[policycoreutils] Cleanup errors found by pychecker
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Oct 16 19:20:14 UTC 2013
commit 256317fccc96e73f9ad09b5accc21671a7140ebb
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Oct 16 15:20:12 2013 -0400
Cleanup errors found by pychecker
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
policycoreutils-rhat.patch | 466 ++++++++++++++++++++++++++++++++++++-------
policycoreutils.spec | 6 +-
2 files changed, 395 insertions(+), 77 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index beda037..cb47e5f 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -680134,7 +680134,7 @@ index 28a9022..90b142e 100644
+usage: semanage [-h]
+
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index 85bc37f..c78b6ef 100644
+index 85bc37f..70bbaed 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -1,5 +1,5 @@
@@ -680144,6 +680144,15 @@ index 85bc37f..c78b6ef 100644
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
+@@ -21,7 +21,7 @@
+ #
+ #
+
+-import pwd, grp, string, selinux, tempfile, os, re, sys, stat
++import pwd, grp, string, selinux, os, re, sys, stat
+ from semanage import *;
+ PROGNAME = "policycoreutils"
+ import sepolicy
@@ -32,32 +32,47 @@ from IPy import IP
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -680153,10 +680162,10 @@ index 85bc37f..c78b6ef 100644
-except IOError:
- import __builtin__
- __builtin__.__dict__['_'] = unicode
-+
-+import gettext
+translation=gettext.translation(PROGNAME, localedir = "/usr/share/locale", fallback=True)
+_=translation.ugettext
++
++is_mls_enabled = True
import syslog
@@ -680207,20 +680216,28 @@ index 85bc37f..c78b6ef 100644
if sename != "":
message += " sename=" + sename
if oldsename != "":
-@@ -270,6 +285,12 @@ class moduleRecords(semanageRecords):
+@@ -270,21 +285,31 @@ class moduleRecords(semanageRecords):
l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod)))
return l
+- def list(self, heading = 1, locallist = 0):
+- all = self.get_all()
+- if len(all) == 0:
+ def customized(self):
-+ all = self.get_all()
-+ if len(all) == 0:
++ ALL = self.get_all()
++ if len(ALL) == 0:
+ return
-+ return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, all))
++ return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, ALL))
+
- def list(self, heading = 1, locallist = 0):
- all = self.get_all()
- if len(all) == 0:
-@@ -281,10 +302,14 @@ class moduleRecords(semanageRecords):
++ def list(self, heading = True, locallist = False):
++ ALL = self.get_all()
++ if len(ALL) == 0:
+ return
+
+ if heading:
+ print "\n%-25s%-10s\n" % (_("Modules Name"), _("Version"))
+- for t in all:
++ for t in ALL:
if t[2] == 0:
disabled = _("Disabled")
else:
@@ -680235,6 +680252,15 @@ index 85bc37f..c78b6ef 100644
rc = semanage_module_install_file(self.sh, file);
if rc >= 0:
self.commit()
+@@ -312,7 +337,7 @@ class moduleRecords(semanageRecords):
+ self.commit()
+
+ def modify(self, file):
+- rc = semanage_module_update_file(self.sh, file);
++ rc = semanage_module_upgrade_file(self.sh, file);
+ if rc >= 0:
+ self.commit()
+
@@ -324,6 +349,11 @@ class moduleRecords(semanageRecords):
self.commit()
@@ -680247,6 +680273,83 @@ index 85bc37f..c78b6ef 100644
class dontauditClass(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
+@@ -332,7 +362,7 @@ class dontauditClass(semanageRecords):
+ if dontaudit not in [ "on", "off" ]:
+ raise ValueError(_("dontaudit requires either 'on' or 'off'"))
+ self.begin()
+- rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
++ semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
+ self.commit()
+
+ class permissiveRecords(semanageRecords):
+@@ -352,26 +382,27 @@ class permissiveRecords(semanageRecords):
+ l.append(name.split("permissive_")[1])
+ return l
