rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

policycoreutils-2.7-15 

- sepolicy: Fix translated strings with parameters
- sepolicy: Support non-MLS policy
- sepolicy: Initialize policy.ports as a dict in generate.py
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
- Minor update for bash completion
- semodule_package: fix semodule_unpackage man page
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
- gui/fcontextPage: Set default object class in addDialog\
- sepolgen: fix typo in PolicyGenerator
- build: follow standard semantics for DESTDIR and PREFIX
This commit is contained in:
Petr Lautrbach 2018-03-13 14:43:27 +01:00
parent 3b55d7f197
commit 38ab1da754
8 changed files with 1166 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

424
policycoreutils-fedora.patch
View File

@ -1,3 +1,65 @@
diff --git policycoreutils-2.7/hll/pp/Makefile policycoreutils-2.7/hll/pp/Makefile
index 3401dcc..fc8d3c4 100644
--- policycoreutils-2.7/hll/pp/Makefile
+++ policycoreutils-2.7/hll/pp/Makefile
@@ -1,8 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
LIBEXECDIR ?= $(PREFIX)/libexec
HLLDIR ?= $(LIBEXECDIR)/selinux/hll
@@ -21,8 +18,8 @@ pp: $(PP_OBJS)
$(CC) $(CFLAGS) -c -o $@ $^
install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)
relabel:
diff --git policycoreutils-2.7/load_policy/Makefile policycoreutils-2.7/load_policy/Makefile
index b85833c..568d5d4 100644
--- policycoreutils-2.7/load_policy/Makefile
+++ policycoreutils-2.7/load_policy/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale
CFLAGS ?= -Werror -Wall -W
override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
@@ -13,10 +13,10 @@ TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
clean:
-rm -f $(TARGETS) *.o
@@ -25,4 +25,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel:
- /sbin/restorecon $(SBINDIR)/load_policy
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff --git policycoreutils-2.7/load_policy/load_policy.8 policycoreutils-2.7/load_policy/load_policy.8
index 5f5550d..0810995 100644
--- policycoreutils-2.7/load_policy/load_policy.8
@ -8,6 +70,76 @@ index 5f5550d..0810995 100644
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
-The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
+The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
diff --git policycoreutils-2.7/man/Makefile policycoreutils-2.7/man/Makefile
index 0d91cd4..8af1520 100644
--- policycoreutils-2.7/man/Makefile
+++ policycoreutils-2.7/man/Makefile
@@ -1,12 +1,13 @@
# Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+PREFIX ?= /usr
+MAN5DIR ?= $(PREFIX)/share/man/man5
all:
clean:
install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
relabel:
diff --git policycoreutils-2.7/newrole/Makefile policycoreutils-2.7/newrole/Makefile
index 196af92..a1bfe1a 100644
--- policycoreutils-2.7/newrole/Makefile
+++ policycoreutils-2.7/newrole/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+ETCDIR ?= /etc
+LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
# Enable capabilities to permit newrole to generate audit records.
@@ -61,17 +61,17 @@ newrole: newrole.o $(EXTRA_OBJS)
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
- test -d $(BINDIR) || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR) || install -m 755 -d $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
endif
endif
@@ -82,4 +82,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git policycoreutils-2.7/newrole/hashtab.c policycoreutils-2.7/newrole/hashtab.c
index 77ed143..24c65c4 100644
--- policycoreutils-2.7/newrole/hashtab.c
@ -30,6 +162,112 @@ index 9f737df..3790f0a 100644
/* FLASK */
diff --git policycoreutils-2.7/po/Makefile policycoreutils-2.7/po/Makefile
index 5814861..575e143 100644
--- policycoreutils-2.7/po/Makefile
+++ policycoreutils-2.7/po/Makefile
@@ -2,6 +2,7 @@
# Makefile for the PO files (translation) catalog
#
+PREFIX ?= /usr
TOP = ../..
# What is this package?
@@ -12,7 +13,7 @@ INSTALL_DATA = $(INSTALL) -m 644
INSTALL_DIR = /usr/bin/install -d
# destination directory
-INSTALL_NLS_DIR = $(DESTDIR)/usr/share/locale
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
# PO catalog handling
MSGMERGE = msgmerge
@@ -128,8 +129,8 @@ clean:
install: $(MOFILES)
@for n in $(MOFILES); do \
l=`basename $$n .mo`; \
- $(INSTALL_DIR) $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
- $(INSTALL_DATA) --verbose $$n $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \
done
%.mo: %.po
diff --git policycoreutils-2.7/run_init/Makefile policycoreutils-2.7/run_init/Makefile
index 921f0b0..1d5de57 100644
--- policycoreutils-2.7/run_init/Makefile
+++ policycoreutils-2.7/run_init/Makefile
@@ -1,10 +1,10 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+ETCDIR ?= /etc
+LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@ open_init_pty: open_init_pty.c
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd $(DESTDIR)$(ETCDIR)/pam.d/run_init
endif
clean:
@@ -49,4 +49,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init $(DESTDIR)$(SBINDIR)/open_init_pty
diff --git policycoreutils-2.7/scripts/Makefile policycoreutils-2.7/scripts/Makefile
index d9e86ff..afe5dc4 100644
--- policycoreutils-2.7/scripts/Makefile
+++ policycoreutils-2.7/scripts/Makefile
@@ -1,17 +1,16 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= $(PREFIX)/share/locale
.PHONY: all
all: fixfiles
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
clean:
diff --git policycoreutils-2.7/scripts/fixfiles policycoreutils-2.7/scripts/fixfiles
index 1aa330f..7ec0396 100755
--- policycoreutils-2.7/scripts/fixfiles
@ -42,6 +280,156 @@ index 1aa330f..7ec0396 100755
FORCEFLAG=""
RPMFILES=""
PREFC=""
diff --git policycoreutils-2.7/secon/Makefile policycoreutils-2.7/secon/Makefile
index 8e491d7..db8ee42 100644
--- policycoreutils-2.7/secon/Makefile
+++ policycoreutils-2.7/secon/Makefile
@@ -1,9 +1,7 @@
# secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
@@ -18,13 +16,13 @@ secon: secon.o
install-nogui: install
install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
relabel:
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
clean:
rm -f *.o core* secon *~ *.bak
diff --git policycoreutils-2.7/semodule/Makefile policycoreutils-2.7/semodule/Makefile
index fffb43a..639d368 100644
--- policycoreutils-2.7/semodule/Makefile
+++ policycoreutils-2.7/semodule/Makefile
@@ -1,9 +1,7 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +15,12 @@ genhomedircon:
ln -sf semodule genhomedircon
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git policycoreutils-2.7/sestatus/Makefile policycoreutils-2.7/sestatus/Makefile
index 41ca683..274ef35 100644
--- policycoreutils-2.7/sestatus/Makefile
+++ policycoreutils-2.7/sestatus/Makefile
@@ -1,9 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= $(PREFIX)/lib
+ETCDIR ?= /etc
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64
@@ -14,14 +13,14 @@ all: sestatus
sestatus: sestatus.o
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
clean:
rm -f sestatus *.o
diff --git policycoreutils-2.7/setfiles/Makefile policycoreutils-2.7/setfiles/Makefile
index c08e2dd..e943276 100644
--- policycoreutils-2.7/setfiles/Makefile
+++ policycoreutils-2.7/setfiles/Makefile
@@ -1,8 +1,7 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
@@ -29,14 +28,14 @@ man:
@sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
clean:
rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man
@@ -45,4 +44,4 @@ indent:
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles $(SBINDIR)/restorecon_xattr
+ $(DESTDIR)$(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles $(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git policycoreutils-2.7/setfiles/setfiles.8 policycoreutils-2.7/setfiles/setfiles.8
index 9501845..ccaaf4d 100644
--- policycoreutils-2.7/setfiles/setfiles.8
@ -55,3 +443,39 @@ index 9501845..ccaaf4d 100644
.SH "SEE ALSO"
.BR restorecon (8),
diff --git policycoreutils-2.7/setsebool/Makefile policycoreutils-2.7/setsebool/Makefile
index bc254da..47bea60 100644
--- policycoreutils-2.7/setsebool/Makefile
+++ policycoreutils-2.7/setsebool/Makefile
@@ -1,10 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +15,12 @@ all: setsebool
setsebool: $(SETSEBOOL_OBJS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
relabel:

