[policycoreutils/f18] Fix handling of semanage boolean missing booleans
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Mar 19 23:51:30 UTC 2013
commit ecddaddc6d683b9b933184b374d9a9f9f5d81900
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Mar 19 19:51:24 2013 -0400
Fix handling of semanage boolean missing booleans
- Back more sepolicy fixes from Rawhide
policycoreutils-rawhide.patch | 354 +++++++++++++++++++++++++++++++++--------
policycoreutils.spec | 6 +-
2 files changed, 290 insertions(+), 70 deletions(-)
---
diff --git a/policycoreutils-rawhide.patch b/policycoreutils-rawhide.patch
index 97431a3..8c613fe 100644
--- a/policycoreutils-rawhide.patch
+++ b/policycoreutils-rawhide.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.1.13/gui/domainsPage.py.f19 policycoreutils-2.1.13/gui/domainsPage.py
---- policycoreutils-2.1.13/gui/domainsPage.py.f19 2013-03-08 16:38:34.368361145 -0500
-+++ policycoreutils-2.1.13/gui/domainsPage.py 2013-03-08 16:38:34.680362210 -0500
+--- policycoreutils-2.1.13/gui/domainsPage.py.f19 2013-03-19 19:47:18.889781928 -0400
++++ policycoreutils-2.1.13/gui/domainsPage.py 2013-03-19 19:47:19.068782704 -0400
@@ -26,7 +26,7 @@ import sys
import seobject
import selinux
@@ -20,8 +20,8 @@ diff -up policycoreutils-2.1.13/gui/domainsPage.py.f19 policycoreutils-2.1.13/gu
def get_modules(self):
diff -up policycoreutils-2.1.13/gui/statusPage.py.f19 policycoreutils-2.1.13/gui/statusPage.py
---- policycoreutils-2.1.13/gui/statusPage.py.f19 2013-03-08 16:38:34.376361172 -0500
-+++ policycoreutils-2.1.13/gui/statusPage.py 2013-03-08 16:38:34.680362210 -0500
+--- policycoreutils-2.1.13/gui/statusPage.py.f19 2013-03-19 19:47:18.895781954 -0400
++++ policycoreutils-2.1.13/gui/statusPage.py 2013-03-19 19:47:19.069782708 -0400
@@ -177,7 +177,11 @@ class statusPage:
def read_selinux_config(self):
@@ -35,9 +35,30 @@ diff -up policycoreutils-2.1.13/gui/statusPage.py.f19 policycoreutils-2.1.13/gui
self.enabled = self.initEnabled
self.enabledOptionMenu.set_active(self.enabled + 1 )
+diff -up policycoreutils-2.1.13/restorecond/Makefile.f19 policycoreutils-2.1.13/restorecond/Makefile
+--- policycoreutils-2.1.13/restorecond/Makefile.f19 2012-09-25 16:17:37.000000000 -0400
++++ policycoreutils-2.1.13/restorecond/Makefile 2013-03-19 19:47:19.069782708 -0400
+@@ -5,6 +5,7 @@ LIBDIR ?= $(PREFIX)/lib
+ MANDIR = $(PREFIX)/share/man
+ AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
+ DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
++SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+
+ autostart_DATA = sealertauto.desktop
+ INITDIR = $(DESTDIR)/etc/rc.d/init.d
+@@ -39,7 +40,8 @@ install: all
+ install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DBUSSERVICEDIR)
+ install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+-
++ -mkdir -p $(SYSTEMDDIR)/system
++ install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ relabel: install
+ /sbin/restorecon $(SBINDIR)/restorecond
+
diff -up policycoreutils-2.1.13/restorecond/restorecond.conf.f19 policycoreutils-2.1.13/restorecond/restorecond.conf
---- policycoreutils-2.1.13/restorecond/restorecond.conf.f19 2013-03-08 16:38:34.602361944 -0500
-+++ policycoreutils-2.1.13/restorecond/restorecond.conf 2013-03-08 16:38:34.682362217 -0500
+--- policycoreutils-2.1.13/restorecond/restorecond.conf.f19 2013-03-19 19:47:19.044782600 -0400
++++ policycoreutils-2.1.13/restorecond/restorecond.conf 2013-03-19 19:47:19.070782712 -0400
@@ -1,6 +1,7 @@
/etc/services
/etc/resolv.conf
@@ -48,7 +69,7 @@ diff -up policycoreutils-2.1.13/restorecond/restorecond.conf.f19 policycoreutils
/root/*