+
+- def list(self, heading = 1, locallist = 0):
+- all = map(lambda y: y["name"], filter(lambda x: x["permissive"], sepolicy.info(sepolicy.TYPE)))
+- if len(all) == 0:
++ def list(self, heading = True, locallist = False):
++ ALL = map(lambda y: y["name"], filter(lambda x: x["permissive"], sepolicy.info(sepolicy.TYPE)))
++ if len(ALL) == 0:
+ return
+
+- if heading:
+- print "\n%-25s\n" % (_("Builtin Permissive Types"))
+ customized = self.get_all()
+- for t in all:
+- if t not in customized:
+- print t
+-
+- if len(customized) == 0:
+- return
+-
+ if heading:
+ print "\n%-25s\n" % (_("Customized Permissive Types"))
+ for t in customized:
+ print t
+
++ if locallist:
++ return
++
++ if heading:
++ print "\n%-25s\n" % (_("Builtin Permissive Types"))
++
++ for t in ALL:
++ if t not in customized:
++ print t
++
+ def add(self, type):
+ import glob
+ try:
+@@ -427,8 +458,7 @@ permissive %s;
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+- all = " ".join(l)
+- self.delete(all)
++ self.delete(" ".join(l))
+
+ class loginRecords(semanageRecords):
+ def __init__(self, store = ""):
+@@ -444,14 +474,14 @@ class loginRecords(semanageRecords):
+ sename = "user_u"
+
+ userrec = seluserRecords()
+- range, (rc, oldserole) = userrec.get(self.oldsename)
+- range, (rc, serole) = userrec.get(sename)
++ RANGE, (rc, oldserole) = userrec.get(self.oldsename)
++ RANGE, (rc, serole) = userrec.get(sename)
+
+ if is_mls_enabled == 1:
+ if serange != "":
+ serange = untranslate(serange)
+ else:
+- serange = range
++ serange = RANGE
+
+ (rc, k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
@@ -461,7 +491,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
@@ -680258,6 +680361,63 @@ index 85bc37f..c78b6ef 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
+@@ -513,17 +545,17 @@ class loginRecords(semanageRecords):
+ raise ValueError(_("Requires seuser or serange"))
+
+ userrec = seluserRecords()
+- range, (rc, oldserole) = userrec.get(self.oldsename)
++ RANGE, (rc, oldserole) = userrec.get(self.oldsename)
+
+ if sename != "":
+- range, (rc, serole) = userrec.get(sename)
++ RANGE, (rc, serole) = userrec.get(sename)
+ else:
+ serole=oldserole
+
+ if serange != "":
+ self.serange=serange
+ else:
+- self.serange=range
++ self.serange=RANGE
+
+ (rc, k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+@@ -569,7 +601,7 @@ class loginRecords(semanageRecords):
+ def __delete(self, name):
+ rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
+ userrec = seluserRecords()
+- range, (rc, oldserole) = userrec.get(self.oldsename)
++ RANGE, (rc, oldserole) = userrec.get(self.oldsename)
+
+ (rc, k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+@@ -594,7 +626,7 @@ class loginRecords(semanageRecords):
+ semanage_seuser_key_free(k)
+
+ rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
+- range, (rc, serole) = userrec.get(self.sename)
++ RANGE, (rc, serole) = userrec.get(self.sename)
+
+ self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange);
+
+@@ -637,7 +669,7 @@ class loginRecords(semanageRecords):
+ pass
+ return ddict
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ ddict = {}
+ if locallist:
+ (rc, self.ulist) = semanage_seuser_list_local(self.sh)
+@@ -660,7 +692,7 @@ class loginRecords(semanageRecords):
+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
+ return l
+
+- def list(self,heading = 1, locallist = 0):
++ def list(self,heading = True, locallist = False):
+ ddict = self.get_all(locallist)
+ ldict = self.get_all_logins()
+ lkeys = ldict.keys()
@@ -731,7 +763,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
@@ -680282,11 +680442,28 @@ index 85bc37f..c78b6ef 100644
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
- raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
