rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

policycoreutils-2.5-20.fc25 

- semanage: Unify argument handling (#1398987)
- restorecond: Decrease loglevel of termination message (#1264505)
- hll/pp: Fix pp crash when processing base module (#1417200)
- semanage: Add checks if a module name is passed in (#1420707)
- semanage: fix export of fcontext socket entries (#1435127)
- fixfiles: Fix several output issues (#1435894)
This commit is contained in:
Petr Lautrbach 2017-04-07 09:15:48 +02:00
parent c34976b080
commit 59278c4aa1
2 changed files with 220 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
policycoreutils-fedora.patch
View File

@ -1844,7 +1844,7 @@ index abf8d3b..f50fcb2 100644
+ except ValueError as e:
self.error(e.args[0])
diff --git policycoreutils-2.5/hll/pp/pp.c policycoreutils-2.5/hll/pp/pp.c
index 866734f..2c9f53f 100644
index 866734f..7f9afb0 100644
--- policycoreutils-2.5/hll/pp/pp.c
+++ policycoreutils-2.5/hll/pp/pp.c
@@ -28,6 +28,7 @@
@ -1909,7 +1909,7 @@ index 866734f..2c9f53f 100644
+ if (separator) {
+ *separator = '\0';
+ }
+ if (strcmp(mod_name, cil_name) != 0) {
+ if (mod_name && strcmp(mod_name, cil_name) != 0) {
+ fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name);
+ }
+ free(cil_path);
@ -627605,6 +627605,19 @@ index b306041..c32703b 100644
+#: ../sepolicy/sepolicy/gui.py:2800
msgid "Loss of data Dialog"
msgstr ""
diff --git policycoreutils-2.5/restorecond/watch.c policycoreutils-2.5/restorecond/watch.c
index 10978cb..80b0ee7 100644
--- policycoreutils-2.5/restorecond/watch.c
+++ policycoreutils-2.5/restorecond/watch.c
@@ -174,7 +174,7 @@ int watch(int fd, const char *watch_file)
syslog(LOG_ERR, "Read error (%s)", strerror(errno));
return 0;
}
- syslog(LOG_ERR, "terminated");
+ syslog(LOG_INFO, "terminated");
return -1;
} else if (!len)
/* BUF_LEN too small? */
diff --git policycoreutils-2.5/run_init/open_init_pty.c policycoreutils-2.5/run_init/open_init_pty.c
index 37805bf..6e25ea3 100644
--- policycoreutils-2.5/run_init/open_init_pty.c
@ -628056,7 +628069,7 @@ index 472785c..dd117bb 100755
print(_("Usage %s -l -d user ...") % sys.argv[0])
print(_("Usage %s -L") % sys.argv[0])
diff --git policycoreutils-2.5/scripts/fixfiles policycoreutils-2.5/scripts/fixfiles
index 5c29eb9..5906a47 100755
index 5c29eb9..350a2bf 100755
--- policycoreutils-2.5/scripts/fixfiles
+++ policycoreutils-2.5/scripts/fixfiles
@@ -116,6 +116,7 @@ exclude_dirs() {
@ -628106,7 +628119,7 @@ index 5c29eb9..5906a47 100755
exit $?
fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -243,6 +248,10 @@ then
@@ -243,20 +248,24 @@ then
logit "skipping the directory ${p}"
done
FC=$TEMPFCFILE
@ -628117,6 +628130,23 @@ index 5c29eb9..5906a47 100755
fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - 2>&1 | cat >> $LOGFILE
+ rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - >>$LOGFILE 2>&1
done
exit $?
fi
if [ ! -z "$FILEPATH" ]; then
- ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE
+ ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* -- "$FILEPATH" >>$LOGFILE 2>&1
return
fi
if [ -n "${FILESYSTEMSRW}" ]; then
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
- ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+ ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} >>$LOGFILE 2>&1
else
echo >&2 "fixfiles: No suitable file systems found"
fi
@@ -264,7 +273,7 @@ if [ ${OPTION} != "Relabel" ]; then
return
fi
@ -628126,6 +628156,39 @@ index 5c29eb9..5906a47 100755
UNDEFINED=`get_undefined_type` || exit $?
