rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update sepolicy gui code, cleanups and add file transition tab 

- Fix semanage fcontext -a --ftype code to work.
This commit is contained in:
Dan Walsh 2013-08-15 10:14:40 -04:00
parent 02d8b93ce5
commit 05a4073c77
2 changed files with 53 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
policycoreutils-rhat.patch
View File

@ -509801,7 +509801,7 @@ index 6c30734..f6b4b9a 100644
will try reading a context from stdin, if that is not a tty, otherwise
.B secon
diff --git a/policycoreutils/semanage/Makefile b/policycoreutils/semanage/Makefile
index 24d6a21..6624f03 100644
index 24d6a21..d3aff45 100644
--- a/policycoreutils/semanage/Makefile
+++ b/policycoreutils/semanage/Makefile
@@ -5,7 +5,7 @@ SBINDIR ?= $(PREFIX)/sbin
@ -509813,7 +509813,7 @@ index 24d6a21..6624f03 100644
TARGETS=semanage
@@ -17,11 +17,11 @@ install: all
@@ -17,12 +17,14 @@ install: all
[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
-mkdir -p $(SBINDIR)
install -m 755 semanage $(SBINDIR)
@ -509825,8 +509825,11 @@ index 24d6a21..6624f03 100644
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage
+test:
+ @python test-semanage.py -v
clean:
indent:
diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile
new file mode 100644
index 0000000..e15a877
@ -512449,10 +512452,10 @@ index 28a9022..90b142e 100644
+usage: semanage [-h]
+
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 85bc37f..5c9e83b 100644
index 85bc37f..f2981c0 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -32,30 +32,29 @@ from IPy import IP
@@ -32,32 +32,47 @@ from IPy import IP
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@ -512469,33 +512472,44 @@ index 85bc37f..5c9e83b 100644
import syslog
file_types = {}
-file_types[""] = SEMANAGE_FCONTEXT_ALL;
+file_types["a"] = SEMANAGE_FCONTEXT_ALL;
file_types[""] = SEMANAGE_FCONTEXT_ALL;
file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
-file_types["--"] = SEMANAGE_FCONTEXT_REG;
+file_types["f"] = SEMANAGE_FCONTEXT_REG;
+file_types["a"] = SEMANAGE_FCONTEXT_ALL;
file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
-file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
+file_types["d"] = SEMANAGE_FCONTEXT_DIR;
+file_types["--"] = SEMANAGE_FCONTEXT_REG;
+file_types["f"] = SEMANAGE_FCONTEXT_REG;
file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
-file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR;
+file_types["d"] = SEMANAGE_FCONTEXT_DIR;
file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
-file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK;
+file_types["c"] = SEMANAGE_FCONTEXT_CHAR;
file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
-file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK;
+file_types["b"] = SEMANAGE_FCONTEXT_BLOCK;
file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
-file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
+file_types["s"] = SEMANAGE_FCONTEXT_SOCK;
file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
+file_types["l"] = SEMANAGE_FCONTEXT_LINK;
file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
-file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
+file_types["p"] = SEMANAGE_FCONTEXT_PIPE;
file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
+file_type_str_to_option = { "all files": "a",
+ "regular file":"f",
+ "directory":"d",
+ "character device":"c",
+ "block device":"b",
+ "socket file":"s",
+ "symbolic link":"l",
+ "named pipe":"p" }
try:
@@ -89,7 +88,7 @@ except:
import audit
class logger:
@@ -89,7 +104,7 @@ except:
self.log_list=[]
def log(self, msg, name = "", sename = "", serole = "", serange = "", oldsename = "", oldserole = "", oldserange = ""):
@ -512504,7 +512518,7 @@ index 85bc37f..5c9e83b 100644
if sename != "":
message += " sename=" + sename
if oldsename != "":
@@ -285,6 +284,8 @@ class moduleRecords(semanageRecords):
@@ -285,6 +300,8 @@ class moduleRecords(semanageRecords):
print "%-25s%-10s%s" % (t[0], t[1], disabled)
def add(self, file):
@ -512513,7 +512527,7 @@ index 85bc37f..5c9e83b 100644
rc = semanage_module_install_file(self.sh, file);
if rc >= 0:
self.commit()
@@ -461,7 +462,9 @@ class loginRecords(semanageRecords):
@@ -461,7 +478,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@ -512524,7 +512538,7 @@ index 85bc37f..5c9e83b 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
@@ -731,7 +734,8 @@ class seluserRecords(semanageRecords):
@@ -731,7 +750,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@ -512534,7 +512548,7 @@ index 85bc37f..5c9e83b 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
@@ -999,8 +1003,10 @@ class portRecords(semanageRecords):
@@ -999,8 +1019,10 @@ class portRecords(semanageRecords):
raise ValueError(_("Type %s is invalid, must be a port type") % type)
( k, proto_d, low, high ) = self.__genkey(port, proto)
@ -512547,7 +512561,7 @@ index 85bc37f..5c9e83b 100644
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if exists:
@@ -1274,7 +1280,8 @@ class nodeRecords(semanageRecords):
@@ -1274,7 +1296,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@ -512557,7 +512571,7 @@ index 85bc37f..5c9e83b 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
@@ -1475,7 +1482,8 @@ class interfaceRecords(semanageRecords):
@@ -1475,7 +1498,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@ -512567,7 +512581,7 @@ index 85bc37f..5c9e83b 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
@@ -1643,6 +1651,7 @@ class fcontextRecords(semanageRecords):
@@ -1643,6 +1667,7 @@ class fcontextRecords(semanageRecords):
try:
valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
@ -512575,7 +512589,7 @@ index 85bc37f..5c9e83b 100644
except RuntimeError:
valid_types = []
@@ -1751,9 +1760,15 @@ class fcontextRecords(semanageRecords):
@@ -1751,9 +1776,15 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
@ -512592,7 +512606,7 @@ index 85bc37f..5c9e83b 100644
if is_mls_enabled == 1:
serange = untranslate(serange)
@@ -1777,7 +1792,8 @@ class fcontextRecords(semanageRecords):
@@ -1777,7 +1808,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@ -512602,7 +512616,12 @@ index 85bc37f..5c9e83b 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
@@ -1970,7 +1986,7 @@ class fcontextRecords(semanageRecords):
@@ -1966,11 +1998,11 @@ class fcontextRecords(semanageRecords):
keys.sort()
for k in keys:
if fcon_dict[k]:
- l.append("-a -f '%s' -t %s '%s'" % (k[1], fcon_dict[k][2], k[0]))
+ l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
if len(self.equiv):
for target in self.equiv.keys():
@ -512611,7 +512630,7 @@ index 85bc37f..5c9e83b 100644
return l
def list(self, heading = 1, locallist = 0 ):
@@ -2156,7 +2172,7 @@ class booleanRecords(semanageRecords):
@@ -2156,7 +2188,7 @@ class booleanRecords(semanageRecords):
keys.sort()
for k in keys:
if ddict[k]:

9
policycoreutils.spec
View File

@ -128,7 +128,7 @@ an SELinux environment.
%{python_sitearch}/sepolicy/network.py*
%{python_sitearch}/sepolicy/transition.py*
%{python_sitearch}/sepolicy/sedbus.py*
%{_sysconfdir}/dbus-1/system.d/org.fedoraproject.selinux.conf
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{python_sitearch}/%{name}*.egg-info
%{python_sitearch}/sepolicy*.egg-info
%{python_sitearch}/%{name}
@ -139,8 +139,9 @@ an SELinux environment.
%{_mandir}/man8/semanage*.8*
%{_mandir}/ru/man8/semanage.8*
%{_datadir}/system-config-selinux/selinux_server.py
%{_datadir}/dbus-1/system/org.fedoraproject.selinux.service
%{_datadir}/polkit-1/actions/org.fedoraproject.selinux.policy
%{_datadir}/dbus-1/system-services/org.selinux.service
%{_datadir}/polkit-1/actions/org.selinux.policy
%{_datadir}/polkit-1/actions/org.fedoraproject.config.selinux.policy
%{_datadir}/bash-completion/completions/semanage
%{_datadir}/bash-completion/completions/setsebool
@ -229,7 +230,7 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/applications/selinux-polgengui.desktop
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
%{_datadir}/pixmaps/system-config-selinux.png
%{_datadir}/polkit-1/actions/org.fedoraproject.config.selinux.policy
%{_datadir}/polkit-1/actions/org.selinux.policy
%dir %{_datadir}/system-config-selinux
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*.py*