52
policycoreutils.spec
View File

@ -1,7 +1,7 @@
%global libauditver 2.1.3-4
%global libsepolver 2.7-3
%global libsemanagever 2.7-5
%global libselinuxver 2.7-6
%global libsepolver 2.7-5
%global libsemanagever 2.7-10
%global libselinuxver 2.7-12
%global sepolgenver 2.7
%global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -9,7 +9,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.7
Release: 14%{?dist}
Release: 15%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/policycoreutils-2.7.tar.gz
@ -30,7 +30,7 @@ Source18: selinux-autorelabel.target
Source19: selinux-autorelabel-generator.sh
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# HEAD https://github.com/fedora-selinux/selinux/commit/c5e8255a66a4ee88ec4a01dfa431acb323531b7
# HEAD https://github.com/fedora-selinux/selinux/commit/4e253a0231ca085df03b55c4c0490ad6a0e261eb
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
# ./make-fedora-selinux-patch.sh $i
# done
@ -111,20 +111,20 @@ mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} PYTHON=%{__python2} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} PYTHON=%{__python2} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
# Systemd
@ -167,10 +167,10 @@ install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
ln -s ../selinux-autorelabel-mark.service %{buildroot}/%{_unitdir}/basic.target.wants/
# change /usr/bin/python3? to /usr/bin/python2 in policycoreutils-python/python2-policycoreutils
pathfix.py -i "%{__python2} -Es" -p %{buildroot}%{python2_sitelib} %{buildroot}%{python2_sitearch}
pathfix.py -i "%{__python2} -Es" -p %{buildroot}%{python2_sitelib}
# change /usr/bin/python to %%{__python3} in policycoreutils-python3
pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch}
pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils
pathfix.py -i "%{__python3} -Es" -p \
@ -260,9 +260,9 @@ The python3-policycoreutils package contains the interfaces that can be used
by python 3 in an SELinux environment.
%files -n python3-policycoreutils
%{python3_sitearch}/seobject.py*
%{python3_sitearch}/__pycache__
%{python3_sitearch}/sepolgen
%{python3_sitelib}/seobject.py*
%{python3_sitelib}/__pycache__
%{python3_sitelib}/sepolgen
%dir %{python3_sitelib}/sepolicy
%{python3_sitelib}/sepolicy/templates
%dir %{python3_sitelib}/sepolicy/help
@ -300,8 +300,8 @@ The policycoreutils-python package contains the management tools use to manage
an SELinux environment.
%files -n python2-policycoreutils
%{python2_sitearch}/seobject.py*
%{python2_sitearch}/sepolgen
%{python2_sitelib}/seobject.py*
%{python2_sitelib}/sepolgen
%dir %{python2_sitelib}/sepolicy
%{python2_sitelib}/sepolicy/templates
%{python2_sitelib}/sepolicy/__init__.py*
@ -492,6 +492,18 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-15
- sepolicy: Fix translated strings with parameters
- sepolicy: Support non-MLS policy
- sepolicy: Initialize policy.ports as a dict in generate.py
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
- Minor update for bash completion
- semodule_package: fix semodule_unpackage man page
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
- gui/fcontextPage: Set default object class in addDialog\
- sepolgen: fix typo in PolicyGenerator
- build: follow standard semantics for DESTDIR and PREFIX
* Mon Feb 26 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-14
- Use Fedora RPM build flags (#1548740)

