From 59278c4aa10dfb9844ec76a7393f6d855004ea19 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 7 Apr 2017 09:15:48 +0200 Subject: [PATCH] policycoreutils-2.5-20.fc25 - semanage: Unify argument handling (#1398987) - restorecond: Decrease loglevel of termination message (#1264505) - hll/pp: Fix pp crash when processing base module (#1417200) - semanage: Add checks if a module name is passed in (#1420707) - semanage: fix export of fcontext socket entries (#1435127) - fixfiles: Fix several output issues (#1435894) --- policycoreutils-fedora.patch | 250 +++++++++++++++++++++++++++++------ policycoreutils.spec | 16 ++- 2 files changed, 220 insertions(+), 46 deletions(-) diff --git a/policycoreutils-fedora.patch b/policycoreutils-fedora.patch index 54fd00a..7420a02 100644 --- a/policycoreutils-fedora.patch +++ b/policycoreutils-fedora.patch @@ -1844,7 +1844,7 @@ index abf8d3b..f50fcb2 100644 + except ValueError as e: self.error(e.args[0]) diff --git policycoreutils-2.5/hll/pp/pp.c policycoreutils-2.5/hll/pp/pp.c -index 866734f..2c9f53f 100644 +index 866734f..7f9afb0 100644 --- policycoreutils-2.5/hll/pp/pp.c +++ policycoreutils-2.5/hll/pp/pp.c @@ -28,6 +28,7 @@ @@ -1909,7 +1909,7 @@ index 866734f..2c9f53f 100644 + if (separator) { + *separator = '\0'; + } -+ if (strcmp(mod_name, cil_name) != 0) { ++ if (mod_name && strcmp(mod_name, cil_name) != 0) { + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name); + } + free(cil_path); @@ -627605,6 +627605,19 @@ index b306041..c32703b 100644 +#: ../sepolicy/sepolicy/gui.py:2800 msgid "Loss of data Dialog" msgstr "" +diff --git policycoreutils-2.5/restorecond/watch.c policycoreutils-2.5/restorecond/watch.c +index 10978cb..80b0ee7 100644 +--- policycoreutils-2.5/restorecond/watch.c ++++ policycoreutils-2.5/restorecond/watch.c +@@ -174,7 +174,7 @@ int watch(int fd, const char *watch_file) + syslog(LOG_ERR, "Read error (%s)", strerror(errno)); + return 0; + } +- syslog(LOG_ERR, "terminated"); ++ syslog(LOG_INFO, "terminated"); + return -1; + } else if (!len) + /* BUF_LEN too small? */ diff --git policycoreutils-2.5/run_init/open_init_pty.c policycoreutils-2.5/run_init/open_init_pty.c index 37805bf..6e25ea3 100644 --- policycoreutils-2.5/run_init/open_init_pty.c @@ -628056,7 +628069,7 @@ index 472785c..dd117bb 100755 print(_("Usage %s -l -d user ...") % sys.argv[0]) print(_("Usage %s -L") % sys.argv[0]) diff --git policycoreutils-2.5/scripts/fixfiles policycoreutils-2.5/scripts/fixfiles -index 5c29eb9..5906a47 100755 +index 5c29eb9..350a2bf 100755 --- policycoreutils-2.5/scripts/fixfiles +++ policycoreutils-2.5/scripts/fixfiles @@ -116,6 +116,7 @@ exclude_dirs() { @@ -628106,7 +628119,7 @@ index 5c29eb9..5906a47 100755 exit $? fi [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon -@@ -243,6 +248,10 @@ then +@@ -243,20 +248,24 @@ then logit "skipping the directory ${p}" done FC=$TEMPFCFILE @@ -628117,6 +628130,23 @@ index 5c29eb9..5906a47 100755 fi if [ ! -z "$RPMFILES" ]; then for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do +- rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - 2>&1 | cat >> $LOGFILE ++ rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - >>$LOGFILE 2>&1 + done + exit $? + fi + if [ ! -z "$FILEPATH" ]; then +- ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE ++ ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* -- "$FILEPATH" >>$LOGFILE 2>&1 + return + fi + if [ -n "${FILESYSTEMSRW}" ]; then + echo "${OPTION}ing `echo ${FILESYSTEMSRW}`" +- ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE ++ ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} >>$LOGFILE 2>&1 + else + echo >&2 "fixfiles: No suitable file systems found" + fi @@ -264,7 +273,7 @@ if [ ${OPTION} != "Relabel" ]; then return fi @@ -628126,6 +628156,39 @@ index 5c29eb9..5906a47 