[policycoreutils/f18] Additional fixes for disabled SELinux Box

Daniel J Walsh dwalsh at fedoraproject.org
Thu Dec 6 19:58:35 UTC 2012 

commit bff74c36adc3ffdefb80db12f645b2b340beaf48
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Dec 6 14:58:01 2012 -0500

    Additional fixes for disabled SELinux Box
    
    - system-config-selinux no longer relies on lokkit for /etc/selinux/config

 policycoreutils-rhat.patch |   54 ++++++++++++++++++++++++++++++++++++++++---
 policycoreutils.spec       |    9 ++++++-
 2 files changed, 58 insertions(+), 5 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 11931c3..9b87cb6 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -7647,6 +7647,35 @@ index 0000000..2f0c1cc
 @@ -0,0 +1,2 @@
 +#!/bin/sh
 +sepolicy generate $*
+diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py
+index e561de1..2069635 100644
+--- a/policycoreutils/gui/statusPage.py
++++ b/policycoreutils/gui/statusPage.py
+@@ -158,8 +158,22 @@ class statusPage:
+         self.enabled = enabled
+ 
+     def write_selinux_config(self, enforcing, type):
+-        import commands
+-        commands.getstatusoutput("/usr/sbin/lokkit --selinuxtype=%s --selinux=%s" % (type, enforcing))
++        path = selinux.selinux_path() + "config" 
++        backup_path = path + ".bck"
++        fd = open(path)
++        lines = fd.readlines()
++        fd.close()
++        fd = open(backup_path, "w")
++        for l in lines:
++            if l.startswith("SELINUX="):
++                fd.write("SELINUX=%s\n" % enforcing)
++                continue
++            if l.startswith("SELINUXTYPE="):
++                fd.write("SELINUXTYPE=%s\n" % type)
++                continue
++            fd.write(l)
++        fd.close()
++        os.rename(backup_path, path)
+ 
+     def read_selinux_config(self):
+         self.initialtype = selinux.selinux_getpolicytype()[1]
 diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py
 index 85e8b7f..bc3027e 100644
 --- a/policycoreutils/gui/system-config-selinux.py
@@ -333541,17 +333570,17 @@ index 0000000..57018a6
 +        sys.exit(0)        
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
 new file mode 100644
-index 0000000..ece5b4b
+index 0000000..fd0848e
 --- /dev/null
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,137 @@
+@@ -0,0 +1,154 @@
 +#!/usr/bin/python
 +
 +# Author: Thomas Liu <tliu at redhat.com>
 +# Author: Dan Walsh <dwalsh at redhat.com>
 +
 +import _policy
-+import selinux
++import selinux, glob
 +PROGNAME="policycoreutils"
 +import gettext
 +gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -333584,10 +333613,27 @@ index 0000000..ece5b4b
 +TRANSITION = 'transition'
 +ROLE_ALLOW = 'role_allow'
 +
++def __get_installed_policy():
++    try:
++        path = selinux.selinux_binary_policy_path()
++        policies = glob.glob ("%s.*" % path )
++        policies.sort()
++        return policies[-1]
++    except:
++        pass
++    raise ValueError(_("No SELinux Policy installed"))
++        
 +def policy(policy_file):
-+    _policy.policy(policy_file)
++    try:
++        _policy.policy(policy_file)
++    except:
++        raise ValueError(_("Failed to read % policy file") % policy_file)
++
 +
 +policy_file = selinux.selinux_current_policy_path()
++if not policy_file:
++    policy_file = __get_installed_policy()
++
 +policy(policy_file)
 +
 +def search(types, info = {} ):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2810fad..75131f8 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 42%{?dist}
+Release: 44%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -338,6 +338,13 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-44
+- Additional fixes for disabled SELinux Box
+- system-config-selinux no longer relies on lokkit for /etc/selinux/config
+
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-43
+- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
+
 * Wed Dec 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-42
 - Update Translations
 - sepolicy network -d needs to accept multiple domains

More information about the scm-commits mailing list