policycoreutils-2.7-5.fc28
- sepolicy: Fix sepolicy manpage - semanage: Update Infiniband code to work on python3 - semanage: Fix export of ibendport entries - semanage: Enforce noreload only if it's requested by -N option
This commit is contained in:
parent
e1f5c9548b
commit
bd497b9fd6
@ -1,7 +1,7 @@
|
|||||||
%global libauditver 2.1.3-4
|
%global libauditver 2.1.3-4
|
||||||
%global libsepolver 2.7-2
|
%global libsepolver 2.7-3
|
||||||
%global libsemanagever 2.7-4
|
%global libsemanagever 2.7-5
|
||||||
%global libselinuxver 2.7-5
|
%global libselinuxver 2.7-6
|
||||||
%global sepolgenver 2.7
|
%global sepolgenver 2.7
|
||||||
|
|
||||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||||
@ -9,7 +9,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.7
|
Version: 2.7
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
@ -31,7 +31,7 @@ Source18: selinux-autorelabel.target
|
|||||||
Source19: selinux-autorelabel-generator.sh
|
Source19: selinux-autorelabel-generator.sh
|
||||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||||
# run:
|
# run:
|
||||||
# HEAD https://github.com/fedora-selinux/selinux/commit/4247fad665261169b430895f0ab10f56eb33dd10
|
# HEAD https://github.com/fedora-selinux/selinux/commit/2d0b90c1d95ec908f94c06337ec07a96b7d1205e
|
||||||
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
||||||
# ./make-fedora-selinux-patch.sh $i
|
# ./make-fedora-selinux-patch.sh $i
|
||||||
# done
|
# done
|
||||||
@ -503,6 +503,12 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%systemd_postun_with_restart restorecond.service
|
%systemd_postun_with_restart restorecond.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
|
||||||
|
- sepolicy: Fix sepolicy manpage
|
||||||
|
- semanage: Update Infiniband code to work on python3
|
||||||
|
- semanage: Fix export of ibendport entries
|
||||||
|
- semanage: Enforce noreload only if it's requested by -N option
|
||||||
|
|
||||||
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
|
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
|
||||||
- restorecond: check write() and daemon() results
|
- restorecond: check write() and daemon() results
|
||||||
- sepolicy: do not fail when file_contexts.local or .subs do not exist
|
- sepolicy: do not fail when file_contexts.local or .subs do not exist
|
||||||
|
@ -1,3 +1,270 @@
|
|||||||
|
diff --git selinux-python-2.7/semanage/semanage selinux-python-2.7/semanage/semanage
|
||||||
|
index 313537c..8d8a086 100644
|
||||||
|
--- selinux-python-2.7/semanage/semanage
|
||||||
|
+++ selinux-python-2.7/semanage/semanage
|
||||||
|
@@ -89,16 +89,6 @@ class CheckRole(argparse.Action):
|
||||||
|
newval.append(v)
|
||||||
|
setattr(namespace, self.dest, newval)
|
||||||
|
|
||||||
|
-store = ''
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-class SetStore(argparse.Action):
|
||||||
|
-
|
||||||
|
- def __call__(self, parser, namespace, values, option_string=None):
|
||||||
|
- global store
|
||||||
|
- store = values
|
||||||
|
- setattr(namespace, self.dest, values)
|
||||||
|
-
|
||||||
|
|
||||||
|
class seParser(argparse.ArgumentParser):
|
||||||
|
|
||||||
|
@@ -134,67 +124,21 @@ class SetImportFile(argparse.Action):
|
||||||
|
sys.exit(1)
|
||||||
|
setattr(namespace, self.dest, values)
|
||||||
|
|
||||||
|
-# functions for OBJECT initialization
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def login_ini():
