[policycoreutils] Update sepolicy gui code, cleanups and add file transition tab
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Aug 15 14:14:57 UTC 2013
commit 05a4073c771fb1ba0dbd5086aa3f06a70628e4f9
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 15 10:14:40 2013 -0400
Update sepolicy gui code, cleanups and add file transition tab
- Fix semanage fcontext -a --ftype code to work.
policycoreutils-rhat.patch | 77 +++++++++++++++++++++++++++----------------
policycoreutils.spec | 9 +++--
2 files changed, 53 insertions(+), 33 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a76bfeb..932ae14 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -509801,7 +509801,7 @@ index 6c30734..f6b4b9a 100644
will try reading a context from stdin, if that is not a tty, otherwise
.B secon
diff --git a/policycoreutils/semanage/Makefile b/policycoreutils/semanage/Makefile
-index 24d6a21..6624f03 100644
+index 24d6a21..d3aff45 100644
--- a/policycoreutils/semanage/Makefile
+++ b/policycoreutils/semanage/Makefile
@@ -5,7 +5,7 @@ SBINDIR ?= $(PREFIX)/sbin
@@ -509813,7 +509813,7 @@ index 24d6a21..6624f03 100644
TARGETS=semanage
-@@ -17,11 +17,11 @@ install: all
+@@ -17,12 +17,14 @@ install: all
[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
-mkdir -p $(SBINDIR)
install -m 755 semanage $(SBINDIR)
@@ -509825,8 +509825,11 @@ index 24d6a21..6624f03 100644
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage
++test:
++ @python test-semanage.py -v
clean:
+ indent:
diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile
new file mode 100644
index 0000000..e15a877
@@ -512449,10 +512452,10 @@ index 28a9022..90b142e 100644
+usage: semanage [-h]
+
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index 85bc37f..5c9e83b 100644
+index 85bc37f..f2981c0 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
-@@ -32,30 +32,29 @@ from IPy import IP
+@@ -32,32 +32,47 @@ from IPy import IP
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -512469,33 +512472,44 @@ index 85bc37f..5c9e83b 100644
import syslog
file_types = {}
--file_types[""] = SEMANAGE_FCONTEXT_ALL;
-+file_types["a"] = SEMANAGE_FCONTEXT_ALL;
+ file_types[""] = SEMANAGE_FCONTEXT_ALL;
file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
-file_types["--"] = SEMANAGE_FCONTEXT_REG;
-+file_types["f"] = SEMANAGE_FCONTEXT_REG;
++file_types["a"] = SEMANAGE_FCONTEXT_ALL;
file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
--file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
-+file_types["d"] = SEMANAGE_FCONTEXT_DIR;
++file_types["--"] = SEMANAGE_FCONTEXT_REG;
++file_types["f"] = SEMANAGE_FCONTEXT_REG;
+ file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
--file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
-+file_types["c"] = SEMANAGE_FCONTEXT_CHAR;
++file_types["d"] = SEMANAGE_FCONTEXT_DIR;
+ file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
--file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
-+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK;
++file_types["c"] = SEMANAGE_FCONTEXT_CHAR;
+ file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
--file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
-+file_types["s"] = SEMANAGE_FCONTEXT_SOCK;
++file_types["b"] = SEMANAGE_FCONTEXT_BLOCK;
+ file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
--file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
++file_types["s"] = SEMANAGE_FCONTEXT_SOCK;
+ file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
+file_types["l"] = SEMANAGE_FCONTEXT_LINK;
file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
--file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE;
+ file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
++file_type_str_to_option = { "all files": "a",
++ "regular file":"f",
++ "directory":"d",
++ "character device":"c",
++ "block device":"b",
++ "socket file":"s",
++ "symbolic link":"l",
++ "named pipe":"p" }
try:
-@@ -89,7 +88,7 @@ except:
+ import audit
+ class logger:
+@@ -89,7 +104,7 @@ except:
self.log_list=[]
def log(self, msg, name = "", sename = "", serole = "", serange = "", oldsename = "", oldserole = "", oldserange = ""):
@@ -512504,7 +512518,7 @@ index 85bc37f..5c9e83b 100644
if sename != "":
message += " sename=" + sename
if oldsename != "":
-@@ -285,6 +284,8 @@ class moduleRecords(semanageRecords):