100755 UNDEFINED=`get_undefined_type` || exit $? UNLABELED=`get_unlabeled_type` || exit $? +@@ -381,8 +390,8 @@ done + shift $(( OPTIND - 1 )) + + # Check for the command +-command=$1 +-if [ -z $command ]; then ++command="$1" ++if [ -z "$command" ]; then + usage + fi + +@@ -394,17 +403,17 @@ shift + # + + if [ ! -z "$RPMFILES" ]; then +- process $command ++ process "$command" + if [ $# -gt 0 ]; then + usage + fi + else + if [ -z "$1" ]; then +- process $command ++ process "$command" + else + while [ -n "$1" ]; do +- FILEPATH=$1 +- process $command ++ FILEPATH="$1" ++ process "$command" + shift + done + fi diff --git policycoreutils-2.5/semanage/Makefile policycoreutils-2.5/semanage/Makefile index 60c36a3..84b01a1 100644 --- policycoreutils-2.5/semanage/Makefile @@ -628285,7 +628348,7 @@ index 0000000..e2befdb + packages=["policycoreutils"], +) diff --git policycoreutils-2.5/semanage/semanage policycoreutils-2.5/semanage/semanage -index 7489955..78c36e3 100644 +index 7489955..6c0e0fe 100644 --- policycoreutils-2.5/semanage/semanage +++ policycoreutils-2.5/semanage/semanage @@ -1,4 +1,4 @@ @@ -628311,8 +628374,9 @@ index 7489955..78c36e3 100644 usage_login_dict = {' --add': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --modify': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --delete': ('LOGIN',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} -usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-s STORE] [" +-usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} +usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] [" - usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} ++usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)} -usage_user = "semanage user [-h] [-n] [-N] [-s STORE] [" +usage_user = "semanage user [-h] [-n] [-N] [-S STORE] [" @@ -628335,6 +628399,17 @@ index 7489955..78c36e3 100644 usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} import sepolicy +@@ -98,8 +99,8 @@ class seParser(argparse.ArgumentParser): + def error(self, message): + if len(sys.argv) == 2: + self.print_help() +- sys.exit(2) +- self.print_usage() ++ else: ++ self.print_usage() + self.exit(2, ('%s: error: %s\n') % (self.prog, message)) + + @@ -111,7 +112,7 @@ class SetExportFile(argparse.Action): try: sys.stdout = open(values, 'w') @@ -628371,7 +628446,28 @@ index 7489955..78c36e3 100644 try: if k in dict[target_key][1] and not args.__dict__[k]: print("%s option is needed for %s" % (k, target_key)) -@@ -524,7 +525,7 @@ def handleInterface(args): +@@ -345,10 +346,7 @@ def handleFcontext(args): + # we can not use mutually for equal because we can define some actions together with equal + fcontext_equal_args = {'equal': [('list', 'locallist', 'type', 'ftype', 'seuser', 'deleteall', 'extract'), ()]} + +- if args.action is None: +- print("usage: " + "%s" % generate_custom_usage(usage_fcontext, usage_fcontext_dict)) +- sys.exit(2) +- elif args.action and args.equal: ++ if args.action and args.equal: + handle_opts(args, fcontext_equal_args, "equal") + else: + handle_opts(args, fcontext_args, args.action) +@@ -397,7 +395,7 @@ If you do not specify a file type, the file type will default to "all files". + parser_add_noreload(fcontextParser, "fcontext") + parser_add_store(fcontextParser, "fcontext") + +- fcontext_action = fcontextParser.add_mutually_exclusive_group(required=False) ++ fcontext_action = fcontextParser.add_mutually_exclusive_group(required=True) + parser_add_add(fcontext_action, "fcontext") + parser_add_delete(fcontext_action, "fcontext") + parser_add_modify(fcontext_action, "fcontext") +@@ -524,7 +522,7 @@ def handleInterface(args): if args.action is "add": OBJECT.add(args.interface, args.range, args.type) if args.action is "modify": @@ -628380,7 +628476,7 @@ index 7489955..78c36e3 100644 if args.action