UNLABELED=`get_unlabeled_type` || exit $?
@@ -381,8 +390,8 @@ done
shift $(( OPTIND - 1 ))
# Check for the command
-command=$1
-if [ -z $command ]; then
+command="$1"
+if [ -z "$command" ]; then
usage
fi
@@ -394,17 +403,17 @@ shift
#
if [ ! -z "$RPMFILES" ]; then
- process $command
+ process "$command"
if [ $# -gt 0 ]; then
usage
fi
else
if [ -z "$1" ]; then
- process $command
+ process "$command"
else
while [ -n "$1" ]; do
- FILEPATH=$1
- process $command
+ FILEPATH="$1"
+ process "$command"
shift
done
fi
diff --git policycoreutils-2.5/semanage/Makefile policycoreutils-2.5/semanage/Makefile
index 60c36a3..84b01a1 100644
--- policycoreutils-2.5/semanage/Makefile
@ -628285,7 +628348,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git policycoreutils-2.5/semanage/semanage policycoreutils-2.5/semanage/semanage
index 7489955..78c36e3 100644
index 7489955..6c0e0fe 100644
--- policycoreutils-2.5/semanage/semanage
+++ policycoreutils-2.5/semanage/semanage
@@ -1,4 +1,4 @@
@ -628311,8 +628374,9 @@ index 7489955..78c36e3 100644
usage_login_dict = {' --add': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --modify': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --delete': ('LOGIN',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-s STORE] ["
-usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
-usage_user = "semanage user [-h] [-n] [-N] [-s STORE] ["
+usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
@ -628335,6 +628399,17 @@ index 7489955..78c36e3 100644
usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
import sepolicy
@@ -98,8 +99,8 @@ class seParser(argparse.ArgumentParser):
def error(self, message):
if len(sys.argv) == 2:
self.print_help()
- sys.exit(2)
- self.print_usage()
+ else:
+ self.print_usage()
self.exit(2, ('%s: error: %s\n') % (self.prog, message))
@@ -111,7 +112,7 @@ class SetExportFile(argparse.Action):
try:
sys.stdout = open(values, 'w')
@ -628371,7 +628446,28 @@ index 7489955..78c36e3 100644
try:
if k in dict[target_key][1] and not args.__dict__[k]:
print("%s option is needed for %s" % (k, target_key))
@@ -524,7 +525,7 @@ def handleInterface(args):
@@ -345,10 +346,7 @@ def handleFcontext(args):
# we can not use mutually for equal because we can define some actions together with equal
fcontext_equal_args = {'equal': [('list', 'locallist', 'type', 'ftype', 'seuser', 'deleteall', 'extract'), ()]}
- if args.action is None:
- print("usage: " + "%s" % generate_custom_usage(usage_fcontext, usage_fcontext_dict))
- sys.exit(2)
- elif args.action and args.equal:
+ if args.action and args.equal:
handle_opts(args, fcontext_equal_args, "equal")
else:
handle_opts(args, fcontext_args, args.action)
@@ -397,7 +395,7 @@ If you do not specify a file type, the file type will default to "all files".