diff -up policycoreutils-2.1.13/restorecond/user.c.f19 policycoreutils-2.1.13/restorecond/user.c
--- policycoreutils-2.1.13/restorecond/user.c.f19 2012-09-25 16:17:37.000000000 -0400
-+++ policycoreutils-2.1.13/restorecond/user.c 2013-03-08 16:38:34.682362217 -0500
++++ policycoreutils-2.1.13/restorecond/user.c 2013-03-19 19:47:19.070782712 -0400
@@ -54,6 +54,7 @@ static const char *PATH="/org/selinux/Re
static const char *INTERFACE="org.selinux.RestorecondIface";
static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'";
@@ -101,8 +122,8 @@ diff -up policycoreutils-2.1.13/restorecond/user.c.f19 policycoreutils-2.1.13/re
return 0;
}
diff -up policycoreutils-2.1.13/sandbox/seunshare.c.f19 policycoreutils-2.1.13/sandbox/seunshare.c
---- policycoreutils-2.1.13/sandbox/seunshare.c.f19 2013-03-08 16:38:34.603361947 -0500
-+++ policycoreutils-2.1.13/sandbox/seunshare.c 2013-03-08 16:38:34.683362221 -0500
+--- policycoreutils-2.1.13/sandbox/seunshare.c.f19 2013-03-19 19:47:19.044782600 -0400
++++ policycoreutils-2.1.13/sandbox/seunshare.c 2013-03-19 19:47:19.071782716 -0400
@@ -31,12 +31,6 @@
#include <selinux/context.h> /* for context-mangling functions */
#include <dirent.h>
@@ -250,8 +271,17 @@ diff -up policycoreutils-2.1.13/sandbox/seunshare.c.f19 policycoreutils-2.1.13/s
rc |= setenv("HOME", pwd->pw_dir, 1);
rc |= setenv("SHELL", pwd->pw_shell, 1);
diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/semanage/semanage
---- policycoreutils-2.1.13/semanage/semanage.f19 2013-03-08 16:38:34.608361965 -0500
-+++ policycoreutils-2.1.13/semanage/semanage 2013-03-08 16:38:34.684362224 -0500
+--- policycoreutils-2.1.13/semanage/semanage.f19 2013-03-19 19:47:19.046782608 -0400
++++ policycoreutils-2.1.13/semanage/semanage 2013-03-19 19:50:03.332427690 -0400
+@@ -61,7 +61,7 @@ semanage interface -{a|d|m|l|D|E} [-Nntr
+ semanage module -{a|d|m} [--enable|--disable] [-N] module
+ semanage node -{a|d|m|l|D|E} [-Nntr] [ -p protocol ] [-M netmask] addr
+ semanage fcontext -{a|d|m|l|D|E} [-Nefnrst] file_spec
+-semanage boolean -{d|m} [--on|--off|-1|-0] [-N] -F boolean | boolean_file
++semanage boolean -{d|m} {--on|--off|-1|-0} [-N] -F boolean | boolean_file
+ semanage permissive -{d|a|l} [-Nn] type
+ semanage dontaudit [ on | off ] [-N]
+
@@ -376,11 +376,8 @@ Object-specific Options (see above):
OBJECT = seobject.moduleRecords(store)
@@ -266,9 +296,18 @@ diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/sem
if object == "dontaudit":
OBJECT = seobject.dontauditClass(store)
+@@ -448,6 +445,8 @@ Object-specific Options (see above):
+
+ if modify:
+ if object == "boolean":
++ if not value:
++ raise ValueError(_("Value Required [ --on | --off ]"))
+ OBJECT.modify(target, value, use_file)
+ return
+
diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/semanage/seobject.py
---- policycoreutils-2.1.13/semanage/seobject.py.f19 2013-03-08 16:38:34.610361971 -0500
-+++ policycoreutils-2.1.13/semanage/seobject.py 2013-03-08 16:38:34.685362227 -0500
+--- policycoreutils-2.1.13/semanage/seobject.py.f19 2013-03-19 19:47:19.047782613 -0400
++++ policycoreutils-2.1.13/semanage/seobject.py 2013-03-19 19:49:34.488315703 -0400
@@ -373,7 +373,11 @@ class permissiveRecords(semanageRecords)
def add(self, type):
@@ -320,9 +359,19 @@ diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+@@ -2018,6 +2031,9 @@ class booleanRecords(semanageRecords):
+ self.modify_local = False
+
+ def __mod(self, name, value):
++ if not value:
++ raise ValueError(_("Value Required for %s") % name)
++
+ name = selinux.selinux_boolean_sub(name)
+
+ (rc, k) = semanage_bool_key_create(self.sh, name)