is "delete": OBJECT.delete(args.interface) if args.action is "list": -@@ -607,7 +608,7 @@ def handleNode(args): +@@ -607,7 +605,7 @@ def handleNode(args): if args.action is "add": OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type) if args.action is "modify": @@ -628389,7 +628485,39 @@ index 7489955..78c36e3 100644 if args.action is "delete": OBJECT.delete(args.node, args.netmask, args.proto) if args.action is "list": -@@ -702,7 +703,7 @@ def handlePermissive(args): +@@ -644,19 +642,9 @@ def setupNodeParser(subparsers): + + + def handleBoolean(args): +- boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]} +- if args.action is None: +- print("Usage: " + "%s" % generate_custom_usage(usage_boolean, usage_boolean_dict)) +- sys.exit(2) +- # TODO: should be added to handle_opts logic +- elif args.action is "modify" and not args.boolean: +- print("boolean name required ") +- sys.exit(1) +- elif args.action is "modify" and args.boolean and not args.state: +- print("state option is needed") +- sys.exit(1) +- else: +- handle_opts(args, boolean_args, args.action) ++ boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('boolean', 'state')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]} ++ ++ handle_opts(args, boolean_args, args.action) + + OBJECT = object_dict['boolean']() + OBJECT.set_reload(args.noreload) +@@ -682,7 +670,7 @@ def setupBooleanParser(subparsers): + parser_add_store(booleanParser, "boolean") + booleanParser.add_argument('boolean', nargs="?", default=None, help=_('boolean')) + +- boolean_action = booleanParser.add_mutually_exclusive_group(required=False) ++ boolean_action = booleanParser.add_mutually_exclusive_group(required=True) + #add_add(boolean_action) + parser_add_modify(boolean_action, "boolean") + parser_add_list(boolean_action, "boolean") +@@ -702,7 +690,7 @@ def handlePermissive(args): if args.action is "list": OBJECT.list(args.noheading) @@ -628398,7 +628526,7 @@ index 7489955..78c36e3 100644 if args.action is "add": OBJECT.add(args.type) if args.action is "delete": -@@ -839,7 +840,7 @@ def handleImport(args): +@@ -839,7 +827,7 @@ def handleImport(args): def setupImportParser(subparsers): @@ -628407,7 +628535,7 @@ index 7489955..78c36e3 100644 parser_add_noreload(importParser, "import") parser_add_store(importParser, "import") importParser.add_argument('-f', '--input_file', dest='input_file', action=SetImportFile, help=_('Input file')) -@@ -855,6 +856,7 @@ def createCommandParser(): +@@ -855,6 +843,7 @@ def createCommandParser(): #To add a new subcommand define the parser for it in a function above and call it here. subparsers = commandParser.add_subparsers(dest='subcommand') @@ -628415,7 +628543,7 @@ index 7489955..78c36e3 100644 setupImportParser(subparsers) setupExportParser(subparsers) setupLoginParser(subparsers) -@@ -894,6 +896,8 @@ def make_io_args(args): +@@ -894,6 +883,8 @@ def make_io_args(args): def make_args(sys_args): @@ -628596,7 +628724,7 @@ index 0fad36c..75b782f 100644 while the semanage user command deals with the mapping from SELinux user identities to authorized role sets. In most cases, only the diff --git policycoreutils-2.5/semanage/seobject.py policycoreutils-2.5/semanage/seobject.py -index 3b0b108..90481b1 100644 +index 3b0b108..535a5b7 100644 --- policycoreutils-2.5/semanage/seobject.py +++ policycoreutils-2.5/semanage/seobject.py @@ -23,14 +23,12 @@ @@ -628615,8 +628743,12 @@ index 3b0b108..90481b1 100644 from semanage import * PROGNAME = "policycoreutils" import sepolicy -@@ -82,6 +80,17 @@ file_type_str_to_option = {"all files": "a", - "socket file": "s", +@@ -79,9 +77,20 @@ file_type_str_to_option = {"all files": "a", + "directory": "d", + "character device": "c", + "block device": "b", +- "socket file": "s", ++ "socket": "s", "symbolic link": "l", "named