policycoreutils-2.8-14
- chcat: fix removing categories on users with Fedora default setup - semanage: Include MCS/MLS range when exporting local customizations - semanage: Start exporting "ibendport" and "ibpkey" entries - semanage: do not show "None" levels when using a non-MLS policy - sepolicy: Add sepolicy.load_store_policy(store) - semanage: import sepolicy only when it's needed - semanage: move valid_types initialisations to class constructors
This commit is contained in:
parent
a56e58893b
commit
9c1b897074
@ -12,7 +12,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.8
|
Version: 2.8
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
|
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
|
||||||
@ -37,7 +37,7 @@ Source22: gui-po.tgz
|
|||||||
Source23: sandbox-po.tgz
|
Source23: sandbox-po.tgz
|
||||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||||
# run:
|
# run:
|
||||||
# HEAD https://github.com/fedora-selinux/selinux/commit/2fee0bccb66a6cafcf0d178b8c75c23ebd3f9924
|
# HEAD https://github.com/fedora-selinux/selinux/commit/15b521e6d24b1cb3a004d49f630f1d33f3e11466
|
||||||
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
||||||
# VERSION=2.8 ./make-fedora-selinux-patch.sh $i
|
# VERSION=2.8 ./make-fedora-selinux-patch.sh $i
|
||||||
# done
|
# done
|
||||||
@ -530,6 +530,15 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 20 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-14
|
||||||
|
- chcat: fix removing categories on users with Fedora default setup
|
||||||
|
- semanage: Include MCS/MLS range when exporting local customizations
|
||||||
|
- semanage: Start exporting "ibendport" and "ibpkey" entries
|
||||||
|
- semanage: do not show "None" levels when using a non-MLS policy
|
||||||
|
- sepolicy: Add sepolicy.load_store_policy(store)
|
||||||
|
- semanage: import sepolicy only when it's needed
|
||||||
|
- semanage: move valid_types initialisations to class constructors
|
||||||
|
|
||||||
* Mon Dec 10 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-13
|
* Mon Dec 10 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-13
|
||||||
- chcat: use check_call instead of getstatusoutput
|
- chcat: use check_call instead of getstatusoutput
|
||||||
- Use matchbox-window-manager instead of openbox
|
- Use matchbox-window-manager instead of openbox
|
||||||
|
@ -75,10 +75,19 @@ index a826a9f..4427dea 100644
|
|||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
unittest.main()
|
unittest.main()
|
||||||
diff --git selinux-python-2.8/chcat/chcat selinux-python-2.8/chcat/chcat
|
diff --git selinux-python-2.8/chcat/chcat selinux-python-2.8/chcat/chcat
|
||||||
index 4bd9fc6..a2cc9fa 100755
|
index 4bd9fc6..27c537e 100755
|
||||||
--- selinux-python-2.8/chcat/chcat
|
--- selinux-python-2.8/chcat/chcat
|
||||||
+++ selinux-python-2.8/chcat/chcat
|
+++ selinux-python-2.8/chcat/chcat
|
||||||
@@ -22,10 +22,7 @@
|
@@ -4,7 +4,7 @@
|
||||||
|
#
|
||||||
|
# chcat is a script that allows you modify the Security label on a file
|
||||||
|
#
|
||||||
|
-#` Author: Daniel Walsh <dwalsh@redhat.com>
|
||||||
|
+# Author: Daniel Walsh <dwalsh@redhat.com>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License as
|
||||||
|
@@ -22,19 +22,15 @@
|
||||||
# 02111-1307 USA
|
# 02111-1307 USA
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
@ -90,7 +99,8 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
import pwd
|
import pwd
|
||||||
@@ -34,7 +31,7 @@ import getopt
|
-import string
|
||||||
|
import getopt
|
||||||
import selinux
|
import selinux
|
||||||
import seobject
|
import seobject
|
||||||
|
|
||||||
@ -99,7 +109,26 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
try:
|
try:
|
||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
@@ -99,12 +96,12 @@ def chcat_user_add(newcat, users):
|
@@ -44,7 +40,7 @@ try:
|
||||||
|
localedir="/usr/share/locale",
|
||||||
|
codeset='utf-8',
|
||||||
|
**kwargs)
|
||||||
|
-except:
|
||||||
|
+except ImportError:
|
||||||
|
try:
|
||||||
|
import builtins
|
||||||
|
builtins.__dict__['_'] = str
|
||||||
|
@@ -86,8 +82,7 @@ def chcat_user_add(newcat, users):
|
||||||
|
if len(serange) > 1:
|
||||||
|
top = serange[1].split(":")
|
||||||
|
if len(top) > 1:
|
||||||
|
- cats.append(top[1])
|
||||||
|
- cats = expandCats(cats)
|
||||||
|
+ cats = expandCats(top[1].split(','))
|
||||||
|
|
||||||
|
for i in newcat[1:]:
|
||||||
|
if i not in cats:
|
||||||
|
@@ -99,12 +94,12 @@ def chcat_user_add(newcat, users):
|
||||||
new_serange = "%s-%s" % (serange[0], top[0])
|
new_serange = "%s-%s" % (serange[0], top[0])
|
||||||
|
|
||||||
if add_ind:
|
if add_ind:
|
||||||
@ -113,11 +142,11 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
|
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
|
||||||
+ try:
|
+ try:
|
||||||
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
||||||
+ except subprocess.CalledProcessError as e:
|
+ except subprocess.CalledProcessError:
|
||||||
