[policycoreutils] Add listing of distribution equivalence class from semanage fcontext -l Add checking to semanage fco
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Nov 16 20:41:28 UTC 2011
commit e0ffc386e83a86089a54f50fc456bfb9a80c7db7
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Nov 16 15:41:18 2011 -0500
Add listing of distribution equivalence class from semanage fcontext -l
Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
Allow ~ as a valid part of a filename in sepolgen
policycoreutils-rhat.patch | 70 ++++++++++++++++++++++++++++++++++++++++++-
policycoreutils.spec | 6 +++-
2 files changed, 73 insertions(+), 3 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index cbe9f63..83c0d52 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -609,7 +609,7 @@ index 48d7baa..2c0cfdd 100644
errorExit(error.args[0])
except KeyError, error:
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index a7008fc..e4b6c0d 100644
+index a7008fc..aae1b59 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -30,11 +30,10 @@ from IPy import IP
@@ -723,7 +723,53 @@ index a7008fc..e4b6c0d 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1618,7 +1624,8 @@ class fcontextRecords(semanageRecords):
+@@ -1525,6 +1531,7 @@ class fcontextRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+ self.equiv = {}
++ self.equiv_dist = {}
+ self.equal_ind = False
+ try:
+ fd = open(selinux.selinux_file_context_subs_path(), "r")
+@@ -1534,6 +1541,14 @@ class fcontextRecords(semanageRecords):
+ fd.close()
+ except IOError:
+ pass
++ try:
++ fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
++ for i in fd.readlines():
++ src, dst = i.split()
++ self.equiv_dist[src] = dst
++ fd.close()
++ except IOError:
++ pass
+
+ def commit(self):
+ if self.equal_ind:
+@@ -1589,12 +1604,21 @@ class fcontextRecords(semanageRecords):
+
+ return con
+
++ def check_equiv(self, target, fdict):
++ for i in fdict:
++ if target.startswith(i+"/"):
++ t = re.sub(i, fdict[i], target)
++ raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
++
++
+ def validate(self, target):
+ if target == "" or target.find("\n") >= 0:
+ raise ValueError(_("Invalid file specification"))
+ if target.find(" ") != -1:
+ raise ValueError(_("File specification can not include spaces"))
+-
++ self.check_equiv(target, self.equiv)
++ self.check_equiv(target, self.equiv_dist)
++
+ def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ self.validate(target)
+
+@@ -1618,7 +1642,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -733,6 +779,26 @@ index a7008fc..e4b6c0d 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
+@@ -1825,9 +1850,17 @@ class fcontextRecords(semanageRecords):
+ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
+ else:
+ print "%-50s %-18s <<None>>" % (k[0], k[1])
+- if len(self.equiv.keys()) > 0:
++
++
++ if len(self.equiv_dist):
++ if not locallist:
++ if heading:
++ print _("\nSELinux Distribution fcontext Equivalence \n")
++ for src in self.equiv_dist.keys():
++ print "%s = %s" % (src, self.equiv_dist[src])
++ if len(self.equiv):
+ if heading:
+- print _("\nSELinux fcontext Equivalence \n")
++ print _("\nSELinux Local fcontext Equivalence \n")
+
+ for src in self.equiv.keys():
+ print "%s = %s" % (src, self.equiv[src])
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 9a7d315..e57d34f 100644
--- a/policycoreutils/setfiles/restore.c
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 6098c28..1e3da80 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.8
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,10 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-6
+- Add listing of distribution equivalence class from semanage fcontext -l
+- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
+
* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-5
- Allow ~ as a valid part of a filename in sepolgen
More information about the scm-commits
mailing list