diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 809638a..d203bf5 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -250464,14 +250464,14 @@ index 4c5243a..036c418 100644 diff --git a/policycoreutils/semodule/genhomedircon.8 b/policycoreutils/semodule/genhomedircon.8 new file mode 100644 -index 0000000..08e3bad +index 0000000..2a3315b --- /dev/null +++ b/policycoreutils/semodule/genhomedircon.8 @@ -0,0 +1,24 @@ +.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux" +.SH NAME +genhomedircon \- generate SELinux file context configuration entries for user home directories -+.SH SYNOPSIS ++.SH DESCRIPTION +.B genhomedircon +is a script that executes +.B semodule @@ -251020,7 +251020,7 @@ index b6abdf5..c05c943 100644 Generate an additional HTML man pages for the specified domain(s). diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py -index b25d3b2..9b29b39 100755 +index b25d3b2..43a8101 100755 --- a/policycoreutils/sepolicy/sepolicy.py +++ b/policycoreutils/sepolicy/sepolicy.py @@ -22,6 +22,8 @@ @@ -251037,7 +251037,7 @@ index b25d3b2..9b29b39 100755 __builtin__.__dict__['_'] = unicode +usage = "sepolicy generate [-h] [-n NAME] [-p PATH] [-w [WRITEPATHS [WRITEPATHS ...]]] [" -+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',), ' --admin_user':('-a ADMIN_DOMAIN',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)} ++usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a ADMIN_DOMAIN',), ' --admin_user':('[-r ROLE ]',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)} + class CheckPath(argparse.Action): def __call__(self, parser, namespace, values, option_string=None): @@ -251100,7 +251100,7 @@ index b25d3b2..9b29b39 100755 newval = getattr(namespace, self.dest) if not newval: newval = [] -@@ -140,27 +165,65 @@ class CheckPolicyType(argparse.Action): +@@ -140,27 +165,76 @@ class CheckPolicyType(argparse.Action): class CheckUser(argparse.Action): def __call__(self, parser, namespace, value, option_string=None): @@ -251115,6 +251115,17 @@ index b25d3b2..9b29b39 100755 newval.append(value) setattr(namespace, self.dest, newval) ++class CheckRole(argparse.Action): ++ def __call__(self, parser, namespace, value, option_string=None): ++ newval = getattr(namespace, self.dest) ++ if not newval: ++ newval = [] ++ roles = sepolicy.get_all_roles() ++ if value not in roles: ++ raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (value, ", ".join(roles))) ++ newval.append(value[:-2]) ++ setattr(namespace, self.dest, newval) ++ +class InterfaceInfo(argparse.Action): + def __call__(self, parser, namespace, values, option_string=None): + from sepolicy.interface import get_interface_dict @@ -251173,7 +251184,7 @@ index b25d3b2..9b29b39 100755 if args.list_ports: all_ports = [] for i in portrecs: -@@ -201,41 +264,41 @@ def manpage(args): +@@ -201,41 +275,41 @@ def manpage(args): from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains path = args.path @@ -251238,7 +251249,7 @@ index b25d3b2..9b29b39 100755 def gen_network_args(parser): net = parser.add_parser("network", -@@ -283,7 +346,6 @@ def gen_communicate_args(parser): +@@ -283,7 +357,6 @@ def gen_communicate_args(parser): comm.set_defaults(func=communicate) def booleans(args): @@ -251246,7 +251257,7 @@ index b25d3b2..9b29b39 100755 from sepolicy import boolean_desc if args.all: rc, args.booleans = selinux.security_get_boolean_names() -@@ -300,6 +362,7 @@ def gen_booleans_args(parser): +@@ -300,6 +373,7 @@ def gen_booleans_args(parser): action="store_true", help=_("get all booleans descriptions")) group.add_argument("-b", "--boolean", dest="booleans", nargs="+", @@ -251254,7 +251265,7 @@ index b25d3b2..9b29b39 100755 help=_("boolean to get description")) bools.set_defaults(func=booleans) -@@ -319,22 +382,49 @@ def gen_transition_args(parser): +@@ -319,22 +393,49 @@ def gen_transition_args(parser): help=_("target process domain")) trans.set_defaults(func=transition) @@ -251313,7 +251324,7 @@ index b25d3b2..9b29b39 100755 if not args.command: raise ValueError(_("Command required for this type of policy")) cmd = os.path.realpath(args.command) -@@ -346,8 +436,18 @@ def generate(args): +@@ -346,8 +447,18 @@ def generate(args): mypolicy.set_program(cmd) if args.types: @@ -251332,7 +251343,15 @@ index b25d3b2..9b29b39 100755 for p in args.writepaths: if os.path.isdir(p): mypolicy.add_dir(p) -@@ -366,20 +466,34 @@ def generate(args): +@@ -355,6 +466,7 @@ def generate(args): + mypolicy.add_file(p) + + mypolicy.set_transition_users(args.user) ++ mypolicy.set_admin_roles(args.role) + mypolicy.set_admin_domains(args.admin_domain) + mypolicy.set_existing_domains(args.domain) + +@@ -366,20 +478,34 @@ def generate(args): def gen_interface_args(parser): itf = parser.add_parser("interface", help=_('List SELinux Policy interfaces')) @@ -251370,7 +251389,17 @@ index b25d3b2..9b29b39 100755 help=_('Generate SELinux Policy module template')) pol.add_argument("-d", "--domain", dest="domain", default=[], action=CheckDomain, nargs="*", -@@ -397,53 +511,57 @@ def gen_generate_args(parser): +@@ -387,6 +513,9 @@ def gen_generate_args(parser): + pol.add_argument("-u", "--user", dest="user", default=[], + action=CheckUser, + help=_("Enter SELinux user(s) which will transition to this domain")) ++ pol.add_argument("-r", "--role", dest="role", default=[], ++ action=CheckRole, ++ help=_("Enter SELinux role(s) to which this domain will transition")) + pol.add_argument("-a", "--admin", dest="admin_domain",default=[], + action=CheckAdmin, + help=_("Enter domain(s) that this confined admin will administrate")) +@@ -397,53 +526,57 @@ def gen_generate_args(parser): help=argparse.SUPPRESS) pol.add_argument("-t", "--type", dest="types", default=[], nargs="*", action=CheckType, @@ -251454,7 +251483,7 @@ index b25d3b2..9b29b39 100755 pol.set_defaults(func=generate) if __name__ == '__main__': -@@ -461,11 +579,17 @@ if __name__ == '__main__': +@@ -461,11 +594,17 @@ if __name__ == '__main__': gen_transition_args(subparsers) try: @@ -251474,7 +251503,7 @@ index b25d3b2..9b29b39 100755 except KeyboardInterrupt: sys.exit(0) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index 5e7415c..b367e9c 100644 +index 5e7415c..8862ebb 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -7,6 +7,9 @@ import _policy @@ -251487,7 +251516,7 @@ index 5e7415c..b367e9c 100644 gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) try: -@@ -37,9 +40,119 @@ CLASS = 'class' +@@ -37,9 +40,134 @@ CLASS = 'class' TRANSITION = 'transition' ROLE_ALLOW = 'role_allow' @@ -251541,11 +251570,20 @@ index 5e7415c..b367e9c 100644 + + for f in all_writes: + try: -+ mpaths[f] = fcdict[f] ++ mpaths[f] = fcdict[f]["regex"] + except KeyError: + mpaths[f] = [] + return mpaths + ++import os, pprint, re, sys ++def find_file(reg, path): ++ try: ++ pat = re.compile(r"%s$" % reg) ++ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path))) ++ except: ++ return [] ++ ++import os +fcdict=None +def get_fcdict(fc_path = selinux.selinux_file_context_path()): + global fcdict @@ -251561,22 +251599,28 @@ index 5e7415c..b367e9c 100644 + for i in fc: + rec = i.split() + try: ++ if len(rec) > 2: ++ ftype = rec[1] ++ else: ++ ftype = "" ++ + t = rec[-1].split(":")[2] + if t in fcdict: -+ fcdict[t].append(rec[0]) ++ fcdict[t]["regex"].append(rec[0]) ++ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0]))) + else: -+ fcdict[t] = [ rec[0] ] ++ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype} + except: + pass -+ fcdict["logfile"] = [ "all log files" ] -+ fcdict["user_tmp_type"] = [ "all user tmp files" ] -+ fcdict["user_home_type"] = [ "all user home files" ] -+ fcdict["virt_image_type"] = [ "all virtual image files" ] -+ fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ] -+ fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ] -+ fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ] -+ fcdict["file_type"] = [ "all files on the system" ] -+ fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ] ++ fcdict["logfile"] = { "regex" : [ "all log files" ]} ++ fcdict["user_tmp_type"] = { "regex" : [ "all user tmp files" ]} ++ fcdict["user_home_type"] = { "regex" : [ "all user home files" ]} ++ fcdict["virt_image_type"] = { "regex" : [ "all virtual image files" ]} ++ fcdict["noxattrfs"] = { "regex" : [ "all files on file systems which do not support extended attributes" ]} ++ fcdict["sandbox_tmpfs_type"] = { "regex" : [ "all sandbox content in tmpfs file systems" ]} ++ fcdict["user_tmpfs_type"] = { "regex" : [ "all user content in tmpfs file systems" ]} ++ fcdict["file_type"] = { "regex" : [ "all files on the system" ] } ++ fcdict["samba_share_t"] = { "regex" : [ "use this label for random content that will be shared using samba" ] } + return fcdict + +def get_entrypoint_types(setype): @@ -251585,7 +251629,8 @@ index 5e7415c..b367e9c 100644 + return entrypoints + +def get_init_entrypoint_target(entrypoint): -+ try: + try: +- path = selinux.selinux_binary_policy_path() + entrypoints = map(lambda x: x['transtype'], search([TRANSITION],{'source':"init_t", 'target':entrypoint, 'class':'process'})) + return entrypoints[0] + except TypeError: @@ -251597,19 +251642,18 @@ index 5e7415c..b367e9c 100644 + mpaths = {} + for f in get_entrypoint_types(setype): + try: -+ mpaths[f] = fcdict[f] ++ mpaths[f] = fcdict[f]["regex"] + except: + mpaths[f] = [] + return mpaths + +def get_installed_policy(root = "/"): - try: -- path = selinux.selinux_binary_policy_path() ++ try: + path = root + selinux.selinux_binary_policy_path() policies = glob.glob ("%s.*" % path ) policies.sort() return policies[-1] -@@ -47,6 +160,27 @@ def __get_installed_policy(): +@@ -47,6 +175,27 @@ def __get_installed_policy(): pass raise ValueError(_("No SELinux Policy installed")) @@ -251637,7 +251681,7 @@ index 5e7415c..b367e9c 100644 all_types = None def get_all_types(): global all_types -@@ -54,6 +188,13 @@ def get_all_types(): +@@ -54,6 +203,13 @@ def get_all_types(): all_types = map(lambda x: x['name'], info(TYPE)) return all_types @@ -251651,7 +251695,7 @@ index 5e7415c..b367e9c 100644 role_allows = None def get_all_role_allows(): global role_allows -@@ -71,6 +212,7 @@ def get_all_role_allows(): +@@ -71,6 +227,7 @@ def get_all_role_allows(): return role_allows def get_all_entrypoint_domains(): @@ -251659,7 +251703,7 @@ index 5e7415c..b367e9c 100644 all_domains = [] types=get_all_types() types.sort() -@@ -81,11 +223,54 @@ def get_all_entrypoint_domains(): +@@ -81,11 +238,54 @@ def get_all_entrypoint_domains(): all_domains.append(m[0]) return all_domains @@ -251715,7 +251759,7 @@ index 5e7415c..b367e9c 100644 return all_domains roles = None -@@ -139,50 +324,92 @@ def get_all_attributes(): +@@ -139,50 +339,92 @@ def get_all_attributes(): return all_attributes def policy(policy_file): @@ -251833,7 +251877,7 @@ index 5e7415c..b367e9c 100644 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): global booleans_dict if booleans_dict: -@@ -191,7 +418,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): +@@ -191,7 +433,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): import re booleans_dict = {} try: @@ -251856,7 +251900,7 @@ index a179d95..9b9a09a 100755 tlist = [] for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)): diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py -index 26f8390..ce328e6 100644 +index 26f8390..a5e4b9b 100644 --- a/policycoreutils/sepolicy/sepolicy/generate.py +++ b/policycoreutils/sepolicy/sepolicy/generate.py @@ -63,20 +63,6 @@ except IOError: @@ -251898,15 +251942,6 @@ index 26f8390..ce328e6 100644 line = "%s(%s_t)\n" % (method, self.name) else: line = """ -@@ -765,7 +751,7 @@ allow %s_t %s_t:%s_socket name_%s; - - return newte - -- if self.type == RUSER: -+ if self.type == RUSER or self.type == AUSER: - newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules) - - for app in self.admin_domains: @@ -875,6 +861,13 @@ allow %s_t %s_t:%s_socket name_%s; if t.endswith(i): newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types) @@ -252266,7 +252301,7 @@ index 8b063ca..c7dac62 100644 + else: + sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface)) diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py -index 25062da..086f2a7 100755 +index 25062da..c4d8161 100755 --- a/policycoreutils/sepolicy/sepolicy/manpage.py +++ b/policycoreutils/sepolicy/sepolicy/manpage.py @@ -28,12 +28,12 @@ import string @@ -252304,7 +252339,47 @@ index 25062da..086f2a7 100755 if domain in domains: continue domains.append(domain) -@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list): +@@ -114,39 +114,6 @@ def gen_domains(): + domains.sort() + return domains + +-fcdict=None +-def _gen_fcdict(fc_path = selinux.selinux_file_context_path()): +- global fcdict +- if fcdict: +- return fcdict +- fd = open(fc_path, "r") +- fc = fd.readlines() +- fd.close() +- fd = open(fc_path+".homedirs", "r") +- fc += fd.readlines() +- fd.close() +- fcdict = {} +- for i in fc: +- rec = i.split() +- try: +- t = rec[-1].split(":")[2] +- if t in fcdict: +- fcdict[t].append(rec[0]) +- else: +- fcdict[t] = [ rec[0] ] +- except: +- pass +- fcdict["logfile"] = [ "all log files" ] +- fcdict["user_tmp_type"] = [ "all user tmp files" ] +- fcdict["user_home_type"] = [ "all user home files" ] +- fcdict["virt_image_type"] = [ "all virtual image files" ] +- fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ] +- fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ] +- fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ] +- fcdict["file_type"] = [ "all files on the system" ] +- fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ] +- return fcdict +- + types = None + def _gen_types(): + global types +@@ -184,14 +151,12 @@ def get_alphabet_manpages(manpage_list): return alphabet_manpages def convert_manpage_to_html(html_manpage,manpage): @@ -252323,7 +252398,7 @@ index 25062da..086f2a7 100755 class HTMLManPages: """ -@@ -416,56 +414,42 @@ class ManPage: +@@ -416,56 +381,42 @@ class ManPage: """ Generate a Manpage on an SELinux domain in the specified path """ @@ -252351,6 +252426,7 @@ index 25062da..086f2a7 100755 - self.fcpath = fcpath - else: - self.fcpath = selinux.selinux_file_context_path() +- self.fcdict = _gen_fcdict(self.fcpath) + self.root = root + self.portrecs = gen_port_dict()[0] + self.domains = gen_domains() @@ -252366,7 +252442,7 @@ index 25062da..086f2a7 100755 + self.types = _gen_types() + + self.fcpath = self.root + selinux.selinux_file_context_path() - self.fcdict = _gen_fcdict(self.fcpath) ++ self.fcdict = get_fcdict(self.fcpath) if not os.path.exists(path): os.makedirs(path) @@ -252400,7 +252476,7 @@ index 25062da..086f2a7 100755 self.__gen_user_man_page() if self.html: manpage_roles.append(self.man_page_path) -@@ -483,16 +467,16 @@ class ManPage: +@@ -483,16 +434,16 @@ class ManPage: def _gen_bools(self): self.bools=[] self.domainbools=[] @@ -252427,7 +252503,7 @@ index 25062da..086f2a7 100755 self.bools.sort() self.domainbools.sort() -@@ -538,9 +522,6 @@ class ManPage: +@@ -538,9 +489,6 @@ class ManPage: print path def __gen_man_page(self): @@ -252437,7 +252513,7 @@ index 25062da..086f2a7 100755 self.anon_list = [] self.attributes = {} -@@ -563,22 +544,11 @@ class ManPage: +@@ -563,22 +511,11 @@ class ManPage: def _get_ptypes(self): for f in self.all_domains: @@ -252463,7 +252539,7 @@ index 25062da..086f2a7 100755 % {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")}) self.fd.write(r""" .SH "NAME" -@@ -774,7 +744,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n +@@ -774,7 +711,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n def _port_types(self): self.ports = [] for f in self.all_port_types: @@ -252472,7 +252548,34 @@ index 25062da..086f2a7 100755 self.ports.append(f) if len(self.ports) == 0: -@@ -923,13 +893,12 @@ to apply the labels. +@@ -821,7 +758,7 @@ Default Defined Ports:""") + if f.startswith(self.domainname): + flist.append(f) + if f in self.fcdict: +- mpaths = mpaths + self.fcdict[f] ++ mpaths = mpaths + self.fcdict[f]["regex"] + if