Make fcdict return a dictionary of dictionaries

- Fix for sepolicy manpage
2013-06-18 14:38:47 -04:00 · 2013-06-18 14:38:47 -04:00 · 544468684c
parent 4f89c533b5
commit 544468684c
2 changed files with 212 additions and 61 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -250464,14 +250464,14 @@ index 4c5243a..036c418 100644
 diff --git a/policycoreutils/semodule/genhomedircon.8 b/policycoreutils/semodule/genhomedircon.8
 new file mode 100644
-index 0000000..08e3bad
+index 0000000..2a3315b
 --- /dev/null
 +++ b/policycoreutils/semodule/genhomedircon.8
@@ -0,0 +1,24 @@
 +.TH GENHOMEDIRCON "8" "Sep 2011" "Security Enhanced Linux" "SELinux"
 +.SH NAME
 +genhomedircon \- generate SELinux file context configuration entries for user home directories
-+.SH SYNOPSIS
+.SH DESCRIPTION
 +.B genhomedircon
 +is a script that executes
 +.B semodule
@ -251020,7 +251020,7 @@ index b6abdf5..c05c943 100644
 Generate an additional HTML man pages for the specified domain(s).
 diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
-index b25d3b2..9b29b39 100755
+index b25d3b2..43a8101 100755
 --- a/policycoreutils/sepolicy/sepolicy.py
 +++ b/policycoreutils/sepolicy/sepolicy.py
@@ -22,6 +22,8 @@
@ -251037,7 +251037,7 @@ index b25d3b2..9b29b39 100755
     __builtin__.__dict__['_'] = unicode
 +usage = "sepolicy generate [-h] [-n NAME] [-p PATH] [-w [WRITEPATHS [WRITEPATHS ...]]] ["
-+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a  ADMIN_DOMAIN',), ' --admin_user':('-a  ADMIN_DOMAIN',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a  ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
+usage_dict = {' --newtype':('-t [TYPES [TYPES ...]]',),' --customize':('-d DOMAIN','-a  ADMIN_DOMAIN',), ' --admin_user':('[-r ROLE ]',), ' --application':('COMMAND',), ' --cgi':('COMMAND',), ' --confined_admin':('-a  ADMIN_DOMAIN',), ' --dbus':('COMMAND',), ' --desktop_user':('',),' --inetd':('COMMAND',),' --init':('COMMAND',), ' --sandbox':('',), ' --term_user':('',), ' --x_user':('',)}
 +
 class CheckPath(argparse.Action):
     def __call__(self, parser, namespace, values, option_string=None):
@ -251100,7 +251100,7 @@ index b25d3b2..9b29b39 100755
         newval = getattr(namespace, self.dest)
         if not newval:
             newval = []
-@@ -140,27 +165,65 @@ class CheckPolicyType(argparse.Action):
+@@ -140,27 +165,76 @@ class CheckPolicyType(argparse.Action):
 class CheckUser(argparse.Action):
     def __call__(self, parser, namespace, value, option_string=None):
@ -251115,6 +251115,17 @@ index b25d3b2..9b29b39 100755
         newval.append(value)
         setattr(namespace, self.dest, newval)
 +class CheckRole(argparse.Action):
 +    def __call__(self, parser, namespace, value, option_string=None):
 +        newval = getattr(namespace, self.dest)
 +        if not newval:
 +            newval = []
 +        roles = sepolicy.get_all_roles()
 +        if value not in roles:
 +                raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (value, ", ".join(roles)))
 +        newval.append(value[:-2])
 +        setattr(namespace, self.dest, newval)
 +
 +class InterfaceInfo(argparse.Action):
 +    def __call__(self, parser, namespace, values, option_string=None):
 +	from sepolicy.interface import get_interface_dict
@ -251173,7 +251184,7 @@ index b25d3b2..9b29b39 100755
     if args.list_ports:
         all_ports = []
         for i in portrecs:
-@@ -201,41 +264,41 @@ def manpage(args):
+@@ -201,41 +275,41 @@ def manpage(args):
     from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
     path = args.path
