From 3cd3d543c6ff129ff9362f39098e02b95c559734 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 20 Dec 2017 10:31:18 +0100 Subject: [PATCH] policycoreutils-2.7-7.fc28 - semanage: bring semanageRecords.set_reload back to seobject.py (#1527745) --- policycoreutils.spec | 7 +++-- selinux-python-fedora.patch | 59 +++++++++++++++++++------------------ 2 files changed, 35 insertions(+), 31 deletions(-) diff --git a/policycoreutils.spec b/policycoreutils.spec index 2d68b6b..e80a899 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -9,7 +9,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.7 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Group: System Environment/Base # https://github.com/SELinuxProject/selinux/wiki/Releases @@ -31,7 +31,7 @@ Source18: selinux-autorelabel.target Source19: selinux-autorelabel-generator.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# HEAD https://github.com/fedora-selinux/selinux/commit/7d95e8cfa8df699ba53651de06dd0b2b9e428903 +# HEAD https://github.com/fedora-selinux/selinux/commit/3dd7e297f42b8c05964591b008915e2514c6cb2d # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do # ./make-fedora-selinux-patch.sh $i # done @@ -501,6 +501,9 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Wed Dec 20 2017 Petr Lautrbach - 2.7-7 +- semanage: bring semanageRecords.set_reload back to seobject.py (#1527745) + * Wed Dec 13 2017 Petr Lautrbach - 2.7-6 - semanage: make seobject.py backward compatible - Own %%{pythonX_sitelib}/site-packages/sepolicy directories (#1522942) diff --git a/selinux-python-fedora.patch b/selinux-python-fedora.patch index d450169..298a188 100644 --- a/selinux-python-fedora.patch +++ b/selinux-python-fedora.patch @@ -282,14 +282,15 @@ index 0bdb90f..0cdcfcc 100644 user identities to authorized role sets. In most cases, only the former mapping needs to be adjusted by the administrator; the latter diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py -index 70fd192..99e1cd8 100644 +index 70fd192..dca9506 100644 --- selinux-python-2.7/semanage/seobject.py +++ selinux-python-2.7/semanage/seobject.py -@@ -238,21 +238,28 @@ class semanageRecords: +@@ -238,20 +238,31 @@ class semanageRecords: transaction = False handle = None store = None + args = None ++ noreload = False - def __init__(self, store): + def __init__(self, args = None): @@ -315,13 +316,13 @@ index 70fd192..99e1cd8 100644 else: self.mylog = nulllogger() -- def set_reload(self, load): + def set_reload(self, load): - self.load = load -- ++ self.noreload = not load + def get_handle(self, store): global is_mls_enabled - -@@ -312,7 +319,8 @@ class semanageRecords: +@@ -312,7 +323,8 @@ class semanageRecords: if semanageRecords.transaction: return @@ -331,7 +332,7 @@ index 70fd192..99e1cd8 100644 rc = semanage_commit(self.sh) if rc < 0: self.mylog.commit(0) -@@ -328,8 +336,8 @@ class semanageRecords: +@@ -328,8 +340,8 @@ class semanageRecords: class moduleRecords(semanageRecords): @@ -342,7 +343,7 @@ index 70fd192..99e1cd8 100644 def get_all(self): l = [] -@@ -386,6 +394,8 @@ class moduleRecords(semanageRecords): +@@ -386,6 +398,8 @@ class moduleRecords(semanageRecords): print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled)) def add(self, file, priority): @@ -351,7 +352,7 @@ index 70fd192..99e1cd8 100644 if not os.path.exists(file): raise ValueError(_("Module does not exist: %s ") % file) -@@ -398,6 +408,8 @@ class moduleRecords(semanageRecords): +@@ -398,6 +412,8 @@ class moduleRecords(semanageRecords): self.commit() def set_enabled(self, module, enable): @@ -360,7 +361,7 @@ index 70fd192..99e1cd8 100644 for m in module.split(): rc, key = semanage_module_key_create(self.sh) if rc < 0: -@@ -416,11 +428,15 @@ class moduleRecords(semanageRecords): +@@ -416,11 +432,15 @@ class moduleRecords(semanageRecords): self.commit() def modify(self, file): @@ -376,7 +377,7 @@ index 70fd192..99e1cd8 100644 rc = semanage_set_default_priority(self.sh, priority) if rc < 0: raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) -@@ -440,8 +456,8 @@ class moduleRecords(semanageRecords): +@@ -440,8 +460,8 @@ class moduleRecords(semanageRecords): class dontauditClass(semanageRecords): @@ -387,7 +388,7 @@ index 70fd192..99e1cd8 100644 def toggle(self, dontaudit): if dontaudit not in ["on", "off"]: -@@ -453,8 +469,8 @@ class dontauditClass(semanageRecords): +@@ -453,8 +473,8 @@ class dontauditClass(semanageRecords): class permissiveRecords(semanageRecords): @@ -398,7 +399,7 @@ index 70fd192..99e1cd8 100644 def get_all(self): l = [] -@@ -522,8 +538,8 @@ class permissiveRecords(semanageRecords): +@@ -522,8 +542,8 @@ class permissiveRecords(semanageRecords): class