|
||||||
|
- OBJECT = seobject.loginRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def user_ini():
|
||||||
|
- OBJECT = seobject.seluserRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def port_ini():
|
||||||
|
- OBJECT = seobject.portRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-def ibpkey_ini():
|
||||||
|
- OBJECT = seobject.ibpkeyRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-def ibendport_ini():
|
||||||
|
- OBJECT = seobject.ibendportRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-def module_ini():
|
||||||
|
- OBJECT = seobject.moduleRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def interface_ini():
|
||||||
|
- OBJECT = seobject.interfaceRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def node_ini():
|
||||||
|
- OBJECT = seobject.nodeRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def fcontext_ini():
|
||||||
|
- OBJECT = seobject.fcontextRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def boolean_ini():
|
||||||
|
- OBJECT = seobject.booleanRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def permissive_ini():
|
||||||
|
- OBJECT = seobject.permissiveRecords(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-def dontaudit_ini():
|
||||||
|
- OBJECT = seobject.dontauditClass(store)
|
||||||
|
- return OBJECT
|
||||||
|
-
|
||||||
|
# define dictonary for seobject OBEJCTS
|
||||||
|
-object_dict = {'login': login_ini, 'user': user_ini, 'port': port_ini, 'module': module_ini, 'interface': interface_ini, 'node': node_ini, 'fcontext': fcontext_ini, 'boolean': boolean_ini, 'permissive': permissive_ini, 'dontaudit': dontaudit_ini, 'ibpkey': ibpkey_ini, 'ibendport': ibendport_ini}
|
||||||
|
+object_dict = {
|
||||||
|
+ 'login': seobject.loginRecords,
|
||||||
|
+ 'user': seobject.seluserRecords,
|
||||||
|
+ 'port': seobject.portRecords,
|
||||||
|
+ 'module': seobject.moduleRecords,
|
||||||
|
+ 'interface': seobject.interfaceRecords,
|
||||||
|
+ 'node': seobject.nodeRecords,
|
||||||
|
+ 'fcontext': seobject.fcontextRecords,
|
||||||
|
+ 'boolean': seobject.booleanRecords,
|
||||||
|
+ 'permissive': seobject.permissiveRecords,
|
||||||
|
+ 'dontaudit': seobject.dontauditClass,
|
||||||
|
+ 'ibpkey': seobject.ibpkeyRecords,
|
||||||
|
+ 'ibendport': seobject.ibendportRecords
|
||||||
|
+}
|
||||||
|
|
||||||
|
def generate_custom_usage(usage_text, usage_dict):
|
||||||
|
# generate custom usage from given text and dictonary
|
||||||
|
@@ -238,8 +182,7 @@ def handleLogin(args):
|
||||||
|
|
||||||
|
handle_opts(args, login_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['login']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['login'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.login, args.seuser, args.range)
|
||||||
|
@@ -257,7 +200,7 @@ def handleLogin(args):
|
||||||
|
|
||||||
|
|
||||||
|
def parser_add_store(parser, name):
|
||||||
|
- parser.add_argument('-S', '--store', action=SetStore, help=_("Select an alternate SELinux Policy Store to manage"))
|
||||||
|
+ parser.add_argument('-S', '--store', default='', help=_("Select an alternate SELinux Policy Store to manage"))
|
||||||
|
|
||||||
|
|
||||||
|
def parser_add_priority(parser, name):
|
||||||
|
@@ -269,7 +212,7 @@ def parser_add_noheading(parser, name):
|
||||||
|
|
||||||
|
|
||||||
|
def parser_add_noreload(parser, name):
|
||||||
|
