Add --root/-r flag to sepolicy manpage,

- This allows us to generate man pages on the fly in the selinux-policy build
2013-02-20 16:48:51 +01:00 · 2013-02-20 16:48:51 +01:00 · 3234f310f1
parent 68cfa786ad
commit 3234f310f1
2 changed files with 259 additions and 12 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1335,11 +1335,144 @@ index 0000000..3ecf3eb
 +++ b/policycoreutils/sepolicy/sepolgen.8
@@ -0,0 +1 @@
 +.so man8/sepolicy-generate.8
+diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
+index 82fea52..29f9428 100644
+--- a/policycoreutils/sepolicy/sepolicy-bash-completion.sh
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
+@@ -81,7 +81,7 @@ _sepolicy () {
+                [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
+                [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize  -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newtype -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
+                [interface]='-h --help -a --list_admin" -u --list_user -l --list'
+-               [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
+               [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web -r --root'
+                [network]='-h --help -d --domain -l --list -p --port -t --type '
+                [transition]='-h --help -s --source -t --target'
+         )
+@@ -156,6 +156,10 @@ _sepolicy () {
+             if [ "$prev" = "-d" -o "$prev" = "--domain" ]; then
+                 COMPREPLY=( $(compgen -W "$( __get_all_domains ) " -- "$cur") )
+                 return 0
+            elif test "$prev" = "-r" || test "$prev" = "--root" ; then
+                COMPREPLY=( $( compgen -d -- "$cur") )
+                compopt -o filenames
+                return 0
+             elif [ "$prev" = "-o" -o "$prev" = "--os" ]; then
+                 return 0
+             elif test "$prev" = "-p" || test "$prev" = "--path" ; then
+diff --git a/policycoreutils/sepolicy/sepolicy-manpage.8 b/policycoreutils/sepolicy/sepolicy-manpage.8
+index b6abdf5..c05c943 100644
+--- a/policycoreutils/sepolicy/sepolicy-manpage.8
+++ b/policycoreutils/sepolicy/sepolicy-manpage.8
+@@ -5,7 +5,7 @@ sepolicy-manpage \- Generate a man page based on the installed SELinux Policy
+ .SH "SYNOPSIS"
+ 
+ .br
+-.B sepolicy manpage [\-w] [\-h] [\-p PATH ]  [\-a | \-d ]
+.B sepolicy manpage [\-w] [\-h] [\-p PATH ] [\-r ROOTDIR ] [\-a | \-d ]
+ 
+ .SH "DESCRIPTION"
+ Use sepolicy manpage to generate manpages based on SELinux Policy.
+@@ -24,6 +24,9 @@ Display help message
+ .I                \-p, \-\-path
+ Specify the directory to store the created man pages. (Default to /tmp)
+ .TP
+.I                \-r, \-\-root
+Specify alternate root directory to generate man pages from. (Default to /)
+.TP
+ .I                \-w, \-\-web
+ Generate an additional HTML man pages for the specified domain(s).
+ 
 diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
-index b25d3b2..e120959 100755
+index b25d3b2..7a15d88 100755
 --- a/policycoreutils/sepolicy/sepolicy.py
 +++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -461,7 +461,10 @@ if __name__ == '__main__':
+@@ -22,6 +22,8 @@
+ #
+ #
+ import os, sys
+import selinux
+import sepolicy
+ from sepolicy import get_os_version
+ import argparse
+ import gettext
+@@ -198,44 +200,44 @@ def network(args):
+                 _print_net(d, net, "name_bind")
+ 
+ def manpage(args):
+-    from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
+    from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains, get_all_domains
+ 
+     path = args.path
+-    if args.policy:
+-        for f in ( "policy.xml", "file_context", "file_context.homedirs"):
+-            if not os.path.exists(path + f):
+-                raise ValueError("manpage creation with alternate policy requires the %s file exist" % (path + f))
+-
+    if not args.policy and args.root != "/":
+        sepolicy.policy(sepolicy.get_installed_policy(args.root))
+        
+     if args.all:
+         test_domains = gen_domains()
+     else:
+         test_domains = args.domain
+ 
+     for domain in test_domains:
+-        m = ManPage(domain, path, args.web)
+        m = ManPage(domain, path, args.root, args.web)
+         print m.get_man_page_path()
+ 
+     if args.web:
+         HTMLManPages(manpage_roles, manpage_domains, path, args.os)
+ 
+ def gen_manpage_args(parser):
+-        man = parser.add_parser("manpage",
+-                                   help=_('Generate SELinux man pages'))
+-
+-        man.add_argument("-p", "--path", dest="path", default="/tmp",
+-                         help=_("path in which the generated SELinux man pages will be stored"))
+-        man.add_argument("-o", "--os", dest="os", default=get_os_version(),
+-                         help=_("name of the OS for man pages"))
+-        man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
+-                                help=_("Generate HTML man pages structure for selected SELinux man page"))
+-        group = man.add_mutually_exclusive_group(required=True)
+-        group.add_argument("-a", "--all", dest="all", default=False,
+-                           action="store_true",
+-                           help=_("All domains"))
+-        group.add_argument("-d", "--domain", nargs="+",
+-                           action=CheckDomain,
+-                           help=_("Domain name(s) of man pages to be created"))
+-        man.set_defaults(func=manpage)
+    man = parser.add_parser("manpage",
+                            help=_('Generate SELinux man pages'))
+
+    man.add_argument("-p", "--path", dest="path", default="/tmp",
+                     help=_("path in which the generated SELinux man pages will be stored"))
+    man.add_argument("-o", "--os", dest="os", default=get_os_version(),
+                     help=_("name of the OS for man pages"))
+    man.add_argument("-w", "--web", dest="web", default=False, action="store_true",
+                     help=_("Generate HTML man pages structure for selected SELinux man page"))
+    man.add_argument("-r", "--root", dest="root", default="/",
+                     help=_("Alternate root directory, defaults to /"))
+    group = man.add_mutually_exclusive_group(required=True)
+    group.add_argument("-a", "--all", dest="all", default=False,
+                       action="store_true",
+                       help=_("All domains"))
+    group.add_argument("-d", "--domain", nargs="+",
+                       action=CheckDomain,
+                       help=_("Domain name(s) of man pages to be created"))
+    man.set_defaults(func=manpage)
+ 
+ def gen_network_args(parser):
+         net = parser.add_parser("network",
+@@ -283,7 +285,6 @@ def gen_communicate_args(parser):
+     comm.set_defaults(func=communicate)
+ 
+ def booleans(args):
+-    import selinux
+     from sepolicy import boolean_desc
+     if args.all:
+         rc, args.booleans = selinux.security_get_boolean_names()
+@@ -461,7 +462,10 @@ if __name__ == '__main__':
     gen_transition_args(subparsers)
 
