[policycoreutils] Add --root/-r flag to sepolicy manpage,
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Feb 20 15:48:57 UTC 2013
commit 3234f310f1334630180c380700ecf3cba8cf0b77
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Feb 20 16:48:51 2013 +0100
Add --root/-r flag to sepolicy manpage,
- This allows us to generate man pages on the fly in the selinux-policy build
policycoreutils-rhat.patch | 264 ++++++++++++++++++++++++++++++++++++++++++--
policycoreutils.spec | 7 +-
2 files changed, 259 insertions(+), 12 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a1d9971..04d36ac 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1335,11 +1335,144 @@ index 0000000..3ecf3eb
+++ b/policycoreutils/sepolicy/sepolgen.8
@@ -0,0 +1 @@
+.so man8/sepolicy-generate.8
+diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
+index 82fea52..29f9428 100644
+--- a/policycoreutils/sepolicy/sepolicy-bash-completion.sh
++++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
+@@ -81,7 +81,7 @@ _sepolicy () {
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
+ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newtype -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
+ [interface]='-h --help -a --list_admin" -u --list_user -l --list'
+- [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
++ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web -r --root'
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
+ [transition]='-h --help -s --source -t --target'
+ )
+@@ -156,6 +156,10 @@ _sepolicy () {
+ if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
+ COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
+ return 0
++ elif test "$prev" = "-r" || test "$prev" = "--root" ; then
++ COMPREPLY=( $( compgen -d -- "$cur") )
++ compopt -o filenames
++ return 0
+ elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
+ return 0
+ elif test "$prev" = "-p" || test "$prev" = "--path" ; then
+diff --git a/policycoreutils/sepolicy/sepolicy-manpage.8 b/policycoreutils/sepolicy/sepolicy-manpage.8
+index b6abdf5..c05c943 100644
+--- a/policycoreutils/sepolicy/sepolicy-manpage.8
++++ b/policycoreutils/sepolicy/sepolicy-manpage.8
+@@ -5,7 +5,7 @@ sepolicy-manpage \- Generate a man page based on the installed SELinux Policy
+ .SH "SYNOPSIS"
+
+ .br
+-.B sepolicy manpage [\-w] [\-h] [\-p PATH ] [\-a | \-d ]
++.B sepolicy manpage [\-w] [\-h] [\-p PATH ] [\-r ROOTDIR ] [\-a | \-d ]
+
+ .SH "DESCRIPTION"
+ Use sepolicy manpage to generate manpages based on SELinux Policy.
+@@ -24,6 +24,9 @@ Display help message
+ .I \-p, \-\-path
+ Specify the directory to store the created man pages. (Default to /tmp)
+ .TP
++.I \-r, \-\-root
++Specify alternate root directory to generate man pages from. (Default to /)
++.TP
+ .I \-w, \-\-web
+ Generate an additional HTML man pages for the specified domain(s).
+
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
-index b25d3b2..e120959 100755
+index b25d3b2..7a15d88 100755
--- a/policycoreutils/sepolicy/sepolicy.py
+++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -461,7 +461,10 @@ if __name__ == '__main__':
+@@ -22,6 +22,8 @@
+ #
+ #
+ import os, sys
++import selinux
++import sepolicy
+ from sepolicy import get_os_version
+ import argparse
+ import gettext
+@@ -198,44 +200,44 @@ def network(args):
+ _print_net(d, net, "name_bind")
+
+ def manpage(args):
+- from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
++ from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains, get_all_domains
+
+ path = args.path
+- if args.policy:
+- for f in ( "policy.xml", "file_context", "file_context.homedirs"):
+- if not os.path.exists(path + f):
+- raise ValueError("manpage creation with alternate policy requires the %s file exist" % (path + f))
+-
++ if not args.policy and args.root != "/":
++ sepolicy.policy(sepolicy.get_installed_policy(args.root))
++
+ if args.all:
+ test_domains = gen_domains()
+ else:
+ test_domains = args.domain
+
+ for domain in test_domains:
+- m = ManPage(domain, path, args.web)
++ m = ManPage(domain, path, args.root, args.web)