- parser.add_argument('-N', '--noreload', action='store_false', default=True, help=_('Do not reload policy after commit'))
|
||||||
|
+ parser.add_argument('-N', '--noreload', action='store_true', default=False, help=_('Do not reload policy after commit'))
|
||||||
|
|
||||||
|
|
||||||
|
def parser_add_locallist(parser, name):
|
||||||
|
@@ -372,8 +315,7 @@ def handleFcontext(args):
|
||||||
|
else:
|
||||||
|
handle_opts(args, fcontext_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['fcontext']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['fcontext'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
if args.equal:
|
||||||
|
@@ -441,8 +383,7 @@ def handleUser(args):
|
||||||
|
|
||||||
|
handle_opts(args, user_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['user']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['user'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.selinux_name, args.roles, args.level, args.range, args.prefix)
|
||||||
|
@@ -492,8 +433,7 @@ def handlePort(args):
|
||||||
|
|
||||||
|
handle_opts(args, port_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['port']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['port'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.port, args.proto, args.range, args.type)
|
||||||
|
@@ -538,8 +478,7 @@ def handlePkey(args):
|
||||||
|
|
||||||
|
handle_opts(args, ibpkey_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['ibpkey']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['ibpkey'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.ibpkey, args.subnet_prefix, args.range, args.type)
|
||||||
|
@@ -582,8 +521,7 @@ def handleIbendport(args):
|
||||||
|
|
||||||
|
handle_opts(args, ibendport_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['ibendport']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['ibendport'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.ibendport, args.ibdev_name, args.range, args.type)
|
||||||
|
@@ -626,8 +564,7 @@ def handleInterface(args):
|
||||||
|
|
||||||
|
handle_opts(args, interface_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['interface']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['interface'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.interface, args.range, args.type)
|
||||||
|
@@ -666,8 +603,7 @@ def setupInterfaceParser(subparsers):
|
||||||
|
|
||||||
|
|
||||||
|
def handleModule(args):
|
||||||
|
- OBJECT = seobject.moduleRecords(store)
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = seobject.moduleRecords(args)
|
||||||
|
if args.action == "add":
|
||||||
|
OBJECT.add(args.module_name, args.priority)
|
||||||
|
if args.action == "enable":
|
||||||
|
@@ -709,8 +645,7 @@ def handleNode(args):
|
||||||
|
node_args = {'list': [('node', 'type', 'proto', 'netmask'), ('')], 'add': [('locallist'), ('type', 'node', 'proto', 'netmask')], 'modify': [('locallist'), ('node', 'netmask', 'proto')], 'delete': [('locallist'), ('node', 'netmask', 'prototype')], 'extract': [('locallist', 'node', 'type', 'proto', 'netmask'), ('')], 'deleteall': [('locallist'), ('')]}
|
||||||
|
handle_opts(args, node_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['node']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['node'](args)
|
||||||
|
|
||||||
|
if args.action is "add":
|
||||||
|
OBJECT.add(args.node, args.netmask, args.proto, args.range, args.type)
|
||||||
|
