rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to upstream 

* Properly build the swig exception file from Laurent Bigonville.
	* Fix man pages from Laurent Bigonville.
	* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
	* Fix LDFLAGS usage from Laurent Bigonville.
	* Fix init_policy warning from Laurent Bigonville.
	* Fix semanage logging from Laurent Bigonville.
	* Open newrole stdin as read/write from Sven Vermeulen.
	* Fix sepolicy transition from Sven Vermeulen.
	* Support overriding CFLAGS from Simon Ruderich.
	* Create correct man directory for run_init from Russell Coker.
	* restorecon GLOB_BRACE change from Michal Trunecka.
	* Extend audit2why to report additional constraint information.
	* Catch IOError errors within audit2allow from Dan Walsh.
	* semanage export/import fixes from Dan Walsh.
	* Improve setfiles progress reporting from Dan Walsh.
	* Document setfiles -o option in usage from Dan Walsh.
	* Change setfiles to always return -1 on failure from Dan Walsh.
	* Improve setsebool error r eporting from Dan Walsh.
	* Major overhaul of gui from Dan Walsh.
	* Fix sepolicy handling of non-MLS policy from Dan Walsh.
	* Support returning type aliases from Dan Walsh.
	* Add sepolicy tests from Dan Walsh.
	* Add org.selinux.config.policy from Dan Walsh.
	* Improve range and user input checking by semanage from Dan Walsh.
	* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
	* Allow use of <<none>> for semanage fcontext from Dan Walsh.
        * Report customized user levels from Dan Walsh.
	* Support deleteall for restoring disabled modules from Dan Walsh.
	* Improve semanage error reporting from Dan Walsh.
	* Only list disabled modules for module locallist from Dan Walsh.
	* Fix logging from Dan Walsh.
	* Define new constants for file type character codes from Dan Walsh.
	* Improve bash completions from Dan Walsh.
	* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
	* Add semanage tests from Dan Walsh.
	* Split semanage man pages from Dan Walsh.
	* Move bash completion scripts from Dan Walsh.
	* Replace genhomedircon script with a link to semodule from Dan Walsh.
	* Fix fixfiles from Dan Walsh.
	* Add support for systemd service for restorecon from Dan Walsh.
	* Spelling corrections from Dan Walsh.
	* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
	* Switch sandbox to openbox window manager from Dan Walsh.
	* Coalesce audit2why and audit2allow from Dan Walsh.
	* Change audit2allow to append to output file from Dan Walsh.
	* Update translations from Dan Walsh.
	* Change audit2why to use selinux_current_policy_path from Dan Walsh.
This commit is contained in:
Dan Walsh 2013-10-31 10:06:05 -04:00
parent 256317fccc
commit 2b7d10b4f0
5 changed files with 192039 additions and 626442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

