rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-1 

- Upgrade from NSA
	* Drop verbose output on fixfiles -C from Dan Walsh.
	* Fix argument handling in fixfiles from Dan Walsh.
	* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
- Fix handling of final screen in polgengui
This commit is contained in:
Daniel J Walsh 2007-12-11 02:47:29 +00:00
parent 44cc1f1bc3
commit 9ecec66343
5 changed files with 44 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -164,3 +164,4 @@ policycoreutils-2.0.28.tgz
policycoreutils-2.0.29.tgz
policycoreutils-2.0.31.tgz
policycoreutils-2.0.32.tgz
policycoreutils-2.0.33.tgz

38
policycoreutils-gui.patch
View File

@ -234,7 +234,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.32/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.32/gui/fcontextPage.py 2007-12-02 20:29:16.000000000 -0500
+++ policycoreutils-2.0.32/gui/fcontextPage.py 2007-12-10 15:18:39.000000000 -0500
@@ -0,0 +1,217 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@ -406,7 +406,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
+ fspec=store.get_value(iter, SPEC_COL)
+ ftype=store.get_value(iter, FTYPE_COL)
+ self.wait()
+ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' %s" % (ftype, fspec))
+ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' '%s'" % (ftype, fspec))
+ self.ready()
+
+ if rc != 0:
@ -3957,8 +3957,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.32/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.32/gui/polgengui.py 2007-12-02 20:29:16.000000000 -0500
@@ -0,0 +1,590 @@
+++ policycoreutils-2.0.32/gui/polgengui.py 2007-12-10 21:40:50.000000000 -0500
@@ -0,0 +1,598 @@
+#!/usr/bin/python -E
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@ -4072,9 +4072,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ COMMON_APPS_PAGE = 9
+ FILES_PAGE = 10
+ BOOLEAN_PAGE = 11
+ GEN_POLICY_PAGE = 12
+ GEN_USER_POLICY_PAGE = 13
+ FINISH_PAGE = 14
+ SELECT_DIR_PAGE = 12
+ GEN_POLICY_PAGE = 13
+ GEN_USER_POLICY_PAGE = 14
+
+ def __init__(self):
+ self.xml = xml
@ -4101,12 +4101,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+
+ self.notebook = xml.get_widget ("notebook1")
+ self.pages={}
+ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ]
+ for i in polgen.USERS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE]
+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE]
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+ for i in polgen.APPLICATIONS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
+
+ self.current_page = 0
+ self.back_button.set_sensitive(0)
@ -4230,18 +4231,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ if self.pages[type][self.current_page] == self.APP_PAGE:
+ if self.on_name_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
+ outputdir = self.output_entry.get_text()
+ if not os.path.isdir(outputdir):
+ self.error(_("%s must be a directory") % outputdir )
+ return False
+
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
+ if self.pages[type][self.current_page] in self.finish_page:
+ self.generate_policy()
+ else:
+ self.current_page = self.current_page + 1
+ self.notebook.set_current_page(self.pages[type][self.current_page])
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
+ if self.pages[type][self.current_page] in self.finish_page:
+ self.forward_button.set_label(gtk.STOCK_APPLY)
+
+ def back(self,arg):
+ type = self.get_type()
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
+ if self.pages[type][self.current_page] in self.finish_page:
+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
+
+ self.current_page = self.current_page - 1
@ -4303,6 +4310,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ return polgen.RUSER
+
+ def generate_policy(self, *args):
+ outputdir = self.output_entry.get_text()
+ try:
+ my_policy=polgen.policy(self.get_name(), self.get_type())
+ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
@ -4354,7 +4362,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ my_policy.add_dir(self.store.get_value(iter, 0))
+ iter= self.store.iter_next(iter)
+
+ self.info(my_policy.generate(self.output_entry.get_text()))
+ self.info(my_policy.generate(outputdir))
+ return False
+ except ValueError, e:
+ self.error(e.message)

