rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

policycoreutils-2.5-20.fc25 

- semanage: Unify argument handling (#1398987)
- restorecond: Decrease loglevel of termination message (#1264505)
- hll/pp: Fix pp crash when processing base module (#1417200)
- semanage: Add checks if a module name is passed in (#1420707)
- semanage: fix export of fcontext socket entries (#1435127)
- fixfiles: Fix several output issues (#1435894)
This commit is contained in:
Petr Lautrbach 2017-04-07 09:15:48 +02:00
parent c34976b080
commit 59278c4aa1
2 changed files with 220 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
policycoreutils-fedora.patch
View File

@ -1844,7 +1844,7 @@ index abf8d3b..f50fcb2 100644
+ except ValueError as e: + except ValueError as e:
self.error(e.args[0]) self.error(e.args[0])
diff --git policycoreutils-2.5/hll/pp/pp.c policycoreutils-2.5/hll/pp/pp.c diff --git policycoreutils-2.5/hll/pp/pp.c policycoreutils-2.5/hll/pp/pp.c
index 866734f..2c9f53f 100644 index 866734f..7f9afb0 100644
--- policycoreutils-2.5/hll/pp/pp.c --- policycoreutils-2.5/hll/pp/pp.c
+++ policycoreutils-2.5/hll/pp/pp.c +++ policycoreutils-2.5/hll/pp/pp.c
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
@ -1909,7 +1909,7 @@ index 866734f..2c9f53f 100644
+ if (separator) { + if (separator) {
+ *separator = '\0'; + *separator = '\0';
+ } + }
+ if (strcmp(mod_name, cil_name) != 0) { + if (mod_name && strcmp(mod_name, cil_name) != 0) {
+ fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name); + fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", ifile, mod_name, cil_name);
+ } + }
+ free(cil_path); + free(cil_path);
@ -627605,6 +627605,19 @@ index b306041..c32703b 100644
+#: ../sepolicy/sepolicy/gui.py:2800 +#: ../sepolicy/sepolicy/gui.py:2800
msgid "Loss of data Dialog" msgid "Loss of data Dialog"
msgstr "" msgstr ""
diff --git policycoreutils-2.5/restorecond/watch.c policycoreutils-2.5/restorecond/watch.c
index 10978cb..80b0ee7 100644
--- policycoreutils-2.5/restorecond/watch.c
+++ policycoreutils-2.5/restorecond/watch.c
@@ -174,7 +174,7 @@ int watch(int fd, const char *watch_file)
syslog(LOG_ERR, "Read error (%s)", strerror(errno));
return 0;
}
- syslog(LOG_ERR, "terminated");
+ syslog(LOG_INFO, "terminated");
return -1;
} else if (!len)
/* BUF_LEN too small? */
diff --git policycoreutils-2.5/run_init/open_init_pty.c policycoreutils-2.5/run_init/open_init_pty.c diff --git policycoreutils-2.5/run_init/open_init_pty.c policycoreutils-2.5/run_init/open_init_pty.c
index 37805bf..6e25ea3 100644 index 37805bf..6e25ea3 100644
--- policycoreutils-2.5/run_init/open_init_pty.c --- policycoreutils-2.5/run_init/open_init_pty.c
@ -628056,7 +628069,7 @@ index 472785c..dd117bb 100755
print(_("Usage %s -l -d user ...") % sys.argv[0]) print(_("Usage %s -l -d user ...") % sys.argv[0])
print(_("Usage %s -L") % sys.argv[0]) print(_("Usage %s -L") % sys.argv[0])
diff --git policycoreutils-2.5/scripts/fixfiles policycoreutils-2.5/scripts/fixfiles diff --git policycoreutils-2.5/scripts/fixfiles policycoreutils-2.5/scripts/fixfiles
index 5c29eb9..5906a47 100755 index 5c29eb9..350a2bf 100755
--- policycoreutils-2.5/scripts/fixfiles --- policycoreutils-2.5/scripts/fixfiles
+++ policycoreutils-2.5/scripts/fixfiles +++ policycoreutils-2.5/scripts/fixfiles
@@ -116,6 +116,7 @@ exclude_dirs() { @@ -116,6 +116,7 @@ exclude_dirs() {
@ -628106,7 +628119,7 @@ index 5c29eb9..5906a47 100755
exit $? exit $?