@@ -756,8 +691,7 @@ def handleBoolean(args):
|
||||||
|
|
||||||
|
handle_opts(args, boolean_args, args.action)
|
||||||
|
|
||||||
|
- OBJECT = object_dict['boolean']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['boolean'](args)
|
||||||
|
|
||||||
|
if args.action is "modify":
|
||||||
|
if args.boolean:
|
||||||
|
@@ -795,8 +729,7 @@ def setupBooleanParser(subparsers):
|
||||||
|
|
||||||
|
|
||||||
|
def handlePermissive(args):
|
||||||
|
- OBJECT = object_dict['permissive']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['permissive'](args)
|
||||||
|
|
||||||
|
if args.action is "list":
|
||||||
|
OBJECT.list(args.noheading)
|
||||||
|
@@ -830,8 +763,7 @@ def setupPermissiveParser(subparsers):
|
||||||
|
|
||||||
|
|
||||||
|
def handleDontaudit(args):
|
||||||
|
- OBJECT = object_dict['dontaudit']()
|
||||||
|
- OBJECT.set_reload(args.noreload)
|
||||||
|
+ OBJECT = object_dict['dontaudit'](args)
|
||||||
|
OBJECT.toggle(args.action)
|
||||||
|
|
||||||
|
|
||||||
|
@@ -848,7 +780,7 @@ def handleExport(args):
|
||||||
|
for i in manageditems:
|
||||||
|
print("%s -D" % i)
|
||||||
|
for i in manageditems:
|
||||||
|
- OBJECT = object_dict[i]()
|
||||||
|
+ OBJECT = object_dict[i](args)
|
||||||
|
for c in OBJECT.customized():
|
||||||
|
print("%s %s" % (i, str(c)))
|
||||||
|
|
||||||
|
@@ -912,7 +844,7 @@ def mkargv(line):
|
||||||
|
|
||||||
|
|
||||||
|
def handleImport(args):
|
||||||
|
- trans = seobject.semanageRecords(store)
|
||||||
|
+ trans = seobject.semanageRecords(args)
|
||||||
|
trans.start()
|
||||||
|
|
||||||
|
for l in sys.stdin.readlines():
|
||||||
|
@@ -932,7 +864,6 @@ def handleImport(args):
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
- trans.set_reload(args.noreload)
|
||||||
|
trans.finish()
|
||||||
|
|
||||||
|
|
||||||
diff --git selinux-python-2.7/semanage/semanage.8 selinux-python-2.7/semanage/semanage.8
|
diff --git selinux-python-2.7/semanage/semanage.8 selinux-python-2.7/semanage/semanage.8
|
||||||
index 0bdb90f..0cdcfcc 100644
|
index 0bdb90f..0cdcfcc 100644
|
||||||
--- selinux-python-2.7/semanage/semanage.8
|
--- selinux-python-2.7/semanage/semanage.8
|
||||||
@ -15,10 +282,62 @@ index 0bdb90f..0cdcfcc 100644
|
|||||||
user identities to authorized role sets. In most cases, only the
|
user identities to authorized role sets. In most cases, only the
|
||||||
former mapping needs to be adjusted by the administrator; the latter
|
former mapping needs to be adjusted by the administrator; the latter
|
||||||
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
|
diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
|
||||||
index 70fd192..55127de 100644
|
index 70fd192..b287594 100644
|
||||||
--- selinux-python-2.7/semanage/seobject.py
|
--- selinux-python-2.7/semanage/seobject.py
|
||||||
+++ selinux-python-2.7/semanage/seobject.py
|
+++ selinux-python-2.7/semanage/seobject.py
|
||||||
@@ -386,6 +386,8 @@ class moduleRecords(semanageRecords):
|
@@ -238,21 +238,23 @@ class semanageRecords:
|
||||||
|
transaction = False
|
||||||
|
handle = None
|
||||||
|
store = None
|
||||||
|
+ args = None
|
||||||
|
|
||||||
|
- def __init__(self, store):
|
||||||
|
+ def __init__(self, args):
|
||||||
|
global handle
|
||||||
|
- self.load = True
|
||||||
|
- self.sh = self.get_handle(store)
|
||||||
|
+ self.args = args
|
||||||
|
+ try:
|
||||||
|
+ self.noreload = args.noreload