errors += 1
|
errors += 1
|
||||||
|
|
||||||
return errors
|
return errors
|
||||||
@@ -140,10 +137,11 @@ def chcat_add(orig, newcat, objects, login_ind):
|
@@ -140,10 +135,11 @@ def chcat_add(orig, newcat, objects, login_ind):
|
||||||
cat_string = "%s,%s" % (cat_string, c)
|
cat_string = "%s,%s" % (cat_string, c)
|
||||||
else:
|
else:
|
||||||
cat_string = cat
|
cat_string = cat
|
||||||
@ -129,11 +158,21 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
+ cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
|
+ cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
|
||||||
+ try:
|
+ try:
|
||||||
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
||||||
+ except subprocess.CalledProcessError as e:
|
+ except subprocess.CalledProcessError:
|
||||||
errors += 1
|
errors += 1
|
||||||
return errors
|
return errors
|
||||||
|
|
||||||
@@ -179,13 +177,15 @@ def chcat_user_remove(newcat, users):
|
@@ -166,8 +162,7 @@ def chcat_user_remove(newcat, users):
|
||||||
|
if len(serange) > 1:
|
||||||
|
top = serange[1].split(":")
|
||||||
|
if len(top) > 1:
|
||||||
|
- cats.append(top[1])
|
||||||
|
- cats = expandCats(cats)
|
||||||
|
+ cats = expandCats(top[1].split(','))
|
||||||
|
|
||||||
|
for i in newcat[1:]:
|
||||||
|
if i in cats:
|
||||||
|
@@ -179,13 +174,15 @@ def chcat_user_remove(newcat, users):
|
||||||
new_serange = "%s-%s" % (serange[0], top[0])
|
new_serange = "%s-%s" % (serange[0], top[0])
|
||||||
|
|
||||||
if add_ind:
|
if add_ind:
|
||||||
@ -148,13 +187,13 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
+
|
+
|
||||||
+ try:
|
+ try:
|
||||||
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
||||||
+ except subprocess.CalledProcessError as e:
|
+ except subprocess.CalledProcessError:
|
||||||
errors += 1
|
errors += 1
|
||||||
+
|
+
|
||||||
return errors
|
return errors
|
||||||
|
|
||||||
|
|
||||||
@@ -224,12 +224,14 @@ def chcat_remove(orig, newcat, objects, login_ind):
|
@@ -224,12 +221,14 @@ def chcat_remove(orig, newcat, objects, login_ind):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if len(cat) == 0:
|
if len(cat) == 0:
|
||||||
@ -170,11 +209,11 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
+ cmd = ["chcon", "-l", new_serange, f]
|
+ cmd = ["chcon", "-l", new_serange, f]
|
||||||
+ try:
|
+ try:
|
||||||
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
||||||
+ except subprocess.CalledProcessError as e:
|
+ except subprocess.CalledProcessError:
|
||||||
errors += 1
|
errors += 1
|
||||||
return errors
|
return errors
|
||||||
|
|
||||||
@@ -247,17 +249,17 @@ def chcat_user_replace(newcat, users):
|
@@ -247,17 +246,17 @@ def chcat_user_replace(newcat, users):
|
||||||
add_ind = 1
|
add_ind = 1
|
||||||
user = seusers["__default__"]
|
user = seusers["__default__"]
|
||||||
serange = user[1].split("-")
|
serange = user[1].split("-")
|
||||||
@ -194,13 +233,15 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
|
+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
|
||||||
+ try:
|
+ try:
|
||||||
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
||||||
+ except subprocess.CalledProcessError as e:
|
+ except subprocess.CalledProcessError:
|
||||||
errors += 1
|
errors += 1
|
||||||
return errors
|
return errors
|
||||||
|
|
||||||
@@ -267,20 +269,16 @@ def chcat_replace(newcat, objects, login_ind):
|
@@ -266,21 +265,18 @@ def chcat_replace(newcat, objects, login_ind):
|
||||||
|
if login_ind == 1:
|
||||||
return chcat_user_replace(newcat, objects)
|
return chcat_user_replace(newcat, objects)
|
||||||
errors = 0
|
errors = 0
|
||||||
|
+ # newcat[0] is the sensitivity level, newcat[1:] are the categories
|
||||||
if len(newcat) == 1:
|
if len(newcat) == 1:
|
||||||
- sensitivity = newcat[0]
|
- sensitivity = newcat[0]
|
||||||
- cmd = 'chcon -l %s ' % newcat[0]
|
- cmd = 'chcon -l %s ' % newcat[0]
|
||||||
@ -211,21 +252,47 @@ index 4bd9fc6..a2cc9fa 100755
|
|||||||
+ new_serange = "%s:%s" % (newcat[0], newcat[1])
|
+ new_serange = "%s:%s" % (newcat[0], newcat[1])
|
||||||
for cat in newcat[2:]:
|
for cat in newcat[2:]:
|
||||||
- cmd = '%s,%s' % (cmd, cat)
|
- cmd = '%s,%s' % (cmd, cat)
|
||||||
+ new_serange = '%s,%s' % (new_serange, cat)
|
-
|
||||||
|
|
||||||
- for f in objects:
|
- for f in objects:
|
||||||
- cmd = "%s %s" % (cmd, f)
|
- cmd = "%s %s" % (cmd, f)
|
||||||
-
|
+ new_serange = '%s,%s' % (new_serange, cat)
|
||||||
|
|
||||||
- rc = getstatusoutput(cmd)
|
- rc = getstatusoutput(cmd)
|
||||||
- if rc[0] != 0:
|
- if rc[0] != 0:
|
||||||
- print(rc[1])
|
- print(rc[1])
|
||||||
+ cmd = ["chcon", "-l", new_serange] + objects
|
+ cmd = ["chcon", "-l", new_serange] + objects
|
||||||
+ try:
|
+ try:
|
||||||
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
|
||||||
+ except subprocess.CalledProcessError as e:
|
+ except subprocess.CalledProcessError:
|
||||||
errors += 1
|
errors += 1
|
||||||
|
|
||||||
return errors
|
return errors
|
||||||
|
@@ -384,7 +380,7 @@ def listusercats(users):