+ print m.get_man_page_path()
+
+ if args.web:
+ HTMLManPages(manpage_roles, manpage_domains, path, args.os)
+
+ def gen_manpage_args(parser):
+- man = parser.add_parser("manpage",
+- help=_('Generate SELinux man pages'))
+-
+- man.add_argument("-p", "--path", dest="path", default="/tmp",
+- help=_("path in which the generated SELinux man pages will be stored"))
+- man.add_argument("-o", "--os", dest="os", default=get_os_version(),
+- help=_("name of the OS for man pages"))
+- man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
+- help=_("Generate HTML man pages structure for selected SELinux man page"))
+- group = man.add_mutually_exclusive_group(required=True)
+- group.add_argument("-a", "--all", dest="all", default=False,
+- action="store_true",
+- help=_("All domains"))
+- group.add_argument("-d", "--domain", nargs="+",
+- action=CheckDomain,
+- help=_("Domain name(s) of man pages to be created"))
+- man.set_defaults(func=manpage)
++ man = parser.add_parser("manpage",
++ help=_('Generate SELinux man pages'))
++
++ man.add_argument("-p", "--path", dest="path", default="/tmp",
++ help=_("path in which the generated SELinux man pages will be stored"))
++ man.add_argument("-o", "--os", dest="os", default=get_os_version(),
++ help=_("name of the OS for man pages"))
++ man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
++ help=_("Generate HTML man pages structure for selected SELinux man page"))
++ man.add_argument("-r", "--root", dest="root", default="/",
++ help=_("Alternate root directory, defaults to /"))
++ group = man.add_mutually_exclusive_group(required=True)
++ group.add_argument("-a", "--all", dest="all", default=False,
++ action="store_true",
++ help=_("All domains"))
++ group.add_argument("-d", "--domain", nargs="+",
++ action=CheckDomain,
++ help=_("Domain name(s) of man pages to be created"))
++ man.set_defaults(func=manpage)
+
+ def gen_network_args(parser):
+ net = parser.add_parser("network",
+@@ -283,7 +285,6 @@ def gen_communicate_args(parser):
+ comm.set_defaults(func=communicate)
+
+ def booleans(args):
+- import selinux
+ from sepolicy import boolean_desc
+ if args.all:
+ rc, args.booleans = selinux.security_get_boolean_names()
+@@ -461,7 +462,10 @@ if __name__ == '__main__':
gen_transition_args(subparsers)
try:
@@ -1352,13 +1485,14 @@ index b25d3b2..e120959 100755
sys.exit(0)
except ValueError,e:
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..1d77fa9 100644
+index 5e7415c..10abeec 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -37,6 +37,27 @@ CLASS = 'class'
+@@ -37,9 +37,30 @@ CLASS = 'class'
TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow'
+-def __get_installed_policy():
+def info(setype, name=None):
+ dict_list = _policy.info(setype, name)
+ return dict_list
@@ -1380,10 +1514,47 @@ index 5e7415c..1d77fa9 100644
+ dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
+ return dict_list
+
- def __get_installed_policy():
++def get_installed_policy(root = "/"):
+ try:
+- path = selinux.selinux_binary_policy_path()
++ path = root + selinux.selinux_binary_policy_path()
+ policies = glob.glob ("%s.*" % path )
+ policies.sort()
+ return policies[-1]
+@@ -85,7 +106,7 @@ all_domains = None
+ def get_all_domains():
+ global all_domains
+ if not all_domains:
+- all_domains = info(ATTRIBUTE,"domain")[0]["types"]
++ all_domains = info(ATTRIBUTE,"domain")[0]["types"]
+ return all_domains
+
+ roles = None
+@@ -139,49 +160,43 @@ def get_all_attributes():
+ return all_attributes
+
+ def policy(policy_file):
++ global all_domains
++ global all_attributes
++ global bools
++ global all_types
++ global role_allows
++ global users
++ global roles
++ global file_types
++ global port_types
++ all_domains = None
++ all_attributes = None
++ bools = None
++ all_types = None
++ role_allows = None
++ users = None
++ roles = None
++ file_types = None
++ port_types = None
try:
- path = selinux.selinux_binary_policy_path()
-@@ -145,43 +166,19 @@ def policy(policy_file):
+ _policy.policy(policy_file)
+ except:
raise ValueError(_("Failed to read %s policy file") % policy_file)