pipe": "p"} + @@ -628690,7 +628822,41 @@ index 3b0b108..90481b1 100644 def commit(self, success): pass -@@ -416,7 +439,7 @@ class dontauditClass(semanageRecords): +@@ -355,6 +378,8 @@ class moduleRecords(semanageRecords): + print "%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled) + + def add(self, file, priority): ++ if not file: ++ raise ValueError(_("You did not define module.")) + if not os.path.exists(file): + raise ValueError(_("Module does not exists %s ") % file) + +@@ -367,6 +392,8 @@ class moduleRecords(semanageRecords): + self.commit() + + def set_enabled(self, module, enable): ++ if not module: ++ raise ValueError(_("You did not define module name.")) + for m in module.split(): + rc, key = semanage_module_key_create(self.sh) + if rc < 0: +@@ -385,11 +412,15 @@ class moduleRecords(semanageRecords): + self.commit() + + def modify(self, file): ++ if not file: ++ raise ValueError(_("You did not define module.")) + rc = semanage_module_update_file(self.sh, file) + if rc >= 0: + self.commit() + + def delete(self, module, priority): ++ if not module: ++ raise ValueError(_("You did not define module name.")) + rc = semanage_set_default_priority(self.sh, priority) + if rc < 0: + raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) +@@ -416,7 +447,7 @@ class dontauditClass(semanageRecords): if dontaudit not in ["on", "off"]: raise ValueError(_("dontaudit requires either 'on' or 'off'")) self.begin() @@ -628699,7 +628865,7 @@ index 3b0b108..90481b1 100644 self.commit() -@@ -459,7 +482,6 @@ class permissiveRecords(semanageRecords): +@@ -459,7 +490,6 @@ class permissiveRecords(semanageRecords): print t def add(self, type): @@ -628707,7 +628873,7 @@ index 3b0b108..90481b1 100644 try: import sepolgen.module as module except ImportError: -@@ -834,7 +856,6 @@ class seluserRecords(semanageRecords): +@@ -834,7 +864,6 @@ class seluserRecords(semanageRecords): self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange) def add(self, name, roles, selevel, serange, prefix): @@ -628715,7 +628881,7 @@ index 3b0b108..90481b1 100644 try: self.begin() self.__add(name, roles, selevel, serange, prefix) -@@ -1109,6 +1130,8 @@ class portRecords(semanageRecords): +@@ -1109,6 +1138,8 @@ class portRecords(semanageRecords): semanage_port_key_free(k) semanage_port_free(p) @@ -628724,7 +628890,7 @@ index 3b0b108..90481b1 100644 def add(self, port, proto, serange, type): self.begin() self.__add(port, proto, serange, type) -@@ -1138,8 +1161,11 @@ class portRecords(semanageRecords): +@@ -1138,8 +1169,11 @@ class portRecords(semanageRecords): con = semanage_port_get_con(p) @@ -628738,7 +628904,7 @@ index 3b0b108..90481b1 100644 if setype != "": semanage_context_set_type(self.sh, con, setype) -@@ -1150,6 +1176,8 @@ class portRecords(semanageRecords): +@@ -1150,6 +1184,8 @@ class portRecords(semanageRecords): semanage_port_key_free(k) semanage_port_free(p) @@ -628747,7 +628913,7 @@ index 3b0b108..90481b1 100644 def modify(self, port, proto, serange, setype): self.begin() self.__modify(port, proto, serange, setype) -@@ -1168,6 +1196,7 @@ class portRecords(semanageRecords): +@@ -1168,6 +1204,7 @@ class portRecords(semanageRecords): low = semanage_port_get_low(port) high = semanage_port_get_high(port) port_str = "%s-%s" % (low, high) @@ -628755,7 +628921,7 @@ index 3b0b108..90481b1 100644 (k, proto_d, low, high) = self.__genkey(port_str, proto_str) if rc < 0: raise ValueError(_("Could not create a key for %s") % port_str) -@@ -1177,6 +1206,11 @@ class portRecords(semanageRecords): +@@ -1177,6 +1214,11 @@ class portRecords(semanageRecords): raise ValueError(_("Could not delete the port %s") % port_str) semanage_port_key_free(k) @@ -628767,7 +628933,7 @@ index 3b0b108..90481b1 100644 self.commit() def __delete(self, port, proto): -@@ -1199,6 +1233,8 @@ class portRecords(semanageRecords): +@@ -1199,6 +1241,8 @@ class portRecords(semanageRecords): semanage_port_key_free(k) @@ -628776,7 +628942,7 @@ index 3b0b108..90481b1 100644 def delete(self, port, proto): self.begin() self.