|
||||||
|
+ except:
|
||||||
|
+ self.noreload = False
|
||||||
|
+ self.sh = self.get_handle(args.store)
|
||||||
|
|
||||||
|
rc, localstore = selinux.selinux_getpolicytype()
|
||||||
|
- if store == "" or store == localstore:
|
||||||
|
+ if args.store == "" or args.store == localstore:
|
||||||
|
self.mylog = logger()
|
||||||
|
else:
|
||||||
|
self.mylog = nulllogger()
|
||||||
|
|
||||||
|
- def set_reload(self, load):
|
||||||
|
- self.load = load
|
||||||
|
-
|
||||||
|
def get_handle(self, store):
|
||||||
|
global is_mls_enabled
|
||||||
|
|
||||||
|
@@ -312,7 +314,8 @@ class semanageRecords:
|
||||||
|
if semanageRecords.transaction:
|
||||||
|
return
|
||||||
|
|
||||||
|
- semanage_set_reload(self.sh, self.load)
|
||||||
|
+ if self.noreload:
|
||||||
|
+ semanage_set_reload(self.sh, 0)
|
||||||
|
rc = semanage_commit(self.sh)
|
||||||
|
if rc < 0:
|
||||||
|
self.mylog.commit(0)
|
||||||
|
@@ -328,8 +331,8 @@ class semanageRecords:
|
||||||
|
|
||||||
|
class moduleRecords(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def get_all(self):
|
||||||
|
l = []
|
||||||
|
@@ -386,6 +389,8 @@ class moduleRecords(semanageRecords):
|
||||||
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
|
print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
|
||||||
|
|
||||||
def add(self, file, priority):
|
def add(self, file, priority):
|
||||||
@ -27,7 +346,7 @@ index 70fd192..55127de 100644
|
|||||||
if not os.path.exists(file):
|
if not os.path.exists(file):
|
||||||
raise ValueError(_("Module does not exist: %s ") % file)
|
raise ValueError(_("Module does not exist: %s ") % file)
|
||||||
|
|
||||||
@@ -398,6 +400,8 @@ class moduleRecords(semanageRecords):
|
@@ -398,6 +403,8 @@ class moduleRecords(semanageRecords):
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
def set_enabled(self, module, enable):
|
def set_enabled(self, module, enable):
|
||||||
@ -36,7 +355,7 @@ index 70fd192..55127de 100644
|
|||||||
for m in module.split():
|
for m in module.split():
|
||||||
rc, key = semanage_module_key_create(self.sh)
|
rc, key = semanage_module_key_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -416,11 +420,15 @@ class moduleRecords(semanageRecords):
|
@@ -416,11 +423,15 @@ class moduleRecords(semanageRecords):
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
def modify(self, file):
|
def modify(self, file):
|
||||||
@ -52,7 +371,196 @@ index 70fd192..55127de 100644
|
|||||||
rc = semanage_set_default_priority(self.sh, priority)
|
rc = semanage_set_default_priority(self.sh, priority)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
|
||||||
@@ -2566,10 +2574,15 @@ class fcontextRecords(semanageRecords):
|
@@ -440,8 +451,8 @@ class moduleRecords(semanageRecords):
|
||||||
|
|
||||||
|
class dontauditClass(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def toggle(self, dontaudit):
|
||||||
|
if dontaudit not in ["on", "off"]:
|
||||||
|
@@ -453,8 +464,8 @@ class dontauditClass(semanageRecords):
|
||||||
|
|
||||||
|
class permissiveRecords(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def get_all(self):
|
||||||
|
l = []
|
||||||
|
@@ -522,8 +533,8 @@ class permissiveRecords(semanageRecords):
|
||||||
|
|
||||||
|
class loginRecords(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
self.oldsename = None
|
||||||
|
self.oldserange = None
|
||||||
|
self.sename = None
|
||||||
|
