[policycoreutils] Reorginize sepolicy so all get_all functions are in main module
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Jan 31 18:58:48 UTC 2013
commit 205e3429b93ffca19b54e425914aa2c0417d9496
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Jan 31 13:58:25 2013 -0500
Reorginize sepolicy so all get_all functions are in main module
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
policycoreutils-rhat.patch | 391 +++++++++++++++++++++++++-------------------
policycoreutils.spec | 6 +-
2 files changed, 228 insertions(+), 169 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 8428893..8a940b1 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -96,7 +96,7 @@ index 1464971..b5abbb9 100644
clean:
diff --git a/policycoreutils/gui/domainsPage.py b/policycoreutils/gui/domainsPage.py
-index 03451b6..91c88a8 100644
+index 03451b6..6af1e9a 100644
--- a/policycoreutils/gui/domainsPage.py
+++ b/policycoreutils/gui/domainsPage.py
@@ -26,7 +26,7 @@ import sys
@@ -104,7 +104,7 @@ index 03451b6..91c88a8 100644
import selinux
from semanagePage import *;
-import polgen
-+from sepolicy.generate import get_all_domains
++from sepolicy import get_all_entrypoint_domains
##
## I18N
@@ -113,7 +113,7 @@ index 03451b6..91c88a8 100644
self.enforcing_button = xml.get_widget("enforcingButton")
- self.domains=polgen.get_all_domains()
-+ self.domains=get_all_domains()
++ self.domains=get_all_entrypoint_domains()
self.load()
def get_modules(self):
@@ -336583,14 +336583,15 @@ index 4ba51bf..6673f00 100644
+"services."
msgstr ""
diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf
-index f133755..cfe851e 100644
+index f133755..c64e747 100644
--- a/policycoreutils/restorecond/restorecond.conf
+++ b/policycoreutils/restorecond/restorecond.conf
-@@ -1,7 +1,6 @@
+@@ -1,7 +1,7 @@
/etc/services
/etc/resolv.conf
/etc/samba/secrets.tdb
-/etc/mtab*
++/etc/updatedb.conf
/var/run/utmp
/var/log/wtmp
/root/*
@@ -336836,18 +336837,47 @@ index e08088e..201a988 100644
install: all
-mkdir -p $(BINDIR)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index 989b1ae..23ab94d 100755
+index 989b1ae..6901e4d 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
-@@ -114,6 +114,7 @@ exclude_dirs() {
+@@ -103,7 +103,7 @@ exclude_dirs_from_relabelling() {
+
+ exclude_dirs() {
+ exclude=
+- for i in /var/lib/BackupPC /home /tmp /dev; do
++ for i in /sys /proc /dev /run /mnt /var/tmp /var/lib/BackupPC /home /tmp /dev; do
+ [ -e $i ] && exclude="$exclude -e $i";
+ done
+ exclude="$exclude `exclude_dirs_from_relabelling`"
+@@ -114,6 +114,9 @@ exclude_dirs() {
# Set global Variables
#
fullFlag=0
++BOOTTIME=""
++FORCEFLAG=""
+VERBOSE="-p"
FORCEFLAG=""
DIRS=""
RPMILES=""
-@@ -176,7 +177,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+@@ -144,6 +147,17 @@ if [ -n $LOGFILE ]; then
+ fi
+ }
+ #
++# Find files newer then the passed in date and fix the label
++#
++newer() {
++ DATE=$1
++ for m in `echo $FILESYSTEMSRW`; do
++ find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${VERBOSE} -i -0 -f -
++ done;
++
++}
++
++#
+ # Compare PREVious File Context to currently installed File Context and
+ # run restorecon on all files affected by the differences.
+ #
+@@ -176,7 +190,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
esac; \
fi; \
done | \
@@ -336856,8 +336886,14 @@ index 989b1ae..23ab94d 100755
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
-@@ -206,12 +207,12 @@ if [ ! -z "$PREFC" ]; then
+@@ -204,14 +218,18 @@ if [ ! -z "$PREFC" ]; then
+ diff_filecontext $*
+ exit $?
fi
++if [ ! -z "$BOOTTIME" ]; then
++ newer $BOOTTIME
++ exit $?
++fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 | cat >> $LOGFILE
@@ -336871,7 +336907,7 @@ index 989b1ae..23ab94d 100755
return
fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
-@@ -235,7 +236,7 @@ FC=$TEMPFCFILE
+@@ -235,7 +253,7 @@ FC=$TEMPFCFILE
fi
if [ -n "${FILESYSTEMSRW}" ]; then
echo "Relabeling `echo ${FILESYSTEMSRW}`"
@@ -336880,7 +336916,7 @@ index 989b1ae..23ab94d 100755
else
echo >&2 "fixfiles: No suitable file systems found"
fi
-@@ -286,12 +287,12 @@ process() {
+@@ -286,12 +304,16 @@ process() {
# Make sure they specified one of the three valid commands
#
case "$1" in
@@ -336891,17 +336927,25 @@ index 989b1ae..23ab94d 100755
relabel) relabel;;
onboot)
- touch /.autorelabel
-+ echo $FORCEFLAG > /.autorelabel
++ > /.autorelabel
++ [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
++ [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
++ # Force full relabel if / does not have a label on it
++ getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
echo "System will relabel on next boot"
;;
*)
-@@ -317,11 +318,14 @@ if [ $# = 0 ]; then
+@@ -317,11 +339,18 @@ if [ $# = 0 ]; then
fi
# See how we were called.
-while getopts "C:FfR:l:" i; do
-+while getopts "C:FfR:l:v" i; do
++while getopts "N:BC:FfR:l:v" i; do
case "$i" in
++ B)
++ BOOTTIME=`/bin/who -b | awk '{print $3}'`
++ echo $BOOTTIME
++ ;;
f)
fullFlag=1
;;
@@ -336911,6 +336955,16 @@ index 989b1ae..23ab94d 100755
R)
RPMFILES=$OPTARG
;;
+@@ -334,6 +363,9 @@ while getopts "C:FfR:l:" i; do
+ F)
+ FORCEFLAG="-F"
+ ;;
++ N)
++ BOOTTIME=$OPTARG
++ ;;
+ *)
+ usage
+ exit 1
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
index 0b4cbaa..9ab7334 100644
--- a/policycoreutils/scripts/fixfiles.8
@@ -340156,7 +340210,7 @@ index 0000000..4693bb4
+}
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
new file mode 100644
-index 0000000..28b6767
+index 0000000..82fea52
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
@@ -0,0 +1,190 @@
@@ -340207,6 +340261,9 @@ index 0000000..28b6767
+__get_all_user_domains () {
+ seinfo -auserdomain -x 2> /dev/null | tail -n +2
+}
++__get_all_users () {
++ seinfo -u 2> /dev/null | tail -n +2
++}
+__get_all_classes () {
+ seinfo -c 2> /dev/null | tail -n +2
+}
@@ -340219,9 +340276,6 @@ index 0000000..28b6767
+__get_all_domains () {
+ seinfo -adomain -x 2>/dev/null | sed 's/_t$//g'
+}
-+__get_all_generate_types () {
-+ seinfo -agenerate_type -x 2>/dev/null | tail -n +2
-+}
+_sepolicy () {
+ local command=${COMP_WORDS[1]}
+ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
@@ -340241,7 +340295,7 @@ index 0000000..28b6767
+ local -A OPTS=(
+ [booleans]='-h --help -p --path -a -all -b --boolean'
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
-+ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newuser -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
++ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newtype -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
+ [interface]='-h --help -a --list_admin" -u --list_user -l --list'
+ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
@@ -340302,7 +340356,7 @@ index 0000000..28b6767
+ COMPREPLY=( $(compgen -W "$( __get_all_admin_interaces ) " -- "$cur") )
+ return 0
+ elif [ "$prev" = "--user" -o "$prev" = "-u" ]; then
-+ COMPREPLY=( $(compgen -W "$( __get_all_user_domains ) " -- "$cur") )
++ COMPREPLY=( $(compgen -W "$( __get_all_users ) " -- "$cur") )
+ return 0
+ elif [[ "$cur" == "$verb" || "$cur" == "" || "$cur" == -* ]]; then
+ COMPREPLY=( $(compgen -W '${OPTS[$verb]}' -- "$cur") )
@@ -340793,10 +340847,10 @@ index 0000000..0748ca9
+selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8)
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
new file mode 100755
-index 0000000..154369d
+index 0000000..b25d3b2