57
restorecond-fedora.patch
View File

@ -1,3 +1,60 @@
diff --git restorecond-2.7/Makefile restorecond-2.7/Makefile
index ada94ae..25be18d 100644
--- restorecond-2.7/Makefile
+++ restorecond-2.7/Makefile
@@ -1,13 +1,12 @@
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
-LIBDIR ?= $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = $(PREFIX)/share/dbus-1/services
+SYSTEMDDIR ?= $(PREFIX)/lib/systemd
autostart_DATA = sealertauto.desktop
INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
@@ -39,23 +38,23 @@ restorecond: restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
-mkdir -p $(INITDIR)
install -m 755 restorecond.init $(INITDIR)/restorecond
-mkdir -p $(SELINUXDIR)
install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf
install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
clean:
-rm -f restorecond *.o *~
diff --git restorecond-2.7/restorecond.c restorecond-2.7/restorecond.c
index f379db1..6fbbd35 100644
--- restorecond-2.7/restorecond.c

29
selinux-dbus-fedora.patch
View File

@ -1,3 +1,32 @@
diff --git selinux-dbus-2.7/Makefile selinux-dbus-2.7/Makefile
index 9a6cc90..53143af 100644
--- selinux-dbus-2.7/Makefile
+++ selinux-dbus-2.7/Makefile
@@ -1,3 +1,5 @@
+PREFIX ?= /usr
+
all:
clean:
@@ -5,12 +7,12 @@ clean:
install:
-mkdir -p $(DESTDIR)/etc/dbus-1/system.d/
install -m 644 org.selinux.conf $(DESTDIR)/etc/dbus-1/system.d/
- -mkdir -p $(DESTDIR)/usr/share/dbus-1/system-services
- install -m 644 org.selinux.service $(DESTDIR)/usr/share/dbus-1/system-services
- -mkdir -p $(DESTDIR)/usr/share/polkit-1/actions/
- install -m 644 org.selinux.policy $(DESTDIR)/usr/share/polkit-1/actions/
- -mkdir -p $(DESTDIR)/usr/share/system-config-selinux
- install -m 755 selinux_server.py $(DESTDIR)/usr/share/system-config-selinux
+ -mkdir -p $(DESTDIR)$(PREFIX)/share/dbus-1/system-services
+ install -m 644 org.selinux.service $(DESTDIR)$(PREFIX)/share/dbus-1/system-services
+ -mkdir -p $(DESTDIR)$(PREFIX)/share/polkit-1/actions/
+ install -m 644 org.selinux.policy $(DESTDIR)$(PREFIX)/share/polkit-1/actions/
+ -mkdir -p $(DESTDIR)$(PREFIX)/share/system-config-selinux
+ install -m 755 selinux_server.py $(DESTDIR)$(PREFIX)/share/system-config-selinux
relabel:
diff --git selinux-dbus-2.7/org.selinux.conf selinux-dbus-2.7/org.selinux.conf
index a350978..1ae079d 100644
--- selinux-dbus-2.7/org.selinux.conf

110
selinux-gui-fedora.patch
View File

@ -1,8 +1,15 @@
diff --git selinux-gui-2.7/Makefile selinux-gui-2.7/Makefile
index 4fc2c1a..ff0fd00 100644
index 4fc2c1a..a72e58c 100644
--- selinux-gui-2.7/Makefile
+++ selinux-gui-2.7/Makefile
@@ -11,14 +11,13 @@ domainsPage.py \
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
@@ -11,42 +11,41 @@ domainsPage.py \
fcontextPage.py \
html_util.py \
loginsPage.py \
@ -19,6 +26,55 @@ index 4fc2c1a..ff0fd00 100644
usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py
install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-selinux
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png $(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
+ install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR) $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/
+ install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
clean:
indent:
diff --git selinux-gui-2.7/booleansPage.py selinux-gui-2.7/booleansPage.py
index a5d04bf..7849bea 100644
--- selinux-gui-2.7/booleansPage.py
@ -219,7 +275,7 @@ index 66f882a..bad5140 100644
p = store.get_value(iter, 1) == _("Permissive")
self.permissive_button.set_sensitive(not p)
diff --git selinux-gui-2.7/fcontextPage.py selinux-gui-2.7/fcontextPage.py
index 2e26666..a6577ef 100644
index 2e26666..370bbee 100644
--- selinux-gui-2.7/fcontextPage.py
+++ selinux-gui-2.7/fcontextPage.py
@@ -16,10 +16,7 @@
@ -288,7 +344,15 @@ index 2e26666..a6577ef 100644
def match(self, fcon_dict, k, filter):
try:
@@ -192,7 +189,7 @@ class fcontextPage(semanagePage):
@@ -167,6 +164,7 @@ class fcontextPage(semanagePage):
self.fcontextEntry.set_text("")
self.fcontextEntry.set_sensitive(True)
self.fcontextFileTypeCombo.set_sensitive(True)
+ self.fcontextFileTypeCombo.set_active(0)
self.fcontextTypeEntry.set_text("")
self.fcontextMLSEntry.set_text("s0")
@@ -192,7 +190,7 @@ class fcontextPage(semanagePage):
mls = self.fcontextMLSEntry.get_text().strip()
list_model = self.fcontextFileTypeCombo.get_model()
it = self.fcontextFileTypeCombo.get_active_iter()
@ -2913,7 +2977,7 @@ index 0000000..aa4c70a
+ </object>
+</interface>
diff --git selinux-gui-2.7/polgengui.py selinux-gui-2.7/polgengui.py
index 7460cce..cd73ea6 100644
index 7460cce..1601dbe 100644
--- selinux-gui-2.7/polgengui.py
+++ selinux-gui-2.7/polgengui.py
@@ -22,11 +22,11 @@
@ -3366,7 +3430,7 @@ index 7460cce..cd73ea6 100644
self.file_dialog.set_select_multiple(1)
self.__add(FILE)
@@ -599,71 +604,71 @@ class childWindow:
@@ -599,87 +604,87 @@ class childWindow:
self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
self.file_dialog.set_current_folder("/")
self.file_dialog.set_select_multiple(1)
@ -3479,7 +3543,12 @@ index 7460cce..cd73ea6 100644
return
self.output_entry.set_text(self.file_dialog.get_filename())
@@ -675,11 +680,11 @@ class childWindow:
def on_name_entry_changed(self, entry, text, size, position):
if text.find(" ") >= 0:
- entry.emit_stop_by_name("insert_text")
+ entry.stop_emission_by_name("insert-text")
def on_focus_out_event(self, entry, third):
name = entry.get_text()
if self.name != name:
if name in self.all_types:
@ -3533,7 +3602,7 @@ index 7460cce..cd73ea6 100644
if __name__ == "__main__":
signal.signal(signal.SIGINT, signal.SIG_DFL)
diff --git selinux-gui-2.7/portsPage.py selinux-gui-2.7/portsPage.py
index b8fdaad..03179c5 100644
index b8fdaad..30f5838 100644
--- selinux-gui-2.7/portsPage.py
+++ selinux-gui-2.7/portsPage.py
@@ -16,12 +16,8 @@
@ -3550,20 +3619,7 @@ index b8fdaad..03179c5 100644
import seobject
TYPE_COL = 0
@@ -40,6 +36,12 @@ from semanagePage import *
## I18N
##
PROGNAME = "policycoreutils"
+
+TYPE_COL = 0
+PROTOCOL_COL = 1
+MLS_COL = 2
+PORT_COL = 3
+
try:
import gettext
kwargs = {}
@@ -62,18 +64,19 @@ class portsPage(semanagePage):
@@ -62,18 +58,19 @@ class portsPage(semanagePage):
def __init__(self, xml):
semanagePage.__init__(self, xml, "ports", _("Network Port"))
@ -3592,7 +3648,7 @@ index b8fdaad..03179c5 100644
liststore = self.ports_protocol_combo.get_model()
iter = liststore.get_iter_first()
self.ports_protocol_combo.set_active_iter(iter)
@@ -90,28 +93,28 @@ class portsPage(semanagePage):
@@ -90,28 +87,28 @@ class portsPage(semanagePage):
self.group_load(filter)
def init_store(self):
@ -3628,7 +3684,7 @@ index b8fdaad..03179c5 100644
col.set_sort_column_id(PORT_COL)
col.set_resizable(True)
self.view.append_column(col)
@@ -139,7 +142,7 @@ class portsPage(semanagePage):
@@ -139,7 +136,7 @@ class portsPage(semanagePage):
continue
iter = self.store.append()
if k[0] == k[1]:
@ -3638,7 +3694,7 @@ index b8fdaad..03179c5 100644
rec = "%s-%s" % k[:2]
self.store.set_value(iter, PORT_COL, rec)
diff --git selinux-gui-2.7/semanagePage.py selinux-gui-2.7/semanagePage.py
index 27367f3..560ec07 100644
index 27367f3..4127804 100644
--- selinux-gui-2.7/semanagePage.py
+++ selinux-gui-2.7/semanagePage.py
@@ -16,13 +16,8 @@
@ -3746,7 +3802,7 @@ index 27367f3..560ec07 100644
+ while self.dialog.run() == Gtk.ResponseType.OK:
try:
- if self.add() == False:
+ if not self.add():
+ if self.add() is False:
continue
break
except ValueError as e:
@ -3760,7 +3816,7 @@ index 27367f3..560ec07 100644
+ while self.dialog.run() == Gtk.ResponseType.OK:
try:
- if self.modify() == False:
+ if not self.modify():
+ if self.modify() is False:
continue
break
except ValueError as e:

443
selinux-python-fedora.patch
View File

@ -1,3 +1,131 @@
diff --git selinux-python-2.7/audit2allow/Makefile selinux-python-2.7/audit2allow/Makefile
index 8db8075..513bb2b 100644
--- selinux-python-2.7/audit2allow/Makefile
+++ selinux-python-2.7/audit2allow/Makefile
@@ -1,19 +1,23 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
CFLAGS ?= -Werror -Wall -W
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: audit2why sepolgen-ifgen-attr-helper
sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
audit2why:
ln -sf audit2allow audit2why
@@ -22,14 +26,14 @@ test: all
@$(PYTHON) test_audit2allow.py -v
install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper $(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
clean:
rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git selinux-python-2.7/chcat/Makefile selinux-python-2.7/chcat/Makefile
index 0fd12d6..290b9a6 100644
--- selinux-python-2.7/chcat/Makefile
+++ selinux-python-2.7/chcat/Makefile
@@ -1,17 +1,16 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= $(PREFIX)/share/locale
.PHONY: all
all: chcat
install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
clean:
diff --git selinux-python-2.7/semanage/Makefile selinux-python-2.7/semanage/Makefile
index 132162b..5fc1998 100644
--- selinux-python-2.7/semanage/Makefile
+++ selinux-python-2.7/semanage/Makefile
@@ -1,13 +1,12 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))")
+PACKAGEDIR ?= $(PYTHONLIBDIR)
+BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
TARGETS=semanage
@@ -16,14 +15,14 @@ BASHCOMPLETIONS=semanage-bash-completion.sh
all: $(TARGETS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PACKAGEDIR) || install -m 755 -d $(PACKAGEDIR)
- install -m 755 seobject.py $(PACKAGEDIR)
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)/$(PACKAGEDIR) || install -m 755 -d $(DESTDIR)/$(PACKAGEDIR)
+ install -m 755 seobject.py $(DESTDIR)/$(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
test:
@$(PYTHON) test-semanage.py -a
diff --git selinux-python-2.7/semanage/semanage selinux-python-2.7/semanage/semanage
index 313537c..8d8a086 100644
--- selinux-python-2.7/semanage/semanage
@ -265,6 +393,19 @@ index 313537c..8d8a086 100644
trans.finish()
diff --git selinux-python-2.7/semanage/semanage-bash-completion.sh selinux-python-2.7/semanage/semanage-bash-completion.sh
index 6b53292..2d811c9 100644
--- selinux-python-2.7/semanage/semanage-bash-completion.sh
+++ selinux-python-2.7/semanage/semanage-bash-completion.sh
@@ -59,7 +59,7 @@ __get_export_opts () { echo '$ALL_OPTS --f --output_file' ; }
__get_boolean_opts () { echo '$ALL_OPTS --on -off -1 -0' ; }
__get_user_opts () { echo '$ALL_OPTS $MANAGED_OPTS -L --level -r --range -R --role '; }
__get_login_opts () { echo '$ALL_OPTS $MANAGED_OPTS -s --seuser -r --range'; }
-__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t -type -r --range -p --proto'; }
+__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -r --range -p --proto'; }
__get_interface_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type '; }
__get_node_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -M --mask -p --proto'; }
__get_fcontext_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -e --equal -f --ftype '; }
diff --git selinux-python-2.7/semanage/semanage.8 selinux-python-2.7/semanage/semanage.8
index 0bdb90f..0cdcfcc 100644
--- selinux-python-2.7/semanage/semanage.8
@ -282,15 +423,14 @@ index 0bdb90f..0cdcfcc 100644
user identities to authorized role sets. In most cases, only the
former mapping needs to be adjusted by the administrator; the latter
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
index 70fd192..dca9506 100644
index 70fd192..ac310ea 100644
--- selinux-python-2.7/semanage/seobject.py
+++ selinux-python-2.7/semanage/seobject.py
@@ -238,20 +238,31 @@ class semanageRecords:
@@ -238,20 +238,30 @@ class semanageRecords:
transaction = False
handle = None
store = None
+ args = None
+ noreload = False
- def __init__(self, store):
+ def __init__(self, args = None):
@ -322,7 +462,7 @@ index 70fd192..dca9506 100644
def get_handle(self, store):
global is_mls_enabled
@@ -312,7 +323,8 @@ class semanageRecords:
@@ -312,7 +322,8 @@ class semanageRecords:
if semanageRecords.transaction:
return
@ -332,7 +472,7 @@ index 70fd192..dca9506 100644
rc = semanage_commit(self.sh)
if rc < 0:
self.mylog.commit(0)
@@ -328,8 +340,8 @@ class semanageRecords:
@@ -328,8 +339,8 @@ class semanageRecords:
class moduleRecords(semanageRecords):
@ -343,41 +483,19 @@ index 70fd192..dca9506 100644
def get_all(self):
l = []
@@ -386,6 +398,8 @@ class moduleRecords(semanageRecords):
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
def add(self, file, priority):
+ if not file:
+ raise ValueError(_("You did not define module."))
if not os.path.exists(file):
raise ValueError(_("Module does not exist: %s ") % file)
@@ -398,6 +412,8 @@ class moduleRecords(semanageRecords):
self.commit()
def set_enabled(self, module, enable):
+ if not module:
+ raise ValueError(_("You did not define module name."))
for m in module.split():
rc, key = semanage_module_key_create(self.sh)
if rc < 0:
@@ -416,11 +432,15 @@ class moduleRecords(semanageRecords):
@@ -415,11 +426,6 @@ class moduleRecords(semanageRecords):
raise ValueError(_("Could not disable module %s") % m)
self.commit()
def modify(self, file):
+ if not file:
+ raise ValueError(_("You did not define module."))
rc = semanage_module_update_file(self.sh, file)
if rc >= 0:
self.commit()
- def modify(self, file):
- rc = semanage_module_update_file(self.sh, file)