@ -251238,7 +251249,7 @@ index b25d3b2..9b29b39 100755
 def gen_network_args(parser):
         net = parser.add_parser("network",
-@@ -283,7 +346,6 @@ def gen_communicate_args(parser):
+@@ -283,7 +357,6 @@ def gen_communicate_args(parser):
     comm.set_defaults(func=communicate)
 def booleans(args):
@ -251246,7 +251257,7 @@ index b25d3b2..9b29b39 100755
     from sepolicy import boolean_desc
     if args.all:
         rc, args.booleans = selinux.security_get_boolean_names()
-@@ -300,6 +362,7 @@ def gen_booleans_args(parser):
+@@ -300,6 +373,7 @@ def gen_booleans_args(parser):
                        action="store_true",
                        help=_("get all booleans descriptions"))
     group.add_argument("-b", "--boolean", dest="booleans", nargs="+",
@ -251254,7 +251265,7 @@ index b25d3b2..9b29b39 100755
                        help=_("boolean to get description"))
     bools.set_defaults(func=booleans)
-@@ -319,22 +382,49 @@ def gen_transition_args(parser):
+@@ -319,22 +393,49 @@ def gen_transition_args(parser):
                        help=_("target process domain"))
     trans.set_defaults(func=transition)
@ -251313,7 +251324,7 @@ index b25d3b2..9b29b39 100755
         if not args.command:
             raise ValueError(_("Command required for this type of policy"))
         cmd = os.path.realpath(args.command)
-@@ -346,8 +436,18 @@ def generate(args):
+@@ -346,8 +447,18 @@ def generate(args):
         mypolicy.set_program(cmd)
     if args.types:
@ -251332,7 +251343,15 @@ index b25d3b2..9b29b39 100755
     for p in args.writepaths:
         if os.path.isdir(p):
             mypolicy.add_dir(p)
-@@ -366,20 +466,34 @@ def generate(args):
+@@ -355,6 +466,7 @@ def generate(args):
             mypolicy.add_file(p)
     mypolicy.set_transition_users(args.user)
 +    mypolicy.set_admin_roles(args.role)
     mypolicy.set_admin_domains(args.admin_domain)
     mypolicy.set_existing_domains(args.domain)
@@ -366,20 +478,34 @@ def generate(args):
 def gen_interface_args(parser):
     itf = parser.add_parser("interface",
                             help=_('List SELinux Policy interfaces'))
@ -251370,7 +251389,17 @@ index b25d3b2..9b29b39 100755
                             help=_('Generate SELinux Policy module template'))
     pol.add_argument("-d", "--domain", dest="domain", default=[],
                      action=CheckDomain, nargs="*",
-@@ -397,53 +511,57 @@ def gen_generate_args(parser):
+@@ -387,6 +513,9 @@ def gen_generate_args(parser):
     pol.add_argument("-u", "--user", dest="user", default=[],
                      action=CheckUser, 
                      help=_("Enter SELinux user(s) which will transition to this domain"))
 +    pol.add_argument("-r", "--role", dest="role", default=[],
 +                     action=CheckRole, 
 +                     help=_("Enter SELinux role(s) to which this domain will transition"))
     pol.add_argument("-a", "--admin", dest="admin_domain",default=[],
                      action=CheckAdmin,
                      help=_("Enter domain(s) that this confined admin will administrate"))
@@ -397,53 +526,57 @@ def gen_generate_args(parser):
                      help=argparse.SUPPRESS)
     pol.add_argument("-t", "--type", dest="types", default=[], nargs="*",
                      action=CheckType, 
@ -251454,7 +251483,7 @@ index b25d3b2..9b29b39 100755
     pol.set_defaults(func=generate)
 if __name__ == '__main__':
-@@ -461,11 +579,17 @@ if __name__ == '__main__':
+@@ -461,11 +594,17 @@ if __name__ == '__main__':
     gen_transition_args(subparsers)