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -0,0 +1,470 @@
+@@ -0,0 +1,471 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -340863,7 +340917,7 @@ index 0000000..154369d
+
+ if isinstance(values,str):
+ if values not in domains:
-+ raise ValueError("%s must be an SELinux process domain" % values)
++ raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (values, ", ".join(domains)))
+ setattr(namespace, self.dest, values)
+ else:
+ newval = getattr(namespace, self.dest)
@@ -340872,7 +340926,7 @@ index 0000000..154369d
+
+ for v in values:
+ if v not in domains:
-+ raise ValueError("%s must be an SELinux process domain" % values)
++ raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(domains)))
+ newval.append(v)
+ setattr(namespace, self.dest, newval)
+
@@ -340884,7 +340938,8 @@ index 0000000..154369d
+ if not all_classes:
+ all_classes = map(lambda x: x['name'], sepolicy.info(sepolicy.TCLASS))
+ if values not in all_classes:
-+ raise ValueError("%s must be an SELinux process domain" % values)
++ raise ValueError("%s must be an SELinux class:\nValid classes: %s" % (values, ", ".join(all_classes)))
++
+ setattr(namespace, self.dest, values)
+
+class CheckAdmin(argparse.Action):
@@ -340895,7 +340950,7 @@ index 0000000..154369d
+ newval = []
+ admins = get_admin()
+ if values not in admins:
-+ raise ValueError("%s must be an SELinux admin domain" % values)
++ raise ValueError("%s must be an SELinux admin domain:\nValid admin domains: %s" % (values, ", ".join(admins)))
+ newval.append(values)
+ setattr(namespace, self.dest, newval)
+
@@ -340918,7 +340973,7 @@ index 0000000..154369d
+ newval = []
+ for v in values:
+ if v not in port_types:
-+ raise ValueError("%s must be an SELinux port type" % values)
++ raise ValueError("%s must be an SELinux port type:\nValid port types: %s" % (v, ", ".join(port_types)))
+ newval.append(v)
+ setattr(namespace, self.dest, values)
+
@@ -340938,13 +340993,13 @@ index 0000000..154369d
+
+class CheckUser(argparse.Action):
+ def __call__(self, parser, namespace, value, option_string=None):
-+ from sepolicy.generate import get_all_users
++ from sepolicy import get_all_users
+ newval = getattr(namespace, self.dest)
+ if not newval:
+ newval = []
+ users = get_all_users()
+ if value not in users:
-+ raise ValueError("%s must be an SELinux user" % value)
++ raise ValueError("%s must be an SELinux user:\nValid users: %s" % (value, ", ".join(users)))
+ newval.append(value)
+ setattr(namespace, self.dest, newval)
+
@@ -341179,13 +341234,13 @@ index 0000000..154369d
+ from sepolicy.generate import DAEMON, get_poltype_desc, poltype, DAEMON, DBUS, INETD, CGI, SANDBOX, USER, EUSER, TUSER, XUSER, LUSER, AUSER, RUSER, NEWTYPE
+ pol = parser.add_parser("generate",
+ help=_('Generate SELinux Policy module template'))
-+ pol.add_argument("-d", "--domain", dest="domain",
-+ action=CheckDomain, default=None,
++ pol.add_argument("-d", "--domain", dest="domain", default=[],
++ action=CheckDomain, nargs="*",
+ help=_("Enter domain type which you will be extending"))
-+ pol.add_argument("-u", "--user", dest="user",
++ pol.add_argument("-u", "--user", dest="user", default=[],
+ action=CheckUser,
+ help=_("Enter SELinux user(s) which will transition to this domain"))
-+ pol.add_argument("-a", "--admin", dest="admin_domain",
++ pol.add_argument("-a", "--admin", dest="admin_domain",default=[],
+ action=CheckAdmin,
+ help=_("Enter domain(s) that this confined admin will administrate"))
+ pol.add_argument("-n", "--name", dest="name",
@@ -341269,10 +341324,10 @@ index 0000000..154369d
+ sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
new file mode 100644
-index 0000000..68be859
+index 0000000..5e7415c
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -0,0 +1,159 @@
+@@ -0,0 +1,250 @@