parser_add_noreload(fcontextParser, "fcontext")
parser_add_store(fcontextParser, "fcontext")
- fcontext_action = fcontextParser.add_mutually_exclusive_group(required=False)
+ fcontext_action = fcontextParser.add_mutually_exclusive_group(required=True)
parser_add_add(fcontext_action, "fcontext")
parser_add_delete(fcontext_action, "fcontext")
parser_add_modify(fcontext_action, "fcontext")
@@ -524,7 +522,7 @@ def handleInterface(args):
if args.action is "add":
OBJECT.add(args.interface, args.range, args.type)
if args.action is "modify":
@ -628380,7 +628476,7 @@ index 7489955..78c36e3 100644
if args.action is "delete":
OBJECT.delete(args.interface)
if args.action is "list":
@@ -607,7 +608,7 @@ def handleNode(args):
@@ -607,7 +605,7 @@ def handleNode(args):
if args.action is "add":
OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type)
if args.action is "modify":
@ -628389,7 +628485,39 @@ index 7489955..78c36e3 100644
if args.action is "delete":
OBJECT.delete(args.node, args.netmask, args.proto)
if args.action is "list":
@@ -702,7 +703,7 @@ def handlePermissive(args):
@@ -644,19 +642,9 @@ def setupNodeParser(subparsers):
def handleBoolean(args):
- boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]}
- if args.action is None:
- print("Usage: " + "%s" % generate_custom_usage(usage_boolean, usage_boolean_dict))
- sys.exit(2)
- # TODO: should be added to handle_opts logic
- elif args.action is "modify" and not args.boolean:
- print("boolean name required ")
- sys.exit(1)
- elif args.action is "modify" and args.boolean and not args.state:
- print("state option is needed")
- sys.exit(1)
- else:
- handle_opts(args, boolean_args, args.action)
+ boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('boolean', 'state')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]}
+
+ handle_opts(args, boolean_args, args.action)
OBJECT = object_dict['boolean']()
OBJECT.set_reload(args.noreload)
@@ -682,7 +670,7 @@ def setupBooleanParser(subparsers):
parser_add_store(booleanParser, "boolean")
booleanParser.add_argument('boolean', nargs="?", default=None, help=_('boolean'))
- boolean_action = booleanParser.add_mutually_exclusive_group(required=False)
+ boolean_action = booleanParser.add_mutually_exclusive_group(required=True)
#add_add(boolean_action)
parser_add_modify(boolean_action, "boolean")
parser_add_list(boolean_action, "boolean")
@@ -702,7 +690,7 @@ def handlePermissive(args):
if args.action is "list":
OBJECT.list(args.noheading)
@ -628398,7 +628526,7 @@ index 7489955..78c36e3 100644
if args.action is "add":
OBJECT.add(args.type)
if args.action is "delete":
@@ -839,7 +840,7 @@ def handleImport(args):
@@ -839,7 +827,7 @@ def handleImport(args):
def setupImportParser(subparsers):
@ -628407,7 +628535,7 @@ index 7489955..78c36e3 100644
parser_add_noreload(importParser, "import")
parser_add_store(importParser, "import")
importParser.add_argument('-f', '--input_file', dest='input_file', action=SetImportFile, help=_('Input file'))
@@ -855,6 +856,7 @@ def createCommandParser():
@@ -855,6 +843,7 @@ def createCommandParser():
#To add a new subcommand define the parser for it in a function above and call it here.
subparsers = commandParser.add_subparsers(dest='subcommand')
@ -628415,7 +628543,7 @@ index 7489955..78c36e3 100644
setupImportParser(subparsers)
setupExportParser(subparsers)
setupLoginParser(subparsers)
@@ -894,6 +896,8 @@ def make_io_args(args):
@@ -894,6 +883,8 @@ def make_io_args(args):
def make_args(sys_args):
@ -628596,7 +628724,7 @@ index 0fad36c..75b782f 100644
while the semanage user command deals with the mapping from SELinux
user identities to authorized role sets. In most cases, only the
diff --git policycoreutils-2.5/semanage/seobject.py policycoreutils-2.5/semanage/seobject.py
index 3b0b108..90481b1 100644
index 3b0b108..535a5b7 100644
--- policycoreutils-2.5/semanage/seobject.py
+++ policycoreutils-2.5/semanage/seobject.py
@@ -23,14 +23,12 @@
@ -628615,8 +628743,12 @@ index 3b0b108..90481b1 100644
from semanage import *
PROGNAME = "policycoreutils"
import sepolicy
@@ -82,6 +80,17 @@ file_type_str_to_option = {"all files": "a",
"socket file": "s",
@@ -79,9 +77,20 @@ file_type_str_to_option = {"all files": "a",
"directory": "d",
"character device": "c",
"block device": "b",
- "socket file": "s",
+ "socket": "s",
"symbolic link": "l",
"named pipe": "p"}
+
@ -628690,7 +628822,41 @@ index 3b0b108..90481b1 100644
def commit(self, success):
pass
@@ -416,7 +439,7 @@ class dontauditClass(semanageRecords):
@@ -355,6 +378,8 @@ class moduleRecords(semanageRecords):
print "%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled)
def add(self, file, priority):
+ if not file:
+ raise ValueError(_("You did not define module."))