|
||||||
|
if len(users) == 0:
|
||||||
|
try:
|
||||||
|
users.append(os.getlogin())
|
||||||
|
- except:
|
||||||
|
+ except OSError:
|
||||||
|
users.append(pwd.getpwuid(os.getuid()).pw_name)
|
||||||
|
|
||||||
|
verify_users(users)
|
||||||
|
@@ -401,6 +397,7 @@ def error(msg):
|
||||||
|
print("%s: %s" % (sys.argv[0], msg))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
+
|
||||||
|
if __name__ == '__main__':
|
||||||
|
if selinux.is_selinux_mls_enabled() != 1:
|
||||||
|
error("Requires a mls enabled system")
|
||||||
|
@@ -435,7 +432,7 @@ if __name__ == '__main__':
|
||||||
|
except getopt.error as error:
|
||||||
|
errorExit(_("Options Error %s ") % error.msg)
|
||||||
|
|
||||||
|
- except ValueError as e:
|
||||||
|
+ except ValueError:
|
||||||
|
usage()
|
||||||
|
|
||||||
|
if delete_ind:
|
||||||
diff --git selinux-python-2.8/po/Makefile selinux-python-2.8/po/Makefile
|
diff --git selinux-python-2.8/po/Makefile selinux-python-2.8/po/Makefile
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..4e052d5
|
index 0000000..4e052d5
|
||||||
@ -332,7 +399,7 @@ index 0000000..128eb87
|
|||||||
+../sepolicy/sepolicy/interface.py
|
+../sepolicy/sepolicy/interface.py
|
||||||
+../sepolicy/sepolicy.py
|
+../sepolicy/sepolicy.py
|
||||||
diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
|
diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
|
||||||
index 8d8a086..26fa46a 100644
|
index 8d8a086..301207e 100644
|
||||||
--- selinux-python-2.8/semanage/semanage
|
--- selinux-python-2.8/semanage/semanage
|
||||||
+++ selinux-python-2.8/semanage/semanage
|
+++ selinux-python-2.8/semanage/semanage
|
||||||
@@ -27,7 +27,7 @@ import traceback
|
@@ -27,7 +27,7 @@ import traceback
|
||||||
@ -362,7 +429,29 @@ index 8d8a086..26fa46a 100644
|
|||||||
|
|
||||||
usage_node = "semanage node [-h] [-n] [-N] [-S STORE] ["
|
usage_node = "semanage node [-h] [-n] [-N] [-S STORE] ["
|
||||||
usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
@@ -421,7 +421,7 @@ def setupUserParser(subparsers):
|
@@ -73,7 +73,7 @@ usage_interface_dict = {' --add': ('-t TYPE', '-r RANGE', 'interface'), ' --modi
|
||||||
|
usage_boolean = "semanage boolean [-h] [-n] [-N] [-S STORE] ["
|
||||||
|
usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
|
||||||
|
|
||||||
|
-import sepolicy
|
||||||
|
+
|
||||||
|
|
||||||
|
|
||||||
|
class CheckRole(argparse.Action):
|
||||||
|
@@ -82,7 +82,11 @@ class CheckRole(argparse.Action):
|
||||||
|
newval = getattr(namespace, self.dest)
|
||||||
|
if not newval:
|
||||||
|
newval = []
|
||||||
|
- roles = sepolicy.get_all_roles()
|
||||||
|
+ try:
|
||||||
|
+ import sepolicy
|
||||||
|
+ roles = sepolicy.get_all_roles()
|
||||||
|
+ except ValueError:
|
||||||
|
+ roles = []
|
||||||
|
for v in value.split():
|
||||||
|
if v not in roles:
|
||||||
|
raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (v, ", ".join(roles)))
|
||||||
|
@@ -421,7 +425,7 @@ def setupUserParser(subparsers):
|
||||||
userParser.add_argument('-R', '--roles', default=[],
|
userParser.add_argument('-R', '--roles', default=[],
|
||||||
action=CheckRole,
|
action=CheckRole,
|
||||||
help=_('''
|
help=_('''
|
||||||
@ -371,7 +460,7 @@ index 8d8a086..26fa46a 100644
|
|||||||
'''))
|
'''))
|
||||||
userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
|
userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
|
||||||
userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
|
userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
|
||||||
@@ -604,19 +604,19 @@ def setupInterfaceParser(subparsers):
|
@@ -604,19 +608,19 @@ def setupInterfaceParser(subparsers):
|
||||||
|
|
||||||
def handleModule(args):
|
def handleModule(args):
|
||||||
OBJECT = seobject.moduleRecords(args)
|
OBJECT = seobject.moduleRecords(args)
|
||||||
@ -401,7 +490,7 @@ index 8d8a086..26fa46a 100644
|
|||||||
for i in OBJECT.customized():
|
for i in OBJECT.customized():
|
||||||
print("module %s" % str(i))
|
print("module %s" % str(i))
|
||||||
|
|
||||||
@@ -630,14 +630,13 @@ def setupModuleParser(subparsers):
|
@@ -630,14 +634,13 @@ def setupModuleParser(subparsers):
|
||||||
parser_add_priority(moduleParser, "module")
|
parser_add_priority(moduleParser, "module")
|
||||||
|
|
||||||
mgroup = moduleParser.add_mutually_exclusive_group(required=True)
|
mgroup = moduleParser.add_mutually_exclusive_group(required=True)
|
||||||
@ -420,7 +509,7 @@ index 8d8a086..26fa46a 100644
|
|||||||
moduleParser.set_defaults(func=handleModule)
|
moduleParser.set_defaults(func=handleModule)
|
||||||
|
|
||||||
|
|
||||||
@@ -739,9 +738,7 @@ def handlePermissive(args):
|
@@ -739,9 +742,7 @@ def handlePermissive(args):
|
||||||
if args.action is "delete":
|
if args.action is "delete":
|
||||||
OBJECT.delete(args.type)
|
OBJECT.delete(args.type)
|
||||||
else:
|
else:
|
||||||
@ -431,6 +520,15 @@ index 8d8a086..26fa46a 100644
|
|||||||
|
|
||||||
|
|
||||||
def setupPermissiveParser(subparsers):
|