fi fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -243,6 +248,10 @@ then @@ -243,20 +248,24 @@ then
logit "skipping the directory ${p}" logit "skipping the directory ${p}"
done done
FC=$TEMPFCFILE FC=$TEMPFCFILE
@ -628117,6 +628130,23 @@ index 5c29eb9..5906a47 100755
fi fi
if [ ! -z "$RPMFILES" ]; then if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - 2>&1 | cat >> $LOGFILE
+ rpmlist $i | ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} $* -R -i -f - >>$LOGFILE 2>&1
done
exit $?
fi
if [ ! -z "$FILEPATH" ]; then
- ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE
+ ${RESTORECON} $exclude_dirs ${FORCEFLAG} ${VERBOSE} -R $* -- "$FILEPATH" >>$LOGFILE 2>&1
return
fi
if [ -n "${FILESYSTEMSRW}" ]; then
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
- ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 | cat >> $LOGFILE
+ ${SETFILES} ${VERBOSE} $exclude_dirs -q ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} >>$LOGFILE 2>&1
else
echo >&2 "fixfiles: No suitable file systems found"
fi
@@ -264,7 +273,7 @@ if [ ${OPTION} != "Relabel" ]; then @@ -264,7 +273,7 @@ if [ ${OPTION} != "Relabel" ]; then
return return
fi fi
@ -628126,6 +628156,39 @@ index 5c29eb9..5906a47 100755
UNDEFINED=`get_undefined_type` || exit $? UNDEFINED=`get_undefined_type` || exit $?
UNLABELED=`get_unlabeled_type` || exit $? UNLABELED=`get_unlabeled_type` || exit $?
@@ -381,8 +390,8 @@ done
shift $(( OPTIND - 1 ))
# Check for the command
-command=$1
-if [ -z $command ]; then
+command="$1"
+if [ -z "$command" ]; then
usage
fi
@@ -394,17 +403,17 @@ shift
#
if [ ! -z "$RPMFILES" ]; then
- process $command
+ process "$command"
if [ $# -gt 0 ]; then
usage
fi
else
if [ -z "$1" ]; then
- process $command
+ process "$command"
else
while [ -n "$1" ]; do
- FILEPATH=$1
- process $command
+ FILEPATH="$1"
+ process "$command"
shift
done
fi
diff --git policycoreutils-2.5/semanage/Makefile policycoreutils-2.5/semanage/Makefile diff --git policycoreutils-2.5/semanage/Makefile policycoreutils-2.5/semanage/Makefile
index 60c36a3..84b01a1 100644 index 60c36a3..84b01a1 100644
--- policycoreutils-2.5/semanage/Makefile --- policycoreutils-2.5/semanage/Makefile
@ -628285,7 +628348,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"], + packages=["policycoreutils"],
+) +)
diff --git policycoreutils-2.5/semanage/semanage policycoreutils-2.5/semanage/semanage diff --git policycoreutils-2.5/semanage/semanage policycoreutils-2.5/semanage/semanage
index 7489955..78c36e3 100644 index 7489955..6c0e0fe 100644
--- policycoreutils-2.5/semanage/semanage --- policycoreutils-2.5/semanage/semanage
+++ policycoreutils-2.5/semanage/semanage +++ policycoreutils-2.5/semanage/semanage
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
@ -628311,8 +628374,9 @@ index 7489955..78c36e3 100644
usage_login_dict = {' --add': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --modify': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --delete': ('LOGIN',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} usage_login_dict = {' --add': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --modify': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --delete': ('LOGIN',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-s STORE] [" -usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-s STORE] ["
-usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] [" +usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC', ')',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC )',), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} +usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
-usage_user = "semanage user [-h] [-n] [-N] [-s STORE] [" -usage_user = "semanage user [-h] [-n] [-N] [-s STORE] ["
+usage_user = "semanage user [-h] [-n] [-N] [-S STORE] [" +usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
@ -628335,6 +628399,17 @@ index 7489955..78c36e3 100644
usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
import sepolicy import sepolicy
@@ -98,8 +99,8 @@ class seParser(argparse.ArgumentParser):
def error(self, message):
if len(sys.argv) == 2:
self.print_help()
- sys.exit(2)
- self.print_usage()
+ else:
+ self.print_usage()
self.exit(2, ('%s: error: %s\n') % (self.prog, message))
@@ -111,7 +112,7 @@ class SetExportFile(argparse.Action): @@ -111,7 +112,7 @@ class SetExportFile(argparse.Action):
try: try:
sys.stdout = open(values, 'w') sys.stdout = open(values, 'w')
@ -628371,7 +628446,28 @@ index 7489955..78c36e3 100644
try: try:
if k in dict[target_key][1] and not args.__dict__[k]: if k in dict[target_key][1] and not args.__dict__[k]:
print("%s option is needed for %s" % (k, target_key)) print("%s option is needed for %s" % (k, target_key))
@@ -524,7 +525,7 @@ def handleInterface(args): @@ -345,10 +346,7 @@ def handleFcontext(args):
# we can not use mutually for equal because we can define some actions together with equal
fcontext_equal_args = {'equal': [('list', 'locallist', 'type', 'ftype', 'seuser', 'deleteall', 'extract'), ()]}
- if args.action is None:
- print("usage: " + "%s" % generate_custom_usage(usage_fcontext, usage_fcontext_dict))
- sys.exit(2)
- elif args.action and args.equal:
+ if args.action and args.equal:
handle_opts(args, fcontext_equal_args, "equal")
else:
handle_opts(args, fcontext_args, args.action)
@@ -397,7 +395,7 @@ If you do not specify a file type, the file type will default to "all files".
parser_add_noreload(fcontextParser, "fcontext")
parser_add_store(fcontextParser, "fcontext")
- fcontext_action = fcontextParser.add_mutually_exclusive_group(required=False)
+ fcontext_action = fcontextParser.add_mutually_exclusive_group(required=True)
parser_add_add(fcontext_action, "fcontext")
parser_add_delete(fcontext_action, "fcontext")
parser_add_modify(fcontext_action, "fcontext")
@@ -524,7 +522,7 @@ def handleInterface(args):
if args.action is "add": if args.action is "add":
OBJECT.add(args.interface, args.range, args.type) OBJECT.add(args.interface, args.range, args.type)
if args.action is "modify": if args.action is "modify":
@ -628380,7 +628476,7 @@ index 7489955..78c36e3 100644
if args.action is "delete": if args.action is "delete":
OBJECT.delete(args.interface) OBJECT.delete(args.interface)
if args.action is "list": if args.action is "list":
@@ -607,7 +608,7 @@ def handleNode(args): @@ -607,7 +605,7 @@ def handleNode(args):
if args.action is "add": if args.action is "add":
OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type) OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type)
if args.action is "modify": if args.action is "modify":
@ -628389,7 +628485,39 @@ index 7489955..78c36e3 100644
if args.action is "delete": if args.action is "delete":
OBJECT.delete(args.node, args.netmask, args.proto) OBJECT.delete(args.node, args.netmask, args.proto)
if args.action is "list": if args.action is "list":
@@ -702,7 +703,7 @@ def handlePermissive(args): @@ -644,19 +642,9 @@ def setupNodeParser(subparsers):
def handleBoolean(args):
- boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]}
- if args.action is None:
- print("Usage: " + "%s" % generate_custom_usage(usage_boolean, usage_boolean_dict))
- sys.exit(2)
- # TODO: should be added to handle_opts logic
- elif args.action is "modify" and not args.boolean:
- print("boolean name required ")
- sys.exit(1)
- elif args.action is "modify" and args.boolean and not args.state:
- print("state option is needed")
- sys.exit(1)
- else:
- handle_opts(args, boolean_args, args.action)
+ boolean_args = {'list': [('state', 'boolean'), ('')], 'modify': [('localist'), ('boolean', 'state')], 'extract': [('locallist', 'state', 'boolean'), ('')], 'deleteall': [('locallist'), ('')], 'state': [('locallist', 'list', 'extract', 'deleteall'), ('modify')]}
+
+ handle_opts(args, boolean_args, args.action)
OBJECT = object_dict['boolean']()
