[policycoreutils] Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 13 22:06:35 UTC 2012
commit 356d85e93c4280ab50731a10bf4e835a497a686e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Nov 13 17:05:58 2012 -0500
Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
policycoreutils-rhat.patch | 106 ++++++++++++++++++++++++++++++++++---------
policycoreutils.spec | 5 ++-
2 files changed, 88 insertions(+), 23 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a045d38..20fa956 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -335150,15 +335150,16 @@ index 63b11dd..28a9022 100644
.TP
.I \-P, \-\-prefix
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index ad7dc8c..f2b8721 100644
+index ad7dc8c..05b8128 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
-@@ -24,17 +24,18 @@
+@@ -24,17 +24,19 @@
import pwd, grp, string, selinux, tempfile, os, re, sys, stat
from semanage import *;
PROGNAME = "policycoreutils"
+import sepolicy
-+from sepolicy import boolean_desc, boolean_category
++from sepolicy import boolean_desc, boolean_category, gen_bool_dict
++gen_bool_dict()
import sepolgen.module as module
from IPy import IP
@@ -335177,7 +335178,7 @@ index ad7dc8c..f2b8721 100644
import syslog
-@@ -123,39 +124,6 @@ class nulllogger:
+@@ -123,39 +125,6 @@ class nulllogger:
def commit(self,success):
pass
@@ -335217,7 +335218,7 @@ index ad7dc8c..f2b8721 100644
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
-@@ -384,13 +352,7 @@ class permissiveRecords(semanageRecords):
+@@ -384,13 +353,7 @@ class permissiveRecords(semanageRecords):
return l
def list(self, heading = 1, locallist = 0):
@@ -335232,7 +335233,7 @@ index ad7dc8c..f2b8721 100644
if len(all) == 0:
return
-@@ -493,7 +455,9 @@ class loginRecords(semanageRecords):
+@@ -493,7 +456,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -335243,7 +335244,68 @@ index ad7dc8c..f2b8721 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -738,7 +702,8 @@ class seluserRecords(semanageRecords):
+@@ -654,6 +619,21 @@ class loginRecords(semanageRecords):
+ self.mylog.commit(0)
+ raise error
+
++ def get_all_logins(self):
++ ddict = {}
++ self.logins_path = selinux.selinux_policy_root() + "/logins"
++ for path,dirs,files in os.walk(self.logins_path):
++ if path == self.logins_path:
++ for name in files:
++ try:
++ fd = open(path + "/" + name)
++ rec = fd.read().rstrip().split(":")
++ fd.close()
++ ddict[name] = (rec[1], rec[2], rec[0])
++ except IndexError:
++ pass
++ return ddict
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+@@ -665,7 +645,7 @@ class loginRecords(semanageRecords):
+
+ for u in self.ulist:
+ name = semanage_seuser_get_name(u)
+- ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
++ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u), "*")
+ return ddict
+
+ def customized(self):
+@@ -679,16 +659,26 @@ class loginRecords(semanageRecords):
+
+ def list(self,heading = 1, locallist = 0):
+ ddict = self.get_all(locallist)
++ ldict = self.get_all_logins()
++ lkeys = ldict.keys()
+ keys = ddict.keys()
+- if len(keys) == 0:
++ if len(keys) == 0 and len(lkeys) == 0:
+ return
+ keys.sort()
++ lkeys.sort()
+
+ if is_mls_enabled == 1:
+ if heading:
+- print "\n%-25s %-25s %-25s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"))
++ print "\n%-20s %-20s %-20s %s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"), _("Service"))
+ for k in keys:
+- print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
++ u = ddict[k]
++ print "%-20s %-20s %-20s %s" % (k, u[0], translate(u[1]), u[2])
++ if len(lkeys):
++ print "\nLocal customization in %s" % self.logins_path
++
++ for k in lkeys:
++ u = ldict[k]
++ print "%-20s %-20s %-20s %s" % (k, u[0], translate(u[1]), u[2])
+ else:
+ if heading:
+ print "\n%-25s %-25s\n" % (_("Login Name"), _("SELinux User"))
+@@ -738,7 +728,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -335253,7 +335315,7 @@ index ad7dc8c..f2b8721 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -958,6 +923,8 @@ class seluserRecords(semanageRecords):
+@@ -958,6 +949,8 @@ class seluserRecords(semanageRecords):
print "%-15s %s" % (k, ddict[k][3])
class portRecords(semanageRecords):
@@ -335262,7 +335324,7 @@ index ad7dc8c..f2b8721 100644
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
-@@ -997,6 +964,9 @@ class portRecords(semanageRecords):