loginRecords(semanageRecords): @@ -409,7 +410,7 @@ index 70fd192..99e1cd8 100644 self.oldsename = None self.oldserange = None self.sename = None -@@ -534,7 +550,7 @@ class loginRecords(semanageRecords): +@@ -534,7 +554,7 @@ class loginRecords(semanageRecords): if sename == "": sename = "user_u" @@ -418,7 +419,7 @@ index 70fd192..99e1cd8 100644 range, (rc, oldserole) = userrec.get(self.oldsename) range, (rc, serole) = userrec.get(sename) -@@ -603,7 +619,7 @@ class loginRecords(semanageRecords): +@@ -603,7 +623,7 @@ class loginRecords(semanageRecords): if sename == "" and serange == "": raise ValueError(_("Requires seuser or serange")) @@ -427,7 +428,7 @@ index 70fd192..99e1cd8 100644 range, (rc, oldserole) = userrec.get(self.oldsename) if sename != "": -@@ -660,7 +676,7 @@ class loginRecords(semanageRecords): +@@ -660,7 +680,7 @@ class loginRecords(semanageRecords): def __delete(self, name): rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name) @@ -436,7 +437,7 @@ index 70fd192..99e1cd8 100644 range, (rc, oldserole) = userrec.get(self.oldsename) (rc, k) = semanage_seuser_key_create(self.sh, name) -@@ -779,8 +795,8 @@ class loginRecords(semanageRecords): +@@ -779,8 +799,8 @@ class loginRecords(semanageRecords): class seluserRecords(semanageRecords): @@ -447,7 +448,7 @@ index 70fd192..99e1cd8 100644 def get(self, name): (rc, k) = semanage_user_key_create(self.sh, name) -@@ -1042,8 +1058,8 @@ class portRecords(semanageRecords): +@@ -1042,8 +1062,8 @@ class portRecords(semanageRecords): except RuntimeError: valid_types = [] @@ -458,7 +459,7 @@ index 70fd192..99e1cd8 100644 def __genkey(self, port, proto): if proto == "tcp": -@@ -1317,8 +1333,8 @@ class ibpkeyRecords(semanageRecords): +@@ -1317,8 +1337,8 @@ class ibpkeyRecords(semanageRecords): except: valid_types = [] @@ -469,7 +470,7 @@ index 70fd192..99e1cd8 100644 def __genkey(self, pkey, subnet_prefix): if subnet_prefix == "": -@@ -1540,9 +1556,8 @@ class ibpkeyRecords(semanageRecords): +@@ -1540,9 +1560,8 @@ class ibpkeyRecords(semanageRecords): def customized(self): l = [] ddict = self.get_all(True) @@ -481,7 +482,7 @@ index 70fd192..99e1cd8 100644 if k[0] == k[1]: l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0])) else: -@@ -1554,11 +1569,10 @@ class ibpkeyRecords(semanageRecords): +@@ -1554,11 +1573,10 @@ class ibpkeyRecords(semanageRecords): keys = ddict.keys() if len(keys) == 0: return @@ -494,7 +495,7 @@ index 70fd192..99e1cd8 100644 rec = "%-30s %-18s " % i rec += "%s" % ddict[i][0] for p in ddict[i][1:]: -@@ -1572,8 +1586,8 @@ class ibendportRecords(semanageRecords): +@@ -1572,8 +1590,8 @@ class ibendportRecords(semanageRecords): except: valid_types = [] @@ -505,7 +506,7 @@ index 70fd192..99e1cd8 100644 def __genkey(self, ibendport, ibdev_name): if ibdev_name == "": -@@ -1782,10 +1796,9 @@ class ibendportRecords(semanageRecords): +@@ -1782,10 +1800,9 @@ class ibendportRecords(semanageRecords): def customized(self): l = [] ddict = self.get_all(True) @@ -519,7 +520,7 @@ index 70fd192..99e1cd8 100644 return l def list(self, heading=1, locallist=0): -@@ -1793,11 +1806,10 @@ class ibendportRecords(semanageRecords): +@@ -1793,11 +1810,10 @@ class ibendportRecords(semanageRecords): keys = ddict.keys() if len(keys) == 0: return @@ -532,7 +533,7 @@ index 70fd192..99e1cd8 100644 rec = "%-30s %-18s " % i rec += "%s" % ddict[i][0] for p in ddict[i][1:]: -@@ -1810,8 +1822,8 @@ class nodeRecords(semanageRecords): +@@ -1810,8 +1826,8 @@ class nodeRecords(semanageRecords): except RuntimeError: valid_types = [] @@ -543,7 +544,7 @@ index 70fd192..99e1cd8 100644 self.protocol = ["ipv4", "ipv6"] def validate(self, addr, mask, protocol): -@@ -2046,8 +2058,8 @@ class nodeRecords(semanageRecords): +@@ -2046,8 +2062,8 @@ class nodeRecords(semanageRecords): class interfaceRecords(semanageRecords): @@ -554,7 +555,7 @@ index 70fd192..99e1cd8 100644 def __add(self, interface, serange, ctype): if is_mls_enabled == 1: -@@ -2243,8 +2255,8 @@ class fcontextRecords(semanageRecords): +@@ -2243,8 +2259,8 @@ class fcontextRecords(semanageRecords): except RuntimeError: valid_types = [] @@ -565,7 +566,7 @@ index 70fd192..99e1cd8 100644 self.equiv = {} self.equiv_dist = {} self.equal_ind = False -@@ -2566,10 +2578,15 @@ class fcontextRecords(semanageRecords): +@@ -2566,10 +2582,15 @@ class fcontextRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not list file contexts")) @@ -581,7 +582,7 @@ index 70fd192..99e1cd8 100644 self.flist += fclocal ddict = {} -@@ -2627,8 +2644,8 @@ class fcontextRecords(semanageRecords): +@@ -2627,8 +2648,8 @@ class fcontextRecords(semanageRecords): class booleanRecords(semanageRecords):