OBJECT.set_reload(args.noreload)
@@ -682,7 +670,7 @@ def setupBooleanParser(subparsers):
parser_add_store(booleanParser, "boolean")
booleanParser.add_argument('boolean', nargs="?", default=None, help=_('boolean'))
- boolean_action = booleanParser.add_mutually_exclusive_group(required=False)
+ boolean_action = booleanParser.add_mutually_exclusive_group(required=True)
#add_add(boolean_action)
parser_add_modify(boolean_action, "boolean")
parser_add_list(boolean_action, "boolean")
@@ -702,7 +690,7 @@ def handlePermissive(args):
if args.action is "list": if args.action is "list":
OBJECT.list(args.noheading) OBJECT.list(args.noheading)
@ -628398,7 +628526,7 @@ index 7489955..78c36e3 100644
if args.action is "add": if args.action is "add":
OBJECT.add(args.type) OBJECT.add(args.type)
if args.action is "delete": if args.action is "delete":
@@ -839,7 +840,7 @@ def handleImport(args): @@ -839,7 +827,7 @@ def handleImport(args):
def setupImportParser(subparsers): def setupImportParser(subparsers):
@ -628407,7 +628535,7 @@ index 7489955..78c36e3 100644
parser_add_noreload(importParser, "import") parser_add_noreload(importParser, "import")
parser_add_store(importParser, "import") parser_add_store(importParser, "import")
importParser.add_argument('-f', '--input_file', dest='input_file', action=SetImportFile, help=_('Input file')) importParser.add_argument('-f', '--input_file', dest='input_file', action=SetImportFile, help=_('Input file'))
@@ -855,6 +856,7 @@ def createCommandParser(): @@ -855,6 +843,7 @@ def createCommandParser():
#To add a new subcommand define the parser for it in a function above and call it here. #To add a new subcommand define the parser for it in a function above and call it here.
subparsers = commandParser.add_subparsers(dest='subcommand') subparsers = commandParser.add_subparsers(dest='subcommand')
@ -628415,7 +628543,7 @@ index 7489955..78c36e3 100644
setupImportParser(subparsers) setupImportParser(subparsers)
setupExportParser(subparsers) setupExportParser(subparsers)
setupLoginParser(subparsers) setupLoginParser(subparsers)
@@ -894,6 +896,8 @@ def make_io_args(args): @@ -894,6 +883,8 @@ def make_io_args(args):
def make_args(sys_args): def make_args(sys_args):
@ -628596,7 +628724,7 @@ index 0fad36c..75b782f 100644
while the semanage user command deals with the mapping from SELinux while the semanage user command deals with the mapping from SELinux
user identities to authorized role sets. In most cases, only the user identities to authorized role sets. In most cases, only the
diff --git policycoreutils-2.5/semanage/seobject.py policycoreutils-2.5/semanage/seobject.py diff --git policycoreutils-2.5/semanage/seobject.py policycoreutils-2.5/semanage/seobject.py
index 3b0b108..90481b1 100644 index 3b0b108..535a5b7 100644
--- policycoreutils-2.5/semanage/seobject.py --- policycoreutils-2.5/semanage/seobject.py
+++ policycoreutils-2.5/semanage/seobject.py +++ policycoreutils-2.5/semanage/seobject.py
@@ -23,14 +23,12 @@ @@ -23,14 +23,12 @@
@ -628615,8 +628743,12 @@ index 3b0b108..90481b1 100644
from semanage import * from semanage import *
PROGNAME = "policycoreutils" PROGNAME = "policycoreutils"
import sepolicy import sepolicy
@@ -82,6 +80,17 @@ file_type_str_to_option = {"all files": "a", @@ -79,9 +77,20 @@ file_type_str_to_option = {"all files": "a",
"socket file": "s", "directory": "d",
"character device": "c",
"block device": "b",
- "socket file": "s",
+ "socket": "s",
"symbolic link": "l", "symbolic link": "l",
"named pipe": "p"} "named pipe": "p"}
+ +
@ -628690,7 +628822,41 @@ index 3b0b108..90481b1 100644
def commit(self, success): def commit(self, success):
pass pass
@@ -416,7 +439,7 @@ class dontauditClass(semanageRecords): @@ -355,6 +378,8 @@ class moduleRecords(semanageRecords):
print "%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled)
def add(self, file, priority):
+ if not file:
+ raise ValueError(_("You did not define module."))