818244
policycoreutils-rhat.patch
View File

File diff suppressed because it is too large Load Diff

144
policycoreutils-sepolgen.patch
View File

@ -1,131 +1,13 @@
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index d636091..56919be 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -259,13 +259,13 @@ class AVCMessage(AuditMessage):
raise ValueError("Error during access vector computation")
if self.type == audit2why.CONSTRAINT:
- self.data = []
+ self.data = [ self.data ]
if self.scontext.user != self.tcontext.user:
- self.data.append("user")
+ self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user))
if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
- self.data.append("role")
+ self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role))
if self.scontext.level != self.tcontext.level:
- self.data.append("level")
+ self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level))
avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index cc9f8ea..ce643e5 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -161,21 +161,21 @@ class PolicyGenerator:
if self.explain:
rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
if av.type == audit2why.ALLOW:
- rule.comment += "#!!!! This avc is allowed in the current policy\n"
+ rule.comment += "\n#!!!! This avc is allowed in the current policy"
if av.type == audit2why.DONTAUDIT:
- rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
+ rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy"
if av.type == audit2why.BOOLEAN:
if len(av.data) > 1:
- rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: x[0], av.data))
+ rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join(map(lambda x: x[0], av.data))
else:
- rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
+ rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0]
if av.type == audit2why.CONSTRAINT:
- rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
- rule.comment += "#Constraint rule: "
- for reason in av.data:
- rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason
+ rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
+ rule.comment += "#Constraint rule: \n\t" + av.data[0]
+ for reason in av.data[1:]:
+ rule.comment += "#\tPossible cause is the source %s and target %s are different." % reason
try:
if ( av.type == audit2why.TERULE and
@@ -189,9 +189,9 @@ class PolicyGenerator:
if i not in self.domains:
types.append(i)
if len(types) == 1:
- rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
elif len(types) >= 1:
- rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
except:
pass
self.module.children.append(rule)
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
index 7b76261..a05d9d1 100644
--- a/sepolgen/src/sepolgen/refparser.py
+++ b/sepolgen/src/sepolgen/refparser.py
@@ -65,6 +65,7 @@ tokens = (
'BAR',
'EXPL',
'EQUAL',
+ 'FILENAME',
'IDENTIFIER',
'NUMBER',
'PATH',
@@ -249,11 +250,17 @@ def t_refpolicywarn(t):
t.lexer.lineno += 1
def t_IDENTIFIER(t):
- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*'
+ r'[a-zA-Z_\$][a-zA-Z0-9_\-\+\.\$\*~]*'
# Handle any keywords
t.type = reserved.get(t.value,'IDENTIFIER')
return t
+def t_FILENAME(t):
+ r'\"[a-zA-Z0-9_\-\+\.\$\*~ :]+\"'
+ # Handle any keywords
+ t.type = reserved.get(t.value,'FILENAME')
+ return t
+
def t_comment(t):
r'\#.*\n'
# Ignore all comments
@@ -450,6 +457,7 @@ def p_interface_call_param(p):
| nested_id_set
| TRUE
| FALSE
+ | FILENAME
'''
# Intentionally let single identifiers pass through
# List means set, non-list identifier
@@ -461,6 +469,7 @@ def p_interface_call_param(p):
def p_interface_call_param_list(p):
'''interface_call_param_list : interface_call_param
| interface_call_param_list COMMA interface_call_param
+ | interface_call_param_list COMMA interface_call_param COMMA interface_call_param_list
'''
if len(p) == 2:
p[0] = [p[1]]
@@ -787,6 +796,7 @@ def p_avrule_def(p):
def p_typerule_def(p):
'''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
+ | TYPE_TRANSITION names names COLON names IDENTIFIER FILENAME SEMI
| TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
| TYPE_CHANGE names names COLON names IDENTIFIER SEMI
| TYPE_MEMBER names names COLON names IDENTIFIER SEMI
@@ -800,6 +810,7 @@ def p_typerule_def(p):
t.tgt_types = p[3]
t.obj_classes = p[5]
t.dest_type = p[6]
+ t.file_name = p[7]
p[0] = t
def p_bool(p):
diff --git a/sepolgen/src/sepolgen/interfaces.py b/sepolgen/src/sepolgen/interfaces.py
index 3258684..88a6dc3 100644
--- a/sepolgen/src/sepolgen/interfaces.py
+++ b/sepolgen/src/sepolgen/interfaces.py
@@ -276,7 +276,7 @@ class InterfaceVector:
if attributes:
for typeattribute in interface.typeattributes():
for attr in typeattribute.attributes:
- if not attributes.has_key(attr):
+ if not attributes.attributes.has_key(attr):
# print "missing attribute " + attr
continue
attr_vec = attributes.attributes[attr]