def setupPermissiveParser(subparsers):
|
||||||
|
@@ -776,7 +777,7 @@ def setupDontauditParser(subparsers):
|
||||||
|
|
||||||
|
|
||||||
|
def handleExport(args):
|
||||||
|
- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module"]
|
||||||
|
+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"]
|
||||||
|
for i in manageditems:
|
||||||
|
print("%s -D" % i)
|
||||||
|
for i in manageditems:
|
||||||
diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8
|
diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8
|
||||||
index 30bc670..23fec69 100644
|
index 30bc670..23fec69 100644
|
||||||
--- selinux-python-2.8/semanage/semanage-user.8
|
--- selinux-python-2.8/semanage/semanage-user.8
|
||||||
@ -461,7 +559,7 @@ index 0bdb90f..0cdcfcc 100644
|
|||||||
user identities to authorized role sets. In most cases, only the
|
user identities to authorized role sets. In most cases, only the
|
||||||
former mapping needs to be adjusted by the administrator; the latter
|
former mapping needs to be adjusted by the administrator; the latter
|
||||||
diff --git selinux-python-2.8/semanage/seobject.py selinux-python-2.8/semanage/seobject.py
|
diff --git selinux-python-2.8/semanage/seobject.py selinux-python-2.8/semanage/seobject.py
|
||||||
index c76dce8..a0cdeb7 100644
|
index c76dce8..59df249 100644
|
||||||
--- selinux-python-2.8/semanage/seobject.py
|
--- selinux-python-2.8/semanage/seobject.py
|
||||||
+++ selinux-python-2.8/semanage/seobject.py
|
+++ selinux-python-2.8/semanage/seobject.py
|
||||||
@@ -30,10 +30,10 @@ import sys
|
@@ -30,10 +30,10 @@ import sys
|
||||||
@ -495,7 +593,15 @@ index c76dce8..a0cdeb7 100644
|
|||||||
class logger:
|
class logger:
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
@@ -397,6 +399,8 @@ class moduleRecords(semanageRecords):
|
@@ -258,6 +260,7 @@ class semanageRecords:
|
||||||
|
if self.store == "" or self.store == localstore:
|
||||||
|
self.mylog = logger()
|
||||||
|
else:
|
||||||
|
+ sepolicy.load_store_policy(self.store)
|
||||||
|
self.mylog = nulllogger()
|
||||||
|
|
||||||
|
def set_reload(self, load):
|
||||||
|
@@ -397,6 +400,8 @@ class moduleRecords(semanageRecords):
|
||||||
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
|
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
|
||||||
|
|
||||||
def add(self, file, priority):
|
def add(self, file, priority):
|
||||||
@ -504,7 +610,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if not os.path.exists(file):
|
if not os.path.exists(file):
|
||||||
raise ValueError(_("Module does not exist: %s ") % file)
|
raise ValueError(_("Module does not exist: %s ") % file)
|
||||||
|
|
||||||
@@ -409,7 +413,9 @@ class moduleRecords(semanageRecords):
|
@@ -409,7 +414,9 @@ class moduleRecords(semanageRecords):
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
def set_enabled(self, module, enable):
|
def set_enabled(self, module, enable):
|
||||||
@ -515,7 +621,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
rc, key = semanage_module_key_create(self.sh)
|
rc, key = semanage_module_key_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create module key"))
|
raise ValueError(_("Could not create module key"))
|
||||||
@@ -431,7 +437,9 @@ class moduleRecords(semanageRecords):
|
@@ -431,7 +438,9 @@ class moduleRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
||||||
|
|
||||||
@ -526,7 +632,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
rc = semanage_module_remove(self.sh, m)
|
rc = semanage_module_remove(self.sh, m)
|
||||||
if rc < 0 and rc != -2:
|
if rc < 0 and rc != -2:
|
||||||
raise ValueError(_("Could not remove module %s (remove failed)") % m)
|
raise ValueError(_("Could not remove module %s (remove failed)") % m)
|
||||||
@@ -593,7 +601,6 @@ class loginRecords(semanageRecords):
|
@@ -593,7 +602,6 @@ class loginRecords(semanageRecords):
|
||||||
|
|
||||||
semanage_seuser_key_free(k)
|
semanage_seuser_key_free(k)
|
||||||
semanage_seuser_free(u)
|
semanage_seuser_free(u)
|
||||||
@ -534,7 +640,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
|
|
||||||
def add(self, name, sename, serange):
|
def add(self, name, sename, serange):
|
||||||
try:
|
try:
|
||||||
@@ -601,7 +608,6 @@ class loginRecords(semanageRecords):
|
@@ -601,7 +609,6 @@ class loginRecords(semanageRecords):
|
||||||
self.__add(name, sename, serange)
|
self.__add(name, sename, serange)
|
||||||
self.commit()
|
self.commit()
|
||||||
except ValueError as error:
|
except ValueError as error:
|
||||||
@ -542,7 +648,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
raise error
|
raise error
|
||||||
|
|
||||||
def __modify(self, name, sename="", serange=""):
|
def __modify(self, name, sename="", serange=""):
|
||||||
@@ -653,7 +659,6 @@ class loginRecords(semanageRecords):
|
@@ -653,7 +660,6 @@ class loginRecords(semanageRecords):
|
||||||
|
|
||||||
semanage_seuser_key_free(k)
|
semanage_seuser_key_free(k)
|
||||||
semanage_seuser_free(u)
|
semanage_seuser_free(u)
|