if not os.path.exists(file):
raise ValueError(_("Module does not exists %s ") % file)
@@ -367,6 +392,8 @@ class moduleRecords(semanageRecords):
self.commit()
def set_enabled(self, module, enable):
+ if not module:
+ raise ValueError(_("You did not define module name."))
for m in module.split():
rc, key = semanage_module_key_create(self.sh)
if rc < 0:
@@ -385,11 +412,15 @@ class moduleRecords(semanageRecords):
self.commit()
def modify(self, file):
+ if not file:
+ raise ValueError(_("You did not define module."))
rc = semanage_module_update_file(self.sh, file)
if rc >= 0:
self.commit()
def delete(self, module, priority):
+ if not module:
+ raise ValueError(_("You did not define module name."))
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
@@ -416,7 +447,7 @@ class dontauditClass(semanageRecords):
if dontaudit not in ["on", "off"]: if dontaudit not in ["on", "off"]:
raise ValueError(_("dontaudit requires either 'on' or 'off'")) raise ValueError(_("dontaudit requires either 'on' or 'off'"))
self.begin() self.begin()
@ -628699,7 +628865,7 @@ index 3b0b108..90481b1 100644
self.commit() self.commit()
@@ -459,7 +482,6 @@ class permissiveRecords(semanageRecords): @@ -459,7 +490,6 @@ class permissiveRecords(semanageRecords):
print t print t
def add(self, type): def add(self, type):
@ -628707,7 +628873,7 @@ index 3b0b108..90481b1 100644
try: try:
import sepolgen.module as module import sepolgen.module as module
except ImportError: except ImportError:
@@ -834,7 +856,6 @@ class seluserRecords(semanageRecords): @@ -834,7 +864,6 @@ class seluserRecords(semanageRecords):
self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange) self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange)
def add(self, name, roles, selevel, serange, prefix): def add(self, name, roles, selevel, serange, prefix):
@ -628715,7 +628881,7 @@ index 3b0b108..90481b1 100644
try: try:
self.begin() self.begin()
self.__add(name, roles, selevel, serange, prefix) self.__add(name, roles, selevel, serange, prefix)
@@ -1109,6 +1130,8 @@ class portRecords(semanageRecords): @@ -1109,6 +1138,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k) semanage_port_key_free(k)
semanage_port_free(p) semanage_port_free(p)
@ -628724,7 +628890,7 @@ index 3b0b108..90481b1 100644
def add(self, port, proto, serange, type): def add(self, port, proto, serange, type):
self.begin() self.begin()
self.__add(port, proto, serange, type) self.__add(port, proto, serange, type)
@@ -1138,8 +1161,11 @@ class portRecords(semanageRecords): @@ -1138,8 +1169,11 @@ class portRecords(semanageRecords):
con = semanage_port_get_con(p) con = semanage_port_get_con(p)
@ -628738,7 +628904,7 @@ index 3b0b108..90481b1 100644
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
@@ -1150,6 +1176,8 @@ class portRecords(semanageRecords): @@ -1150,6 +1184,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k) semanage_port_key_free(k)
semanage_port_free(p) semanage_port_free(p)
@ -628747,7 +628913,7 @@ index 3b0b108..90481b1 100644
def modify(self, port, proto, serange, setype): def modify(self, port, proto, serange, setype):
self.begin() self.begin()
self.__modify(port, proto, serange, setype) self.__modify(port, proto, serange, setype)
@@ -1168,6 +1196,7 @@ class portRecords(semanageRecords): @@ -1168,6 +1204,7 @@ class portRecords(semanageRecords):
low = semanage_port_get_low(port) low = semanage_port_get_low(port)
high = semanage_port_get_high(port) high = semanage_port_get_high(port)
port_str = "%s-%s" % (low, high) port_str = "%s-%s" % (low, high)
@ -628755,7 +628921,7 @@ index 3b0b108..90481b1 100644
(k, proto_d, low, high) = self.__genkey(port_str, proto_str) (k, proto_d, low, high) = self.__genkey(port_str, proto_str)
