[policycoreutils/f18] Additional fixes for disabled SELinux Box
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 6 19:58:35 UTC 2012
commit bff74c36adc3ffdefb80db12f645b2b340beaf48
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Dec 6 14:58:01 2012 -0500
Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
policycoreutils-rhat.patch | 54 ++++++++++++++++++++++++++++++++++++++++---
policycoreutils.spec | 9 ++++++-
2 files changed, 58 insertions(+), 5 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 11931c3..9b87cb6 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -7647,6 +7647,35 @@ index 0000000..2f0c1cc
@@ -0,0 +1,2 @@
+#!/bin/sh
+sepolicy generate $*
+diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py
+index e561de1..2069635 100644
+--- a/policycoreutils/gui/statusPage.py
++++ b/policycoreutils/gui/statusPage.py
+@@ -158,8 +158,22 @@ class statusPage:
+ self.enabled = enabled
+
+ def write_selinux_config(self, enforcing, type):
+- import commands
+- commands.getstatusoutput("/usr/sbin/lokkit --selinuxtype=%s --selinux=%s" % (type, enforcing))
++ path = selinux.selinux_path() + "config"
++ backup_path = path + ".bck"
++ fd = open(path)
++ lines = fd.readlines()
++ fd.close()
++ fd = open(backup_path, "w")
++ for l in lines:
++ if l.startswith("SELINUX="):
++ fd.write("SELINUX=%s\n" % enforcing)
++ continue
++ if l.startswith("SELINUXTYPE="):
++ fd.write("SELINUXTYPE=%s\n" % type)
++ continue
++ fd.write(l)
++ fd.close()
++ os.rename(backup_path, path)
+
+ def read_selinux_config(self):
+ self.initialtype = selinux.selinux_getpolicytype()[1]
diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py
index 85e8b7f..bc3027e 100644
--- a/policycoreutils/gui/system-config-selinux.py
@@ -333541,17 +333570,17 @@ index 0000000..57018a6
+ sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644
-index 0000000..ece5b4b
+index 0000000..fd0848e
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,137 @@
+@@ -0,0 +1,154 @@
+#!/usr/bin/python
+
+# Author: Thomas Liu <tliu at redhat.com>
+# Author: Dan Walsh <dwalsh at redhat.com>
+
+import _policy
-+import selinux
++import selinux, glob
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -333584,10 +333613,27 @@ index 0000000..ece5b4b
+TRANSITION = 'transition'
+ROLE_ALLOW = 'role_allow'
+
++def __get_installed_policy():
++ try:
++ path = selinux.selinux_binary_policy_path()
++ policies = glob.glob ("%s.*" % path )
++ policies.sort()
++ return policies[-1]
++ except:
++ pass
++ raise ValueError(_("No SELinux Policy installed"))
++
+def policy(policy_file):
-+ _policy.policy(policy_file)
++ try:
++ _policy.policy(policy_file)
++ except:
++ raise ValueError(_("Failed to read % policy file") % policy_file)
++
+
+policy_file = selinux.selinux_current_policy_path()
++if not policy_file:
++ policy_file = __get_installed_policy()
++
+policy(policy_file)
+
+def search(types, info = {} ):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2810fad..75131f8 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 42%{?dist}
+Release: 44%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,13 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-44
+- Additional fixes for disabled SELinux Box
+- system-config-selinux no longer relies on lokkit for /etc/selinux/config
+
+* Thu Dec 6 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-43
+- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
+
* Wed Dec 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-42
- Update Translations
- sepolicy network -d needs to accept multiple domains
More information about the scm-commits
mailing list