     try:
@ -251474,7 +251503,7 @@ index b25d3b2..9b29b39 100755
     except KeyboardInterrupt:
         sys.exit(0)
 diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
-index 5e7415c..b367e9c 100644
+index 5e7415c..8862ebb 100644
 --- a/policycoreutils/sepolicy/sepolicy/__init__.py
 +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -7,6 +7,9 @@ import _policy
@ -251487,7 +251516,7 @@ index 5e7415c..b367e9c 100644
 gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
 gettext.textdomain(PROGNAME)
 try:
-@@ -37,9 +40,119 @@ CLASS = 'class'
+@@ -37,9 +40,134 @@ CLASS = 'class'
 TRANSITION = 'transition'
 ROLE_ALLOW = 'role_allow'
@ -251541,11 +251570,20 @@ index 5e7415c..b367e9c 100644
 +    
 +    for f in all_writes:
 +        try:
-+            mpaths[f] = fcdict[f]
+            mpaths[f] = fcdict[f]["regex"]
 +        except KeyError:
 +            mpaths[f] = []
 +    return mpaths
 +
 +import os, pprint, re, sys
 +def find_file(reg, path):
 +    try:
 +        pat = re.compile(r"%s$" % reg)
 +        return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path)))
 +    except:
 +        return []
 +
 +import os
 +fcdict=None
 +def get_fcdict(fc_path = selinux.selinux_file_context_path()):
 +	global fcdict
@ -251561,22 +251599,28 @@ index 5e7415c..b367e9c 100644
 +	for i in fc:
 +		rec = i.split()
 +		try:
 +                        if len(rec) > 2:
 +                            ftype = rec[1]
 +                        else:
 +                            ftype = ""
 +                        
 +			t = rec[-1].split(":")[2]
 +			if t in fcdict:
-+				fcdict[t].append(rec[0])
+				fcdict[t]["regex"].append(rec[0])
 +				fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
 +			else:
-+				fcdict[t] = [ rec[0] ]
+				fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype}
 +		except:
 +			pass
-+	fcdict["logfile"] = [ "all log files" ]
+	fcdict["logfile"] = { "regex" : [ "all log files" ]}
-+	fcdict["user_tmp_type"] = [ "all user tmp files" ]
+	fcdict["user_tmp_type"] = { "regex" : [ "all user tmp files" ]}
-+	fcdict["user_home_type"] = [ "all user home files" ]
+	fcdict["user_home_type"] = { "regex" : [ "all user home files" ]}
-+	fcdict["virt_image_type"] = [ "all virtual image files" ]
+	fcdict["virt_image_type"] = { "regex" : [ "all virtual image files" ]}
-+	fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ]
+	fcdict["noxattrfs"] = { "regex" : [ "all files on file systems which do not support extended attributes" ]}
-+	fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ]
+	fcdict["sandbox_tmpfs_type"] = { "regex" : [ "all sandbox content in tmpfs file systems" ]}
-+	fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ]
+	fcdict["user_tmpfs_type"] = { "regex" : [ "all user content in tmpfs file systems" ]}
-+	fcdict["file_type"] = [ "all files on the system" ]
+	fcdict["file_type"] = { "regex" : [ "all files on the system" ] }
-+	fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
+	fcdict["samba_share_t"] = { "regex" : [ "use this label for random content that will be shared using samba" ] }
 +	return fcdict
 +
 +def get_entrypoint_types(setype):
@ -251585,7 +251629,8 @@ index 5e7415c..b367e9c 100644
 +    return entrypoints
 +
 +def get_init_entrypoint_target(entrypoint):
-+    try:
+     try:
 -        path = selinux.selinux_binary_policy_path()
 +        entrypoints = map(lambda x: x['transtype'], search([TRANSITION],{'source':"init_t",  'target':entrypoint, 'class':'process'}))
 +        return entrypoints[0]
 +    except TypeError:
@ -251597,19 +251642,18 @@ index 5e7415c..b367e9c 100644
 +    mpaths = {}
 +    for f in get_entrypoint_types(setype):
 +        try:
-+            mpaths[f] = fcdict[f]
+            mpaths[f] = fcdict[f]["regex"]
 +        except:
 +            mpaths[f] = []
 +    return mpaths
 +
 +def get_installed_policy(root = "/"):
-     try:
+    try:
 -        path = selinux.selinux_binary_policy_path()
 +        path = root + selinux.selinux_binary_policy_path()
         policies = glob.glob ("%s.*" % path )
         policies.sort()
         return policies[-1]
-@@ -47,6 +160,27 @@ def __get_installed_policy():
+@@ -47,6 +175,27 @@ def __get_installed_policy():
         pass
     raise ValueError(_("No SELinux Policy installed"))
@ -251637,7 +251681,7 @@ index 5e7415c..b367e9c 100644
 all_types = None
 def get_all_types():
     global all_types
-@@ -54,6 +188,13 @@ def get_all_types():
+@@ -54,6 +203,13 @@ def get_all_types():
         all_types = map(lambda x: x['name'], info(TYPE))
     return all_types
@ -251651,7 +251695,7 @@ index 5e7415c..b367e9c 100644
 role_allows = None
 def get_all_role_allows():
 	global role_allows
-@@ -71,6 +212,7 @@ def get_all_role_allows():
+@@ -71,6 +227,7 @@ def get_all_role_allows():
 	return role_allows
 def get_all_entrypoint_domains():
@ -251659,7 +251703,7 @@ index 5e7415c..b367e9c 100644
     all_domains = []
     types=get_all_types()
     types.sort()
-@@ -81,11 +223,54 @@ def get_all_entrypoint_domains():
+@@ -81,11 +238,54 @@ def get_all_entrypoint_domains():
                 all_domains.append(m[0])
     return all_domains
@ -251715,7 +251759,7 @@ index 5e7415c..b367e9c 100644
 	return all_domains
 roles = None
-@@ -139,50 +324,92 @@ def get_all_attributes():
+@@ -139,50 +339,92 @@ def get_all_attributes():
 	return all_attributes
 def policy(policy_file):
@ -251833,7 +251877,7 @@ index 5e7415c..b367e9c 100644
 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
         global booleans_dict
         if booleans_dict:
-@@ -191,7 +418,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
+@@ -191,7 +433,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
 	import re
 	booleans_dict = {}
 	try:
@ -251856,7 +251900,7 @@ index a179d95..9b9a09a 100755
     tlist = []
     for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
 diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
-index 26f8390..ce328e6 100644
+index 26f8390..a5e4b9b 100644
 --- a/policycoreutils/sepolicy/sepolicy/generate.py
 +++ b/policycoreutils/sepolicy/sepolicy/generate.py
@@ -63,20 +63,6 @@ except IOError:
@ -251898,15 +251942,6 @@ index 26f8390..ce328e6 100644
                 line = "%s(%s_t)\n" % (method, self.name)
             else:
                 line = """
@@ -765,7 +751,7 @@ allow %s_t %s_t:%s_socket name_%s;
                 return newte 
 -            if self.type == RUSER:
 +            if self.type == RUSER or self.type == AUSER:
                 newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
                 for app in self.admin_domains:
@@ -875,6 +861,13 @@ allow %s_t %s_t:%s_socket name_%s;
                         if t.endswith(i):
                             newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types)
@ -252266,7 +252301,7 @@ index 8b063ca..c7dac62 100644
 +    else:
 +        sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..086f2a7 100755
+index 25062da..c4d8161 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
@@ -28,12 +28,12 @@ import string
@ -252304,7 +252339,47 @@ index 25062da..086f2a7 100755
 		if domain in domains:
 			continue
 		domains.append(domain)
-@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
+@@ -114,39 +114,6 @@ def gen_domains():
 	domains.sort()
 	return domains
 -fcdict=None
 -def _gen_fcdict(fc_path = selinux.selinux_file_context_path()):
 -	global fcdict
 -	if fcdict:
 -		return fcdict
 -	fd = open(fc_path, "r")
 -	fc = fd.readlines()
 -	fd.close()
 -	fd = open(fc_path+".homedirs", "r")
 -	fc += fd.readlines()
 -	fd.close()
 -	fcdict = {}
 -	for i in fc:
 -		rec = i.split()
 -		try:
 -			t = rec[-1].split(":")[2]
 -			if t in fcdict:
 -				fcdict[t].append(rec[0])
 -			else:
 -				fcdict[t] = [ rec[0] ]
 -		except:
 -			pass
 -	fcdict["logfile"] = [ "all log files" ]
 -	fcdict["user_tmp_type"] = [ "all user tmp files" ]
 -	fcdict["user_home_type"] = [ "all user home files" ]
 -	fcdict["virt_image_type"] = [ "all virtual image files" ]
 -	fcdict["noxattrfs"] = [ "all files on file systems which do not support extended attributes" ]
 -	fcdict["sandbox_tmpfs_type"] = [ "all sandbox content in tmpfs file systems" ]
 -	fcdict["user_tmpfs_type"] = [ "all user content in tmpfs file systems" ]
 -	fcdict["file_type"] = [ "all files on the system" ]
 -	fcdict["samba_share_t"] = [ "use this label for random content that will be shared using samba" ]
 -	return fcdict
 -
 types = None
 def _gen_types():
 	global types
@@ -184,14 +151,12 @@ def get_alphabet_manpages(manpage_list):
 	return alphabet_manpages
 def convert_manpage_to_html(html_manpage,manpage):
@ -252323,7 +252398,7 @@ index 25062da..086f2a7 100755
 class HTMLManPages:
 	"""
-@@ -416,56 +414,42 @@ class ManPage:
+@@ -416,56 +381,42 @@ class ManPage:
     """
 	Generate a Manpage on an SELinux domain in the specified path
     """
@ -252351,6 +252426,7 @@ index 25062da..086f2a7 100755
 -		self.fcpath = fcpath
 -	else:
 -		self.fcpath = selinux.selinux_file_context_path()
 -	self.fcdict = _gen_fcdict(self.fcpath)
 +	self.root = root
 +	self.portrecs = gen_port_dict()[0]
 +	self.domains = gen_domains()
@ -252366,7 +252442,7 @@ index 25062da..086f2a7 100755
 +	self.types = _gen_types()
 +
 +	self.fcpath = self.root + selinux.selinux_file_context_path()
- 	self.fcdict = _gen_fcdict(self.fcpath)
+	self.fcdict = get_fcdict(self.fcpath)
 	if not os.path.exists(path):
 		os.makedirs(path)
@ -252400,7 +252476,7 @@ index 25062da..086f2a7 100755
 	    self.__gen_user_man_page()
 	    if self.html:
 		manpage_roles.append(self.man_page_path)
-@@ -483,16 +467,16 @@ class ManPage:
+@@ -483,16 +434,16 @@ class ManPage:
     def _gen_bools(self):
 	    self.bools=[]
 	    self.domainbools=[]
@ -252427,7 +252503,7 @@ index 25062da..086f2a7 100755
 	    self.bools.sort()
 	    self.domainbools.sort()
-@@ -538,9 +522,6 @@ class ManPage:
+@@ -538,9 +489,6 @@ class ManPage:
 	    print path
     def __gen_man_page(self):
@ -252437,7 +252513,7 @@ index 25062da..086f2a7 100755
 	self.anon_list = []
 	self.attributes = {}
-@@ -563,22 +544,11 @@ class ManPage:
+@@ -563,22 +511,11 @@ class ManPage:
     def _get_ptypes(self):
 	for f in self.all_domains:
@ -252463,7 +252539,7 @@ index 25062da..086f2a7 100755
 		 % {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
 	self.fd.write(r"""
 .SH "NAME"
-@@ -774,7 +744,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
+@@ -774,7 +711,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
     def _port_types(self):
 	self.ports = []
 	for f in self.all_port_types:
@ -252472,7 +252548,34 @@ index 25062da..086f2a7 100755
 		self.ports.append(f)
 	if len(self.ports) == 0:
-@@ -923,13 +893,12 @@ to apply the labels.