if rc < 0: if rc < 0:
raise ValueError(_("Could not create a key for %s") % port_str) raise ValueError(_("Could not create a key for %s") % port_str)
@@ -1177,6 +1206,11 @@ class portRecords(semanageRecords): @@ -1177,6 +1214,11 @@ class portRecords(semanageRecords):
raise ValueError(_("Could not delete the port %s") % port_str) raise ValueError(_("Could not delete the port %s") % port_str)
semanage_port_key_free(k) semanage_port_key_free(k)
@ -628767,7 +628933,7 @@ index 3b0b108..90481b1 100644
self.commit() self.commit()
def __delete(self, port, proto): def __delete(self, port, proto):
@@ -1199,6 +1233,8 @@ class portRecords(semanageRecords): @@ -1199,6 +1241,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k) semanage_port_key_free(k)
@ -628776,7 +628942,7 @@ index 3b0b108..90481b1 100644
def delete(self, port, proto): def delete(self, port, proto):
self.begin() self.begin()
self.__delete(port, proto) self.__delete(port, proto)
@@ -1380,6 +1416,8 @@ class nodeRecords(semanageRecords): @@ -1380,6 +1424,8 @@ class nodeRecords(semanageRecords):
semanage_node_key_free(k) semanage_node_key_free(k)
semanage_node_free(node) semanage_node_free(node)
@ -628785,7 +628951,7 @@ index 3b0b108..90481b1 100644
def add(self, addr, mask, proto, serange, ctype): def add(self, addr, mask, proto, serange, ctype):
self.begin() self.begin()
self.__add(addr, mask, proto, serange, ctype) self.__add(addr, mask, proto, serange, ctype)
@@ -1421,6 +1459,8 @@ class nodeRecords(semanageRecords): @@ -1421,6 +1467,8 @@ class nodeRecords(semanageRecords):
semanage_node_key_free(k) semanage_node_key_free(k)
semanage_node_free(node) semanage_node_free(node)
@ -628794,7 +628960,7 @@ index 3b0b108..90481b1 100644
def modify(self, addr, mask, proto, serange, setype): def modify(self, addr, mask, proto, serange, setype):
self.begin() self.begin()
self.__modify(addr, mask, proto, serange, setype) self.__modify(addr, mask, proto, serange, setype)
@@ -1452,6 +1492,8 @@ class nodeRecords(semanageRecords): @@ -1452,6 +1500,8 @@ class nodeRecords(semanageRecords):
semanage_node_key_free(k) semanage_node_key_free(k)
@ -628803,7 +628969,7 @@ index 3b0b108..90481b1 100644
def delete(self, addr, mask, proto): def delete(self, addr, mask, proto):
self.begin() self.begin()
self.__delete(addr, mask, proto) self.__delete(addr, mask, proto)
@@ -1581,6 +1623,8 @@ class interfaceRecords(semanageRecords): @@ -1581,6 +1631,8 @@ class interfaceRecords(semanageRecords):
semanage_iface_key_free(k) semanage_iface_key_free(k)
semanage_iface_free(iface) semanage_iface_free(iface)
@ -628812,7 +628978,7 @@ index 3b0b108..90481b1 100644
def add(self, interface, serange, ctype): def add(self, interface, serange, ctype):
self.begin() self.begin()
self.__add(interface, serange, ctype) self.__add(interface, serange, ctype)
@@ -1618,6 +1662,8 @@ class interfaceRecords(semanageRecords): @@ -1618,6 +1670,8 @@ class interfaceRecords(semanageRecords):
semanage_iface_key_free(k) semanage_iface_key_free(k)
semanage_iface_free(iface) semanage_iface_free(iface)
@ -628821,7 +628987,7 @@ index 3b0b108..90481b1 100644
def modify(self, interface, serange, setype): def modify(self, interface, serange, setype):
self.begin() self.begin()
self.__modify(interface, serange, setype) self.__modify(interface, serange, setype)
@@ -1646,6 +1692,8 @@ class interfaceRecords(semanageRecords): @@ -1646,6 +1700,8 @@ class interfaceRecords(semanageRecords):
semanage_iface_key_free(k) semanage_iface_key_free(k)
@ -628830,7 +628996,7 @@ index 3b0b108..90481b1 100644
def delete(self, interface): def delete(self, interface):
self.begin() self.begin()
self.__delete(interface) self.__delete(interface)