||||||
@ -550,7 +656,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
|
|
||||||
def modify(self, name, sename="", serange=""):
|
def modify(self, name, sename="", serange=""):
|
||||||
try:
|
try:
|
||||||
@@ -661,7 +666,6 @@ class loginRecords(semanageRecords):
|
@@ -661,7 +667,6 @@ class loginRecords(semanageRecords):
|
||||||
self.__modify(name, sename, serange)
|
self.__modify(name, sename, serange)
|
||||||
self.commit()
|
self.commit()
|
||||||
except ValueError as error:
|
except ValueError as error:
|
||||||
@ -558,7 +664,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
raise error
|
raise error
|
||||||
|
|
||||||
def __delete(self, name):
|
def __delete(self, name):
|
||||||
@@ -694,8 +698,6 @@ class loginRecords(semanageRecords):
|
@@ -694,8 +699,6 @@ class loginRecords(semanageRecords):
|
||||||
rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
|
rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
|
||||||
range, (rc, serole) = userrec.get(self.sename)
|
range, (rc, serole) = userrec.get(self.sename)
|
||||||
|
|
||||||
@ -567,7 +673,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
def delete(self, name):
|
def delete(self, name):
|
||||||
try:
|
try:
|
||||||
self.begin()
|
self.begin()
|
||||||
@@ -703,7 +705,6 @@ class loginRecords(semanageRecords):
|
@@ -703,7 +706,6 @@ class loginRecords(semanageRecords):
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
except ValueError as error:
|
except ValueError as error:
|
||||||
@ -575,7 +681,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
raise error
|
raise error
|
||||||
|
|
||||||
def deleteall(self):
|
def deleteall(self):
|
||||||
@@ -717,7 +718,6 @@ class loginRecords(semanageRecords):
|
@@ -717,7 +719,6 @@ class loginRecords(semanageRecords):
|
||||||
self.__delete(semanage_seuser_get_name(u))
|
self.__delete(semanage_seuser_get_name(u))
|
||||||
self.commit()
|
self.commit()
|
||||||
except ValueError as error:
|
except ValueError as error:
|
||||||
@ -583,7 +689,51 @@ index c76dce8..a0cdeb7 100644
|
|||||||
raise error
|
raise error
|
||||||
|
|
||||||
def get_all_logins(self):
|
def get_all_logins(self):
|
||||||
@@ -1087,6 +1087,8 @@ class portRecords(semanageRecords):
|
@@ -753,7 +754,10 @@ class loginRecords(semanageRecords):
|
||||||
|
l = []
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
for k in sorted(ddict.keys()):
|
||||||
|
- l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
|
||||||
|
+ if ddict[k][1]:
|
||||||
|
+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
|
||||||
|
+ else:
|
||||||
|
+ l.append("-a -s %s %s" % (ddict[k][0], k))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -1020,7 +1024,10 @@ class seluserRecords(semanageRecords):
|
||||||
|
l = []
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
for k in sorted(ddict.keys()):
|
||||||
|
- l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
|
||||||
|
+ if ddict[k][1] or ddict[k][2]:
|
||||||
|
+ l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
|
||||||
|
+ else:
|
||||||
|
+ l.append("-a -R '%s' %s" % (ddict[k][3], k))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -1043,13 +1050,15 @@ class seluserRecords(semanageRecords):
|
||||||
|
|
||||||
|
|
||||||
|
class portRecords(semanageRecords):
|
||||||
|
- try:
|
||||||
|
- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
|
||||||
|
- except RuntimeError:
|
||||||
|
- valid_types = []
|
||||||
|
+
|
||||||
|
+ valid_types = []
|
||||||
|
|
||||||
|
def __init__(self, args = None):
|
||||||
|
semanageRecords.__init__(self, args)
|
||||||
|
+ try:
|
||||||
|
+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
|
||||||
|
+ except RuntimeError:
|
||||||
|
+ pass
|
||||||
|
|
||||||
|
def __genkey(self, port, proto):
|
||||||
|
if proto == "tcp":
|
||||||
|
@@ -1087,6 +1096,8 @@ class portRecords(semanageRecords):
|
||||||
if type == "":
|
if type == "":
|
||||||
raise ValueError(_("Type is required"))
|
raise ValueError(_("Type is required"))
|
||||||
|
|
||||||
@ -592,7 +742,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if type not in self.valid_types:
|
if type not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be a port type") % type)
|
raise ValueError(_("Type %s is invalid, must be a port type") % type)
|
||||||
|
|
||||||
@@ -1151,6 +1153,7 @@ class portRecords(semanageRecords):
|
@@ -1151,6 +1162,7 @@ class portRecords(semanageRecords):
|
||||||
else:
|
else:
|
||||||
raise ValueError(_("Requires setype"))
|
raise ValueError(_("Requires setype"))
|
||||||
|
|
||||||
@ -600,7 +750,22 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if setype and setype not in self.valid_types:
|
if setype and setype not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be a port type") % setype)
|
raise ValueError(_("Type %s is invalid, must be a port type") % setype)
|
||||||
|
|
||||||
@@ -1355,6 +1358,8 @@ class ibpkeyRecords(semanageRecords):
|
@@ -1295,10 +1307,11 @@ class portRecords(semanageRecords):