+@@ -821,7 +758,7 @@ Default Defined Ports:""")
 		if f.startswith(self.domainname):
 			flist.append(f)
 			if f in self.fcdict:
 -				mpaths = mpaths + self.fcdict[f]
 +				mpaths = mpaths + self.fcdict[f]["regex"]
 	if len(mpaths) == 0:
 		return
 	mpaths.sort()
@@ -901,14 +838,14 @@ Note: SELinux often uses regular expressions to specify labels that match multip
 		if f in self.fcdict:
 		    plural = ""
 -		    if len(self.fcdict[f]) > 1:
 +		    if len(self.fcdict[f]["regex"]) > 1:
 			plural = "s"
 			self.fd.write("""
 .br
 .TP 5
 Path%s:
 -%s""" % (plural, self.fcdict[f][0]))
 -			for x in self.fcdict[f][1:]:
 +%s""" % (plural, self.fcdict[f]["regex"][0]))
 +			for x in self.fcdict[f]["regex"][1:]:
 			    self.fd.write(", %s" % x)
 	self.fd.write("""
@@ -923,13 +860,12 @@ to apply the labels.
     def _see_also(self):
 	    ret = ""
@ -252488,7 +252591,7 @@ index 25062da..086f2a7 100755
 			    ret += ", %s_selinux(8)" % d
 	    self.fd.write(ret)
-@@ -947,13 +916,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+@@ -947,13 +883,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
 .B restorecon -F -R -v /var/%(domainname)s
 .pp
 .TP
@ -252505,7 +252608,7 @@ index 25062da..086f2a7 100755
 """  % {'domainname':self.domainname})
 	    for b in self.anon_list:
 		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
-@@ -998,12 +968,11 @@ is a GUI tool available to customize SELinux policy settings.
+@@ -998,12 +935,11 @@ is a GUI tool available to customize SELinux policy settings.
 .SH AUTHOR
 This manual page was auto-generated using
@ -252520,7 +252623,25 @@ index 25062da..086f2a7 100755
 	if self.booltext != "":
 	    self.fd.write(", setsebool(8)")
-@@ -1230,6 +1199,7 @@ The SELinux user %s_u is not able to terminal login.
+@@ -1046,7 +982,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
 	paths=[]
 	for entrypoint in entrypoints:
 		if entrypoint in self.fcdict:
 -			paths += self.fcdict[entrypoint]
 +			paths += self.fcdict[entrypoint]["regex"]
 	self.fd.write("""
 %s""" % ", ".join(paths))
@@ -1086,7 +1022,7 @@ The SELinux process type %s_t can manage files labeled with the following file t
 """ % f)
 	    if f in self.fcdict:
 -		for path in self.fcdict[f]:
 +		for path in self.fcdict[f]["regex"]:
 		    self.fd.write("""\t%s
 .br
 """ % path)
@@ -1230,6 +1166,7 @@ The SELinux user %s_u is not able to terminal login.
 """ % self.domainname)
     def _network(self):
@ -252528,6 +252649,32 @@ index 25062da..086f2a7 100755
 	self.fd.write("""
 .SH NETWORK
 """)
@@ -1241,10 +1178,10 @@ The SELinux user %s_u is not able to terminal login.
 The SELinux user %s_u is able to listen on the following %s ports.
 """ % (self.domainname, net))
 		for p in portdict:
 -		    for recs in portdict[p]:
 +		    for t, ports in portdict[p]:
 			self.fd.write("""
 .B %s
 -""" % recs)
 +""" % ",".join(ports))
 	    portdict = network.get_network_connect(self.type, "tcp", "name_connect")
 	    if len(portdict) > 0:
 		self.fd.write("""
@@ -1252,10 +1189,10 @@ The SELinux user %s_u is able to listen on the following %s ports.
 The SELinux user %s_u is able to connect to the following tcp ports.
 """ % (self.domainname))
 		for p in portdict:
 -		    for recs in portdict[p]:
 +		    for t, ports in portdict[p]:
 			self.fd.write("""
 .B %s
 -""" % recs)
 +""" % ",".join(ports))
     def _home_exec(self):
 	permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']})
 diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py
 index 66efe26..970f4c8 100755
 --- a/policycoreutils/sepolicy/sepolicy/network.py
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 53%{?dist}
+Release: 54%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -311,6 +311,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 %changelog
 * Tue Jun 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-54
 - Make fcdict return a dictionary of dictionaries
 - Fix for sepolicy manpage
 * Mon Jun 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-53
 - Add new man pages for each semanage subsection