- if rc >= 0:
- self.commit()
-
def delete(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
@@ -440,8 +460,8 @@ class moduleRecords(semanageRecords):
@@ -440,8 +446,8 @@ class moduleRecords(semanageRecords):
class dontauditClass(semanageRecords):
@ -388,7 +506,7 @@ index 70fd192..dca9506 100644
def toggle(self, dontaudit):
if dontaudit not in ["on", "off"]:
@@ -453,8 +473,8 @@ class dontauditClass(semanageRecords):
@@ -453,8 +459,8 @@ class dontauditClass(semanageRecords):
class permissiveRecords(semanageRecords):
@ -399,7 +517,7 @@ index 70fd192..dca9506 100644
def get_all(self):
l = []
@@ -522,8 +542,8 @@ class permissiveRecords(semanageRecords):
@@ -522,8 +528,8 @@ class permissiveRecords(semanageRecords):
class loginRecords(semanageRecords):
@ -410,7 +528,7 @@ index 70fd192..dca9506 100644
self.oldsename = None
self.oldserange = None
self.sename = None
@@ -534,7 +554,7 @@ class loginRecords(semanageRecords):
@@ -534,7 +540,7 @@ class loginRecords(semanageRecords):
if sename == "":
sename = "user_u"
@ -419,7 +537,7 @@ index 70fd192..dca9506 100644
range, (rc, oldserole) = userrec.get(self.oldsename)
range, (rc, serole) = userrec.get(sename)
@@ -603,7 +623,7 @@ class loginRecords(semanageRecords):
@@ -603,7 +609,7 @@ class loginRecords(semanageRecords):
if sename == "" and serange == "":
raise ValueError(_("Requires seuser or serange"))
@ -428,7 +546,7 @@ index 70fd192..dca9506 100644
range, (rc, oldserole) = userrec.get(self.oldsename)
if sename != "":
@@ -660,7 +680,7 @@ class loginRecords(semanageRecords):
@@ -660,7 +666,7 @@ class loginRecords(semanageRecords):
def __delete(self, name):
rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
@ -437,7 +555,7 @@ index 70fd192..dca9506 100644
range, (rc, oldserole) = userrec.get(self.oldsename)
(rc, k) = semanage_seuser_key_create(self.sh, name)
@@ -779,8 +799,8 @@ class loginRecords(semanageRecords):
@@ -779,8 +785,8 @@ class loginRecords(semanageRecords):
class seluserRecords(semanageRecords):
@ -448,7 +566,7 @@ index 70fd192..dca9506 100644
def get(self, name):
(rc, k) = semanage_user_key_create(self.sh, name)
@@ -1042,8 +1062,8 @@ class portRecords(semanageRecords):
@@ -1042,8 +1048,8 @@ class portRecords(semanageRecords):
except RuntimeError:
valid_types = []
@ -459,7 +577,7 @@ index 70fd192..dca9506 100644
def __genkey(self, port, proto):
if proto == "tcp":
@@ -1317,8 +1337,8 @@ class ibpkeyRecords(semanageRecords):
@@ -1317,8 +1323,8 @@ class ibpkeyRecords(semanageRecords):
except:
valid_types = []
@ -470,7 +588,7 @@ index 70fd192..dca9506 100644
def __genkey(self, pkey, subnet_prefix):
if subnet_prefix == "":
@@ -1540,9 +1560,8 @@ class ibpkeyRecords(semanageRecords):
@@ -1540,9 +1546,8 @@ class ibpkeyRecords(semanageRecords):
def customized(self):
l = []
ddict = self.get_all(True)
@ -482,7 +600,7 @@ index 70fd192..dca9506 100644
if k[0] == k[1]:
l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
else:
@@ -1554,11 +1573,10 @@ class ibpkeyRecords(semanageRecords):
@@ -1554,11 +1559,10 @@ class ibpkeyRecords(semanageRecords):
keys = ddict.keys()
if len(keys) == 0:
return
@ -495,7 +613,7 @@ index 70fd192..dca9506 100644
rec = "%-30s %-18s " % i
rec += "%s" % ddict[i][0]
for p in ddict[i][1:]:
@@ -1572,8 +1590,8 @@ class ibendportRecords(semanageRecords):
@@ -1572,8 +1576,8 @@ class ibendportRecords(semanageRecords):
except:
valid_types = []
@ -506,7 +624,7 @@ index 70fd192..dca9506 100644
def __genkey(self, ibendport, ibdev_name):
if ibdev_name == "":
@@ -1782,10 +1800,9 @@ class ibendportRecords(semanageRecords):
@@ -1782,10 +1786,9 @@ class ibendportRecords(semanageRecords):
def customized(self):
l = []
ddict = self.get_all(True)
@ -520,7 +638,7 @@ index 70fd192..dca9506 100644
return l
def list(self, heading=1, locallist=0):
@@ -1793,11 +1810,10 @@ class ibendportRecords(semanageRecords):
@@ -1793,11 +1796,10 @@ class ibendportRecords(semanageRecords):
keys = ddict.keys()
if len(keys) == 0:
return
@ -533,7 +651,7 @@ index 70fd192..dca9506 100644
rec = "%-30s %-18s " % i
rec += "%s" % ddict[i][0]
for p in ddict[i][1:]:
@@ -1810,8 +1826,8 @@ class nodeRecords(semanageRecords):
@@ -1810,8 +1812,8 @@ class nodeRecords(semanageRecords):
except RuntimeError:
valid_types = []
@ -544,7 +662,7 @@ index 70fd192..dca9506 100644
self.protocol = ["ipv4", "ipv6"]
def validate(self, addr, mask, protocol):
@@ -2046,8 +2062,8 @@ class nodeRecords(semanageRecords):
@@ -2046,8 +2048,8 @@ class nodeRecords(semanageRecords):
class interfaceRecords(semanageRecords):
@ -555,7 +673,7 @@ index 70fd192..dca9506 100644
def __add(self, interface, serange, ctype):
if is_mls_enabled == 1:
@@ -2243,8 +2259,8 @@ class fcontextRecords(semanageRecords):
@@ -2243,8 +2245,8 @@ class fcontextRecords(semanageRecords):
except RuntimeError:
valid_types = []
@ -566,7 +684,7 @@ index 70fd192..dca9506 100644
self.equiv = {}
self.equiv_dist = {}
self.equal_ind = False
@@ -2566,10 +2582,15 @@ class fcontextRecords(semanageRecords):
@@ -2566,10 +2568,15 @@ class fcontextRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not list file contexts"))
@ -582,7 +700,7 @@ index 70fd192..dca9506 100644
self.flist += fclocal
ddict = {}
@@ -2627,8 +2648,8 @@ class fcontextRecords(semanageRecords):
@@ -2627,8 +2634,8 @@ class fcontextRecords(semanageRecords):
class booleanRecords(semanageRecords):
@ -593,6 +711,104 @@ index 70fd192..dca9506 100644
self.dict = {}
self.dict["TRUE"] = 1
self.dict["FALSE"] = 0
diff --git selinux-python-2.7/sepolgen/src/sepolgen/Makefile selinux-python-2.7/sepolgen/src/sepolgen/Makefile