diff -up policycoreutils-2.1.13/sepolicy/info.c.f19 policycoreutils-2.1.13/sepolicy/info.c
---- policycoreutils-2.1.13/sepolicy/info.c.f19 2013-03-08 16:38:34.613361982 -0500
-+++ policycoreutils-2.1.13/sepolicy/info.c 2013-03-08 16:38:34.687362234 -0500
+--- policycoreutils-2.1.13/sepolicy/info.c.f19 2013-03-19 19:47:19.048782617 -0400
++++ policycoreutils-2.1.13/sepolicy/info.c 2013-03-19 19:47:19.073782725 -0400
@@ -988,39 +988,51 @@ PyObject* info( int type, const char *na
{
PyObject* output = NULL;
@@ -392,8 +441,8 @@ diff -up policycoreutils-2.1.13/sepolicy/info.c.f19 policycoreutils-2.1.13/sepol
void init_info (PyObject *m) {
diff -up policycoreutils-2.1.13/sepolicy/Makefile.f19 policycoreutils-2.1.13/sepolicy/Makefile
---- policycoreutils-2.1.13/sepolicy/Makefile.f19 2013-03-08 16:38:34.611361975 -0500
-+++ policycoreutils-2.1.13/sepolicy/Makefile 2013-03-08 16:38:34.687362234 -0500
+--- policycoreutils-2.1.13/sepolicy/Makefile.f19 2013-03-19 19:47:19.047782613 -0400
++++ policycoreutils-2.1.13/sepolicy/Makefile 2013-03-19 19:47:19.074782730 -0400
@@ -23,10 +23,10 @@ clean:
-rm -rf build *~ \#* *pyc .#*
@@ -408,8 +457,8 @@ diff -up policycoreutils-2.1.13/sepolicy/Makefile.f19 policycoreutils-2.1.13/sep
install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)
- install -m 644 *.8 $(MANDIR)/man8
diff -up policycoreutils-2.1.13/sepolicy/policy.c.f19 policycoreutils-2.1.13/sepolicy/policy.c
---- policycoreutils-2.1.13/sepolicy/policy.c.f19 2013-03-08 16:38:34.613361982 -0500
-+++ policycoreutils-2.1.13/sepolicy/policy.c 2013-03-08 16:38:34.688362238 -0500
+--- policycoreutils-2.1.13/sepolicy/policy.c.f19 2013-03-19 19:47:19.048782617 -0400
++++ policycoreutils-2.1.13/sepolicy/policy.c 2013-03-19 19:47:19.074782730 -0400
@@ -66,7 +66,6 @@ PyObject *wrap_policy(PyObject *UNUSED(s
}
apol_vector_destroy(&mod_paths);
@@ -419,8 +468,8 @@ diff -up policycoreutils-2.1.13/sepolicy/policy.c.f19 policycoreutils-2.1.13/sep
apol_policy_path_destroy(&pol_path);
if (!policy) {
diff -up policycoreutils-2.1.13/sepolicy/search.c.f19 policycoreutils-2.1.13/sepolicy/search.c
---- policycoreutils-2.1.13/sepolicy/search.c.f19 2013-03-08 16:38:34.615361989 -0500
-+++ policycoreutils-2.1.13/sepolicy/search.c 2013-03-08 16:38:34.689362241 -0500
+--- policycoreutils-2.1.13/sepolicy/search.c.f19 2013-03-19 19:47:19.049782621 -0400
++++ policycoreutils-2.1.13/sepolicy/search.c 2013-03-19 19:47:19.074782730 -0400
@@ -204,14 +204,14 @@ static PyObject* get_ra_results(const ap
goto err;
@@ -559,8 +608,8 @@ diff -up policycoreutils-2.1.13/sepolicy/search.c.f19 policycoreutils-2.1.13/sep
+ return search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist);
}
diff -up policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh
---- policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 2013-03-08 16:38:34.615361989 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh 2013-03-08 16:38:34.689362241 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 2013-03-19 19:47:19.049782621 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh 2013-03-19 19:47:19.075782734 -0400
@@ -45,6 +45,9 @@ __get_all_user_role_interaces () {
__get_all_user_domains () {
seinfo -auserdomain -x 2> /dev/null | tail -n +2
@@ -624,9 +673,10 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 policyc
elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
return 0
elif test "$prev" = "-p" || test "$prev" = "--path" ; then
+diff -up policycoreutils-2.1.13/sepolicy/sepolicy/booleans.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/booleans.py
diff -up policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 policycoreutils-2.1.13/sepolicy/sepolicy-generate.8
---- policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 2013-03-08 16:38:34.617361995 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy-generate.8 2013-03-08 16:38:34.690362244 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 2013-03-19 19:47:19.049782621 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy-generate.8 2013-03-19 19:47:19.075782734 -0400
@@ -5,15 +5,21 @@ sepolicy-generate \- Generate an initial
.SH "SYNOPSIS"
@@ -687,8 +737,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 policycoreutils
Generate Policy for Sandbox
.TP
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/generate.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 2013-03-08 16:38:34.623362016 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/generate.py 2013-03-08 16:38:34.691362248 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 2013-03-19 19:47:19.052782634 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/generate.py 2013-03-19 19:47:19.076782738 -0400
@@ -24,6 +24,7 @@
import os, sys, stat
import re
@@ -983,8 +1033,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 policycoreutil
if self.initscript != "":
newspec += re.sub("FILENAME", self.initscript, spec.define_relabel_files_end)
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 2013-03-08 16:38:34.621362009 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py 2013-03-08 16:38:34.692362252 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 2013-03-19 19:47:19.051782630 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py 2013-03-19 19:47:19.077782743 -0400
@@ -7,6 +7,9 @@ import _policy
import selinux, glob
PROGNAME="policycoreutils"
@@ -1028,7 +1078,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutil
policies = glob.glob ("%s.*" % path )
policies.sort()
return policies[-1]
-@@ -47,50 +71,186 @@ def __get_installed_policy():
+@@ -47,49 +71,192 @@ def __get_installed_policy():
pass
raise ValueError(_("No SELinux Policy installed"))
@@ -1237,13 +1287,18 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutil
-def info(setype, name=None):
- dict_list = _policy.info(setype, name)
- return dict_list
--
++booleans = None
++def get_all_booleans():
++ global booleans
++ if not booleans:
++ booleans = selinux.security_get_boolean_names()[1]
++ return booleans
+
booleans_dict = None
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
- global booleans_dict
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/interface.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 2013-03-08 16:38:34.623362016 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/interface.py 2013-03-08 16:38:34.692362252 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 2013-03-19 19:47:19.052782634 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/interface.py 2013-03-19 19:47:19.077782743 -0400
@@ -22,14 +22,12 @@
#
#
@@ -1301,8 +1356,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 policycoreuti
trans_list.append(m[0])
return trans_list
diff -up policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8
---- policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 2013-03-08 16:39:04.991465713 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8 2013-03-08 16:39:23.219527940 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 2013-03-19 19:47:19.050782626 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8 2013-03-19 19:47:19.078782747 -0400
@@ -5,7 +5,7 @@ sepolicy-manpage \- Generate a man page
.SH "SYNOPSIS"
@@ -1323,9 +1378,9 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 policycoreutils-
Generate an additional HTML man pages for the specified domain(s).