-+ raise ValueError(_("Could not add prefix %(ROLE)s for %(PREFIX)s") % {"ROLE":r, "PREFIX": prefix))
++ raise ValueError(_("Could not add prefix %(ROLE)s for %(PREFIX)s") % {"ROLE":r, "PREFIX": prefix})
(rc, key) = semanage_user_key_extract(self.sh,u)
if rc < 0:
raise ValueError(_("Could not extract key for %s") % name)
-@@ -928,7 +961,7 @@ class seluserRecords(semanageRecords):
+@@ -770,7 +803,6 @@ class seluserRecords(semanageRecords):
+ self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange)
+
+ def add(self, name, roles, selevel, serange, prefix):
+- serole = " ".join(roles)
+ try:
+ self.begin()
+ self.__add( name, roles, selevel, serange, prefix)
+@@ -902,7 +934,7 @@ class seluserRecords(semanageRecords):
+ self.mylog.commit(0)
+ raise error
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ ddict = {}
+ if locallist:
+ (rc, self.ulist) = semanage_user_list_local(self.sh)
+@@ -928,10 +960,10 @@ class seluserRecords(semanageRecords):
keys = ddict.keys()
keys.sort()
for k in keys:
@@ -680294,8 +680471,12 @@ index 85bc37f..c78b6ef 100644
+ l.append("-a -l %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
return l
- def list(self, heading = 1, locallist = 0):
-@@ -982,7 +1015,7 @@ class portRecords(semanageRecords):
+- def list(self, heading = 1, locallist = 0):
++ def list(self, heading = True, locallist = False):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ if len(keys) == 0:
+@@ -982,7 +1014,7 @@ class portRecords(semanageRecords):
(rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
if rc < 0:
@@ -680304,7 +680485,7 @@ index 85bc37f..c78b6ef 100644
return ( k, proto_d, low, high )
def __add(self, port, proto, serange, type):
-@@ -999,47 +1032,49 @@ class portRecords(semanageRecords):
+@@ -999,47 +1031,49 @@ class portRecords(semanageRecords):
raise ValueError(_("Type %s is invalid, must be a port type") % type)
( k, proto_d, low, high ) = self.__genkey(port, proto)
@@ -680366,7 +680547,7 @@ index 85bc37f..c78b6ef 100644
semanage_context_free(con)
semanage_port_key_free(k)
-@@ -1064,13 +1099,13 @@ class portRecords(semanageRecords):
+@@ -1064,13 +1098,13 @@ class portRecords(semanageRecords):
(rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
@@ -680383,7 +680564,7 @@ index 85bc37f..c78b6ef 100644
con = semanage_port_get_con(p)
-@@ -1081,7 +1116,7 @@ class portRecords(semanageRecords):
+@@ -1081,7 +1115,7 @@ class portRecords(semanageRecords):
rc = semanage_port_modify_local(self.sh, k, p)
if rc < 0:
@@ -680392,7 +680573,7 @@ index 85bc37f..c78b6ef 100644
semanage_port_key_free(k)
semanage_port_free(p)
-@@ -1119,19 +1154,19 @@ class portRecords(semanageRecords):
+@@ -1119,19 +1153,19 @@ class portRecords(semanageRecords):
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
@@ -680417,7 +680598,34 @@ index 85bc37f..c78b6ef 100644
semanage_port_key_free(k)
-@@ -1274,7 +1309,8 @@ class nodeRecords(semanageRecords):
+@@ -1140,7 +1174,7 @@ class portRecords(semanageRecords):
+ self.__delete(port, proto)
+ self.commit()
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ ddict = {}
+ if locallist:
+ (rc, self.plist) = semanage_port_list_local(self.sh)
+@@ -1162,7 +1196,7 @@ class portRecords(semanageRecords):
+ ddict[(low, high, proto_str)] = (ctype, level)
+ return ddict
+
+- def get_all_by_type(self, locallist = 0):
++ def get_all_by_type(self, locallist = False):
+ ddict = {}
+ if locallist:
+ (rc, self.plist) = semanage_port_list_local(self.sh)
+@@ -1200,7 +1234,7 @@ class portRecords(semanageRecords):
+ l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
+ return l
+
+- def list(self, heading = 1, locallist = 0):
++ def list(self, heading = True, locallist = False):
+ ddict = self.get_all_by_type(locallist)