if not os.path.exists(file):
raise ValueError(_("Module does not exists %s ") % file)
@@ -367,6 +392,8 @@ class moduleRecords(semanageRecords):
self.commit()
def set_enabled(self, module, enable):
+ if not module:
+ raise ValueError(_("You did not define module name."))
for m in module.split():
rc, key = semanage_module_key_create(self.sh)
if rc < 0:
@@ -385,11 +412,15 @@ class moduleRecords(semanageRecords):
self.commit()
def modify(self, file):
+ if not file:
+ raise ValueError(_("You did not define module."))
rc = semanage_module_update_file(self.sh, file)
if rc >= 0:
self.commit()
def delete(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
@@ -416,7 +447,7 @@ class dontauditClass(semanageRecords):
if dontaudit not in ["on", "off"]:
raise ValueError(_("dontaudit requires either 'on' or 'off'"))
self.begin()
@ -628699,7 +628865,7 @@ index 3b0b108..90481b1 100644
self.commit()
@@ -459,7 +482,6 @@ class permissiveRecords(semanageRecords):
@@ -459,7 +490,6 @@ class permissiveRecords(semanageRecords):
print t
def add(self, type):
@ -628707,7 +628873,7 @@ index 3b0b108..90481b1 100644
try:
import sepolgen.module as module
except ImportError:
@@ -834,7 +856,6 @@ class seluserRecords(semanageRecords):
@@ -834,7 +864,6 @@ class seluserRecords(semanageRecords):
self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange)
def add(self, name, roles, selevel, serange, prefix):
@ -628715,7 +628881,7 @@ index 3b0b108..90481b1 100644
try:
self.begin()
self.__add(name, roles, selevel, serange, prefix)
@@ -1109,6 +1130,8 @@ class portRecords(semanageRecords):
@@ -1109,6 +1138,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k)
semanage_port_free(p)
@ -628724,7 +628890,7 @@ index 3b0b108..90481b1 100644
def add(self, port, proto, serange, type):
self.begin()
self.__add(port, proto, serange, type)
@@ -1138,8 +1161,11 @@ class portRecords(semanageRecords):
@@ -1138,8 +1169,11 @@ class portRecords(semanageRecords):
con = semanage_port_get_con(p)
@ -628738,7 +628904,7 @@ index 3b0b108..90481b1 100644
if setype != "":
semanage_context_set_type(self.sh, con, setype)
@@ -1150,6 +1176,8 @@ class portRecords(semanageRecords):
@@ -1150,6 +1184,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k)
semanage_port_free(p)
@ -628747,7 +628913,7 @@ index 3b0b108..90481b1 100644
def modify(self, port, proto, serange, setype):
self.begin()
self.__modify(port, proto, serange, setype)
@@ -1168,6 +1196,7 @@ class portRecords(semanageRecords):
@@ -1168,6 +1204,7 @@ class portRecords(semanageRecords):
low = semanage_port_get_low(port)
high = semanage_port_get_high(port)
port_str = "%s-%s" % (low, high)
@ -628755,7 +628921,7 @@ index 3b0b108..90481b1 100644
(k, proto_d, low, high) = self.__genkey(port_str, proto_str)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % port_str)
@@ -1177,6 +1206,11 @@ class portRecords(semanageRecords):
@@ -1177,6 +1214,11 @@ class portRecords(semanageRecords):
raise ValueError(_("Could not delete the port %s") % port_str)
semanage_port_key_free(k)
@ -628767,7 +628933,7 @@ index 3b0b108..90481b1 100644
self.commit()
def __delete(self, port, proto):
@@ -1199,6 +1233,8 @@ class portRecords(semanageRecords):
@@ -1199,6 +1241,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k)
@ -628776,7 +628942,7 @@ index 3b0b108..90481b1 100644
def delete(self, port, proto):
self.begin()
self.__delete(port, proto)
@@ -1380,6 +1416,8 @@ class nodeRecords(semanageRecords):