@@ -1391,7 +1562,7 @@ index 5e7415c..1d77fa9 100644
-if not policy_file:
- policy_file = __get_installed_policy()
-
-+policy_file = __get_installed_policy()
++policy_file = get_installed_policy()
try:
policy(policy_file)
except ValueError, e:
@@ -1429,10 +1600,15 @@ index 5e7415c..1d77fa9 100644
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
global booleans_dict
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..def78e9 100755
+index 25062da..da17c48 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -28,7 +28,7 @@ import string
+@@ -24,11 +24,12 @@
+ #
+ __all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
+
++from sepolicy import network
+ import string
import argparse
import selinux
import sepolicy
@@ -1441,7 +1617,65 @@ index 25062da..def78e9 100755
import commands
import sys, os, re, time
-@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+@@ -416,40 +417,33 @@ class ManPage:
+ """
+ Generate a Manpage on an SELinux domain in the specified path
+ """
+- all_attributes = get_all_attributes()
+- all_domains = get_all_domains()
+- all_bools = get_all_bools()
+- all_port_types = get_all_port_types()
+- all_roles = get_all_roles()
+- all_users = get_all_users_info()[0]
+- all_users_range = get_all_users_info()[1]
+- all_file_types = get_all_file_types()
+- types = _gen_types()
+ modules_dict = None
+- domains = gen_domains()
+- role_allows = get_all_role_allows()
+ enabled_str = ["Disabled", "Enabled"]
+
+- def __init__(self, domainname, path = "/tmp", html = False):
++ def __init__(self, domainname, path = "/tmp", root="/", html = False):
+ self.html = html
++ self.root = root
+ self.portrecs = network.portrecs
+-
+- fcpath = path + "/file_contexts"
+- if os.path.exists(fcpath):
+- self.fcpath = fcpath
+- else:
+- self.fcpath = selinux.selinux_file_context_path()
++ self.domains = gen_domains()
++ self.all_domains = get_all_domains()
++ self.all_attributes = get_all_attributes()
++ self.all_bools = get_all_bools()
++ self.all_port_types = get_all_port_types()
++ self.all_roles = get_all_roles()
++ self.all_users = get_all_users_info()[0]
++ self.all_users_range = get_all_users_info()[1]
++ self.all_file_types = get_all_file_types()
++ self.role_allows = get_all_role_allows()
++ self.types = _gen_types()
++
++ self.fcpath = self.root + selinux.selinux_file_context_path()
+ self.fcdict = _gen_fcdict(self.fcpath)
+
+ if not os.path.exists(path):
+ os.makedirs(path)
+- self.path = path
+
+- xmlpath = path + "/policy.xml"
+- if os.path.exists(xmlpath):
+- self.xmlpath = xmlpath
+- else:
+- self.xmlpath = "/usr/share/selinux/devel/policy.xml"
++ self.path = path
++ self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml"
+ self.booleans_dict = gen_bool_dict(self.xmlpath)
+
+ if domainname.endswith("_t"):
+@@ -947,13 +941,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
.B restorecon -F -R -v /var/%(domainname)s
.pp
.TP
@@ -1458,6 +1692,14 @@ index 25062da..def78e9 100755
""" % {'domainname':self.domainname})
for b in self.anon_list:
desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+@@ -1230,6 +1225,7 @@ The SELinux user %s_u is not able to terminal login.
+ """ % self.domainname)
+
+ def _network(self):
++ from sepolicy import network
+ self.fd.write("""
+ .SH NETWORK
+ """)
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 80b6d6e..07c5ee2 100644
--- a/policycoreutils/setfiles/restorecon.8
diff --git a/policycoreutils.spec b/policycoreutils.spec
index a5f197c..726d2aa 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -326,6 +326,11 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Wed Feb 20 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-7
+- Add --root/-r flag to sepolicy manpage,
+- This allows us to generate man pages on the fly in the selinux-policy build
+
+
* Mon Feb 18 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-6
- Fix newrole to retain cap_audit_write when compiled with namespace, also
do not drop capabilities when run as root.
More information about the scm-commits
mailing list