+ keys = ddict.keys()
+ if len(keys) == 0:
+@@ -1274,7 +1308,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -680427,7 +680635,25 @@ index 85bc37f..c78b6ef 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1475,7 +1511,8 @@ class interfaceRecords(semanageRecords):
+@@ -1406,7 +1441,7 @@ class nodeRecords(semanageRecords):
+ self.__delete(semanage_node_get_addr(self.sh, node)[1], semanage_node_get_mask(self.sh, node)[1], self.protocol[semanage_node_get_proto(node)])
+ self.commit()
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ ddict = {}
+ if locallist :
+ (rc, self.ilist) = semanage_node_list_local(self.sh)
+@@ -1433,7 +1468,7 @@ class nodeRecords(semanageRecords):
+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2],ddict[k][2], k[0]))
+ return l
+
+- def list(self, heading = 1, locallist = 0):
++ def list(self, heading = True, locallist = False):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ if len(keys) == 0:
+@@ -1475,7 +1510,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -680437,7 +680663,25 @@ index 85bc37f..c78b6ef 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1643,6 +1680,7 @@ class fcontextRecords(semanageRecords):
+@@ -1599,7 +1635,7 @@ class interfaceRecords(semanageRecords):
+ self.__delete(semanage_iface_get_name(i))
+ self.commit()
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ ddict = {}
+ if locallist:
+ (rc, self.ilist) = semanage_iface_list_local(self.sh)
+@@ -1623,7 +1659,7 @@ class interfaceRecords(semanageRecords):
+ l.append("-a -t %s %s" % (ddict[k][2], k))
+ return l
+
+- def list(self, heading = 1, locallist = 0):
++ def list(self, heading = True, locallist = False):
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ if len(keys) == 0:
+@@ -1643,6 +1679,7 @@ class fcontextRecords(semanageRecords):
try:
valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
@@ -680445,7 +680689,7 @@ index 85bc37f..c78b6ef 100644
except RuntimeError:
valid_types = []
-@@ -1696,6 +1734,12 @@ class fcontextRecords(semanageRecords):
+@@ -1696,6 +1733,12 @@ class fcontextRecords(semanageRecords):
def add_equal(self, target, substitute):
self.begin()
@@ -680458,7 +680702,7 @@ index 85bc37f..c78b6ef 100644
if target in self.equiv.keys():
raise ValueError(_("Equivalence class for %s already exists") % target)
self.validate(target)
-@@ -1703,7 +1747,7 @@ class fcontextRecords(semanageRecords):
+@@ -1703,7 +1746,7 @@ class fcontextRecords(semanageRecords):
for fdict in (self.equiv, self.equiv_dist):
for i in fdict:
if i.startswith(target + "/"):
@@ -680467,12 +680711,12 @@ index 85bc37f..c78b6ef 100644
self.equiv[target] = substitute
self.equal_ind = True
-@@ -1748,12 +1792,18 @@ class fcontextRecords(semanageRecords):
+@@ -1748,12 +1791,18 @@ class fcontextRecords(semanageRecords):
for i in fdict:
if target.startswith(i+"/"):
t = re.sub(i, fdict[i], target)
- raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
-+ raise ValueError(_("File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' instead") % {"TARGET":target, "SOURCE": i, "DEST":fdict[i], "DEST1": t))
++ raise ValueError(_("File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' instead") % {"TARGET":target, "SOURCE": i, "DEST":fdict[i], "DEST1": t})
- def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
@@ -680488,7 +680732,7 @@ index 85bc37f..c78b6ef 100644
if is_mls_enabled == 1:
serange = untranslate(serange)
-@@ -1777,7 +1827,8 @@ class fcontextRecords(semanageRecords):
+@@ -1777,7 +1826,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -680498,7 +680742,16 @@ index 85bc37f..c78b6ef 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1966,11 +2017,11 @@ class fcontextRecords(semanageRecords):
+@@ -1932,7 +1982,7 @@ class fcontextRecords(semanageRecords):