@@ -1380,6 +1424,8 @@ class nodeRecords(semanageRecords):
semanage_node_key_free(k)
semanage_node_free(node)
@ -628785,7 +628951,7 @@ index 3b0b108..90481b1 100644
def add(self, addr, mask, proto, serange, ctype):
self.begin()
self.__add(addr, mask, proto, serange, ctype)
@@ -1421,6 +1459,8 @@ class nodeRecords(semanageRecords):
@@ -1421,6 +1467,8 @@ class nodeRecords(semanageRecords):
semanage_node_key_free(k)
semanage_node_free(node)
@ -628794,7 +628960,7 @@ index 3b0b108..90481b1 100644
def modify(self, addr, mask, proto, serange, setype):
self.begin()
self.__modify(addr, mask, proto, serange, setype)
@@ -1452,6 +1492,8 @@ class nodeRecords(semanageRecords):
@@ -1452,6 +1500,8 @@ class nodeRecords(semanageRecords):
semanage_node_key_free(k)
@ -628803,7 +628969,7 @@ index 3b0b108..90481b1 100644
def delete(self, addr, mask, proto):
self.begin()
self.__delete(addr, mask, proto)
@@ -1581,6 +1623,8 @@ class interfaceRecords(semanageRecords):
@@ -1581,6 +1631,8 @@ class interfaceRecords(semanageRecords):
semanage_iface_key_free(k)
semanage_iface_free(iface)
@ -628812,7 +628978,7 @@ index 3b0b108..90481b1 100644
def add(self, interface, serange, ctype):
self.begin()
self.__add(interface, serange, ctype)
@@ -1618,6 +1662,8 @@ class interfaceRecords(semanageRecords):
@@ -1618,6 +1670,8 @@ class interfaceRecords(semanageRecords):
semanage_iface_key_free(k)
semanage_iface_free(iface)
@ -628821,7 +628987,7 @@ index 3b0b108..90481b1 100644
def modify(self, interface, serange, setype):
self.begin()
self.__modify(interface, serange, setype)
@@ -1646,6 +1692,8 @@ class interfaceRecords(semanageRecords):
@@ -1646,6 +1700,8 @@ class interfaceRecords(semanageRecords):
semanage_iface_key_free(k)
@ -628830,7 +628996,7 @@ index 3b0b108..90481b1 100644
def delete(self, interface):
self.begin()
self.__delete(interface)
@@ -1775,6 +1823,8 @@ class fcontextRecords(semanageRecords):
@@ -1775,6 +1831,8 @@ class fcontextRecords(semanageRecords):
if i.startswith(target + "/"):
raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'") % (target, i, fdict[i]))
@ -628839,7 +629005,7 @@ index 3b0b108..90481b1 100644
self.equiv[target] = substitute
self.equal_ind = True
self.commit()
@@ -1785,6 +1835,9 @@ class fcontextRecords(semanageRecords):
@@ -1785,6 +1843,9 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Equivalence class for %s does not exists") % target)
self.equiv[target] = substitute
self.equal_ind = True
@ -628849,7 +629015,7 @@ index 3b0b108..90481b1 100644
self.commit()
def createcon(self, target, seuser="system_u"):
@@ -1879,6 +1932,11 @@ class fcontextRecords(semanageRecords):
@@ -1879,6 +1940,11 @@ class fcontextRecords(semanageRecords):
semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext)
@ -628861,7 +629027,7 @@ index 3b0b108..90481b1 100644
def add(self, target, type, ftype="", serange="", seuser="system_u"):
self.begin()
self.__add(target, type, ftype, serange, seuser)
@@ -1888,7 +1946,7 @@ class fcontextRecords(semanageRecords):
@@ -1888,7 +1954,7 @@ class fcontextRecords(semanageRecords):
if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser"))
if setype and setype not in self.valid_types:
@ -628870,7 +629036,7 @@ index 3b0b108..90481b1 100644
self.validate(target)
@@ -1904,16 +1962,18 @@ class fcontextRecords(semanageRecords):
@@ -1904,16 +1970,18 @@ class fcontextRecords(semanageRecords):
if not exists:
raise ValueError(_("File context for %s is not defined") % target)
@ -628894,7 +629060,7 @@ index 3b0b108..90481b1 100644