index d3aa771..c75809a 100644
--- selinux-python-2.7/sepolgen/src/sepolgen/Makefile
+++ selinux-python-2.7/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,13 @@
+PREFIX ?= /usr
PYTHON ?= python
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))")
+PACKAGEDIR ?= /$(PYTHONLIBDIR)/sepolgen
all:
install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
clean:
rm -f parser.out parsetab.py
diff --git selinux-python-2.7/sepolgen/src/sepolgen/policygen.py selinux-python-2.7/sepolgen/src/sepolgen/policygen.py
index 34c8401..ee664fb 100644
--- selinux-python-2.7/sepolgen/src/sepolgen/policygen.py
+++ selinux-python-2.7/sepolgen/src/sepolgen/policygen.py
@@ -77,7 +77,7 @@ class PolicyGenerator:
self.explain = NO_EXPLANATION
self.gen_requires = False
if module:
- self.moduel = module
+ self.module = module
else:
self.module = refpolicy.Module()
diff --git selinux-python-2.7/sepolgen/src/share/Makefile selinux-python-2.7/sepolgen/src/share/Makefile
index abf5e45..1a7133c 100644
--- selinux-python-2.7/sepolgen/src/share/Makefile
+++ selinux-python-2.7/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen
all:
install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
clean:
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git selinux-python-2.7/sepolicy/Makefile selinux-python-2.7/sepolicy/Makefile
index 5a56e6c..fb8a132 100644
--- selinux-python-2.7/sepolicy/Makefile
+++ selinux-python-2.7/sepolicy/Makefile
@@ -1,14 +1,10 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
-SHAREDIR ?= $(PREFIX)/share/sandbox
+BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
CFLAGS ?= -Wall -Werror -Wextra -W
override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
@@ -30,13 +26,13 @@ test:
@$(PYTHON) test_sepolicy.py -v
install:
- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/sepolicy
+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
relabel:
diff --git selinux-python-2.7/sepolicy/sepolicy.8 selinux-python-2.7/sepolicy/sepolicy.8
index 7900586..09d2b24 100644
--- selinux-python-2.7/sepolicy/sepolicy.8
@ -777,10 +993,16 @@ index 5cfc071..24e3526 100644
def reinit():
diff --git selinux-python-2.7/sepolicy/sepolicy/generate.py selinux-python-2.7/sepolicy/sepolicy/generate.py
index d68f96e..31aa968 100644
index d68f96e..f814e27 100644
--- selinux-python-2.7/sepolicy/sepolicy/generate.py
+++ selinux-python-2.7/sepolicy/sepolicy/generate.py
@@ -110,7 +110,7 @@ def get_all_ports():
@@ -105,12 +105,12 @@ def get_all_ports():
p['type'] == "port_t" or \
p['type'] == "hi_reserved_port_t":
continue
- dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p['range'])
+ dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
return dict
def get_all_users():
@ -789,6 +1011,23 @@ index d68f96e..31aa968 100644
users.remove("system_u")
users.remove("root")
users.sort()
@@ -191,14 +191,14 @@ def verify_ports(ports):
temp.append(p)
return temp
except ValueError:
- raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port))
+ raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d ") % max_port)
class policy:
def __init__(self, name, type):
self.rpms = []
- self.ports = []
+ self.ports = {}
self.all_roles = get_all_roles()
self.types = []
@@ -459,25 +459,25 @@ class policy:
self.out_udp = [all, False, False, verify_ports(ports)]
@ -820,9 +1059,18 @@ index d68f96e..31aa968 100644
self.manage_krb5_rcache = val
diff --git selinux-python-2.7/sepolicy/sepolicy/gui.py selinux-python-2.7/sepolicy/sepolicy/gui.py
index 007c94a..6562aa8 100644
index 007c94a..537d516 100644
--- selinux-python-2.7/sepolicy/sepolicy/gui.py
+++ selinux-python-2.7/sepolicy/sepolicy/gui.py
@@ -500,7 +500,7 @@ class SELinuxGui():
self.all_domains.sort(key=str.lower)
if app and app not in self.all_domains:
- self.error(_("%s is not a valid domain" % app))
+ self.error(_("%s is not a valid domain") % app)
self.quit()
loading_gui.show()
@@ -907,8 +907,8 @@ class SELinuxGui():
if "object_r" in roles:
roles.remove("object_r")
@ -834,6 +1082,41 @@ index 007c94a..6562aa8 100644
self.user_liststore.set_value(iter, 4, True)
self.ready_mouse()
@@ -1056,21 +1056,21 @@ class SELinuxGui():
self.application_files_initialize(app)
self.transitions_files_initialize(app)
- self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app))
- self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app))
- self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app))
- self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app))
- self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app))
- self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app))
- self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app))
- self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app))
- self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app))
- self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app))
- self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app))
+ self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain.") % app)
+ self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write.") % app)
+ self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect.") % app)
+ self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen.") % app)
+ self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'.") % app)
+ self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'.") % app)
+ self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'.") % app)
+ self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to.") % app)