__delete(port, proto) -@@ -1380,6 +1416,8 @@ class nodeRecords(semanageRecords): +@@ -1380,6 +1424,8 @@ class nodeRecords(semanageRecords): semanage_node_key_free(k) semanage_node_free(node) @@ -628785,7 +628951,7 @@ index 3b0b108..90481b1 100644 def add(self, addr, mask, proto, serange, ctype): self.begin() self.__add(addr, mask, proto, serange, ctype) -@@ -1421,6 +1459,8 @@ class nodeRecords(semanageRecords): +@@ -1421,6 +1467,8 @@ class nodeRecords(semanageRecords): semanage_node_key_free(k) semanage_node_free(node) @@ -628794,7 +628960,7 @@ index 3b0b108..90481b1 100644 def modify(self, addr, mask, proto, serange, setype): self.begin() self.__modify(addr, mask, proto, serange, setype) -@@ -1452,6 +1492,8 @@ class nodeRecords(semanageRecords): +@@ -1452,6 +1500,8 @@ class nodeRecords(semanageRecords): semanage_node_key_free(k) @@ -628803,7 +628969,7 @@ index 3b0b108..90481b1 100644 def delete(self, addr, mask, proto): self.begin() self.__delete(addr, mask, proto) -@@ -1581,6 +1623,8 @@ class interfaceRecords(semanageRecords): +@@ -1581,6 +1631,8 @@ class interfaceRecords(semanageRecords): semanage_iface_key_free(k) semanage_iface_free(iface) @@ -628812,7 +628978,7 @@ index 3b0b108..90481b1 100644 def add(self, interface, serange, ctype): self.begin() self.__add(interface, serange, ctype) -@@ -1618,6 +1662,8 @@ class interfaceRecords(semanageRecords): +@@ -1618,6 +1670,8 @@ class interfaceRecords(semanageRecords): semanage_iface_key_free(k) semanage_iface_free(iface) @@ -628821,7 +628987,7 @@ index 3b0b108..90481b1 100644 def modify(self, interface, serange, setype): self.begin() self.__modify(interface, serange, setype) -@@ -1646,6 +1692,8 @@ class interfaceRecords(semanageRecords): +@@ -1646,6 +1700,8 @@ class interfaceRecords(semanageRecords): semanage_iface_key_free(k) @@ -628830,7 +628996,7 @@ index 3b0b108..90481b1 100644 def delete(self, interface): self.begin() self.__delete(interface) -@@ -1775,6 +1823,8 @@ class fcontextRecords(semanageRecords): +@@ -1775,6 +1831,8 @@ class fcontextRecords(semanageRecords): if i.startswith(target + "/"): raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'") % (target, i, fdict[i])) @@ -628839,7 +629005,7 @@ index 3b0b108..90481b1 100644 self.equiv[target] = substitute self.equal_ind = True self.commit() -@@ -1785,6 +1835,9 @@ class fcontextRecords(semanageRecords): +@@ -1785,6 +1843,9 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Equivalence class for %s does not exists") % target) self.equiv[target] = substitute self.equal_ind = True @@ -628849,7 +629015,7 @@ index 3b0b108..90481b1 100644 self.commit() def createcon(self, target, seuser="system_u"): -@@ -1879,6 +1932,11 @@ class fcontextRecords(semanageRecords): +@@ -1879,6 +1940,11 @@ class fcontextRecords(semanageRecords): semanage_fcontext_key_free(k) semanage_fcontext_free(fcontext) @@ -628861,7 +629027,7 @@ index 3b0b108..90481b1 100644 def add(self, target, type, ftype="", serange="", seuser="system_u"): self.begin() self.__add(target, type, ftype, serange, seuser) -@@ -1888,7 +1946,7 @@ class fcontextRecords(semanageRecords): +@@ -1888,7 +1954,7 @@ class fcontextRecords(semanageRecords): if serange == "" and setype == "" and seuser == "": raise ValueError(_("Requires setype, serange or seuser")) if setype and setype not in self.valid_types: @@ -628870,7 +629036,7 @@ index 3b0b108..90481b1 100644 self.validate(target) -@@ -1904,16 +1962,18 @@ class fcontextRecords(semanageRecords): +@@ -1904,16 +1970,18 @@ class fcontextRecords(semanageRecords): if not exists: raise ValueError(_("File context for %s is not defined") % target) @@ -628894,7 +629060,7 @@ index 3b0b108..90481b1 100644 con = self.createcon(target) if (is_mls_enabled == 1) and (serange != ""): -@@ -1939,6 +1999,11 @@ class fcontextRecords(semanageRecords): +@@ -1939,6 +2007,11 @@ class fcontextRecords(semanageRecords): semanage_fcontext_key_free(k) semanage_fcontext_free(fcontext) @@ -628906,7 +629072,7 @@ index 3b0b108..90481b1 100644 def modify(self, target, setype, ftype, serange, seuser): self.begin() self.