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 2013-03-08 16:38:34.624362019 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py 2013-03-08 16:38:34.694362258 -0500
-@@ -28,7 +28,7 @@ import string
+--- policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 2013-03-19 19:47:19.052782634 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py 2013-03-19 19:47:19.079782751 -0400
+@@ -28,12 +28,12 @@ import string
import argparse
import selinux
import sepolicy
@@ -1334,6 +1389,12 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
import commands
import sys, os, re, time
+
+-equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt" ], "named" : [ "bind" ], "fsdaemon" : [ "smartmon" ], "mdadm" : [ "raid" ] }
++equiv_dict={ "smbd" : [ "samba" ], "httpd" : [ "apache" ], "virtd" : [ "virt", "libvirt", "svirt", "svirt_tcg", "svirt_lxc_t", "svirt_lxc_net_t" ], "named" : [ "bind" ], "fsdaemon" : [ "smartmon" ], "mdadm" : [ "raid" ] }
+
+ equiv_dirs=[ "/var" ]
+ modules_dict = None
@@ -61,12 +61,28 @@ def gen_modules_dict(path = "/usr/share/
pass
return modules_dict
@@ -1485,7 +1546,26 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
def prettyprint(f,trim):
return " ".join(f[:-len(trim)].split("_"))
-@@ -483,40 +416,33 @@ class ManPage:
+@@ -251,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
+ return alphabet_manpages
+
+ def convert_manpage_to_html(html_manpage,manpage):
+- fd = open(html_manpage,'w')
+- rc, output = commands.getstatusoutput("man2html -r %s" % manpage)
++ rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
+ if rc == 0:
++ print html_manpage, " has been created"
++ fd = open(html_manpage,'w')
+ fd.write(output)
+- else:
+- fd.write("Man page does not exist")
+-
+- fd.close()
++ fd.close()
+
+ class HTMLManPages:
+ """
+@@ -483,40 +414,33 @@ class ManPage:
"""
Generate a Manpage on an SELinux domain in the specified path
"""
@@ -1543,7 +1623,17 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
self.booleans_dict = gen_bool_dict(self.xmlpath)
if domainname.endswith("_t"):
-@@ -532,7 +458,7 @@ class ManPage:
+@@ -526,13 +450,16 @@ class ManPage:
+
+ if self.domainname + "_t" not in self.all_domains:
+ raise ValueError("domain %s_t does not exist" % self.domainname)
+- self.short_name = self.domainname
++ if self.domainname[-1]=='d':
++ self.short_name = self.domainname[:-1] + "_"
++ else:
++ self.short_name = self.domainname + "_"
+
+ self.type = self.domainname + "_t"
self._gen_bools()
self.man_page_path = "%s/%s_selinux.8" % (path, self.domainname)
self.fd = open(self.man_page_path, 'w')
@@ -1552,16 +1642,73 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
self.__gen_user_man_page()
if self.html:
manpage_roles.append(self.man_page_path)
-@@ -606,7 +532,7 @@ class ManPage:
+@@ -550,16 +477,23 @@ class ManPage:
+ def _gen_bools(self):
+ self.bools=[]
+ self.domainbools=[]
+- for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x, sepolicy.search([sepolicy.ALLOW],{'source' : self.type }))):
+- for b in i:
+- if not isinstance(b,tuple):
+- continue
+- if b[0].startswith(self.short_name):
+- if b not in self.domainbools and (b[0], not b[1]) not in self.domainbools:
+- self.domainbools.append(b)
+- else:
+- if b not in self.bools and (b[0], not b[1]) not in self.bools:
+- self.bools.append(b)
++ types = [self.type]
++ if self.domainname in equiv_dict:
++ for t in equiv_dict[self.domainname]:
++ if t + "_t" in self.all_domains:
++ types.append(t+"_t")
++
++ for t in types:
++ for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x, sepolicy.search([sepolicy.ALLOW],{'source' : t }))):
++ for b in i:
++ if not isinstance(b,tuple):
++ continue
++ if b[0].startswith(self.short_name) or b[0].startswith(self.domainname):
++ if b not in self.domainbools and (b[0], not b[1]) not in self.domainbools:
++ self.domainbools.append(b)
++ else:
++ if b not in self.bools and (b[0], not b[1]) not in self.bools:
++ self.bools.append(b)
+
+ self.bools.sort()
+ self.domainbools.sort()
+@@ -605,9 +539,6 @@ class ManPage:
+ print path
def __gen_man_page(self):
- if self.domainname[-1]=='d':
+- if self.domainname[-1]=='d':
- self.short_name = self.domainname[:-1]
-+ self.short_name = self.domainname[:-1]+"_"
-
+-
self.anon_list = []
-@@ -802,7 +728,7 @@ SELinux policy is customizable based on
+ self.attributes = {}
+@@ -630,19 +561,8 @@ class ManPage:
+
+ def _get_ptypes(self):
+ for f in self.all_domains:
+- if f.startswith(self.short_name):
+- self.ptypes.append(f)
+-
+- def __whoami(self):
+- import pwd
+- fd = open("/proc/self/loginuid", "r")
+- uid = int(fd.read())
+- fd.close()
+- pw = pwd.getpwuid(uid)
+- if len(pw.pw_gecos) > 0:
+- return pw.pw_gecos
+- else:
+- return pw.pw_name
++ if f.startswith(self.short_name) or f.startswith(self.domainname):
++ self.ptypes.append(f)
+
+ def _header(self):
+ self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
+@@ -802,7 +722,7 @@ SELinux policy is customizable based on
.SH NSSWITCH DOMAIN
""")
for b in nsswitch_booleans:
@@ -1570,7 +1717,32 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
.PP
If you want to %s for the %s, you must turn on the %s boolean.
-@@ -1014,13 +940,14 @@ semanage fcontext -a -t public_content_t
+@@ -841,7 +761,7 @@ can be used to make the process type %(d
+ def _port_types(self):
+ self.ports = []
+ for f in self.all_port_types:
+- if f.startswith(self.short_name):
++ if f.startswith(self.short_name) or f.startswith(self.domainname):
+ self.ports.append(f)
+
+ if len(self.ports) == 0:
+@@ -990,13 +910,12 @@ to apply the labels.
+
+ def _see_also(self):
+ ret = ""
+- prefix = self.short_name.split("_")[0]
+ for d in self.domains:
+ if d == self.domainname:
+ continue
+- if d.startswith(prefix):
++ if d.startswith(self.short_name):
+ ret += ", %s_selinux(8)" % d
+- if self.domainname.startswith(d):
++ if d.startswith(self.domainname + "_"):
+ ret += ", %s_selinux(8)" % d
+ self.fd.write(ret)
+
+@@ -1014,13 +933,14 @@ semanage fcontext -a -t public_content_t
.B restorecon -F -R -v /var/%(domainname)s
.pp
.TP
@@ -1587,7 +1759,22 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
""" % {'domainname':self.domainname})
for b in self.anon_list:
desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
-@@ -1297,6 +1224,7 @@ The SELinux user %s_u is not able to ter
+@@ -1065,12 +985,11 @@ is a GUI tool available to customize SEL
+
+ .SH AUTHOR
+ This manual page was auto-generated using
+-.B "sepolicy manpage"
+-by %s.
++.B "sepolicy manpage".