+ self.transitions_into_tab.set_label(_("Application Transitions Into '%s'") % app)
+ self.transitions_from_tab.set_label(_("Application Transitions From '%s'") % app)
+ self.transitions_file_tab.set_label(_("File Transitions From '%s'") % app)
self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app)
self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app)
- self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label." % app))
- self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app))
+ self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label.") % app)
+ self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'.") % app)
self.application = app
self.applications_selection_button.set_label(self.application)
@@ -1755,14 +1755,14 @@ class SELinuxGui():
if self.login_mls_entry.get_text() == "":
for u in sepolicy.get_selinux_users():
@ -922,8 +1205,27 @@ index 007c94a..6562aa8 100644
if k in "fcontext-equiv":
for f in self.cur_dict[k]:
diff --git selinux-python-2.7/sepolicy/sepolicy/interface.py selinux-python-2.7/sepolicy/sepolicy/interface.py
index c64122e..18374dc 100644
--- selinux-python-2.7/sepolicy/sepolicy/interface.py
+++ selinux-python-2.7/sepolicy/sepolicy/interface.py
@@ -220,7 +220,7 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
idict = get_interface_dict(path)
if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
- print(_("Compiling %s interface" % interface))
+ print(_("Compiling %s interface") % interface)
try:
fd = open(policy_files['te'], "w")
fd.write(generate_compile_te(interface, idict))
@@ -237,4 +237,4 @@ def interface_compile_test(interface, path="/usr/share/selinux/devel/policy.xml"
os.remove(v)
else:
- sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
+ sys.stderr.write(_("\nCompiling of %s interface is not supported.") % interface)
diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py
index 4d84636..b463165 100755
index 4d84636..8121e5c 100755
--- selinux-python-2.7/sepolicy/sepolicy/manpage.py
+++ selinux-python-2.7/sepolicy/sepolicy/manpage.py
@@ -84,7 +84,8 @@ def get_all_users_info():
@ -936,7 +1238,7 @@ index 4d84636..b463165 100755
for u in allusers:
if u not in ["system_u", "root", "unconfined_u"]:
@@ -125,8 +126,36 @@ def gen_domains():
@@ -125,8 +126,33 @@ def gen_domains():
domains.sort()
return domains
@ -963,10 +1265,7 @@ index 4d84636..b463165 100755
+def _gen_mcs_constrained_types():
+ global mcs_constrained_types
+ if mcs_constrained_types is None:
+ try:
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+ except StopIteration:
+ mcs_constrained_types = []
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+ return mcs_constrained_types
+
+
@ -974,7 +1273,7 @@ index 4d84636..b463165 100755
def _gen_types():
global types
@@ -149,10 +178,6 @@ def prettyprint(f, trim):
@@ -149,10 +175,6 @@ def prettyprint(f, trim):
manpage_domains = []
manpage_roles = []
@ -985,7 +1284,7 @@ index 4d84636..b463165 100755
def get_alphabet_manpages(manpage_list):
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
for i in string.ascii_letters:
@@ -182,7 +207,7 @@ def convert_manpage_to_html(html_manpage, manpage):
@@ -182,7 +204,7 @@ def convert_manpage_to_html(html_manpage, manpage):
class HTMLManPages:
"""
@ -994,7 +1293,7 @@ index 4d84636..b463165 100755
"""
def __init__(self, manpage_roles, manpage_domains, path, os_version):
@@ -190,9 +215,9 @@ class HTMLManPages:
@@ -190,9 +212,9 @@ class HTMLManPages:
self.manpage_domains = get_alphabet_manpages(manpage_domains)
self.os_version = os_version
self.old_path = path + "/"
@ -1006,7 +1305,7 @@ index 4d84636..b463165 100755
self.__gen_html_manpages()
else:
print("SELinux HTML man pages can not be generated for this %s" % os_version)
@@ -201,7 +226,6 @@ class HTMLManPages:
@@ -201,7 +223,6 @@ class HTMLManPages:
def __gen_html_manpages(self):
self._write_html_manpage()
self._gen_index()
@ -1014,7 +1313,7 @@ index 4d84636..b463165 100755
self._gen_css()
def _write_html_manpage(self):
@@ -219,67 +243,21 @@ class HTMLManPages:
@@ -219,67 +240,21 @@ class HTMLManPages:
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
def _gen_index(self):
@ -1086,7 +1385,7 @@ index 4d84636..b463165 100755
for letter in self.manpage_roles:
if len(self.manpage_roles[letter]):
fd.write("""
@@ -423,6 +401,9 @@ class ManPage:
@@ -423,6 +398,9 @@ class ManPage:
self.all_file_types = sepolicy.get_all_file_types()
self.role_allows = sepolicy.get_all_role_allows()
self.types = _gen_types()
@ -1096,7 +1395,7 @@ index 4d84636..b463165 100755
if self.source_files:
self.fcpath = self.root + "file_contexts"
@@ -735,10 +716,13 @@ Default Defined Ports:""")
@@ -735,10 +713,13 @@ Default Defined Ports:""")
def _file_context(self):
flist = []
@ -1110,7 +1409,7 @@ index 4d84636..b463165 100755
if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"]
if len(mpaths) == 0:
@@ -790,19 +774,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@@ -790,19 +771,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
@ -1134,7 +1433,7 @@ index 4d84636..b463165 100755
self.fd.write(r"""
.I The following file types are defined for %(domainname)s:
@@ -921,8 +906,7 @@ This manual page was auto-generated using
@@ -921,8 +903,7 @@ This manual page was auto-generated using
.B "sepolicy manpage".
.SH "SEE ALSO"
@ -1144,7 +1443,7 @@ index 4d84636..b463165 100755
if self.booltext != "":
self.fd.write(", setsebool(8)")
@@ -974,8 +958,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
@@ -974,8 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
%s""" % ", ".join(paths))
def _mcs_types(self):