|
||||||
|
l = []
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
for k in sorted(ddict.keys()):
|
||||||
|
- if k[0] == k[1]:
|
||||||
|
- l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0]))
|
||||||
|
+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1])
|
||||||
|
+ if ddict[k][1]:
|
||||||
|
+ l.append("-a -t %s -r '%s' -p %s %s" % (ddict[k][0], ddict[k][1], k[2], port))
|
||||||
|
else:
|
||||||
|
- l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
|
||||||
|
+ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], port))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -1355,6 +1368,8 @@ class ibpkeyRecords(semanageRecords):
|
||||||
if type == "":
|
if type == "":
|
||||||
raise ValueError(_("Type is required"))
|
raise ValueError(_("Type is required"))
|
||||||
|
|
||||||
@ -609,7 +774,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if type not in self.valid_types:
|
if type not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be a ibpkey type") % type)
|
raise ValueError(_("Type %s is invalid, must be a ibpkey type") % type)
|
||||||
|
|
||||||
@@ -1417,6 +1422,8 @@ class ibpkeyRecords(semanageRecords):
|
@@ -1417,6 +1432,8 @@ class ibpkeyRecords(semanageRecords):
|
||||||
else:
|
else:
|
||||||
raise ValueError(_("Requires setype"))
|
raise ValueError(_("Requires setype"))
|
||||||
|
|
||||||
@ -618,7 +783,22 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if setype and setype not in self.valid_types:
|
if setype and setype not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be a ibpkey type") % setype)
|
raise ValueError(_("Type %s is invalid, must be a ibpkey type") % setype)
|
||||||
|
|
||||||
@@ -1603,6 +1610,8 @@ class ibendportRecords(semanageRecords):
|
@@ -1548,10 +1565,11 @@ class ibpkeyRecords(semanageRecords):
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
|
||||||
|
for k in sorted(ddict.keys()):
|
||||||
|
- if k[0] == k[1]:
|
||||||
|
- l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
|
||||||
|
+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1])
|
||||||
|
+ if ddict[k][1]:
|
||||||
|
+ l.append("-a -t %s -r '%s' -x %s %s" % (ddict[k][0], ddict[k][1], k[2], port))
|
||||||
|
else:
|
||||||
|
- l.append("-a -t %s -x %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
|
||||||
|
+ l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], port))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -1603,6 +1621,8 @@ class ibendportRecords(semanageRecords):
|
||||||
if type == "":
|
if type == "":
|
||||||
raise ValueError(_("Type is required"))
|
raise ValueError(_("Type is required"))
|
||||||
|
|
||||||
@ -627,7 +807,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if type not in self.valid_types:
|
if type not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be an ibendport type") % type)
|
raise ValueError(_("Type %s is invalid, must be an ibendport type") % type)
|
||||||
(k, ibendport, port) = self.__genkey(ibendport, ibdev_name)
|
(k, ibendport, port) = self.__genkey(ibendport, ibdev_name)
|
||||||
@@ -1664,6 +1673,8 @@ class ibendportRecords(semanageRecords):
|
@@ -1664,6 +1684,8 @@ class ibendportRecords(semanageRecords):
|
||||||
else:
|
else:
|
||||||
raise ValueError(_("Requires setype"))
|
raise ValueError(_("Requires setype"))
|
||||||
|
|
||||||
@ -636,7 +816,40 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if setype and setype not in self.valid_types:
|
if setype and setype not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be an ibendport type") % setype)
|
raise ValueError(_("Type %s is invalid, must be an ibendport type") % setype)
|
||||||
|
|
||||||
@@ -1826,13 +1837,13 @@ class nodeRecords(semanageRecords):
|
@@ -1788,7 +1810,10 @@ class ibendportRecords(semanageRecords):
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
|
||||||
|
for k in sorted(ddict.keys()):
|
||||||
|
- l.append("-a -t %s -r %s -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
|
||||||
|
+ if ddict[k][1]:
|
||||||
|
+ l.append("-a -t %s -r '%s' -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
|
||||||
|
+ else:
|
||||||
|
+ l.append("-a -t %s -z %s %s" % (ddict[k][0], k[1], k[0]))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -1807,14 +1832,16 @@ class ibendportRecords(semanageRecords):
|
||||||
|
print(rec)
|
||||||
|
|
||||||
|
class nodeRecords(semanageRecords):
|
||||||
|
- try:
|
||||||
|
- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"])
|
||||||
|
- except RuntimeError:
|
||||||
|
- valid_types = []
|
||||||
|
+
|
||||||
|
+ valid_types = []
|
||||||
|
|
||||||
|
def __init__(self, args = None):
|
||||||
|
semanageRecords.__init__(self, args)
|
||||||
|
self.protocol = ["ipv4", "ipv6"]
|
||||||
|
+ try:
|
||||||
|
+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"])
|
||||||
|
+ except RuntimeError:
|
||||||
|
+ pass
|
||||||
|
|
||||||
|
def validate(self, addr, mask, protocol):
|
||||||
|
newaddr = addr
|
||||||
|
