From 7bf7971a06564dc9793ea287f598155449f8410b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 4 Jun 2009 19:31:10 +0000 Subject: [PATCH] * Thu Jun 4 2009 Dan Walsh 2.0.62-12.10 - Add sepolgen executable --- policycoreutils-gui.patch | 77 ++++++++++++++++++++++++++++++--------- policycoreutils.spec | 6 ++- 2 files changed, 64 insertions(+), 19 deletions(-) diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 0bc65fc..305169d 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -2165,10 +2165,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.63/gui/Makefile --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.63/gui/Makefile 2009-05-22 17:07:21.000000000 -0400 -@@ -0,0 +1,38 @@ ++++ policycoreutils-2.0.63/gui/Makefile 2009-06-04 15:18:28.000000000 -0400 +@@ -0,0 +1,41 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr ++BINDIR ?= $(PREFIX)/bin +SHAREDIR ?= $(PREFIX)/share/system-config-selinux + +TARGETS= \ @@ -2193,9 +2194,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu + +install: all + -mkdir -p $(SHAREDIR)/templates ++ -mkdir -p $(BINDIR) + install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 755 polgengui.py $(SHAREDIR) + install -m 755 polgen.py $(SHAREDIR) ++ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen) + install -m 755 lockdown.py $(SHAREDIR) + install -m 644 $(TARGETS) $(SHAREDIR) + install -m 644 templates/*.py $(SHAREDIR)/templates/ @@ -6412,8 +6415,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.63/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.63/gui/polgen.py 2009-05-22 17:02:43.000000000 -0400 -@@ -0,0 +1,1152 @@ ++++ policycoreutils-2.0.63/gui/polgen.py 2009-06-04 15:19:33.000000000 -0400 +@@ -0,0 +1,1177 @@ +#!/usr/bin/python +# +# Copyright (C) 2007, 2008, 2009 Red Hat @@ -6609,6 +6612,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.ports = ports.get_all() + + self.symbols = {} ++ self.symbols["openlog"] = "set_use_kerberos(True)" ++ self.symbols["openlog"] = "set_use_kerb_rcache(True)" ++ self.symbols["openlog"] = "set_use_syslog(True)" ++ self.symbols["krb"] = "set_use_kerberos(True)" ++ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)" ++ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)" ++ self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)" + self.symbols["__syslog_chk"] = "set_use_syslog(True)" + self.symbols["getpwnam"] = "set_use_uid(True)" + self.symbols["getpwuid"] = "set_use_uid(True)" @@ -6721,6 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.use_tmp = False + self.use_uid = False + self.use_syslog = False ++ self.use_kerberos = False ++ self.manage_krb5_rcache = False + self.use_pam = False + self.use_dbus = False + self.use_audit = False @@ -6810,6 +6822,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + + self.use_syslog = val + ++ def set_use_kerberos(self, val): ++ if val != True and val != False: ++ raise ValueError(_("use_kerberos must be a boolean value ")) ++ ++ self.use_kerberos = val ++ ++ def set_manage_krb5_rcache(self, val): ++ if val != True and val != False: ++ raise ValueError(_("manage_krb5_rcache must be a boolean value ")) ++ ++ self.manage_krb5_rcache = val ++ + def set_use_pam(self, val): + self.use_pam = val == True + @@ -6849,6 +6873,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + else: + return "" + ++ def generate_kerberos_rules(self): ++ if self.use_kerberos: ++ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules) ++ else: ++ return "" ++ ++ def generate_manage_krb5_rcache_rules(self): ++ if self.use_manage_krb5_rcache: ++ return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules) ++ else: ++ return "" ++ + def generate_pam_rules(self): + newte ="" + if self.use_pam: @@ -7252,6 +7288,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + newte += self.generate_roles_rules() + newte += self.generate_transition_rules() + newte += self.generate_admin_rules() ++ newte += self.generate_kerberos_rules() ++ newte += self.generate_manage_krb5_rcache_rules() + return newte + + def generate_fc(self): @@ -7489,7 +7527,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + return rec + +def gen_symbols(cmd): -+ fd = os.popen("nm /usr/lib/debug%s.debug | grep U" % cmd) ++ fd = os.popen("nm -D %s | grep U" % cmd) + rec = fd.read().split() + fd.close() + return rec @@ -7498,7 +7536,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + print _(""" +%s + -+polgen [ -m ] [ -t type ] command ++polgen [ -m ] [ -t type ] executable +valid Types: +""") % msg + keys=poltype.keys() @@ -7549,16 +7587,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name) + + symbols = gen_symbols(cmd) -+ if len(symbols) == 0: -+ print """ -+%s attempts to scan the debuginfo file for symbols to generate -+additional policy rules, which is missing for %s -+ -+debuginfo-install RPMPACKAGE -+ -+Will install %s with symbols. Then rerun this tool tool generate additional -+rules. -+""" % (sys.argv[0], cmd, cmd) + for s in symbols: + for b in mypolicy.symbols: + if s.startswith(b): @@ -12212,8 +12240,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.63/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.63/gui/templates/executable.py 2009-05-22 16:56:01.000000000 -0400 -@@ -0,0 +1,363 @@ ++++ policycoreutils-2.0.63/gui/templates/executable.py 2009-06-03 16:47:15.000000000 -0400 +@@ -0,0 +1,376 @@ +# Copyright (C) 2007-2009 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -12380,6 +12408,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +') +""" + ++te_kerberos_rules=""" ++optional_policy(` ++ kerberos_use(TEMPLATETYPE_t) ++') ++""" ++ ++te_manage_krb5_rcache_rules=""" ++optional_policy(` ++ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) ++ kerberos_manage_host_rcache(TEMPLATETYPE_t) ++') ++""" ++ +te_audit_rules=""" +logging_send_audit_msgs(TEMPLATETYPE_t) +""" diff --git a/policycoreutils.spec b/policycoreutils.spec index f31789d..ec36ddc 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.62 -Release: 12.9%{?dist} +Release: 12.10%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -163,6 +163,7 @@ system-config-selinux is a utility for managing the SELinux environment %defattr(-,root,root) %{_bindir}/system-config-selinux %{_bindir}/selinux-polgengui +%{_bindir}/sepolgen %{_datadir}/applications/fedora-system-config-selinux.desktop %{_datadir}/applications/fedora-selinux-polgengui.desktop %dir %{_datadir}/system-config-selinux @@ -224,6 +225,9 @@ else fi %changelog +* Thu Jun 4 2009 Dan Walsh 2.0.62-12.10 +- Add sepolgen executable + * Mon Jun 1 2009 Dan Walsh 2.0.62-12.9 - Fix mount options on sandbox