@@ -534,7 +545,7 @@ class loginRecords(semanageRecords):
|
||||||
|
if sename == "":
|
||||||
|
sename = "user_u"
|
||||||
|
|
||||||
|
- userrec = seluserRecords()
|
||||||
|
+ userrec = seluserRecords(self.args)
|
||||||
|
range, (rc, oldserole) = userrec.get(self.oldsename)
|
||||||
|
range, (rc, serole) = userrec.get(sename)
|
||||||
|
|
||||||
|
@@ -603,7 +614,7 @@ class loginRecords(semanageRecords):
|
||||||
|
if sename == "" and serange == "":
|
||||||
|
raise ValueError(_("Requires seuser or serange"))
|
||||||
|
|
||||||
|
- userrec = seluserRecords()
|
||||||
|
+ userrec = seluserRecords(self.args)
|
||||||
|
range, (rc, oldserole) = userrec.get(self.oldsename)
|
||||||
|
|
||||||
|
if sename != "":
|
||||||
|
@@ -660,7 +671,7 @@ class loginRecords(semanageRecords):
|
||||||
|
|
||||||
|
def __delete(self, name):
|
||||||
|
rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
|
||||||
|
- userrec = seluserRecords()
|
||||||
|
+ userrec = seluserRecords(self.args)
|
||||||
|
range, (rc, oldserole) = userrec.get(self.oldsename)
|
||||||
|
|
||||||
|
(rc, k) = semanage_seuser_key_create(self.sh, name)
|
||||||
|
@@ -779,8 +790,8 @@ class loginRecords(semanageRecords):
|
||||||
|
|
||||||
|
class seluserRecords(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def get(self, name):
|
||||||
|
(rc, k) = semanage_user_key_create(self.sh, name)
|
||||||
|
@@ -1042,8 +1053,8 @@ class portRecords(semanageRecords):
|
||||||
|
except RuntimeError:
|
||||||
|
valid_types = []
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def __genkey(self, port, proto):
|
||||||
|
if proto == "tcp":
|
||||||
|
@@ -1317,8 +1328,8 @@ class ibpkeyRecords(semanageRecords):
|
||||||
|
except:
|
||||||
|
valid_types = []
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def __genkey(self, pkey, subnet_prefix):
|
||||||
|
if subnet_prefix == "":
|
||||||
|
@@ -1540,9 +1551,8 @@ class ibpkeyRecords(semanageRecords):
|
||||||
|
def customized(self):
|
||||||
|
l = []
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
- keys = ddict.keys()
|
||||||
|
- keys.sort()
|
||||||
|
- for k in keys:
|
||||||
|
+
|
||||||
|
+ for k in sorted(ddict.keys()):
|
||||||
|
if k[0] == k[1]:
|
||||||
|
l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
|
||||||
|
else:
|
||||||
|
@@ -1554,11 +1564,10 @@ class ibpkeyRecords(semanageRecords):
|
||||||
|
keys = ddict.keys()
|
||||||
|
if len(keys) == 0:
|
||||||
|
return
|
||||||
|
- keys.sort()
|
||||||
|
|
||||||
|
if heading:
|
||||||
|
print("%-30s %-18s %s\n" % (_("SELinux IB Pkey Type"), _("Subnet_Prefix"), _("Pkey Number")))
|
||||||
|
- for i in keys:
|
||||||
|
+ for i in sorted(keys):
|
||||||
|
rec = "%-30s %-18s " % i
|
||||||
|
rec += "%s" % ddict[i][0]
|
||||||
|
for p in ddict[i][1:]:
|
||||||
|
@@ -1572,8 +1581,8 @@ class ibendportRecords(semanageRecords):
|
||||||
|
except:
|
||||||
|
valid_types = []
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def __genkey(self, ibendport, ibdev_name):
|
||||||
|
if ibdev_name == "":
|
||||||
|
@@ -1782,10 +1791,9 @@ class ibendportRecords(semanageRecords):
|
||||||
|
def customized(self):
|
||||||
|
l = []
|
||||||
|
ddict = self.get_all(True)
|
||||||
|
- keys = ddict.keys()
|
||||||
|
- keys.sort()
|
||||||
|
- for k in keys:
|
||||||
|
- l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
|
||||||
|
+
|
||||||
|
+ for k in sorted(ddict.keys()):