     try:
@ -1352,13 +1485,14 @@ index b25d3b2..e120959 100755
         sys.exit(0)
     except ValueError,e:
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..1d77fa9 100644
+index 5e7415c..10abeec 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
-@@ -37,6 +37,27 @@ CLASS = 'class'
+@@ -37,9 +37,30 @@ CLASS = 'class'
 TRANSITION = 'transition'
 ROLE_ALLOW = 'role_allow'
 
+-def __get_installed_policy():
 +def info(setype, name=None):
 +    dict_list = _policy.info(setype, name)
 +    return dict_list
@ -1380,10 +1514,47 @@ index 5e7415c..1d77fa9 100644
 +        dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list)
 +    return dict_list
 +
- def __get_installed_policy():
+def get_installed_policy(root = "/"):
     try:
-         path = selinux.selinux_binary_policy_path()
-@@ -145,43 +166,19 @@ def policy(policy_file):
+-        path = selinux.selinux_binary_policy_path()
+        path = root + selinux.selinux_binary_policy_path()
+         policies = glob.glob ("%s.*" % path )
+         policies.sort()
+         return policies[-1]
+@@ -85,7 +106,7 @@ all_domains = None
+ def get_all_domains():
+ 	global all_domains
+ 	if not all_domains:
+-		all_domains = info(ATTRIBUTE,"domain")[0]["types"]
+            all_domains = info(ATTRIBUTE,"domain")[0]["types"]
+ 	return all_domains
+ 
+ roles = None
+@@ -139,49 +160,43 @@ def get_all_attributes():
+ 	return all_attributes
+ 
+ def policy(policy_file):
+    global all_domains
+    global all_attributes
+    global bools
+    global all_types
+    global role_allows
+    global users
+    global roles
+    global file_types
+    global port_types
+    all_domains = None
+    all_attributes = None
+    bools = None 
+    all_types = None 
+    role_allows = None 
+    users = None 
+    roles = None 
+    file_types = None 
+    port_types = None 
+     try:
+         _policy.policy(policy_file)
+     except:
         raise ValueError(_("Failed to read %s policy file") % policy_file)
 