+#!/usr/bin/python
+
+# Author: Thomas Liu <tliu at redhat.com>
@@ -341322,6 +341377,97 @@ index 0000000..68be859
+ pass
+ raise ValueError(_("No SELinux Policy installed"))
+
++all_types = None
++def get_all_types():
++ global all_types
++ if all_types == None:
++ all_types = map(lambda x: x['name'], info(TYPE))
++ return all_types
++
++role_allows = None
++def get_all_role_allows():
++ global role_allows
++ if role_allows:
++ return role_allows
++ role_allows = {}
++ for r in search([ROLE_ALLOW]):
++ if r["source"] == "system_r" or r["target"] == "system_r":
++ continue
++ if r["source"] in role_allows:
++ role_allows[r["source"]].append(r["target"])
++ else:
++ role_allows[r["source"]] = [ r["target"] ]
++
++ return role_allows
++
++def get_all_entrypoint_domains():
++ all_domains = []
++ types=get_all_types()
++ types.sort()
++ for i in types:
++ m = re.findall("(.*)%s" % "_exec_t$", i)
++ if len(m) > 0:
++ if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains:
++ all_domains.append(m[0])
++ return all_domains
++
++all_domains = None
++def get_all_domains():
++ global all_domains
++ if not all_domains:
++ all_domains = info(ATTRIBUTE,"domain")[0]["types"]
++ return all_domains
++
++roles = None
++def get_all_roles():
++ global roles
++ if roles:
++ return roles
++ roles = map(lambda x: x['name'], info(ROLE))
++ roles.remove("object_r")
++ roles.sort()
++ return roles
++
++users = None
++def get_all_users():
++ global users
++ if users:
++ return users
++ users = map(lambda x: x['name'], info(USER))
++ return users
++
++file_types = None
++def get_all_file_types():
++ global file_types
++ if file_types:
++ return file_types
++ file_types = info(ATTRIBUTE,"file_type")[0]["types"]
++ file_types.sort()
++ return file_types
++
++port_types = None
++def get_all_port_types():
++ global port_types
++ if port_types:
++ return port_types
++ port_types = info(ATTRIBUTE,"port_type")[0]["types"]
++ port_types.sort()
++ return port_types
++
++bools = None
++def get_all_bools():
++ global bools
++ if not bools:
++ bools = info(BOOLEAN)
++ return bools
++
++all_attributes = None
++def get_all_attributes():
++ global all_attributes
++ if not all_attributes:
++ all_attributes = map(lambda x: x['name'], info(ATTRIBUTE))
++ return all_attributes
++
+def policy(policy_file):
+ try:
+ _policy.policy(policy_file)
@@ -341536,10 +341682,10 @@ index 0000000..a179d95
+
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
new file mode 100644
-index 0000000..6c5e482
+index 0000000..26f8390
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
-@@ -0,0 +1,1378 @@
+@@ -0,0 +1,1354 @@
+#!/usr/bin/python -Es
+#
+# Copyright (C) 2007-2012 Red Hat
@@ -341566,6 +341712,7 @@ index 0000000..6c5e482
+import os, sys, stat
+import re
+import sepolicy
++from sepolicy import get_all_types, get_all_attributes, get_all_roles
+import time
+import yum
+
@@ -341643,13 +341790,6 @@ index 0000000..6c5e482
+
+ return nvr
+
-+all_types = None
-+def get_all_types():
-+ global all_types
-+ if all_types == None:
-+ all_types = map(lambda x: x['name'], sepolicy.info(sepolicy.TYPE))
-+ return all_types
-+
+def get_all_ports():
+ dict = {}
+ for p in sepolicy.info(sepolicy.PORT):
@@ -341660,28 +341800,6 @@ index 0000000..6c5e482
+ dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range'])
+ return dict
+
-+def get_all_roles():
-+ roles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
-+ roles.remove("object_r")
-+ roles.sort()
-+ return roles
-+
-+def get_all_attributes():
-+ attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
-+ attributes.sort()
-+ return attributes
-+
-+def get_all_domains():
-+ all_domains = []
-+ types=get_all_types()
-+ types.sort()
-+ for i in types:
-+ m = re.findall("(.*)%s" % "_exec_t$", i)
-+ if len(m) > 0:
-+ if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains:
-+ all_domains.append(m[0])
-+ return all_domains
-+
+def get_all_users():
+ users = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
+ users.remove("system_u")
@@ -341770,6 +341888,7 @@ index 0000000..6c5e482
+ self.rpms = []
+ self.ports = []
+ self.all_roles = get_all_roles()
++ self.types = []
+
+ if type not in poltype:
+ raise ValueError(_("You must enter a valid policy type"))
@@ -342436,10 +342555,13 @@ index 0000000..6c5e482
+
+ def generate_new_types(self):
+ newte = ""
++ if len(self.types) == 0:
++ raise ValueError(_("Type field required"))
++
+ for t in self.types:
+ for i in self.DEFAULT_EXT:
+ if t.endswith(i):
-+ newte += re.sub("TEMPLATETYPE", t[:len(i)], self.DEFAULT_EXT[i].te_types)
++ newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
+ break
+ return newte
+
@@ -342644,8 +342766,8 @@ index 0000000..6c5e482
+ newfc = ""
+ fclist = []
+ if self.type in USERS + [ SANDBOX ]:
-+ return re.sub("EXECUTABLE", self.program, executable.fc_user)
-+ if self.type != NEWTYPE and self.program:
++ return executable.fc_user
++ if self.type != NEWTYPE and not self.program:
+ raise ValueError(_("You must enter the executable path for your confined process"))
+
+ if self.program:
@@ -343007,10 +343129,10 @@ index 0000000..8b063ca
+ return trans_list
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
new file mode 100755
-index 0000000..a321faa
+index 0000000..25062da
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -0,0 +1,1432 @@
+@@ -0,0 +1,1365 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012-2013 Red Hat
+# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -343041,7 +343163,7 @@ index 0000000..a321faa
+import argparse
+import selinux
+import sepolicy
-+from sepolicy import network, gen_bool_dict
++from sepolicy import network, gen_bool_dict, get_all_file_types, get_all_domains, get_all_roles, get_all_users, get_all_port_types, get_all_bools, get_all_attributes, get_all_role_allows
+
+import commands
+import sys, os, re, time
@@ -343074,12 +343196,28 @@ index 0000000..a321faa
+ pass
+ return modules_dict
+
-+all_attributes = None
-+def get_all_attributes():
-+ global all_attributes
-+ if not all_attributes:
-+ all_attributes = map(lambda x: x['name'], sepolicy.info(sepolicy.ATTRIBUTE))
-+ return all_attributes
++users = None
++users_range = None
++def get_all_users_info():
++ global users
++ global users_range
++ if users and users_range:
++ return users, users_range
++
++ users = []
++ users_range ={}
++ allusers = []
++ allusers_info = info(USER)
++
++ for d in allusers_info:
++ allusers.append(d['name'])
++ users_range[d['name'].split("_")[0]] = d['range']
++
++ for u in allusers:
++ if u not in [ "system_u", "root", "unconfined_u" ]:
++ users.append(u.replace("_u",""))
++ users.sort()
++ return users, users_range
+
+all_entrypoints = None
+def get_entrypoints():
@@ -343088,25 +343226,6 @@ index 0000000..a321faa
+ all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE,"entry_type")[0]["types"]
+ return all_entrypoints
+
-+all_domains = None
-+def get_all_domains():
-+ global all_domains
-+ if not all_domains:
-+ all_domains = sepolicy.info(sepolicy.ATTRIBUTE,"domain")[0]["types"]
-+ return all_domains
-+
-+roles = None
-+def get_all_roles():
-+ global roles
-+ if roles:
-+ return roles
-+ roles = []
-+ allroles = map(lambda x: x['name'], sepolicy.info(sepolicy.ROLE))
-+ for r in allroles:
-+ if r not in [ "system_r", "object_r" ]:
-+ roles.append(r[:-2])
-+ return roles
-+
+domains = None
+def gen_domains():
+ global domains
@@ -343123,9 +343242,9 @@ index 0000000..a321faa
+ domains.append(domain)
+
+ for role in get_all_roles():
-+ if role in domains:
++ if role[:-2] in domains or role == "system_r":
+ continue