+ self.__delete( target, ftype)
+ self.commit()
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ if locallist:
+ (rc, self.flist) = semanage_fcontext_list_local(self.sh)
+ else:
+@@ -1966,14 +2016,14 @@ class fcontextRecords(semanageRecords):
keys.sort()
for k in keys:
if fcon_dict[k]:
@@ -680511,17 +680764,30 @@ index 85bc37f..c78b6ef 100644
+ l.append("-a -e %s %s" % (self.equiv[target], target))
return l
- def list(self, heading = 1, locallist = 0 ):
-@@ -2068,7 +2119,7 @@ class booleanRecords(semanageRecords):
+- def list(self, heading = 1, locallist = 0 ):
++ def list(self, heading = True, locallist = False ):
+ fcon_dict = self.get_all(locallist)
+ keys = fcon_dict.keys()
+ if len(keys) != 0:
+@@ -2068,7 +2118,7 @@ class booleanRecords(semanageRecords):
try:
boolname, val = b.split("=")
except ValueError:
- raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
-+ raise ValueError(_("Bad format %(BOOLNAME)s: Record %(VALUE)s" % { "BOOLNAME": name, "VALUE": b) ))
++ raise ValueError(_("Bad format %(BOOLNAME)s: Record %(VALUE)s" % { "BOOLNAME": name, "VALUE": b } ))
self.__mod(boolname.strip(), val.strip())
fd.close()
else:
-@@ -2156,7 +2207,7 @@ class booleanRecords(semanageRecords):
+@@ -2118,7 +2168,7 @@ class booleanRecords(semanageRecords):
+
+ self.commit()
+
+- def get_all(self, locallist = 0):
++ def get_all(self, locallist = False):
+ ddict = {}
+ if locallist:
+ (rc, self.blist) = semanage_bool_list_local(self.sh)
+@@ -2156,7 +2206,7 @@ class booleanRecords(semanageRecords):
keys.sort()
for k in keys:
if ddict[k]:
@@ -682556,7 +682822,7 @@ index b25d3b2..2d61ad7 100755
sys.exit(0)
+
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..a6d9088 100644
+index 5e7415c..6152424 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -1,12 +1,15 @@
@@ -682576,7 +682842,7 @@ index 5e7415c..a6d9088 100644
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
try:
-@@ -37,16 +40,384 @@ CLASS = 'class'
+@@ -37,16 +40,385 @@ CLASS = 'class'
TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow'
@@ -682585,19 +682851,20 @@ index 5e7415c..a6d9088 100644
+ dict_list = _policy.info(setype, name)
+ return dict_list
+
-+def search(types, info = {} ):
++def search(types, info = {}):
++ seinfo = info
+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW]
-+ for type in types:
-+ if type not in valid_types:
++ for setype in types:
++ if setype not in valid_types:
+ raise ValueError("Type has to be in %s" % valid_types)
-+ info[type] = True
++ seinfo[setype] = True
+
+ perms = []
-+ if PERMS in info:
++ if PERMS in seinfo:
+ perms = info[PERMS]
-+ info[PERMS] = ",".join(info[PERMS])
++ seinfo[PERMS] = ",".join(seinfo[PERMS])
+
-+ dict_list = _policy.search(info)
++ dict_list = _policy.search(seinfo)
+ if dict_list and len(perms) != 0:
+ dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
+ return dict_list
@@ -682964,7 +683231,7 @@ index 5e7415c..a6d9088 100644
all_types = None
def get_all_types():
global all_types
-@@ -54,23 +425,31 @@ def get_all_types():
+@@ -54,23 +426,31 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE))
return all_types
@@ -683009,7 +683276,7 @@ index 5e7415c..a6d9088 100644
all_domains = []
types=get_all_types()
types.sort()
-@@ -81,138 +460,366 @@ def get_all_entrypoint_domains():
+@@ -81,138 +461,366 @@ def get_all_entrypoint_domains():
all_domains.append(m[0])
return all_domains
@@ -683460,7 +683727,7 @@ index 5e7415c..a6d9088 100644
def boolean_category(boolean):
booleans_dict = gen_bool_dict()
-@@ -233,18 +840,58 @@ def get_os_version():
+@@ -233,18 +841,58 @@ def get_os_version():
os_version = ""
pkg_name = "selinux-policy"
try:
@@ -687251,10 +687518,10 @@ index 0000000..344b3d7
+ - SELinux does not block access.