 
@ -1391,7 +1562,7 @@ index 5e7415c..1d77fa9 100644
 -if not policy_file:
 -    policy_file = __get_installed_policy()
 -
-+policy_file = __get_installed_policy()
+policy_file = get_installed_policy()
 try:
     policy(policy_file)
 except ValueError, e:
@ -1429,10 +1600,15 @@ index 5e7415c..1d77fa9 100644
 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
         global booleans_dict
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..def78e9 100755
+index 25062da..da17c48 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
-@@ -28,7 +28,7 @@ import string
+@@ -24,11 +24,12 @@
+ #
+ __all__ = [ 'ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains' ]
+ 
+from sepolicy import network
+ import string
 import argparse
 import selinux
 import sepolicy
@ -1441,7 +1617,65 @@ index 25062da..def78e9 100755
 
 import commands
 import sys, os, re, time
-@@ -947,13 +947,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+@@ -416,40 +417,33 @@ class ManPage:
+     """
+ 	Generate a Manpage on an SELinux domain in the specified path
+     """
+-    all_attributes = get_all_attributes()
+-    all_domains = get_all_domains()
+-    all_bools = get_all_bools()
+-    all_port_types = get_all_port_types()
+-    all_roles = get_all_roles()
+-    all_users = get_all_users_info()[0]
+-    all_users_range = get_all_users_info()[1]
+-    all_file_types = get_all_file_types()
+-    types = _gen_types()
+     modules_dict = None
+-    domains = gen_domains()
+-    role_allows = get_all_role_allows()
+     enabled_str = ["Disabled", "Enabled"]
+ 
+-    def __init__(self, domainname, path = "/tmp", html = False):
+    def __init__(self, domainname, path = "/tmp", root="/", html = False):
+ 	self.html = html
+	self.root = root
+ 	self.portrecs = network.portrecs
+-
+-	fcpath = path + "/file_contexts"
+-	if os.path.exists(fcpath):
+-		self.fcpath = fcpath
+-	else:
+-		self.fcpath = selinux.selinux_file_context_path()
+	self.domains = gen_domains()
+	self.all_domains = get_all_domains()
+	self.all_attributes = get_all_attributes()
+	self.all_bools = get_all_bools()
+	self.all_port_types = get_all_port_types()
+	self.all_roles = get_all_roles()
+	self.all_users = get_all_users_info()[0]
+	self.all_users_range = get_all_users_info()[1]
+	self.all_file_types = get_all_file_types()
+	self.role_allows = get_all_role_allows()
+	self.types = _gen_types()
+
+	self.fcpath = self.root + selinux.selinux_file_context_path()
+ 	self.fcdict = _gen_fcdict(self.fcpath)
+ 
+ 	if not os.path.exists(path):
+ 		os.makedirs(path)
+-	self.path = path
+ 
+-	xmlpath = path + "/policy.xml"
+-	if os.path.exists(xmlpath):
+-		self.xmlpath = xmlpath
+-	else:
+-		self.xmlpath = "/usr/share/selinux/devel/policy.xml"
+	self.path = path
+	self.xmlpath = self.root + "/usr/share/selinux/devel/policy.xml"
+ 	self.booleans_dict = gen_bool_dict(self.xmlpath)
+ 
+ 	if domainname.endswith("_t"):
+@@ -947,13 +941,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
 .B restorecon -F -R -v /var/%(domainname)s
 .pp
 .TP
@ -1458,6 +1692,14 @@ index 25062da..def78e9 100755
 """  % {'domainname':self.domainname})
 	    for b in self.anon_list:
 		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
+@@ -1230,6 +1225,7 @@ The SELinux user %s_u is not able to terminal login.
+ """ % self.domainname)
+ 
+     def _network(self):
+        from sepolicy import network
+ 	self.fd.write("""
+ .SH NETWORK
+ """)
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
 index 80b6d6e..07c5ee2 100644
 --- a/policycoreutils/setfiles/restorecon.8
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -326,6 +326,11 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Wed Feb 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-7
+- Add --root/-r flag to sepolicy manpage,
+- This allows us to generate man pages on the fly in the selinux-policy build
+
+
 * Mon Feb 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-6
 - Fix newrole to retain cap_audit_write when compiled with namespace, also
 do not drop capabilities when run as root.