Equivalence \n")
++                              print _("\nSELinux Local fcontext Equivalence \n")
+ 
+                        for src in self.equiv.keys():
+                               print "%s = %s" % (src, self.equiv[src])
 diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
 index 9a7d315..e57d34f 100644
 --- a/policycoreutils/setfiles/restore.c
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 6098c28..1e3da80 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.8
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -352,6 +352,10 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-6
+- Add listing of distribution equivalence class from semanage fcontext -l
+- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
+ 
 * Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-5
 - Allow ~ as a valid part of a filename in sepolgen

More information about the scm-commits mailing list