+
diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py
-index 8b063ca..c7dac62 100644
+index 8b063ca..53e4dc2 100644
--- a/policycoreutils/sepolicy/sepolicy/interface.py
+++ b/policycoreutils/sepolicy/sepolicy/interface.py
-@@ -21,15 +21,13 @@
+@@ -21,15 +21,12 @@
# 02111-1307 USA
#
#
@@ -687267,14 +687534,13 @@ index 8b063ca..c7dac62 100644
ADMIN_TRANSITION_INTERFACE = "_admin$"
USER_TRANSITION_INTERFACE = "_role$"
-from sepolicy.generate import get_all_types
-+import selinux
-__all__ = [ 'get', 'get_admin', 'get_user' ]
+__all__ = [ 'get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_user' ,'get_interface_dict', 'get_interface_format_text', 'get_interface_compile_format_text', 'get_xml_file', 'interface_compile_test' ]
##
## I18N
-@@ -48,34 +46,173 @@ except IOError:
+@@ -48,34 +45,173 @@ except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
@@ -687297,8 +687563,8 @@ index 8b063ca..c7dac62 100644
+def get_interfaces_from_xml(path):
+ """ Get all interfaces from given xml file"""
+ interfaces_list = []
-+ interface_dict = get_interface_dict(path)
-+ for k in interface_dict.keys():
++ idict = get_interface_dict(path)
++ for k in idict.keys():
+ interfaces_list.append(k)
+ return interfaces_list
+
@@ -687324,8 +687590,8 @@ index 8b063ca..c7dac62 100644
+ if path:
+ try:
+ xml_path = get_xml_file(path)
-+ interface_dict = get_interface_dict(xml_path)
-+ for k in interface_dict.keys():
++ idict = get_interface_dict(xml_path)
++ for k in idict.keys():
+ if k.endswith("_admin"):
+ admin_list.append(k)
+ except IOError, e:
@@ -687351,8 +687617,8 @@ index 8b063ca..c7dac62 100644
+ if path:
+ try:
+ xml_path = get_xml_file(path)
-+ interface_dict = get_interface_dict(xml_path)
-+ for k in interface_dict.keys():
++ idict = get_interface_dict(xml_path)
++ for k in idict.keys():
+ if k.endswith("_role"):
+ if (("%s_exec_t" % k[:-5]) in sepolicy.get_all_types()):
+ trans_list.append(k)
@@ -687411,8 +687677,8 @@ index 8b063ca..c7dac62 100644
+ return interface_dict
+
+def get_interface_format_text(interface,path = "/usr/share/selinux/devel/policy.xml"):
-+ interface_dict = get_interface_dict(path)
-+ interface_text = "%s(%s) %s" % (interface, ", ".join(interface_dict[interface][0]), " ".join(interface_dict[interface][1].split("\n")))
++ idict = get_interface_dict(path)
++ interface_text = "%s(%s) %s" % (interface, ", ".join(idict[interface][0]), " ".join(idict[interface][1].split("\n")))
+
+ return interface_text
+
@@ -687425,11 +687691,11 @@ index 8b063ca..c7dac62 100644
+
+ return interface_text
+
-+def generate_compile_te(interface, interface_dict, name="compiletest"):
++def generate_compile_te(interface, idict, name="compiletest"):
+ from templates import test_module
+ te = ""
+ te += re.sub("TEMPLATETYPE", name, test_module.te_test_module )
-+ te += get_interface_compile_format_text(interface_dict,interface)
++ te += get_interface_compile_format_text(idict,interface)
+
+ return te
+
@@ -687452,13 +687718,13 @@ index 8b063ca..c7dac62 100644
+
+ import commands, os
+ policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"}
-+ interface_dict = get_interface_dict(path)
++ idict = get_interface_dict(path)
+
-+ if not (interface.split("_")[0] in exclude_interfaces or interface_dict[interface][2] in exclude_interface_type):
++ if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
+ print(_("Compiling %s interface" % interface))
+ try:
+ fd = open(policy_files['te'], "w")
-+ fd.write(generate_compile_te(interface, interface_dict))
++ fd.write(generate_compile_te(interface, idict))
+ fd.close()
+ rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'] )
+ if rc != 0:
@@ -687466,7 +687732,7 @@ index 8b063ca..c7dac62 100644
+ sys.stderr.write(_("\nCompile test for %s failed.\n") % interface)
+
+ except EnvironmentError, e:
-+ sys.stderr.write(_("\nCompile test for %s has not run.\n") % interface)
++ sys.stderr.write(_("\nCompile test for %s has not run. %s\n") % (interface, e))
+ for v in policy_files.values():
+ if os.path.exists(v):
+ os.remove(v)
@@ -687958,10 +688224,15 @@ index 25062da..ba15b2c 100755
def _home_exec(self):
permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']})
diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
-index 66efe26..6a7dab7 100755
+index 66efe26..3a75d7c 100755
--- a/policycoreutils/sepolicy/sepolicy/network.py
+++ b/policycoreutils/sepolicy/sepolicy/network.py