+
+ .SH "SEE ALSO"
+ selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+-""" % (self.__whoami(), self.domainname))
++""" % (self.domainname))
+
+ if self.booltext != "":
+ self.fd.write(", setsebool(8)")
+@@ -1297,6 +1216,7 @@ The SELinux user %s_u is not able to ter
""" % self.domainname)
def _network(self):
@@ -1596,8 +1783,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
.SH NETWORK
""")
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/network.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 2013-03-08 16:38:34.625362023 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/network.py 2013-03-08 16:38:34.694362258 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 2013-03-19 19:47:19.053782639 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/network.py 2013-03-19 19:47:19.079782751 -0400
@@ -25,27 +25,6 @@ import sepolicy
search=sepolicy.search
info=sepolicy.info
@@ -1635,8 +1822,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 policycoreutils
tlist = get_types(src, "%s_socket" % protocol, [perm])
if len(tlist) > 0:
diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy.py
---- policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 2013-03-08 16:38:34.620362006 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy.py 2013-03-08 16:38:34.695362262 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 2013-03-19 19:47:19.050782626 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy.py 2013-03-19 19:47:19.080782755 -0400
@@ -22,6 +22,8 @@
#
#
@@ -1646,7 +1833,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
from sepolicy import get_os_version
import argparse
import gettext
-@@ -43,13 +45,28 @@ class CheckPath(argparse.Action):
+@@ -43,13 +45,49 @@ class CheckPath(argparse.Action):
raise ValueError("%s does not exist" % values)
setattr(namespace, self.dest, values)
@@ -1665,6 +1852,27 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
+ newval.append(v)
+ setattr(namespace, self.dest, newval)
+
++class CheckBoolean(argparse.Action):
++ def __call__(self, parser, namespace, values, option_string=None):
++ booleans = sepolicy.get_all_booleans()
++ newval = getattr(namespace, self.dest)
++ if not newval:
++ newval = []
++
++ if isinstance(values,str):
++ v = selinux.selinux_boolean_sub(values)
++ if v not in booleans:
++ raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(booleans)))
++ newval.append(v)
++ setattr(namespace, self.dest, newval)
++ else:
++ for value in values:
++ v = selinux.selinux_boolean_sub(value)
++ if v not in booleans:
++ raise ValueError("%s must be an SELinux boolean:\nValid boolean: %s" % (v, ", ".join(booleans)))
++ newval.append(v)
++ setattr(namespace, self.dest, newval)
++
class CheckDomain(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
- from sepolicy.network import domains
@@ -1677,7 +1885,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
setattr(namespace, self.dest, values)
else:
newval = getattr(namespace, self.dest)
-@@ -58,19 +75,19 @@ class CheckDomain(argparse.Action):
+@@ -58,19 +96,19 @@ class CheckDomain(argparse.Action):
for v in values:
if v not in domains:
@@ -1700,7 +1908,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
setattr(namespace, self.dest, values)
class CheckAdmin(argparse.Action):
-@@ -81,7 +98,7 @@ class CheckAdmin(argparse.Action):
+@@ -81,7 +119,7 @@ class CheckAdmin(argparse.Action):
newval = []
admins = get_admin()
if values not in admins:
@@ -1709,7 +1917,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
newval.append(values)
setattr(namespace, self.dest, newval)
-@@ -98,13 +115,13 @@ class CheckPort(argparse.Action):
+@@ -98,13 +136,13 @@ class CheckPort(argparse.Action):
class CheckPortType(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
@@ -1725,7 +1933,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
newval.append(v)
setattr(namespace, self.dest, values)
-@@ -124,19 +141,18 @@ class CheckPolicyType(argparse.Action):
+@@ -124,19 +162,18 @@ class CheckPolicyType(argparse.Action):
class CheckUser(argparse.Action):
def __call__(self, parser, namespace, value, option_string=None):
@@ -1749,7 +1957,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
if len(portdict) > 0:
print "%s: %s %s" % (src, protocol, perm)
for p in portdict:
-@@ -144,7 +160,7 @@ def _print_net(src, protocol, perm):
+@@ -144,7 +181,7 @@ def _print_net(src, protocol, perm):
print "\t" + recs