len(mpaths) == 0: + return + mpaths.sort() +@@ -901,14 +838,14 @@ Note: SELinux often uses regular expressions to specify labels that match multip + + if f in self.fcdict: + plural = "" +- if len(self.fcdict[f]) > 1: ++ if len(self.fcdict[f]["regex"]) > 1: + plural = "s" + self.fd.write(""" + .br + .TP 5 + Path%s: +-%s""" % (plural, self.fcdict[f][0])) +- for x in self.fcdict[f][1:]: ++%s""" % (plural, self.fcdict[f]["regex"][0])) ++ for x in self.fcdict[f]["regex"][1:]: + self.fd.write(", %s" % x) + + self.fd.write(""" +@@ -923,13 +860,12 @@ to apply the labels. def _see_also(self): ret = "" @@ -252488,7 +252591,7 @@ index 25062da..086f2a7 100755 ret += ", %s_selinux(8)" % d self.fd.write(ret) -@@ -947,13 +916,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?" +@@ -947,13 +883,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?" .B restorecon -F -R -v /var/%(domainname)s .pp .TP @@ -252505,7 +252608,7 @@ index 25062da..086f2a7 100755 """ % {'domainname':self.domainname}) for b in self.anon_list: desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:] -@@ -998,12 +968,11 @@ is a GUI tool available to customize SELinux policy settings. +@@ -998,12 +935,11 @@ is a GUI tool available to customize SELinux policy settings. .SH AUTHOR This manual page was auto-generated using @@ -252520,7 +252623,25 @@ index 25062da..086f2a7 100755 if self.booltext != "": self.fd.write(", setsebool(8)") -@@ -1230,6 +1199,7 @@ The SELinux user %s_u is not able to terminal login. +@@ -1046,7 +982,7 @@ All executeables with the default executable label, usually stored in /usr/bin a + paths=[] + for entrypoint in entrypoints: + if entrypoint in self.fcdict: +- paths += self.fcdict[entrypoint] ++ paths += self.fcdict[entrypoint]["regex"] + + self.fd.write(""" + %s""" % ", ".join(paths)) +@@ -1086,7 +1022,7 @@ The SELinux process type %s_t can manage files labeled with the following file t + + """ % f) + if f in self.fcdict: +- for path in self.fcdict[f]: ++ for path in self.fcdict[f]["regex"]: + self.fd.write("""\t%s + .br + """ % path) +@@ -1230,6 +1166,7 @@ The SELinux user %s_u is not able to terminal login. """ % self.domainname) def _network(self): @@ -252528,6 +252649,32 @@ index 25062da..086f2a7 100755 self.fd.write(""" .SH NETWORK """) +@@ -1241,10 +1178,10 @@ The SELinux user %s_u is not able to terminal login. + The SELinux user %s_u is able to listen on the following %s ports. + """ % (self.domainname, net)) + for p in portdict: +- for recs in portdict[p]: ++ for t, ports in portdict[p]: + self.fd.write(""" + .B %s +-""" % recs) ++""" % ",".join(ports)) + portdict = network.get_network_connect(self.type, "tcp", "name_connect") + if len(portdict) > 0: + self.fd.write(""" +@@ -1252,10 +1189,10 @@ The SELinux user %s_u is able to listen on the following %s ports. + The SELinux user %s_u is able to connect to the following tcp ports. + """ % (self.domainname)) + for p in portdict: +- for recs in portdict[p]: ++ for t, ports in portdict[p]: + self.fd.write(""" + .B %s +-""" % recs) ++""" % ",".join(ports)) + + def _home_exec(self): + permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']}) diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py index 66efe26..970f4c8 100755 --- a/policycoreutils/sepolicy/sepolicy/network.py diff --git a/policycoreutils.spec b/policycoreutils.spec index bb72b60..e3bfdf7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 53%{?dist} +Release: 54%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -54,7 +54,7 @@ to switch roles. %setup -q -a 1 %patch -p2 -b .rhat %patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver} -%patch2 -p1 -b .semanage +%patch2 -p1 -b .semanage %build cp %{SOURCE3} gui/ @@ -311,6 +311,10 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Tue Jun 18 2013 Dan Walsh - 2.1.14-54 +- Make fcdict return a dictionary of dictionaries +- Fix for sepolicy manpage + * Mon Jun 17 2013 Dan Walsh - 2.1.14-53 - Add new man pages for each semanage subsection