@@ -1775,6 +1823,8 @@ class fcontextRecords(semanageRecords): @@ -1775,6 +1831,8 @@ class fcontextRecords(semanageRecords):
if i.startswith(target + "/"): if i.startswith(target + "/"):
raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'") % (target, i, fdict[i])) raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'") % (target, i, fdict[i]))
@ -628839,7 +629005,7 @@ index 3b0b108..90481b1 100644
self.equiv[target] = substitute self.equiv[target] = substitute
self.equal_ind = True self.equal_ind = True
self.commit() self.commit()
@@ -1785,6 +1835,9 @@ class fcontextRecords(semanageRecords): @@ -1785,6 +1843,9 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Equivalence class for %s does not exists") % target) raise ValueError(_("Equivalence class for %s does not exists") % target)
self.equiv[target] = substitute self.equiv[target] = substitute
self.equal_ind = True self.equal_ind = True
@ -628849,7 +629015,7 @@ index 3b0b108..90481b1 100644
self.commit() self.commit()
def createcon(self, target, seuser="system_u"): def createcon(self, target, seuser="system_u"):
@@ -1879,6 +1932,11 @@ class fcontextRecords(semanageRecords): @@ -1879,6 +1940,11 @@ class fcontextRecords(semanageRecords):
semanage_fcontext_key_free(k) semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext) semanage_fcontext_free(fcontext)
@ -628861,7 +629027,7 @@ index 3b0b108..90481b1 100644
def add(self, target, type, ftype="", serange="", seuser="system_u"): def add(self, target, type, ftype="", serange="", seuser="system_u"):
self.begin() self.begin()
self.__add(target, type, ftype, serange, seuser) self.__add(target, type, ftype, serange, seuser)
@@ -1888,7 +1946,7 @@ class fcontextRecords(semanageRecords): @@ -1888,7 +1954,7 @@ class fcontextRecords(semanageRecords):
if serange == "" and setype == "" and seuser == "": if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser")) raise ValueError(_("Requires setype, serange or seuser"))
if setype and setype not in self.valid_types: if setype and setype not in self.valid_types:
@ -628870,7 +629036,7 @@ index 3b0b108..90481b1 100644
self.validate(target) self.validate(target)
@@ -1904,16 +1962,18 @@ class fcontextRecords(semanageRecords): @@ -1904,16 +1970,18 @@ class fcontextRecords(semanageRecords):
if not exists: if not exists:
raise ValueError(_("File context for %s is not defined") % target) raise ValueError(_("File context for %s is not defined") % target)
@ -628894,7 +629060,7 @@ index 3b0b108..90481b1 100644
con = self.createcon(target) con = self.createcon(target)
if (is_mls_enabled == 1) and (serange != ""): if (is_mls_enabled == 1) and (serange != ""):
@@ -1939,6 +1999,11 @@ class fcontextRecords(semanageRecords): @@ -1939,6 +2007,11 @@ class fcontextRecords(semanageRecords):
semanage_fcontext_key_free(k) semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext) semanage_fcontext_free(fcontext)
@ -628906,7 +629072,7 @@ index 3b0b108..90481b1 100644
def modify(self, target, setype, ftype, serange, seuser): def modify(self, target, setype, ftype, serange, seuser):
self.begin() self.begin()
self.__modify(target, setype, ftype, serange, seuser) self.__modify(target, setype, ftype, serange, seuser)
@@ -1964,6 +2029,8 @@ class fcontextRecords(semanageRecords): @@ -1964,6 +2037,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not delete the file context %s") % target) raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k) semanage_fcontext_key_free(k)
@ -628915,7 +629081,7 @@ index 3b0b108..90481b1 100644
self.equiv = {} self.equiv = {}
self.equal_ind = True self.equal_ind = True
self.commit() self.commit()