-+ domains.append(role)
++ domains.append(role[:-2])
+
+ domains.sort()
+ return domains
@@ -343163,45 +343282,6 @@ index 0000000..a321faa
+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
+ return fcdict
+
-+role_allows = None
-+def get_all_role_allows():
-+ global role_allows
-+ if role_allows:
-+ return role_allows
-+ role_allows = {}
-+ for r in sepolicy.search([sepolicy.ROLE_ALLOW]):
-+ if r["source"] == "system_r" or r["target"] == "system_r":
-+ continue
-+ if r["source"] in role_allows:
-+ role_allows[r["source"]].append(r["target"])
-+ else:
-+ role_allows[r["source"]] = [ r["target"] ]
-+
-+ return role_allows
-+
-+users = None
-+users_range = None
-+def get_all_users():
-+ global users
-+ global users_range
-+ if users and users_range:
-+ return users, users_range
-+
-+ users = []
-+ users_range ={}
-+ allusers = []
-+ allusers_info = sepolicy.info(sepolicy.USER)
-+
-+ for d in allusers_info:
-+ allusers.append(d['name'])
-+ users_range[d['name'].split("_")[0]] = d['range']
-+
-+ for u in allusers:
-+ if u not in [ "system_u", "root", "unconfined_u" ]:
-+ users.append(u.replace("_u",""))
-+ users.sort()
-+ return users, users_range
-+
+types = None
+def _gen_types():
+ global types
@@ -343216,31 +343296,6 @@ index 0000000..a321faa
+ types[rec["name"]] = []
+ return types
+
-+file_types = None
-+def get_all_file_types():
-+ global file_types
-+ if file_types:
-+ return file_types
-+ file_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
-+ file_types.sort()
-+ return file_types
-+
-+port_types = None
-+def get_all_port_types():
-+ global port_types
-+ if port_types:
-+ return port_types
-+ port_types = sepolicy.info(sepolicy.ATTRIBUTE,"port_type")[0]["types"]
-+ port_types.sort()
-+ return port_types
-+
-+bools = None
-+def get_all_bools():
-+ global bools
-+ if not bools:
-+ bools = sepolicy.info(sepolicy.BOOLEAN)
-+ return bools
-+
+def prettyprint(f,trim):
+ return " ".join(f[:-len(trim)].split("_"))
+
@@ -343501,8 +343556,8 @@ index 0000000..a321faa
+ all_bools = get_all_bools()
+ all_port_types = get_all_port_types()
+ all_roles = get_all_roles()
-+ all_users = get_all_users()[0]
-+ all_users_range = get_all_users()[1]
++ all_users = get_all_users_info()[0]
++ all_users_range = get_all_users_info()[1]
+ all_file_types = get_all_file_types()
+ types = _gen_types()
+ modules_dict = None
@@ -343545,7 +343600,7 @@ index 0000000..a321faa
+ self._gen_bools()
+ self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
+ self.fd = open(self.man_page_path, 'w')
-+ if domainname in self.all_roles:
++ if domainname + "_r" in self.all_roles:
+ self.__gen_user_man_page()
+ if self.html:
+ manpage_roles.append(self.man_page_path)
@@ -344756,7 +344811,7 @@ index 0000000..dcf445e
+"""
diff --git a/policycoreutils/sepolicy/sepolicy/templates/executable.py b/policycoreutils/sepolicy/sepolicy/templates/executable.py
new file mode 100644
-index 0000000..092a53e
+index 0000000..4b9534d
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/templates/executable.py
@@ -0,0 +1,454 @@
@@ -345208,7 +345263,7 @@ index 0000000..092a53e
+"""
+
+fc_user="""\
-+# Users do not have file context, leave blank
++# No file context, leave blank
+"""
+
+fc_initscript="""\
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 5b90325..f096572 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 57%{?dist}
+Release: 58%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Thu Jan 31 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-58
+- Reorginize sepolicy so all get_all functions are in main module
+- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
+
* Fri Jan 25 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-57
- Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
More information about the scm-commits
mailing list