-@@ -25,47 +25,22 @@ import sepolicy
+@@ -20,52 +20,26 @@
+ # 02111-1307 USA
+ #
+ #
+-import sys
+ import sepolicy
search=sepolicy.search
info=sepolicy.info
@@ -688011,7 +688282,7 @@ index 66efe26..6a7dab7 100755
for i in tlist:
if i == "ephemeral_port_type":
if "unreserved_port_type" in tlist:
-@@ -77,16 +52,18 @@ def get_network_connect(src, protocol, perm):
+@@ -77,16 +51,18 @@ def get_network_connect(src, protocol, perm):
if "port_t" in tlist:
continue
if i == "port_t":
@@ -688037,17 +688308,15 @@ index 66efe26..6a7dab7 100755
return d
diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py
new file mode 100644
-index 0000000..f40924d
+index 0000000..c6645ef
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/sedbus.py
-@@ -0,0 +1,60 @@
+@@ -0,0 +1,58 @@
+import sys
+import dbus
+import dbus.service
+import dbus.mainloop.glib
-+import slip.dbus.service
+from slip.dbus import polkit
-+import os
+
+class SELinuxDBus (object):
+ def __init__ (self):
@@ -694035,17 +694304,46 @@ index 79f3997..1ff9d2c 100644
')
"""
diff --git a/policycoreutils/sepolicy/sepolicy/transition.py b/policycoreutils/sepolicy/sepolicy/transition.py
-index 5850622..1688c97 100755
+index 5850622..11834c7 100755
--- a/policycoreutils/sepolicy/sepolicy/transition.py
+++ b/policycoreutils/sepolicy/sepolicy/transition.py
-@@ -60,12 +60,18 @@ class setrans:
+@@ -20,10 +20,9 @@
+ # 02111-1307 USA
+ #
+ #
+-import sepolicy, sys
++import sepolicy
+ search=sepolicy.search
+ info=sepolicy.info
+-_failedlist = []
+ __all__ = [ 'setrans', ]
+
+ def _entrypoint(src):
+@@ -32,11 +31,11 @@ def _entrypoint(src):
+
+
+ def _get_trans(src):
+- foundstr = ""
+ return search([sepolicy.TRANSITION],{sepolicy.SOURCE:src, sepolicy.CLASS:"process"})
+
+ class setrans:
+ def __init__(self, source, dest=None):
++ self.seen = []
+ self.sdict = {}
+ self.source=source
+ self.dest=dest
+@@ -58,19 +57,25 @@ class setrans:
+ for s in self.sdict[source]["child"]:
+ self._process(s)
- def out(self, name, seen=[], header=""):
+- def out(self, name, seen=[], header=""):
++ def out(self, name, header=""):
buf = ""
-+ boolean_text=""
- if name in seen:
+- if name in seen:
++ if name in self.seen:
return buf
- seen.append(name)
+- seen.append(name)
++ self.seen.append(name)
- for t in self.sdict[name]["map"]:
- buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"])
@@ -694059,6 +694357,13 @@ index 5850622..1688c97 100755
if "child" in self.sdict[name]:
for x in self.sdict[name]["child"]:
+- buf+= self.out(x, seen, "%s%s ... " % (header, name))
++ buf+= self.out(x, "%s%s ... " % (header, name))
+ return buf
+
+ def output(self):
++ self.seen = []
+ print self.out(self.source)
diff --git a/policycoreutils/sepolicy/setup.py b/policycoreutils/sepolicy/setup.py
index 1edb4fd..d8e2d64 100644
--- a/policycoreutils/sepolicy/setup.py
@@ -694238,7 +694543,7 @@ index 4b44b3c..98f4f7d 100644
LDLIBS = -lselinux -lsepol -L$(LIBDIR)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index a0e5415..7fe4166 100644
+index a0e5415..2a7cfa3 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -118,7 +118,7 @@ static int restore(FTSENT *ftsent, int recurse)
@@ -694250,6 +694555,15 @@ index a0e5415..7fe4166 100644
} else {
if (r_opts->nfile > 0) {
progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100;
+@@ -375,7 +375,7 @@ int process_glob(char *name, int recurse) {
+ size_t i = 0;
+ int errors;
+ memset(&globbuf, 0, sizeof(globbuf));
+- errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK, NULL, &globbuf);
++ errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK | GLOB_BRACE, NULL, &globbuf);
+ if (errors)
+ return errors;
+
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
index 57ae46a..406594b 100644
--- a/policycoreutils/setfiles/restore.h
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 99466be..2946949 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
-Release: 87%{?dist}
+Release: 88%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -344,6 +344,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
+* Wed Oct 16 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-88
+- Cleanup errors found by pychecker
+- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
+
* Fri Oct 11 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.14-87
- sepolicy gui
- mgrepl fixes for users and login
More information about the scm-commits
mailing list