55
selinux-sandbox-fedora.patch
View File

@ -1,3 +1,58 @@
diff --git selinux-sandbox-2.7/Makefile selinux-sandbox-2.7/Makefile
index 05c3d65..49c1d3f 100644
--- selinux-sandbox-2.7/Makefile
+++ selinux-sandbox-2.7/Makefile
@@ -1,13 +1,11 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
SHAREDIR ?= $(PREFIX)/share/sandbox
override CFLAGS += -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W
override LDLIBS += -lselinux -lcap-ng
@@ -18,20 +16,20 @@ all: sandbox seunshare sandboxX.sh start
seunshare: $(SEUNSHARE_OBJS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
test:
@$(PYTHON) test_sandbox.py -v
diff --git selinux-sandbox-2.7/sandboxX.sh selinux-sandbox-2.7/sandboxX.sh
index eaa500d..4774528 100644
--- selinux-sandbox-2.7/sandboxX.sh

115
semodule-utils-fedora.patch
View File

@ -8,3 +8,118 @@ index 6bf4aee..e0a6579 100644
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
diff --git semodule-utils-2.7/semodule_expand/Makefile semodule-utils-2.7/semodule_expand/Makefile
index 072f213..f1a1c8f 100644
--- semodule-utils-2.7/semodule_expand/Makefile
+++ semodule-utils-2.7/semodule_expand/Makefile
@@ -1,8 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
@@ -13,10 +11,10 @@ all: semodule_expand
semodule_expand: semodule_expand.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git semodule-utils-2.7/semodule_link/Makefile semodule-utils-2.7/semodule_link/Makefile
index cc4687b..692cb02 100644
--- semodule-utils-2.7/semodule_link/Makefile
+++ semodule-utils-2.7/semodule_link/Makefile
@@ -1,9 +1,7 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol
@@ -13,10 +11,10 @@ all: semodule_link
semodule_link: semodule_link.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git semodule-utils-2.7/semodule_package/Makefile semodule-utils-2.7/semodule_package/Makefile
index 96dd7c4..da17026 100644
--- semodule-utils-2.7/semodule_package/Makefile
+++ semodule-utils-2.7/semodule_package/Makefile
@@ -1,8 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
@@ -13,12 +11,12 @@ all: semodule_package semodule_unpackage
semodule_package: semodule_package.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git semodule-utils-2.7/semodule_package/semodule_unpackage.8 semodule-utils-2.7/semodule_package/semodule_unpackage.8
index d6e1be0..5c92bf5 100644
--- semodule-utils-2.7/semodule_package/semodule_unpackage.8
+++ semodule-utils-2.7/semodule_package/semodule_unpackage.8
@@ -1,14 +1,14 @@
.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
.SH NAME
-semodule_unpackage \- Extract policy module and file context file from an SELinux policy module unpackage.
+semodule_unpackage \- Extract policy module and file context file from an SELinux policy module package.
.SH SYNOPSIS
-.B semodule_unpackage <module> [<file contexts>]
+.B semodule_unpackage ppfile modfile [fcfile]
.br
.SH DESCRIPTION
.PP
-semodule_unpackage is the tool used to extract the SELinux policy module
- and file context file from an SELinux Policy Package.
+semodule_unpackage is a tool used to extract SELinux policy module
+file and file context file from an SELinux Policy Package.
.SH EXAMPLE
.nf