+@@ -285,6 +300,8 @@ class moduleRecords(semanageRecords):
print "%-25s%-10s%s" % (t[0], t[1], disabled)
def add(self, file):
@@ -512513,7 +512527,7 @@ index 85bc37f..5c9e83b 100644
rc = semanage_module_install_file(self.sh, file);
if rc >= 0:
self.commit()
-@@ -461,7 +462,9 @@ class loginRecords(semanageRecords):
+@@ -461,7 +478,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -512524,7 +512538,7 @@ index 85bc37f..5c9e83b 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -731,7 +734,8 @@ class seluserRecords(semanageRecords):
+@@ -731,7 +750,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -512534,7 +512548,7 @@ index 85bc37f..5c9e83b 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -999,8 +1003,10 @@ class portRecords(semanageRecords):
+@@ -999,8 +1019,10 @@ class portRecords(semanageRecords):
raise ValueError(_("Type %s is invalid, must be a port type") % type)
( k, proto_d, low, high ) = self.__genkey(port, proto)
@@ -512547,7 +512561,7 @@ index 85bc37f..5c9e83b 100644
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if exists:
-@@ -1274,7 +1280,8 @@ class nodeRecords(semanageRecords):
+@@ -1274,7 +1296,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -512557,7 +512571,7 @@ index 85bc37f..5c9e83b 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1475,7 +1482,8 @@ class interfaceRecords(semanageRecords):
+@@ -1475,7 +1498,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -512567,7 +512581,7 @@ index 85bc37f..5c9e83b 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1643,6 +1651,7 @@ class fcontextRecords(semanageRecords):
+@@ -1643,6 +1667,7 @@ class fcontextRecords(semanageRecords):
try:
valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
@@ -512575,7 +512589,7 @@ index 85bc37f..5c9e83b 100644
except RuntimeError:
valid_types = []
-@@ -1751,9 +1760,15 @@ class fcontextRecords(semanageRecords):
+@@ -1751,9 +1776,15 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
@@ -512592,7 +512606,7 @@ index 85bc37f..5c9e83b 100644
if is_mls_enabled == 1:
serange = untranslate(serange)
-@@ -1777,7 +1792,8 @@ class fcontextRecords(semanageRecords):
+@@ -1777,7 +1808,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -512602,7 +512616,12 @@ index 85bc37f..5c9e83b 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1970,7 +1986,7 @@ class fcontextRecords(semanageRecords):
+@@ -1966,11 +1998,11 @@ class fcontextRecords(semanageRecords):
+ keys.sort()
+ for k in keys:
+ if fcon_dict[k]:
+- l.append("-a -f '%s' -t %s '%s'" % (k[1], fcon_dict[k][2], k[0]))
++ l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
if len(self.equiv):
for target in self.equiv.keys():
@@ -512611,7 +512630,7 @@ index 85bc37f..5c9e83b 100644
return l
def list(self, heading = 1, locallist = 0 ):
-@@ -2156,7 +2172,7 @@ class booleanRecords(semanageRecords):
+@@ -2156,7 +2188,7 @@ class booleanRecords(semanageRecords):
keys.sort()
for k in keys:
if ddict[k]:
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 4033201..f66f548 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -128,7 +128,7 @@ an SELinux environment.
%{python_sitearch}/sepolicy/network.py*
%{python_sitearch}/sepolicy/transition.py*
%{python_sitearch}/sepolicy/sedbus.py*
-%{_sysconfdir}/dbus-1/system.d/org.fedoraproject.selinux.conf
+%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{python_sitearch}/%{name}*.egg-info
%{python_sitearch}/sepolicy*.egg-info
%{python_sitearch}/%{name}
@@ -139,8 +139,9 @@ an SELinux environment.
%{_mandir}/man8/semanage*.8*
%{_mandir}/ru/man8/semanage.8*
%{_datadir}/system-config-selinux/selinux_server.py
-%{_datadir}/dbus-1/system/org.fedoraproject.selinux.service
-%{_datadir}/polkit-1/actions/org.fedoraproject.selinux.policy
+%{_datadir}/dbus-1/system-services/org.selinux.service
+%{_datadir}/polkit-1/actions/org.selinux.policy
+%{_datadir}/polkit-1/actions/org.fedoraproject.config.selinux.policy
%{_datadir}/bash-completion/completions/semanage
%{_datadir}/bash-completion/completions/setsebool
@@ -229,7 +230,7 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
%{_datadir}/pixmaps/system-config-selinux.png
-%{_datadir}/polkit-1/actions/org.fedoraproject.config.selinux.policy
+%{_datadir}/polkit-1/actions/org.selinux.policy
%dir %{_datadir}/system-config-selinux
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*.py*
More information about the scm-commits
mailing list