def network(args):
@@ -1758,7 +1966,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
if args.list_ports:
all_ports = []
for i in portrecs:
-@@ -185,41 +201,41 @@ def manpage(args):
+@@ -185,41 +222,41 @@ def manpage(args):
from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
path = args.path
@@ -1822,7 +2030,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
def gen_network_args(parser):
net = parser.add_parser("network",
-@@ -267,7 +283,6 @@ def gen_communicate_args(parser):
+@@ -267,7 +304,6 @@ def gen_communicate_args(parser):
comm.set_defaults(func=communicate)
def booleans(args):
@@ -1830,7 +2038,15 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
from sepolicy import boolean_desc
if args.all:
rc, args.booleans = selinux.security_get_boolean_names()
-@@ -304,7 +319,7 @@ def gen_transition_args(parser):
+@@ -284,6 +320,7 @@ def gen_booleans_args(parser):
+ action="store_true",
+ help=_("get all booleans descriptions"))
+ group.add_argument("-b", "--boolean", dest="booleans", nargs="+",
++ action=CheckBoolean, required=False,
+ help=_("boolean to get description"))
+ bools.set_defaults(func=booleans)
+
+@@ -304,7 +341,7 @@ def gen_transition_args(parser):
trans.set_defaults(func=transition)
def interface(args):
@@ -1839,7 +2055,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
if args.list_admin:
for a in get_admin():
print a
-@@ -312,28 +327,37 @@ def interface(args):
+@@ -312,28 +349,37 @@ def interface(args):
for a in get_user():
print a
if args.list:
@@ -1882,7 +2098,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
mypolicy.gen_writeable()
mypolicy.gen_symbols()
print mypolicy.generate(args.path)
-@@ -343,26 +367,26 @@ def gen_interface_args(parser):
+@@ -343,26 +389,26 @@ def gen_interface_args(parser):
help=_('List SELinux Policy interfaces'))
group = itf.add_mutually_exclusive_group(required=True)
group.add_argument("-a", "--list_admin", dest="list_admin",action="store_true", default=False,
@@ -1916,7 +2132,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
action=CheckAdmin,
help=_("Enter domain(s) that this confined admin will administrate"))
pol.add_argument("-n", "--name", dest="name",
-@@ -370,45 +394,53 @@ def gen_generate_args(parser):
+@@ -370,45 +416,53 @@ def gen_generate_args(parser):
help=_("name of policy to generate"))
pol.add_argument("-T", "--test", dest="test", default=False, action="store_true",
help=argparse.SUPPRESS)
@@ -1982,7 +2198,7 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
action="store_const",
help=_("Generate Policy for %s") % poltype[XUSER])
pol.set_defaults(func=generate)
-@@ -428,7 +460,10 @@ if __name__ == '__main__':
+@@ -428,7 +482,10 @@ if __name__ == '__main__':
gen_transition_args(subparsers)
try:
@@ -1995,8 +2211,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
sys.exit(0)
except ValueError,e:
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 2013-03-08 16:38:34.627362029 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py 2013-03-08 16:38:34.696362265 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 2013-03-19 19:47:19.053782639 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py 2013-03-19 19:47:19.081782760 -0400
@@ -446,7 +446,7 @@ EXECUTABLE -- gen_context(system_u:obje
"""
@@ -2007,8 +2223,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 po
fc_initscript="""\
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py
---- policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 2013-03-08 16:38:34.627362029 -0500
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py 2013-03-08 16:38:34.696362265 -0500
+--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 2013-03-19 19:47:19.054782643 -0400
++++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py 2013-03-19 19:47:19.081782760 -0400
@@ -20,7 +20,7 @@
#
#
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 724acb9..98bdcbb 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 57%{?dist}
+Release: 58%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -340,6 +340,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Tue Mar 19 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-58
+- Fix handling of semanage boolean missing booleans
+- Back more sepolicy fixes from Rawhide
+
* Fri Feb 8 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-57
- Back more sepolicy fixes from Rawhide
More information about the scm-commits
mailing list