diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index f9a2abe..b8c7877 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1358,7 +1358,7 @@ index 37c1472..9854fb2 100644 False diff --git a/policycoreutils-2.4/gui/polgengui.py b/policycoreutils-2.4/gui/polgengui.py -index 0f0e564..1b88c47 100644 +index 0f0e564..ac8f78f 100644 --- a/policycoreutils-2.4/gui/polgengui.py +++ b/policycoreutils-2.4/gui/polgengui.py @@ -30,29 +30,15 @@ import gnome @@ -1445,6 +1445,15 @@ index 0f0e564..1b88c47 100644 self.error(e.message) def delete(self, args): +@@ -668,7 +654,7 @@ class childWindow: + entry.set_text("") + return False + if name in self.all_modules: +- if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: ++ if self.verify(_("Module %s already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: + entry.set_text("") + return False + @@ -687,7 +673,7 @@ class childWindow: try: generate.verify_ports(self.in_tcp_entry.get_text()) @@ -658746,7 +658755,7 @@ index 458a4d2..b6088af 100644 + except dbus.DBusException as e: + print(e) diff --git a/policycoreutils-2.4/sepolicy/selinux_server.py b/policycoreutils-2.4/sepolicy/selinux_server.py -index e94c38f..671be1a 100644 +index e94c38f..6e8d9b2 100644 --- a/policycoreutils-2.4/sepolicy/selinux_server.py +++ b/policycoreutils-2.4/sepolicy/selinux_server.py @@ -1,9 +1,9 @@ @@ -658761,7 +658770,7 @@ index e94c38f..671be1a 100644 import slip.dbus.service from slip.dbus import polkit import os -@@ -18,7 +18,7 @@ class selinux_server(slip.dbus.service.Object): +@@ -18,45 +18,45 @@ class selinux_server(slip.dbus.service.Object): # # The semanage method runs a transaction on a series of semanage commands, # these commnds can take the output of customized @@ -658770,7 +658779,9 @@ index e94c38f..671be1a 100644 @slip.dbus.polkit.require_auth("org.selinux.semanage") @dbus.service.method("org.selinux", in_signature='s') def semanage(self, buf): -@@ -27,10 +27,10 @@ class selinux_server(slip.dbus.service.Object): +- p = Popen(["/usr/sbin/semanage", "import"],stdout=PIPE, stderr=PIPE, stdin=PIPE) ++ p = Popen(["/usr/sbin/semanage", "import"],stdout=PIPE, stderr=PIPE, stdin=PIPE, universal_newlines=True) + p.stdin.write(buf) output = p.communicate() if p.returncode and p.returncode != 0: raise dbus.exceptions.DBusException(output[1]) @@ -658783,16 +658794,29 @@ index e94c38f..671be1a 100644 # another server to make the two systems have duplicate policy. # @slip.dbus.polkit.require_auth("org.selinux.customized") -@@ -42,7 +42,7 @@ class selinux_server(slip.dbus.service.Object): + @dbus.service.method("org.selinux", in_signature='', out_signature='s') + def customized(self): +- p = Popen(["/usr/sbin/semanage", "export"],stdout=PIPE, stderr=PIPE) ++ p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE, universal_newlines=True) + buf = p.stdout.read() + output = p.communicate() if p.returncode and p.returncode != 0: raise OSError("Failed to read SELinux configuration: %s", output) return buf - + # - # The semodule_list method will return the output of semodule -l, using the customized polkit, +- # The semodule_list method will return the output of semodule -l, using the customized polkit, ++ # The semodule_list method will return the output of semodule --list=full, using the customized polkit, # since this is a readonly behaviour -@@ -56,7 +56,7 @@ class selinux_server(slip.dbus.service.Object): + # + @slip.dbus.polkit.require_auth("org.selinux.semodule_list") + @dbus.service.method("org.selinux", in_signature='', out_signature='s') + def