|
||||||
|
+ l.append("-a -t %s -r %s -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
|
||||||
|
return l
|
||||||
|
|
||||||
|
def list(self, heading=1, locallist=0):
|
||||||
|
@@ -1793,11 +1801,10 @@ class ibendportRecords(semanageRecords):
|
||||||
|
keys = ddict.keys()
|
||||||
|
if len(keys) == 0:
|
||||||
|
return
|
||||||
|
- keys.sort()
|
||||||
|
|
||||||
|
if heading:
|
||||||
|
print("%-30s %-18s %s\n" % (_("SELinux IB End Port Type"), _("IB Device Name"), _("Port Number")))
|
||||||
|
- for i in keys:
|
||||||
|
+ for i in sorted(keys):
|
||||||
|
rec = "%-30s %-18s " % i
|
||||||
|
rec += "%s" % ddict[i][0]
|
||||||
|
for p in ddict[i][1:]:
|
||||||
|
@@ -1810,8 +1817,8 @@ class nodeRecords(semanageRecords):
|
||||||
|
except RuntimeError:
|
||||||
|
valid_types = []
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
self.protocol = ["ipv4", "ipv6"]
|
||||||
|
|
||||||
|
def validate(self, addr, mask, protocol):
|
||||||
|
@@ -2046,8 +2053,8 @@ class nodeRecords(semanageRecords):
|
||||||
|
|
||||||
|
class interfaceRecords(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
|
||||||
|
def __add(self, interface, serange, ctype):
|
||||||
|
if is_mls_enabled == 1:
|
||||||
|
@@ -2243,8 +2250,8 @@ class fcontextRecords(semanageRecords):
|
||||||
|
except RuntimeError:
|
||||||
|
valid_types = []
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
self.equiv = {}
|
||||||
|
self.equiv_dist = {}
|
||||||
|
self.equal_ind = False
|
||||||
|
@@ -2566,10 +2573,15 @@ class fcontextRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not list file contexts"))
|
raise ValueError(_("Could not list file contexts"))
|
||||||
|
|
||||||
@ -68,6 +576,40 @@ index 70fd192..55127de 100644
|
|||||||
self.flist += fclocal
|
self.flist += fclocal
|
||||||
|
|
||||||
ddict = {}
|
ddict = {}
|
||||||
|
@@ -2627,8 +2639,8 @@ class fcontextRecords(semanageRecords):
|
||||||
|
|
||||||
|
class booleanRecords(semanageRecords):
|
||||||
|
|
||||||
|
- def __init__(self, store=""):
|
||||||
|
- semanageRecords.__init__(self, store)
|
||||||
|
+ def __init__(self, args):
|
||||||
|
+ semanageRecords.__init__(self, args)
|
||||||
|
self.dict = {}
|
||||||
|
self.dict["TRUE"] = 1
|
||||||
|
self.dict["FALSE"] = 0
|
||||||
|
diff --git selinux-python-2.7/sepolicy/sepolicy.8 selinux-python-2.7/sepolicy/sepolicy.8
|
||||||
|
index 7900586..09d2b24 100644
|
||||||
|
--- selinux-python-2.7/sepolicy/sepolicy.8
|
||||||
|
+++ selinux-python-2.7/sepolicy/sepolicy.8
|
||||||
|
@@ -22,14 +22,15 @@ Query SELinux policy to see if domains can communicate with each other
|
||||||
|
.br
|
||||||
|
|
||||||
|
.B generate
|
||||||
|
-.br
|
||||||
|
.br
|
||||||
|
Generate SELinux Policy module template
|
||||||
|
-.B gui
|
||||||
|
+.B sepolicy-generate(8)
|
||||||
|
.br
|
||||||
|
+
|
||||||
|
+.B gui
|
||||||
|
.br
|
||||||
|
Launch Graphical User Interface for SELinux Policy, requires policycoreutils-gui package.
|
||||||
|
-.B sepolicy-generate(8)
|
||||||
|
+.B sepolicy-gui(8)
|
||||||
|
.br
|
||||||
|
|
||||||
|
.B interface
|
||||||
diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
||||||
index 5cfc071..24e3526 100644
|
index 5cfc071..24e3526 100644
|
||||||
--- selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
--- selinux-python-2.7/sepolicy/sepolicy/__init__.py
|
||||||
|
Loading…
Reference in New Issue
Block a user