30
policycoreutils-sepolicy-manpage.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
index 09066d9..1765b1c 100755
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -135,7 +135,7 @@ def prettyprint(f,trim):
manpage_domains = []
manpage_roles = []
-fedora_releases = ["Fedora17","Fedora18"]
+fedora_releases = ["Fedora17","Fedora18","Fedora19","Fedora20"]
rhel_releases = ["RHEL6","RHEL7"]
def get_alphabet_manpages(manpage_list):
@@ -152,14 +152,14 @@ def get_alphabet_manpages(manpage_list):
def convert_manpage_to_html(html_manpage,manpage):
try:
- subprocess.check_output("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage,
+ man_page = subprocess.check_output("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage,
stderr=subprocess.STDOUT,
shell=True)
except subprocess.CalledProcessError as e:
sys.stderr.write(e.output)
return
fd = open(html_manpage,'w')
- fd.write(output)
+ fd.write(man_page)
fd.close()
print(html_manpage)

59
policycoreutils.spec
View File

@ -2,12 +2,12 @@
%global libsepolver 2.1.9-1
%global libsemanagever 2.1.10-1
%global libselinuxver 2.1.13-1
%global sepolgenver 1.1.9
%global sepolgenver 1.2
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
Release: 88%{?dist}
Version: 2.2
Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -344,6 +344,59 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
- Update to upstream
* Properly build the swig exception file from Laurent Bigonville.
* Fix man pages from Laurent Bigonville.
* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
* Fix LDFLAGS usage from Laurent Bigonville.
* Fix init_policy warning from Laurent Bigonville.
* Fix semanage logging from Laurent Bigonville.
* Open newrole stdin as read/write from Sven Vermeulen.
* Fix sepolicy transition from Sven Vermeulen.
* Support overriding CFLAGS from Simon Ruderich.
* Create correct man directory for run_init from Russell Coker.
* restorecon GLOB_BRACE change from Michal Trunecka.
* Extend audit2why to report additional constraint information.
* Catch IOError errors within audit2allow from Dan Walsh.
* semanage export/import fixes from Dan Walsh.
* Improve setfiles progress reporting from Dan Walsh.
* Document setfiles -o option in usage from Dan Walsh.
* Change setfiles to always return -1 on failure from Dan Walsh.
* Improve setsebool error r eporting from Dan Walsh.
* Major overhaul of gui from Dan Walsh.
* Fix sepolicy handling of non-MLS policy from Dan Walsh.
* Support returning type aliases from Dan Walsh.
* Add sepolicy tests from Dan Walsh.
* Add org.selinux.config.policy from Dan Walsh.
* Improve range and user input checking by semanage from Dan Walsh.
* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
* Allow use of <<none>> for semanage fcontext from Dan Walsh.
* Report customized user levels from Dan Walsh.
* Support deleteall for restoring disabled modules from Dan Walsh.
* Improve semanage error reporting from Dan Walsh.
* Only list disabled modules for module locallist from Dan Walsh.
* Fix logging from Dan Walsh.
* Define new constants for file type character codes from Dan Walsh.
* Improve bash completions from Dan Walsh.
* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
* Add semanage tests from Dan Walsh.
* Split semanage man pages from Dan Walsh.
* Move bash completion scripts from Dan Walsh.
* Replace genhomedircon script with a link to semodule from Dan Walsh.
* Fix fixfiles from Dan Walsh.
* Add support for systemd service for restorecon from Dan Walsh.
* Spelling corrections from Dan Walsh.
* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
* Switch sandbox to openbox window manager from Dan Walsh.
* Coalesce audit2why and audit2allow from Dan Walsh.
* Change audit2allow to append to output file from Dan Walsh.
* Update translations from Dan Walsh.
* Change audit2why to use selinux_current_policy_path from Dan Walsh.
* Fri Oct 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-89
- Fix handling of man pages.
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-88
- Cleanup errors found by pychecker
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs

4
sources
View File

@ -1,3 +1,3 @@
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
22cb999c28b40b59a9d6b11824480ab8 policycoreutils-2.1.14.tgz
960f29b498ba7efaa3aeb5e3796a1ba3 sepolgen-1.1.9.tgz
12a573b3e0e40c932a8b08baf7105d4c sepolgen-1.2.tgz
220ac2cb43d6f8882de22d7f6b65545e policycoreutils-2.2.tgz