semodule_list(self): +- p = Popen(["/usr/sbin/semodule", "-l"],stdout=PIPE, stderr=PIPE) ++ p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE, universal_newlines=True) + buf = p.stdout.read() + output = p.communicate() if p.returncode and p.returncode != 0: raise OSError("Failed to list SELinux modules: %s", output) return buf @@ -659242,7 +659266,7 @@ index 74fb347..ec02fb2 100755 + print("Out") sys.exit(0) diff --git a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py -index 679725d..b540180 100644 +index 679725d..7499c1c 100644 --- a/policycoreutils-2.4/sepolicy/sepolicy/__init__.py +++ b/policycoreutils-2.4/sepolicy/sepolicy/__init__.py @@ -1,25 +1,30 @@ @@ -659375,7 +659399,7 @@ index 679725d..b540180 100644 +def get_all_modules(): + all_modules = [] -+ cmd = "semodule -l 2>/dev/null" ++ cmd = "semodule --list=full 2>/dev/null" + try: + output = subprocess.check_output(cmd, + stderr=subprocess.STDOUT, @@ -659388,7 +659412,7 @@ index 679725d..b540180 100644 + + for i in l: + if len(i): -+ all_modules.append(i.split()[0]) ++ all_modules.append(i.split()[1]) + + return all_modules + @@ -660977,7 +661001,7 @@ index 6b53035..a06c6c4 100644 out += "%s # %s\n" % (self.write_te(out_dir), _("Type Enforcement file")) out += "%s # %s\n" % (self.write_if(out_dir), _("Interface file")) diff --git a/policycoreutils-2.4/sepolicy/sepolicy/gui.py b/policycoreutils-2.4/sepolicy/sepolicy/gui.py -index 5ca87b9..4437d9e 100644 +index 5ca87b9..23a6c33 100644 --- a/policycoreutils-2.4/sepolicy/sepolicy/gui.py +++ b/policycoreutils-2.4/sepolicy/sepolicy/gui.py @@ -1,4 +1,4 @@ @@ -661153,6 +661177,18 @@ index 5ca87b9..4437d9e 100644 "on_info_button_button_press_event" : self.on_help_button, "on_back_button_clicked" : self.on_help_back_clicked, "on_forward_button_clicked" : self.on_help_forward_clicked, +@@ -668,9 +663,9 @@ class SELinuxGui(): + self.module_dict = {} + for m in self.dbus.semodule_list().split("\n"): + mod = m.split() +- if len(mod) < 2: ++ if len(mod) < 3: + continue +- self.module_dict[mod[0]] = { "version": mod[1], "Disabled" : (len(mod) > 2) } ++ self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) } + + self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) + self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"]) @@ -703,7 +698,7 @@ class SELinuxGui(): def match_func(self, completion, key_string, iter, func_data): @@ -661315,16 +661351,21 @@ index 5ca87b9..4437d9e 100644 self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category}) if self.transitions_radio_button.get_active(): -@@ -1441,7 +1436,7 @@ class SELinuxGui(): +@@ -1440,8 +1435,12 @@ class SELinuxGui(): + def stripsort(self, model, row1, row2, user_data): sort_column, _ = model.get_sort_column_id() val1 = self.unmarkup(model.get_value(row1, sort_column)) ++ if val1 is None: ++ val1 = "" val2 = self.unmarkup(model.get_value(row2, sort_column)) - return cmp(val1,val2) ++ if val2 is None: ++ val2 = "" + return (val1 > val2) - (val1 < val2) def display_more_detail(self, windows, path): it = self.boolean_filter.get_iter(path) -@@ -1627,7 +1622,7 @@ class SELinuxGui(): +@@ -1627,7 +1626,7 @@ class SELinuxGui(): self.files_type_combolist.clear() self.files_class_combolist.clear() compare = self.strip_domain(self.application) @@ -661333,7 +661374,7 @@ index 5ca87b9..4437d9e 100644 if d[0].startswith(compare) and d[0] != self.application and not d[0].startswith("httpd_sys"): exclude_list.append(self.strip_domain(d[0])) -@@ -1638,7 +1633,7 @@ class SELinuxGui(): +@@ -1638,7 +1637,7 @@ class SELinuxGui(): self.files_class_combolist.set_value(iter, 0, sepolicy.file_type_str[files]) if ipage == EXE_PAGE and self.entrypoints != None: @@ -661342,7 +661383,7 @@ index 5ca87b9..4437d9e 100644 if exe.startswith(compare): iter = self.files_type_combolist.append() self.files_type_combolist.set_value(iter, 0, exe) -@@ -1648,7 +1643,7 @@ class SELinuxGui(): +@@ -1648,7 +1647,7 @@ class SELinuxGui(): self.files_class_combobox.set_sensitive(False) elif ipage == WRITABLE_PAGE and self.writable_files != None: @@ -661351,7 +661392,7 @@ index 5ca87b9..4437d9e 100644 if write.startswith(compare) and not self.exclude_type(write, exclude_list) and write in self.file_types: iter = self.files_type_combolist.append() self.files_type_combolist.set_value(iter, 0, write) -@@ -1665,7 +1660,7 @@ class SELinuxGui(): +@@ -1665,7 +1664,7 @@ class SELinuxGui(): self.more_types_files_liststore.set_value(iter, 0, app) self.files_class_combobox.set_active(0) except AttributeError: @@ -661360,7 +661401,7 @@ index 5ca87b9..4437d9e 100644 pass self.files_type_combobox.set_active(0) self.files_mls_entry.set_text("s0") -@@ -1706,13 +1701,13 @@ class SELinuxGui(): +@@ -1706,13 +1705,13 @@ class SELinuxGui(): try: if ipage == OUTBOUND_PAGE: @@ -661378,7 +661419,7 @@ index 5ca87b9..4437d9e 100644 for t,ports in netd[k]: if t not in port_types + ["port_t", "unreserved_port_t"]: if t.endswith("_type"): -@@ -1807,7 +1802,7 @@ class SELinuxGui(): +@@ -1807,7 +1806,7 @@ class SELinuxGui(): self.wait_mouse() try: self.dbus.semanage(update_buffer) @@ -661387,7 +661428,7 @@ index 5ca87b9..4437d9e 100644 self.error(e) self.ready_mouse() -@@ -1885,7 +1880,7 @@ class SELinuxGui(): +@@ -1885,7 +1884,7 @@ class SELinuxGui(): tree.set_value(iter, 2, fclass) def restore_to_default(self, *args): @@ -661396,7 +661437,7 @@ index 5ca87b9..4437d9e 100644 def invalid_entry_retry(self, *args): self.closewindow(self.error_check_window) -@@ -2138,7 +2133,7 @@ class SELinuxGui(): +@@ -2138,7 +2137,7 @@ class SELinuxGui(): def on_save_delete_file_equiv_clicked(self, *args): for delete in self.files_delete_liststore: @@ -661405,7 +661446,7 @@ index 5ca87b9..4437d9e 100644 def on_toggle_update(self, cell, path, model): model[path][0] = not model[path][0] -@@ -2180,7 +2175,6 @@ class SELinuxGui(): +@@ -2180,7 +2179,6 @@ class SELinuxGui(): self.update = True self.update_treestore.clear() for bools in self.cur_dict["boolean"]: @@ -661413,7 +661454,7 @@ index 5ca87b9..4437d9e 100644 iter = self.update_treestore.append(None) self.update_treestore.set_value(iter, 0, True) self.update_treestore.set_value(iter, 1, sepolicy.boolean_desc(bools)) -@@ -2411,8 +2405,11 @@ class SELinuxGui(): +@@ -2411,8 +2409,11 @@ class SELinuxGui(): cur = selinux.getfilecon(path)[1].split(":")[2] con = selinux.matchpathcon(path,0)[1].split(":")[2] if self.verify(_("Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the default %(DEF_CONTEXT)s?") % {"PATH":path, "CUR_CONTEXT": cur, "DEF_CONTEXT": con}, title="restorecon dialog") == Gtk.ResponseType.YES: @@ -661427,7 +661468,7 @@ index 5ca87b9..4437d9e 100644 def new_updates(self, *args): self.update_button.set_sensitive(self.modified()) -@@ -2446,8 +2443,8 @@ class SELinuxGui(): +@@ -2446,8 +2447,8 @@ class SELinuxGui(): self.wait_mouse() try: self.dbus.semanage(update_buffer) @@ -661438,7 +661479,7 @@ index 5ca87b9..4437d9e 100644 self.ready_mouse() self.init_cur() -@@ -2541,34 +2538,7 @@ class SELinuxGui(): +@@ -2541,34 +2542,7 @@ class SELinuxGui(): self.network_mls_label.set_visible(advanced) self.network_mls_entry.set_visible(advanced) @@ -661474,7 +661515,7 @@ index 5ca87b9..4437d9e 100644 if label.get_text() == ADVANCED_SEARCH_LABEL[1]: label.set_text(ADVANCED_SEARCH_LABEL[0]) self.close_popup() -@@ -2576,25 +2546,6 @@ class SELinuxGui(): +@@ -2576,25 +2550,6 @@ class SELinuxGui(): label.set_text(ADVANCED_SEARCH_LABEL[1]) self.show_popup(self.advanced_search_window) @@ -661500,7 +661541,7 @@ index 5ca87b9..4437d9e 100644 def set_enforce_text(self, value): if value: self.status_bar.push(self.context_id, _("System Status: Enforcing")) -@@ -2603,8 +2554,14 @@ class SELinuxGui(): +@@ -2603,8 +2558,14 @@ class SELinuxGui(): self.current_status_permissive.set_active(True) def set_enforce(self, button): @@ -661517,7 +661558,7 @@ index 5ca87b9..4437d9e 100644 def on_browse_select(self, *args): filename = self.file_dialog.get_filename() -@@ -2664,16 +2621,22 @@ class SELinuxGui(): +@@ -2664,16 +2625,22 @@ class SELinuxGui(): self.system_policy_type_combobox.set_active(self.typeHistory) return None @@ -661544,7 +661585,7 @@ index 5ca87b9..4437d9e 100644 def import_config_show(self, *args): self.file_dialog.set_action(Gtk.FileChooserAction.OPEN) -@@ -2730,7 +2693,7 @@ class SELinuxGui(): +@@ -2730,7 +2697,7 @@ class SELinuxGui(): return try: self.dbus.relabel_on_boot(active) @@ -661553,7 +661594,7 @@ index 5ca87b9..4437d9e 100644 self.error(e) def closewindow(self, window, *args): -@@ -2816,10 +2779,13 @@ class SELinuxGui(): +@@ -2816,10 +2783,13 @@ class SELinuxGui(): if not self.finish_init: return self.wait_mouse() @@ -663458,7 +663499,7 @@ index c6645ef..8965795 100644 + except dbus.DBusException as e: + print (e) diff --git a/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade b/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade -index 1275c7f..b848baa 100644 +index 1275c7f..83822dd 100644 --- a/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade +++ b/policycoreutils-2.4/sepolicy/sepolicy/sepolicy.glade @@ -2,7 +2,7 @@ @@ -663531,6 +663572,15 @@ index 1275c7f..b848baa 100644 0.5 True +@@ -1061,7 +1043,7 @@ + + True + False +- images/booleans.png ++ help/booleans.png + + + False @@ -2948,7 +2930,7 @@ Enabled Executables which will transition to a different domain, when the 'selected domain' executes them. 1 diff --git a/policycoreutils.spec b/policycoreutils.spec index 07a40f9..f4a366c 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.4 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2 Group: System Environment/Base # https://github.com/SELinuxProject/selinux/wiki/Releases @@ -18,7 +18,7 @@ Source2: policycoreutils_man_ru2.tar.bz2 Source3: system-config-selinux.png Source4: sepolicy-icons.tgz # use make-rhat-patches.sh to create following patches from https://github.com/fedora-selinux/selinux/ -# HEAD https://github.com/fedora-selinux/selinux/commit/aa4f35f0b462af8bd0f02cf8d948ba2e824dd082 +# HEAD https://github.com/fedora-selinux/selinux/commit/3f154b2e8e2978ba65afbd224f4bbd64e2374a36 Patch: policycoreutils-rhat.patch Patch1: sepolgen-rhat.patch Patch100: policycoreutils-fix-semanage-python3.patch @@ -404,6 +404,10 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Mon Dec 14 2015 Petr Lautrbach - 2.4-18 +- Fix 'semanage permissive -l' subcommand (#1286325) +- Several 'sepolicy gui' fixes (#1281309,#1281309,#1282382) + * Tue Nov 17 2015 Petr Lautrbach 2.4-17 - Require at least one argument for 'semanage permissive -d' (#1255676)