232
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.31/audit2why/audit2why.c
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.32/audit2why/audit2why.c
--- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.31/audit2why/audit2why.c 2007-11-02 15:54:42.000000000 -0400
+++ policycoreutils-2.0.32/audit2why/audit2why.c 2007-12-02 20:29:15.000000000 -0500
@@ -137,6 +137,8 @@
/* Process the audit messages. */
while (getline(&buffer, &len, stdin) > 0) {
@ -97,18 +97,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
if (!tclass) {
fprintf(stderr,
"Invalid %s%s on line %u, skipping...\n",
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.31/Makefile
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.32/Makefile
--- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400
+++ policycoreutils-2.0.31/Makefile 2007-11-02 15:54:42.000000000 -0400
+++ policycoreutils-2.0.32/Makefile 2007-12-02 20:29:15.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.31/restorecond/restorecond.c
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.32/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
+++ policycoreutils-2.0.31/restorecond/restorecond.c 2007-11-02 15:54:42.000000000 -0400
+++ policycoreutils-2.0.32/restorecond/restorecond.c 2007-12-02 20:29:15.000000000 -0500
@@ -210,9 +210,10 @@
}
@ -135,9 +135,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
}
free(scontext);
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.31/scripts/chcat
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.32/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2007-08-23 16:52:26.000000000 -0400
+++ policycoreutils-2.0.31/scripts/chcat 2007-11-19 13:11:19.000000000 -0500
+++ policycoreutils-2.0.32/scripts/chcat 2007-12-02 20:29:15.000000000 -0500
@@ -25,10 +25,6 @@
import commands, sys, os, pwd, string, getopt, selinux
import seobject
@ -149,83 +149,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
try:
gettext.install('policycoreutils')
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.31/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2007-08-23 16:52:26.000000000 -0400
+++ policycoreutils-2.0.31/scripts/fixfiles 2007-11-16 16:30:21.000000000 -0500
@@ -92,7 +92,7 @@
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
done 2> /dev/null | \
- ${RESTORECON} $2 -v -f -
+ ${RESTORECON} $2 -f -
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
@@ -189,21 +189,27 @@
case "$i" in
f)
fullFlag=1
+ shift 1
;;
R)
RPMFILES=$OPTARG
+ shift 2
;;
o)
OUTFILES=$OPTARG
+ shift 2
;;
l)
LOGFILE=$OPTARG
+ shift 2
;;
C)
PREFC=$OPTARG
+ shift 2
;;
F)
FORCEFLAG="-F"
+ shift 1
;;
*)
usage
@@ -211,10 +217,8 @@
esac
done
-
# Check for the command
-eval command=\$${OPTIND}
-let OPTIND=$OPTIND+1
+command=$1
if [ -z $command ]; then
usage
fi
@@ -223,17 +227,15 @@
# check if they specified both DIRS and RPMFILES
#
+shift 1
if [ ! -z "$RPMFILES" ]; then
- if [ $OPTIND -le $# ]; then
+ if [ $# -gt 0 ]; then
usage
fi
else
- while [ $OPTIND -le $# ]; do
- eval DIR=\$${OPTIND}
- DIRS="$DIRS $DIR"
- let OPTIND=$OPTIND+1
- done
+ DIRS=$*
fi
+
#
# Make sure they specified one of the three valid commands
#
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.31/semanage/semanage
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.32/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
+++ policycoreutils-2.0.31/semanage/semanage 2007-11-19 13:10:07.000000000 -0500
+++ policycoreutils-2.0.32/semanage/semanage 2007-12-02 20:29:15.000000000 -0500
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005 Red Hat
@ -292,141 +218,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
if object == "login":
OBJECT = seobject.loginRecords(store)
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-10-07 21:46:43.000000000 -0400
+++ policycoreutils-2.0.31/semanage/seobject.py 2007-11-19 17:35:04.000000000 -0500
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005 Red Hat
+# Copyright (C) 2005, 2006, 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
@@ -88,6 +88,35 @@
mylog = logger()
+import sys, os
+import re
+import xml.etree.ElementTree
+
+booleans_dict={}
+try:
+ tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+ for l in tree.findall("layer"):
+ for m in l.findall("module"):
+ for b in m.findall("tunable"):
+ desc = b.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+ for b in m.findall("bool"):
+ desc = b.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+ for i in tree.findall("bool"):
+ desc = i.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+ for i in tree.findall("tunable"):
+ desc = i.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+except IOError, e:
+ #print _("Failed to translate booleans.\n%s") % e
+ pass
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -139,7 +168,7 @@
translations = fd.readlines()
fd.close()
except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
self.ddict = {}
self.comments = []
@@ -236,9 +265,6 @@
if rc < 0:
semanage_handle_destroy(self.sh)
raise ValueError(_("Could not establish semanage connection"))
- def deleteall(self):
- raise ValueError(_("Not yet implemented"))
-
class loginRecords(semanageRecords):
def __init__(self, store = ""):
@@ -1095,7 +1121,13 @@
return con
+ def validate(self, target):
+ if target == "" or target.find("\n") >= 0:
+ raise ValueError(_("Invalid file specification"))
+
def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ self.validate(target)
+
if is_mls_enabled == 1:
serange = untranslate(serange)
@@ -1154,6 +1186,7 @@
def modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser"))
+ self.validate(target)
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
@@ -1304,6 +1337,7 @@
print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
class booleanRecords(semanageRecords):
+
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -1328,11 +1362,14 @@
if value != "":
nvalue = int(value)
semanage_bool_set_value(b, nvalue)
+ else:
+ raise ValueError(_("You must specify a value"))
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
+ rc = semanage_bool_set_active(self.sh, k, b)
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
@@ -1416,11 +1453,25 @@
return ddict
+ def get_desc(self, boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
+ def get_category(self, boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][0])
+ else:
+ return _("unknown")
+
def list(self, heading = 1, locallist = 0):
+ on_off = (_("off"),_("on"))
if heading:
- print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") )
+ print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
ddict = self.get_all(locallist)
keys = ddict.keys()
for k in keys:
if ddict[k]:
- print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2])
+ print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
+

11
policycoreutils.spec
View File

@ -5,8 +5,8 @@
%define sepolgenver 1.0.10
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.32
Release: 2%{?dist}
Version: 2.0.33
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -207,6 +207,13 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-1
- Upgrade from NSA
* Drop verbose output on fixfiles -C from Dan Walsh.
* Fix argument handling in fixfiles from Dan Walsh.
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
- Fix handling of final screen in polgengui
* Sun Dec 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.32-2
- Fix handling of disable selinux button in gui

2
sources
View File

@ -1,2 +1,2 @@
eddb3e34fb982d752aa8cbed7b98f3d2 sepolgen-1.0.10.tgz
1e400f1a84e8c9467ab895efc5935797 policycoreutils-2.0.32.tgz
b877db4ee4b2474df1da952c8d0a3e1c policycoreutils-2.0.33.tgz