* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2

- Remove semodule use within semanage
2008-07-02 00:52:32 +00:00 · 2008-07-02 00:52:32 +00:00 · 8ac1404c6b
parent ad9ae902cf
commit 8ac1404c6b
4 changed files with 50 additions and 88 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -181,3 +181,4 @@ policycoreutils-2.0.47.tgz
 policycoreutils-2.0.49.tgz
 policycoreutils-2.0.50.tgz
 sepolgen-1.0.12.tgz
+policycoreutils-2.0.51.tgz
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile
--- nsapolicycoreutils/Makefile	2008-06-12 23:25:24.000000000 -0400
-+++ policycoreutils-2.0.50/Makefile	2008-07-01 09:43:28.000000000 -0400
+--- nsapolicycoreutils/Makefile	2007-12-19 06:02:52.000000000 -0500
+++ policycoreutils-2.0.50/Makefile	2008-07-01 14:59:58.000000000 -0400
@@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -8,8 +8,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/restorecond/restorecond.c	2008-07-01 09:43:28.000000000 -0400
+--- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.50/restorecond/restorecond.c	2008-07-01 14:59:58.000000000 -0400
@@ -210,9 +210,10 @@
 			}
 
@ -36,75 +36,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 	}
 	free(scontext);
 	close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.50/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/restorecond/restorecond.init	2008-07-01 09:43:28.000000000 -0400
-@@ -2,7 +2,7 @@
- #
- # restorecond:		Daemon used to maintain path file context
- #
-# chkconfig:	2345 12 87
-+# chkconfig:	- 12 87
- # description:	restorecond uses inotify to look for creation of new files \
- # listed in the /etc/selinux/restorecond.conf file, and restores the \
- # correct security context.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.50/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/scripts/fixfiles	2008-07-01 09:43:28.000000000 -0400
-@@ -138,6 +138,9 @@
- fi
- LogReadOnly
- ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
-+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
-+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
-+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
- exit $?
- }
- 
-@@ -180,6 +183,10 @@
-     check) restore -n -v;;
-     verify) restore -n -o -;;
-     relabel) relabel;;
-+    onboot)
-+	touch /.autorelabel
-+	echo "System will relabel on next boot"
-+	;;
-     *)
-     usage
-     exit 1
-@@ -189,6 +196,7 @@
-       	echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
- 	echo or
-       	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
-+      	echo $"Usage: $0 onboot"
- }
- 
- if [ $# = 0 ]; then
-diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.50/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/scripts/fixfiles.8	2008-07-01 09:43:28.000000000 -0400
-@@ -7,6 +7,8 @@
- 
- .B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ] 
- 
-+.B fixfiles onboot
-+
- .SH "DESCRIPTION"
- This manual page describes the
- .BR fixfiles
-@@ -20,6 +22,9 @@
- as you expect.  By default it will relabel all mounted ext2, ext3, xfs and 
- jfs file systems as long as they do not have a security context mount 
- option.  You can use the -R flag to use rpmpackages as an alternative.
-+.P
-+.B fixfiles onboot 
-+will setup the machine to relabel on the next reboot.
- 
- .SH "OPTIONS"
- .TP 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/semanage/semanage	2008-07-01 09:43:28.000000000 -0400
+--- nsapolicycoreutils/semanage/semanage	2008-05-06 14:33:04.000000000 -0400
+++ policycoreutils-2.0.50/semanage/semanage	2008-07-01 20:31:40.000000000 -0400
@@ -43,49 +43,52 @@
 if __name__ == '__main__':
 
@ -231,8 +165,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 			
 		if modify:
 diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/semanage/semanage.8	2008-07-01 09:43:28.000000000 -0400
+--- nsapolicycoreutils/semanage/semanage.8	2008-05-06 14:33:04.000000000 -0400
+++ policycoreutils-2.0.50/semanage/semanage.8	2008-07-01 20:33:48.000000000 -0400
+@@ -3,7 +3,7 @@
+ semanage \- SELinux Policy Management tool
+ 
+ .SH "SYNOPSIS"
+-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n] 
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store] 
+ .br
+ .B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
+ .br
@@ -17,6 +17,8 @@
 .br
 .B semanage fcontext \-{a|d|m} [\-frst] file_spec
@ -242,7 +185,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 .B semanage translation \-{a|d|m} [\-T] level
 .P
 