con = self.createcon(target)
if (is_mls_enabled == 1) and (serange != ""):
@@ -1939,6 +1999,11 @@ class fcontextRecords(semanageRecords):
@@ -1939,6 +2007,11 @@ class fcontextRecords(semanageRecords):
semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext)
@ -628906,7 +629072,7 @@ index 3b0b108..90481b1 100644
def modify(self, target, setype, ftype, serange, seuser):
self.begin()
self.__modify(target, setype, ftype, serange, seuser)
@@ -1964,6 +2029,8 @@ class fcontextRecords(semanageRecords):
@@ -1964,6 +2037,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@ -628915,7 +629081,7 @@ index 3b0b108..90481b1 100644
self.equiv = {}
self.equal_ind = True
self.commit()
@@ -1972,6 +2039,9 @@ class fcontextRecords(semanageRecords):
@@ -1972,6 +2047,9 @@ class fcontextRecords(semanageRecords):
if target in self.equiv.keys():
self.equiv.pop(target)
self.equal_ind = True
@ -628925,7 +629091,7 @@ index 3b0b108..90481b1 100644
return
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
@@ -1996,6 +2066,8 @@ class fcontextRecords(semanageRecords):
@@ -1996,6 +2074,8 @@ class fcontextRecords(semanageRecords):
semanage_fcontext_key_free(k)
@ -628934,7 +629100,7 @@ index 3b0b108..90481b1 100644
def delete(self, target, ftype):
self.begin()
self.__delete(target, ftype)
@@ -2091,7 +2163,7 @@ class booleanRecords(semanageRecords):
@@ -2091,7 +2171,7 @@ class booleanRecords(semanageRecords):
self.current_booleans = []
ptype = None
@ -628945,7 +629111,7 @@ index 3b0b108..90481b1 100644
self.modify_local = False
diff --git policycoreutils-2.5/semanage/seobject/__init__.py policycoreutils-2.5/semanage/seobject/__init__.py
new file mode 100644
index 0000000..6ca9e7b
index 0000000..c51103c
--- /dev/null
+++ policycoreutils-2.5/semanage/seobject/__init__.py
@@ -0,0 +1,2407 @@
@ -629039,7 +629205,7 @@ index 0000000..6ca9e7b
+ "directory":"d",
+ "character device":"c",
+ "block device":"b",
+ "socket file":"s",
+ "socket":"s",
+ "symbolic link":"l",
+ "named pipe":"p"}
+

16
policycoreutils.spec
View File

@ -9,7 +9,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.5
Release: 19%{?dist}
Release: 20%{?dist}
License: GPLv2
Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases
@ -26,10 +26,10 @@ Source8: selinux-autorelabel.target
Source9: selinux-autorelabel-generator.sh
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/223fc83c6e68cead9b3d8d4e5ca7e95a580952e7
# $ VERSION=2.5 BRANCH=f25 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/64a70270ec99b0ade3adebd8102a7fc5ed191d9e
Patch: policycoreutils-fedora.patch
# $ VERSION=1.2.3 ./make-fedora-selinux-patch.sh sepolgen
# $ VERSION=1.2.3 BRANCH=f25 ./make-fedora-selinux-patch.sh sepolgen
Patch1: sepolgen-fedora.patch
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -436,6 +436,14 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Fri Apr 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.5-20
- semanage: Unify argument handling (#1398987)
- restorecond: Decrease loglevel of termination message (#1264505)
- hll/pp: Fix pp crash when processing base module (#1417200)
- semanage: Add checks if a module name is passed in (#1420707)
- semanage: fix export of fcontext socket entries (#1435127)
- fixfiles: Fix several output issues (#1435894)
* Thu Dec 01 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-19
- seobject: Handle python error returns correctly
- policycoreutils/sepolicy/gui: fix current selinux state radiobutton