@@ -1972,6 +2039,9 @@ class fcontextRecords(semanageRecords): @@ -1972,6 +2047,9 @@ class fcontextRecords(semanageRecords):
if target in self.equiv.keys(): if target in self.equiv.keys():
self.equiv.pop(target) self.equiv.pop(target)
self.equal_ind = True self.equal_ind = True
@ -628925,7 +629091,7 @@ index 3b0b108..90481b1 100644
return return
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
@@ -1996,6 +2066,8 @@ class fcontextRecords(semanageRecords): @@ -1996,6 +2074,8 @@ class fcontextRecords(semanageRecords):
semanage_fcontext_key_free(k) semanage_fcontext_key_free(k)
@ -628934,7 +629100,7 @@ index 3b0b108..90481b1 100644
def delete(self, target, ftype): def delete(self, target, ftype):
self.begin() self.begin()
self.__delete(target, ftype) self.__delete(target, ftype)
@@ -2091,7 +2163,7 @@ class booleanRecords(semanageRecords): @@ -2091,7 +2171,7 @@ class booleanRecords(semanageRecords):
self.current_booleans = [] self.current_booleans = []
ptype = None ptype = None
@ -628945,7 +629111,7 @@ index 3b0b108..90481b1 100644
self.modify_local = False self.modify_local = False
diff --git policycoreutils-2.5/semanage/seobject/__init__.py policycoreutils-2.5/semanage/seobject/__init__.py diff --git policycoreutils-2.5/semanage/seobject/__init__.py policycoreutils-2.5/semanage/seobject/__init__.py
new file mode 100644 new file mode 100644
index 0000000..6ca9e7b index 0000000..c51103c
--- /dev/null --- /dev/null
+++ policycoreutils-2.5/semanage/seobject/__init__.py +++ policycoreutils-2.5/semanage/seobject/__init__.py
@@ -0,0 +1,2407 @@ @@ -0,0 +1,2407 @@
@ -629039,7 +629205,7 @@ index 0000000..6ca9e7b
+ "directory":"d", + "directory":"d",
+ "character device":"c", + "character device":"c",
+ "block device":"b", + "block device":"b",
+ "socket file":"s", + "socket":"s",
+ "symbolic link":"l", + "symbolic link":"l",
+ "named pipe":"p"} + "named pipe":"p"}
+ +

16
policycoreutils.spec
View File

@ -9,7 +9,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.5 Version: 2.5
Release: 19%{?dist} Release: 20%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
@ -26,10 +26,10 @@ Source8: selinux-autorelabel.target
Source9: selinux-autorelabel-generator.sh Source9: selinux-autorelabel-generator.sh
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh policycoreutils # $ VERSION=2.5 BRANCH=f25 ./make-fedora-selinux-patch.sh policycoreutils
# HEAD https://github.com/fedora-selinux/selinux/commit/223fc83c6e68cead9b3d8d4e5ca7e95a580952e7 # HEAD https://github.com/fedora-selinux/selinux/commit/64a70270ec99b0ade3adebd8102a7fc5ed191d9e
Patch: policycoreutils-fedora.patch Patch: policycoreutils-fedora.patch
# $ VERSION=1.2.3 ./make-fedora-selinux-patch.sh sepolgen # $ VERSION=1.2.3 BRANCH=f25 ./make-fedora-selinux-patch.sh sepolgen
Patch1: sepolgen-fedora.patch Patch1: sepolgen-fedora.patch
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -436,6 +436,14 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Fri Apr 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.5-20
- semanage: Unify argument handling (#1398987)
- restorecond: Decrease loglevel of termination message (#1264505)
- hll/pp: Fix pp crash when processing base module (#1417200)
- semanage: Add checks if a module name is passed in (#1420707)
- semanage: fix export of fcontext socket entries (#1435127)
- fixfiles: Fix several output issues (#1435894)
* Thu Dec 01 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-19 * Thu Dec 01 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-19
- seobject: Handle python error returns correctly - seobject: Handle python error returns correctly
- policycoreutils/sepolicy/gui: fix current selinux state radiobutton - policycoreutils/sepolicy/gui: fix current selinux state radiobutton