@@ -1826,13 +1853,13 @@ class nodeRecords(semanageRecords):
|
||||||
|
|
||||||
# verify valid comination
|
# verify valid comination
|
||||||
if len(mask) == 0 or mask[0] == "/":
|
if len(mask) == 0 or mask[0] == "/":
|
||||||
@ -655,7 +868,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
newprotocol = self.protocol.index(protocol)
|
newprotocol = self.protocol.index(protocol)
|
||||||
@@ -1853,6 +1864,8 @@ class nodeRecords(semanageRecords):
|
@@ -1853,6 +1880,8 @@ class nodeRecords(semanageRecords):
|
||||||
if ctype == "":
|
if ctype == "":
|
||||||
raise ValueError(_("SELinux node type is required"))
|
raise ValueError(_("SELinux node type is required"))
|
||||||
|
|
||||||
@ -664,7 +877,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if ctype not in self.valid_types:
|
if ctype not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be a node type") % ctype)
|
raise ValueError(_("Type %s is invalid, must be a node type") % ctype)
|
||||||
|
|
||||||
@@ -1922,6 +1935,8 @@ class nodeRecords(semanageRecords):
|
@@ -1922,6 +1951,8 @@ class nodeRecords(semanageRecords):
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
raise ValueError(_("Requires setype or serange"))
|
raise ValueError(_("Requires setype or serange"))
|
||||||
|
|
||||||
@ -673,15 +886,55 @@ index c76dce8..a0cdeb7 100644
|
|||||||
if setype and setype not in self.valid_types:
|
if setype and setype not in self.valid_types:
|
||||||
raise ValueError(_("Type %s is invalid, must be a node type") % setype)
|
raise ValueError(_("Type %s is invalid, must be a node type") % setype)
|
||||||
|
|
||||||
@@ -2241,7 +2256,6 @@ class fcontextRecords(semanageRecords):
|
@@ -2024,7 +2055,10 @@ class nodeRecords(semanageRecords):
|
||||||
try:
|
l = []
|
||||||
valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"])
|
ddict = self.get_all(True)
|
||||||
valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"])
|
for k in sorted(ddict.keys()):
|
||||||
- valid_types.append("<<none>>")
|
- l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0]))
|
||||||
except RuntimeError:
|
+ if ddict[k][3]:
|
||||||
valid_types = []
|
+ l.append("-a -M %s -p %s -t %s -r '%s' %s" % (k[1], k[2], ddict[k][2], ddict[k][3], k[0]))
|
||||||
|
+ else:
|
||||||
|
+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0]))
|
||||||
|
return l
|
||||||
|
|
||||||
@@ -2369,8 +2383,10 @@ class fcontextRecords(semanageRecords):
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -2218,7 +2252,10 @@ class interfaceRecords(semanageRecords):
|
||||||
|
l = []
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
for k in sorted(ddict.keys()):
|
||||||
|
- l.append("-a -t %s %s" % (ddict[k][2], k))
|
||||||
|
+ if ddict[k][3]:
|
||||||
|
+ l.append("-a -t %s -r '%s' %s" % (ddict[k][2], ddict[k][3], k))
|
||||||
|
+ else:
|
||||||
|
+ l.append("-a -t %s %s" % (ddict[k][2], k))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -2238,15 +2275,17 @@ class interfaceRecords(semanageRecords):
|
||||||
|
|
||||||
|
|
||||||
|
class fcontextRecords(semanageRecords):
|
||||||
|
- try:
|
||||||
|
- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"])
|
||||||
|
- valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"])
|
||||||
|
- valid_types.append("<<none>>")
|
||||||
|
- except RuntimeError:
|
||||||
|
- valid_types = []
|
||||||
|
+
|
||||||
|
+ valid_types = []
|
||||||
|
|
||||||
|
def __init__(self, args = None):
|
||||||
|
semanageRecords.__init__(self, args)
|
||||||
|
+ try:
|
||||||
|
+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"])
|
||||||
|
+ self.valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"])
|
||||||
|
+ except RuntimeError:
|
||||||
|
+ pass
|
||||||
|
+
|
||||||
|
self.equiv = {}
|
||||||
|
self.equiv_dist = {}
|
||||||
|
self.equal_ind = False
|
||||||
|
@@ -2369,8 +2408,10 @@ class fcontextRecords(semanageRecords):
|
||||||
if type == "":
|
if type == "":
|
||||||
raise ValueError(_("SELinux Type is required"))
|
raise ValueError(_("SELinux Type is required"))
|
||||||
|
|
||||||
@ -694,7 +947,7 @@ index c76dce8..a0cdeb7 100644
|
|||||||
|
|
||||||
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -2432,8 +2448,10 @@ class fcontextRecords(semanageRecords):
|
@@ -2432,8 +2473,10 @@ class fcontextRecords(semanageRecords):
|
||||||
def __modify(self, target, setype, ftype, serange, seuser):
|
def __modify(self, target, setype, ftype, serange, seuser):
|
||||||
if serange == "" and setype == "" and seuser == "":
|
if serange == "" and setype == "" and seuser == "":
|
||||||
raise ValueError(_("Requires setype, serange or seuser"))
|
raise ValueError(_("Requires setype, serange or seuser"))
|
||||||
@ -707,6 +960,18 @@ index c76dce8..a0cdeb7 100644
|
|||||||
|
|
||||||
self.validate(target)
|
self.validate(target)
|
||||||
|
|
||||||
|
@@ -2597,7 +2640,10 @@ class fcontextRecords(semanageRecords):
|
||||||
|
fcon_dict = self.get_all(True)
|
||||||
|
for k in sorted(fcon_dict.keys()):
|
||||||
|