__modify(target, setype, ftype, serange, seuser) -@@ -1964,6 +2029,8 @@ class fcontextRecords(semanageRecords): +@@ -1964,6 +2037,8 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -628915,7 +629081,7 @@ index 3b0b108..90481b1 100644 self.equiv = {} self.equal_ind = True self.commit() -@@ -1972,6 +2039,9 @@ class fcontextRecords(semanageRecords): +@@ -1972,6 +2047,9 @@ class fcontextRecords(semanageRecords): if target in self.equiv.keys(): self.equiv.pop(target) self.equal_ind = True @@ -628925,7 +629091,7 @@ index 3b0b108..90481b1 100644 return (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -@@ -1996,6 +2066,8 @@ class fcontextRecords(semanageRecords): +@@ -1996,6 +2074,8 @@ class fcontextRecords(semanageRecords): semanage_fcontext_key_free(k) @@ -628934,7 +629100,7 @@ index 3b0b108..90481b1 100644 def delete(self, target, ftype): self.begin() self.__delete(target, ftype) -@@ -2091,7 +2163,7 @@ class booleanRecords(semanageRecords): +@@ -2091,7 +2171,7 @@ class booleanRecords(semanageRecords): self.current_booleans = [] ptype = None @@ -628945,7 +629111,7 @@ index 3b0b108..90481b1 100644 self.modify_local = False diff --git policycoreutils-2.5/semanage/seobject/__init__.py policycoreutils-2.5/semanage/seobject/__init__.py new file mode 100644 -index 0000000..6ca9e7b +index 0000000..c51103c --- /dev/null +++ policycoreutils-2.5/semanage/seobject/__init__.py @@ -0,0 +1,2407 @@ @@ -629039,7 +629205,7 @@ index 0000000..6ca9e7b + "directory":"d", + "character device":"c", + "block device":"b", -+ "socket file":"s", ++ "socket":"s", + "symbolic link":"l", + "named pipe":"p"} + diff --git a/policycoreutils.spec b/policycoreutils.spec index bc56d6c..e8a319e 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -9,7 +9,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.5 -Release: 19%{?dist} +Release: 20%{?dist} License: GPLv2 Group: System Environment/Base # https://github.com/SELinuxProject/selinux/wiki/Releases @@ -26,10 +26,10 @@ Source8: selinux-autorelabel.target Source9: selinux-autorelabel-generator.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # run: -# $ VERSION=2.5 ./make-fedora-selinux-patch.sh policycoreutils -# HEAD https://github.com/fedora-selinux/selinux/commit/223fc83c6e68cead9b3d8d4e5ca7e95a580952e7 +# $ VERSION=2.5 BRANCH=f25 ./make-fedora-selinux-patch.sh policycoreutils +# HEAD https://github.com/fedora-selinux/selinux/commit/64a70270ec99b0ade3adebd8102a7fc5ed191d9e Patch: policycoreutils-fedora.patch -# $ VERSION=1.2.3 ./make-fedora-selinux-patch.sh sepolgen +# $ VERSION=1.2.3 BRANCH=f25 ./make-fedora-selinux-patch.sh sepolgen Patch1: sepolgen-fedora.patch Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 @@ -436,6 +436,14 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Fri Apr 07 2017 Petr Lautrbach - 2.5-20 +- semanage: Unify argument handling (#1398987) +- restorecond: Decrease loglevel of termination message (#1264505) +- hll/pp: Fix pp crash when processing base module (#1417200) +- semanage: Add checks if a module name is passed in (#1420707) +- semanage: fix export of fcontext socket entries (#1435127) +- fixfiles: Fix several output issues (#1435894) + * Thu Dec 01 2016 Petr Lautrbach - 2.5-19 - seobject: Handle python error returns correctly - policycoreutils/sepolicy/gui: fix current selinux state radiobutton