[policycoreutils] Fix exceptionion hanling in audit2allow -o
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Apr 22 14:03:54 UTC 2013
commit b4c5b4829d70edb15387bb693f2a601bf4a56e31
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Apr 22 10:03:47 2013 -0400
Fix exceptionion hanling in audit2allow -o
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
policycoreutils-rhat.patch | 66 ++++++++++++++++++++++++++++++++++++++++---
policycoreutils.spec | 12 +++++++-
2 files changed, 72 insertions(+), 6 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index d2e0001..7c8352d 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -34,7 +34,7 @@ index 88635d4..fc290ea 100644
clean:
rm -f *~
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
-index 8e0c396..d282eee 100644
+index 8e0c396..1059bea 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -18,7 +18,7 @@
@@ -82,6 +82,16 @@ index 8e0c396..d282eee 100644
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
+@@ -350,6 +349,9 @@ class AuditToPolicy:
+ except ValueError, e:
+ print e
+ sys.exit(1)
++ except IOError, e:
++ print e
++ sys.exit(1)
+
+ if __name__ == "__main__":
+ app = AuditToPolicy()
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
index a854a45..bc70938 100644
--- a/policycoreutils/audit2allow/audit2allow.1
@@ -247461,6 +247471,19 @@ index 5e7415c..5267ed9 100644
booleans_dict = None
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
+diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
+index a179d95..9b9a09a 100755
+--- a/policycoreutils/sepolicy/sepolicy/communicate.py
++++ b/policycoreutils/sepolicy/sepolicy/communicate.py
+@@ -40,7 +40,7 @@ def expand_attribute(attribute):
+ def get_types(src, tclass, perm):
+ allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
+ if not allows:
+- raise TypeError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
++ raise ValueError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
+
+ tlist = []
+ for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
index 26f8390..4739025 100644
--- a/policycoreutils/sepolicy/sepolicy/generate.py
@@ -247757,7 +247780,7 @@ index 8b063ca..407ce20 100644
+ else:
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..2747e4f 100755
+index 25062da..63efc6d 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -28,12 +28,12 @@ import string
@@ -247775,6 +247798,17 @@ index 25062da..2747e4f 100755
equiv_dirs=[ "/var" ]
modules_dict = None
+@@ -100,8 +100,8 @@ def gen_domains():
+ for d in get_all_domains():
+ found = False
+ domain = d[:-2]
+- if domain + "_exec_t" not in get_entrypoints():
+- continue
++# if domain + "_exec_t" not in get_entrypoints():
++# continue
+ if domain in domains:
+ continue
+ domains.append(domain)
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
return alphabet_manpages
@@ -247916,7 +247950,7 @@ index 25062da..2747e4f 100755
self.anon_list = []
self.attributes = {}
-@@ -563,19 +561,8 @@ class ManPage:
+@@ -563,22 +561,11 @@ class ManPage:
def _get_ptypes(self):
for f in self.all_domains:
@@ -247937,7 +247971,11 @@ index 25062da..2747e4f 100755
+ self.ptypes.append(f)
def _header(self):
- self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
+- self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
++ self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
+ % {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
+ self.fd.write(r"""
+ .SH "NAME"
@@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
def _port_types(self):
self.ports = []
@@ -248169,7 +248207,7 @@ index 0000000..3a3faa6
+
+"""
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
-index 80b6d6e..07c5ee2 100644
+index 80b6d6e..1215a29 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
@@ -248185,6 +248223,24 @@ index 80b6d6e..07c5ee2 100644
.SH "DESCRIPTION"
This manual page describes the
+@@ -20,7 +20,7 @@ This program is primarily used to set the security context
+ It can also be run at any other time to correct inconsistent labels, to add
+ support for newly-installed policy or, by using the \-n option, to passively
+ check whether the file contexts are all set as specified by the active policy
+-(default behavior) or by some other policy (see the \-c option).
++(default behavior).
+ .P
+ If a file object does not have a context, restorecon will write the default
+ context to the file object's extended attributes. If a file object has a
+@@ -30,7 +30,7 @@ The -F option will force a replacement of the entire context.
+ .SH "OPTIONS"
+ .TP
+ .B \-e directory
+-exclude a directory (repeat the option to exclude more than one directory).
++exclude a directory (repeat the option to exclude more than one directory, Requires full path).
+ .TP
+ .B \-f infilename
+ infilename contains a list of files to be processed. Use \- for stdin.
@@ -49,7 +49,7 @@ ignore files that do not exist.
don't change any file labels (passive check).
.TP
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2fa429f..379fb41 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
-Release: 35%{?dist}
+Release: 37%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -323,6 +323,16 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Mon Apr 22 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-37
+- Fix exceptionion hanling in audit2allow -o
+- Generate Man pages for everydomain, not just ones with exec_t entrypoints
+- sepolicy comunicate should return ValueError not TypeError
+- Trim header line in sepolicy manpage to use less space
+- Add missing options to restorecon man page
+
+* Thu Apr 11 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-36
+- Raise proper Exception on sepolicy communicate with invalid value
+
* Wed Apr 10 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-35
- Update translations
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
More information about the scm-commits
mailing list