if fcon_dict[k]:
|
||||||
|
- l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
|
||||||
|
+ if fcon_dict[k][3]:
|
||||||
|
+ l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
|
||||||
|
+ else:
|
||||||
|
+ l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
|
||||||
|
|
||||||
|
if len(self.equiv):
|
||||||
|
for target in self.equiv.keys():
|
||||||
diff --git selinux-python-2.8/sepolgen/src/sepolgen/access.py selinux-python-2.8/sepolgen/src/sepolgen/access.py
|
diff --git selinux-python-2.8/sepolgen/src/sepolgen/access.py selinux-python-2.8/sepolgen/src/sepolgen/access.py
|
||||||
index a5d8698..ba80f93 100644
|
index a5d8698..ba80f93 100644
|
||||||
--- selinux-python-2.8/sepolgen/src/sepolgen/access.py
|
--- selinux-python-2.8/sepolgen/src/sepolgen/access.py
|
||||||
@ -1802,7 +2067,7 @@ index 141f64e..5880176 100755
|
|||||||
|
|
||||||
class LoadPolicy(argparse.Action):
|
class LoadPolicy(argparse.Action):
|
||||||
diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
||||||
index 89346ab..d1f4bf5 100644
|
index 89346ab..6039489 100644
|
||||||
--- selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
--- selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
||||||
+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
|
||||||
@@ -15,7 +15,7 @@ import os
|
@@ -15,7 +15,7 @@ import os
|
||||||
@ -1814,7 +2079,33 @@ index 89346ab..d1f4bf5 100644
|
|||||||
try:
|
try:
|
||||||
import gettext
|
import gettext
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
@@ -168,15 +168,21 @@ except ValueError as e:
|
@@ -129,6 +129,13 @@ def get_installed_policy(root="/"):
|
||||||
|
pass
|
||||||
|
raise ValueError(_("No SELinux Policy installed"))
|
||||||
|
|
||||||
|
+def get_store_policy(store, root="/"):
|
||||||
|
+ try:
|
||||||
|
+ policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store))
|
||||||
|
+ policies.sort()
|
||||||
|
+ return policies[-1]
|
||||||
|
+ except:
|
||||||
|
+ return None
|
||||||
|
|
||||||
|
def policy(policy_file):
|
||||||
|
global all_domains
|
||||||
|
@@ -156,6 +163,11 @@ def policy(policy_file):
|
||||||
|
except:
|
||||||
|
raise ValueError(_("Failed to read %s policy file") % policy_file)
|
||||||
|
|
||||||
|
+def load_store_policy(store):
|
||||||
|
+ policy_file = get_store_policy(store)
|
||||||
|
+ if not policy_file:
|
||||||
|
+ return None
|
||||||
|
+ policy(policy_file)
|
||||||
|
|
||||||
|
try:
|
||||||
|
policy_file = get_installed_policy()
|
||||||
|
@@ -168,15 +180,21 @@ except ValueError as e:
|
||||||
def info(setype, name=None):
|
def info(setype, name=None):
|
||||||
if setype == TYPE:
|
if setype == TYPE:
|
||||||
q = setools.TypeQuery(_pol)
|
q = setools.TypeQuery(_pol)
|
||||||
@ -1839,7 +2130,7 @@ index 89346ab..d1f4bf5 100644
|
|||||||
|
|
||||||
elif setype == ROLE:
|
elif setype == ROLE:
|
||||||
q = setools.RoleQuery(_pol)
|
q = setools.RoleQuery(_pol)
|
||||||
@@ -272,34 +278,38 @@ def _setools_rule_to_dict(rule):
|
@@ -272,34 +290,38 @@ def _setools_rule_to_dict(rule):
|
||||||
'class': str(rule.tclass),
|
'class': str(rule.tclass),
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1887,7 +2178,7 @@ index 89346ab..d1f4bf5 100644
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
return d
|
return d
|
||||||
@@ -334,6 +344,8 @@ def search(types, seinfo=None):
|
@@ -334,6 +356,8 @@ def search(types, seinfo=None):
|
||||||
tertypes.append(NEVERALLOW)
|
tertypes.append(NEVERALLOW)
|
||||||
if AUDITALLOW in types:
|
if AUDITALLOW in types:
|
||||||
tertypes.append(AUDITALLOW)
|
tertypes.append(AUDITALLOW)
|
||||||
@ -1896,7 +2187,7 @@ index 89346ab..d1f4bf5 100644
|
|||||||
|
|
||||||
if len(tertypes) > 0:
|
if len(tertypes) > 0:
|
||||||
q = setools.TERuleQuery(_pol,
|
q = setools.TERuleQuery(_pol,
|
||||||
@@ -437,6 +449,20 @@ def get_file_types(setype):
|
@@ -437,6 +461,20 @@ def get_file_types(setype):
|
||||||
return mpaths
|
return mpaths
|
||||||
|
|
||||||
|
|
||||||
@ -1917,7 +2208,7 @@ index 89346ab..d1f4bf5 100644
|
|||||||
def get_writable_files(setype):
|
def get_writable_files(setype):
|
||||||
file_types = get_all_file_types()
|
file_types = get_all_file_types()
|
||||||
all_writes = []
|
all_writes = []
|
||||||
@@ -1048,6 +1074,8 @@ def _dict_has_perms(dict, perms):
|
@@ -1048,6 +1086,8 @@ def _dict_has_perms(dict, perms):
|
||||||
def gen_short_name(setype):
|
def gen_short_name(setype):
|
||||||
all_domains = get_all_domains()
|
all_domains = get_all_domains()
|
||||||
if setype.endswith("_t"):
|
if setype.endswith("_t"):
|
||||||
@ -1926,7 +2217,7 @@ index 89346ab..d1f4bf5 100644
|
|||||||
domainname = setype[:-2]
|
domainname = setype[:-2]
|
||||||
else:
|
else:
|
||||||
domainname = setype
|
domainname = setype
|
||||||
@@ -1160,27 +1188,14 @@ def boolean_desc(boolean):
|
@@ -1160,27 +1200,14 @@ def boolean_desc(boolean):
|
||||||
|
|
||||||
|
|
||||||
def get_os_version():
|
def get_os_version():
|
||||||
|
Loading…
Reference in New Issue
Block a user