+@@ -997,6 +990,9 @@ class portRecords(semanageRecords):
if type == "":
raise ValueError(_("Type is required"))
@@ -335272,7 +335334,7 @@ index ad7dc8c..f2b8721 100644
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k)
-@@ -1056,6 +1026,9 @@ class portRecords(semanageRecords):
+@@ -1056,6 +1052,9 @@ class portRecords(semanageRecords):
else:
raise ValueError(_("Requires setype"))
@@ -335282,7 +335344,7 @@ index ad7dc8c..f2b8721 100644
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k)
-@@ -1213,6 +1186,8 @@ class portRecords(semanageRecords):
+@@ -1213,6 +1212,8 @@ class portRecords(semanageRecords):
print rec
class nodeRecords(semanageRecords):
@@ -335291,7 +335353,7 @@ index ad7dc8c..f2b8721 100644
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
self.protocol = ["ipv4", "ipv6"]
-@@ -1252,7 +1227,10 @@ class nodeRecords(semanageRecords):
+@@ -1252,7 +1253,10 @@ class nodeRecords(semanageRecords):
serange = untranslate(serange)
if ctype == "":
@@ -335303,7 +335365,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
-@@ -1262,7 +1240,8 @@ class nodeRecords(semanageRecords):
+@@ -1262,7 +1266,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -335313,7 +335375,7 @@ index ad7dc8c..f2b8721 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1318,6 +1297,9 @@ class nodeRecords(semanageRecords):
+@@ -1318,6 +1323,9 @@ class nodeRecords(semanageRecords):
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
@@ -335323,7 +335385,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
raise ValueError(_("Could not create key for %s") % addr)
-@@ -1460,7 +1442,8 @@ class interfaceRecords(semanageRecords):
+@@ -1460,7 +1468,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -335333,7 +335395,7 @@ index ad7dc8c..f2b8721 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1625,6 +1608,9 @@ class interfaceRecords(semanageRecords):
+@@ -1625,6 +1634,9 @@ class interfaceRecords(semanageRecords):
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
class fcontextRecords(semanageRecords):
@@ -335343,7 +335405,7 @@ index ad7dc8c..f2b8721 100644
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
self.equiv = {}
-@@ -1739,6 +1725,9 @@ class fcontextRecords(semanageRecords):
+@@ -1739,6 +1751,9 @@ class fcontextRecords(semanageRecords):
if type == "":
raise ValueError(_("SELinux Type is required"))
@@ -335353,7 +335415,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create key for %s") % target)
-@@ -1753,7 +1742,8 @@ class fcontextRecords(semanageRecords):
+@@ -1753,7 +1768,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -335363,7 +335425,7 @@ index ad7dc8c..f2b8721 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1794,6 +1784,9 @@ class fcontextRecords(semanageRecords):
+@@ -1794,6 +1810,9 @@ class fcontextRecords(semanageRecords):
def __modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser"))
@@ -335373,7 +335435,7 @@ index ad7dc8c..f2b8721 100644
self.validate(target)
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
-@@ -1999,6 +1992,8 @@ class booleanRecords(semanageRecords):
+@@ -1999,6 +2018,8 @@ class booleanRecords(semanageRecords):
self.modify_local = False
def __mod(self, name, value):
@@ -335382,7 +335444,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
-@@ -2028,8 +2023,6 @@ class booleanRecords(semanageRecords):
+@@ -2028,8 +2049,6 @@ class booleanRecords(semanageRecords):
semanage_bool_free(b)
def modify(self, name, value = None, use_file = False):
@@ -335391,7 +335453,7 @@ index ad7dc8c..f2b8721 100644
self.begin()
if use_file:
fd = open(name)
-@@ -2120,10 +2113,7 @@ class booleanRecords(semanageRecords):
+@@ -2120,10 +2139,7 @@ class booleanRecords(semanageRecords):
def get_category(self, name):
name = selinux.selinux_boolean_sub(name)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index b1d02cc..0c91219 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 32%{?dist}
+Release: 33%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Tue Nov 13 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-33
+- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
+
* Tue Nov 13 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-32
- Fix booleansPage not showing booleans
- Fix audit2allow -b
More information about the scm-commits
mailing list