-@@ -101,10 +103,11 @@
+@@ -85,6 +87,9 @@
+ .I                \-s, \-\-seuser     
+ SELinux user name
+ .TP
+.I                \-S, \-\-store
+Select and alternate SELinux store to manage
+.TP
+ .I                \-t, \-\-type       
+ SELinux Type for the object
+ .TP
+@@ -101,10 +106,11 @@
 $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
 # Allow Apache to listen on port 81
 $ semanage port -a -t http_port_t -p tcp 81
@ -256,8 +209,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 Examples by Thomas Bleher <ThomasBleher@gmx.de>.
 -
 diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.50/semanage/seobject.py	2008-07-01 09:43:52.000000000 -0400
+--- nsapolicycoreutils/semanage/seobject.py	2008-05-16 10:55:38.000000000 -0400
+++ policycoreutils-2.0.50/semanage/seobject.py	2008-07-01 20:30:55.000000000 -0400
@@ -1,5 +1,5 @@
 #! /usr/bin/python -E
 -# Copyright (C) 2005, 2006, 2007 Red Hat 
@ -275,7 +228,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 import gettext
 gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
 gettext.textdomain(PROGNAME)
-@@ -246,7 +248,98 @@
+@@ -246,7 +248,103 @@
 		os.close(fd)
 		os.rename(newfilename, self.filename)
                 os.system("/sbin/service mcstrans reload > /dev/null")
@ -308,11 +261,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 +                      raise ValueError(_("Could not establish semanage connection"))
 +
 +	def get_all(self):
-+               rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
 +               l = []
-+               for i in out.split():
-+                      if i.startswith("permissive_"):
-+                             l.append(i.split("permissive_")[1])
+               (rc, mlist, number) = semanage_module_list(self.sh)
+               if rc < 0:
+                      raise ValueError(_("Could not list SELinux modules"))
+
+               for i in range(number):
+                      mod = semanage_module_list_nth(mlist, i)
+                      name = semanage_module_get_name(mod)
+                      if name and name.startswith("permissive_"):
+                             l.append(name.split("permissive_")[1])
 +               return l
 +
 +	def list(self,heading = 1, locallist = 0):
@ -360,8 +318,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 +
 +
 +	def delete(self, name):
-+               for i in name.split
-+               rc = semanage_module_remove(self.sh, "permissive_%s" % name)
+               for n in name.split():
+                      rc = semanage_module_remove(self.sh, "permissive_%s" % n)
 +               rc = semanage_commit(self.sh)
 +               if rc < 0:
 +			raise ValueError(_("Could not remove permissive domain %s") % name)
@ -369,13 +327,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po
 +	def deleteall(self):
 +               l = self.get_all()
 +               if len(l) > 0:
-+                      all = " permissive_".join(l)
+                      all = " ".join(l)
 +                      self.delete(all)
 +
 class semanageRecords:
 	def __init__(self, store):
 		self.sh = semanage_handle_create()
-@@ -464,7 +557,7 @@
+@@ -464,7 +562,7 @@
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
 
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -5,7 +5,7 @@
 %define	sepolgenver	1.0.12
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.0.50
+Version: 2.0.51
 Release: 1%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
+- Remove semodule use within semanage
+
 * Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
 - Update to upstream
 	* Fix audit2allow generation of role-type rules from Karl MacMillan.
--- a/2
+++ b/2
@ -1,2 +1,2 @@
-bf55b96652d47bb2838141130f851477  policycoreutils-2.0.50.tgz
 4813a1ed80f19068ed9897165f073e8b  sepolgen-1.0.12.tgz
+9189683c9449c459ad5d7870d9e22085  policycoreutils-2.0.51.tgz