Fix exceptionion hanling in audit2allow -o
- Generate Man pages for everydomain, not just ones with exec_t entrypoints - sepolicy comunicate should return ValueError not TypeError - Trim header line in sepolicy manpage to use less space - Add missing options to restorecon man page
This commit is contained in:
Dan Walsh
parent
19201f72c6
commit
b4c5b4829d
|
|
@ -34,7 +34,7 @@ index 88635d4..fc290ea 100644
|
|||
clean:
|
||||
rm -f *~
|
||||
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
|
||||
index 8e0c396..d282eee 100644
|
||||
index 8e0c396..1059bea 100644
|
||||
--- a/policycoreutils/audit2allow/audit2allow
|
||||
+++ b/policycoreutils/audit2allow/audit2allow
|
||||
@@ -18,7 +18,7 @@
|
||||
|
|
@ -82,6 +82,16 @@ index 8e0c396..d282eee 100644
|
|||
|
||||
if rc == audit2why.RBAC:
|
||||
print "\t\tMissing role allow rule.\n"
|
||||
@@ -350,6 +349,9 @@ class AuditToPolicy:
|
||||
except ValueError, e:
|
||||
print e
|
||||
sys.exit(1)
|
||||
+ except IOError, e:
|
||||
+ print e
|
||||
+ sys.exit(1)
|
||||
|
||||
if __name__ == "__main__":
|
||||
app = AuditToPolicy()
|
||||
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
|
||||
index a854a45..bc70938 100644
|
||||
--- a/policycoreutils/audit2allow/audit2allow.1
|
||||
|
|
@ -247461,6 +247471,19 @@ index 5e7415c..5267ed9 100644
|
|||
|
||||
booleans_dict = None
|
||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/communicate.py b/policycoreutils/sepolicy/sepolicy/communicate.py
|
||||
index a179d95..9b9a09a 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy/communicate.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/communicate.py
|
||||
@@ -40,7 +40,7 @@ def expand_attribute(attribute):
|
||||
def get_types(src, tclass, perm):
|
||||
allows=search([sepolicy.ALLOW],{sepolicy.SOURCE:src,sepolicy.CLASS:tclass, sepolicy.PERMS:perm})
|
||||
if not allows:
|
||||
- raise TypeError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
|
||||
+ raise ValueError("The %s type is not allowed to %s any types" % (src, ",".join(perm)))
|
||||
|
||||
tlist = []
|
||||
for l in map(lambda y: y[sepolicy.TARGET], filter(lambda x: set(perm).issubset(x[sepolicy.PERMS]), allows)):
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
index 26f8390..4739025 100644
|
||||
--- a/policycoreutils/sepolicy/sepolicy/generate.py
|
||||
|
|
@ -247757,7 +247780,7 @@ index 8b063ca..407ce20 100644
|
|||
+ else:
|
||||
+ sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
index 25062da..2747e4f 100755
|
||||
index 25062da..63efc6d 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy/manpage.py
|
||||
@@ -28,12 +28,12 @@ import string
|
||||
|
|
@ -247775,6 +247798,17 @@ index 25062da..2747e4f 100755
|
|||
|
||||
equiv_dirs=[ "/var" ]
|
||||
modules_dict = None
|
||||
@@ -100,8 +100,8 @@ def gen_domains():
|
||||
for d in get_all_domains():
|
||||
found = False
|
||||
domain = d[:-2]
|
||||
- if domain + "_exec_t" not in get_entrypoints():
|
||||
- continue
|
||||
+# if domain + "_exec_t" not in get_entrypoints():
|
||||
+# continue
|
||||
if domain in domains:
|
||||
continue
|
||||
domains.append(domain)
|
||||
@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
|
||||
return alphabet_manpages
|
||||
|
||||
|
|
@ -247916,7 +247950,7 @@ index 25062da..2747e4f 100755
|
|||
self.anon_list = []
|
||||
|
||||
self.attributes = {}
|
||||
@@ -563,19 +561,8 @@ class ManPage:
|
||||
@@ -563,22 +561,11 @@ class ManPage:
|
||||
|
||||
def _get_ptypes(self):
|
||||
for f in self.all_domains:
|
||||
|
|
@ -247937,7 +247971,11 @@ index 25062da..2747e4f 100755
|
|||
+ self.ptypes.append(f)
|
||||
|
||||
def _header(self):
|
||||
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
|
||||
- self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
|
||||
+ self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||
% {'domainname':self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
@@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
|
||||
def _port_types(self):
|
||||
self.ports = []
|
||||
|
|
@ -248169,7 +248207,7 @@ index 0000000..3a3faa6
|
|||
+
|
||||
+"""
|
||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||
index 80b6d6e..07c5ee2 100644
|
||||
index 80b6d6e..1215a29 100644
|
||||
--- a/policycoreutils/setfiles/restorecon.8
|
||||
+++ b/policycoreutils/setfiles/restorecon.8
|
||||
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
|
||||
|
|
@ -248185,6 +248223,24 @@ index 80b6d6e..07c5ee2 100644
|
|||
|
||||
.SH "DESCRIPTION"
|
||||
This manual page describes the
|
||||
@@ -20,7 +20,7 @@ This program is primarily used to set the security context
|
||||
It can also be run at any other time to correct inconsistent labels, to add
|
||||
support for newly-installed policy or, by using the \-n option, to passively
|
||||
check whether the file contexts are all set as specified by the active policy
|
||||
-(default behavior) or by some other policy (see the \-c option).
|
||||
+(default behavior).
|
||||
.P
|
||||
If a file object does not have a context, restorecon will write the default
|
||||
context to the file object's extended attributes. If a file object has a
|
||||
@@ -30,7 +30,7 @@ The -F option will force a replacement of the entire context.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.B \-e directory
|
||||
-exclude a directory (repeat the option to exclude more than one directory).
|
||||
+exclude a directory (repeat the option to exclude more than one directory, Requires full path).
|
||||
.TP
|
||||
.B \-f infilename
|
||||
infilename contains a list of files to be processed. Use \- for stdin.
|
||||
@@ -49,7 +49,7 @@ ignore files that do not exist.
|
||||
don't change any file labels (passive check).
|
||||
.TP
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.14
|
||||
Release: 35%{?dist}
|
||||
Release: 37%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
|
|
@ -323,6 +323,16 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-37
|
||||
- Fix exceptionion hanling in audit2allow -o
|
||||
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
|
||||
- sepolicy comunicate should return ValueError not TypeError
|
||||
- Trim header line in sepolicy manpage to use less space
|
||||
- Add missing options to restorecon man page
|
||||
|
||||
* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-36
|
||||
- Raise proper Exception on sepolicy communicate with invalid value
|
||||
|
||||
* Wed Apr 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-35
|
||||
- Update translations
|
||||
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
|
||||
|
|
|
|||
Loading…
Reference in New Issue