policycoreutils-2.7-4.fc27

- semanage: bring semanageRecords.set_reload back to seobject.py
(#1527745)

policycoreutils.spec

@@ -9,7 +9,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # https://github.com/SELinuxProject/selinux/wiki/Releases
@@ -31,7 +31,7 @@ Source18: selinux-autorelabel.target
 Source19: selinux-autorelabel-generator.sh
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
-# HEAD https://github.com/fedora-selinux/selinux/commit/e5a6540888e254b245d42b7cecf0b895d64ddc43
+# HEAD https://github.com/fedora-selinux/selinux/commit/4ead62f4657f72be332e453c402960d4f7ac8c5e
 # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
 #   BRANCH=f27 VERSION=2.7 ./make-fedora-selinux-patch.sh $i
 # done
@@ -504,6 +504,9 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Wed Dec 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
+- semanage: bring semanageRecords.set_reload back to seobject.py (#1527745)
+
 * Thu Dec 14 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-3
 - Own %%{pythonX_sitelib}/site-packages/sepolicy directories (#1522942)
 

selinux-python-fedora.patch

@@ -282,14 +282,15 @@ index 0bdb90f..0cdcfcc 100644
  user identities to authorized role sets.  In most cases, only the
  former mapping needs to be adjusted by the administrator; the latter
 diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
-index 70fd192..99e1cd8 100644
+index 70fd192..dca9506 100644
 --- selinux-python-2.7/semanage/seobject.py
 +++ selinux-python-2.7/semanage/seobject.py
-@@ -238,21 +238,28 @@ class semanageRecords:
+@@ -238,20 +238,31 @@ class semanageRecords:
      transaction = False
      handle = None
      store = None
 +    args = None
++    noreload = False
  
 -    def __init__(self, store):
 +    def __init__(self, args = None):
@@ -315,13 +316,13 @@ index 70fd192..99e1cd8 100644
          else:
              self.mylog = nulllogger()
  
--    def set_reload(self, load):
+     def set_reload(self, load):
 -        self.load = load
--
++        self.noreload = not load
+ 
      def get_handle(self, store):
          global is_mls_enabled
- 
-@@ -312,7 +319,8 @@ class semanageRecords:
+@@ -312,7 +323,8 @@ class semanageRecords:
          if semanageRecords.transaction:
              return
  
@@ -331,7 +332,7 @@ index 70fd192..99e1cd8 100644
          rc = semanage_commit(self.sh)
          if rc < 0:
              self.mylog.commit(0)
-@@ -328,8 +336,8 @@ class semanageRecords:
+@@ -328,8 +340,8 @@ class semanageRecords:
  
  class moduleRecords(semanageRecords):
  
@@ -342,7 +343,7 @@ index 70fd192..99e1cd8 100644
  
      def get_all(self):
          l = []
-@@ -386,6 +394,8 @@ class moduleRecords(semanageRecords):
+@@ -386,6 +398,8 @@ class moduleRecords(semanageRecords):
              print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
  
      def add(self, file, priority):
@@ -351,7 +352,7 @@ index 70fd192..99e1cd8 100644
          if not os.path.exists(file):
              raise ValueError(_("Module does not exist: %s ") % file)
  
-@@ -398,6 +408,8 @@ class moduleRecords(semanageRecords):
+@@ -398,6 +412,8 @@ class moduleRecords(semanageRecords):
              self.commit()
  
      def set_enabled(self, module, enable):
@@ -360,7 +361,7 @@ index 70fd192..99e1cd8 100644
          for m in module.split():
              rc, key = semanage_module_key_create(self.sh)
              if rc < 0:
-@@ -416,11 +428,15 @@ class moduleRecords(semanageRecords):
+@@ -416,11 +432,15 @@ class moduleRecords(semanageRecords):
          self.commit()
  
      def modify(self, file):
@@ -376,7 +377,7 @@ index 70fd192..99e1cd8 100644
          rc = semanage_set_default_priority(self.sh, priority)
          if rc < 0:
              raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
-@@ -440,8 +456,8 @@ class moduleRecords(semanageRecords):
+@@ -440,8 +460,8 @@ class moduleRecords(semanageRecords):
  
  class dontauditClass(semanageRecords):
  
@@ -387,7 +388,7 @@ index 70fd192..99e1cd8 100644
  
      def toggle(self, dontaudit):
          if dontaudit not in ["on", "off"]:
-@@ -453,8 +469,8 @@ class dontauditClass(semanageRecords):
+@@ -453,8 +473,8 @@ class dontauditClass(semanageRecords):
  
  class permissiveRecords(semanageRecords):
  
@@ -398,7 +399,7 @@ index 70fd192..99e1cd8 100644
  
      def get_all(self):
          l = []
-@@ -522,8 +538,8 @@ class permissiveRecords(semanageRecords):
+@@ -522,8 +542,8 @@ class permissiveRecords(semanageRecords):
  
  class loginRecords(semanageRecords):
  
@@ -409,7 +410,7 @@ index 70fd192..99e1cd8 100644
          self.oldsename = None
          self.oldserange = None
          self.sename = None
-@@ -534,7 +550,7 @@ class loginRecords(semanageRecords):
+@@ -534,7 +554,7 @@ class loginRecords(semanageRecords):
          if sename == "":
              sename = "user_u"
  
@@ -418,7 +419,7 @@ index 70fd192..99e1cd8 100644
          range, (rc, oldserole) = userrec.get(self.oldsename)
          range, (rc, serole) = userrec.get(sename)
  
-@@ -603,7 +619,7 @@ class loginRecords(semanageRecords):
+@@ -603,7 +623,7 @@ class loginRecords(semanageRecords):
          if sename == "" and serange == "":
              raise ValueError(_("Requires seuser or serange"))
  
@@ -427,7 +428,7 @@ index 70fd192..99e1cd8 100644
          range, (rc, oldserole) = userrec.get(self.oldsename)
  
          if sename != "":
-@@ -660,7 +676,7 @@ class loginRecords(semanageRecords):
+@@ -660,7 +680,7 @@ class loginRecords(semanageRecords):
  
      def __delete(self, name):
          rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name)
@@ -436,7 +437,7 @@ index 70fd192..99e1cd8 100644
          range, (rc, oldserole) = userrec.get(self.oldsename)
  
          (rc, k) = semanage_seuser_key_create(self.sh, name)
-@@ -779,8 +795,8 @@ class loginRecords(semanageRecords):
+@@ -779,8 +799,8 @@ class loginRecords(semanageRecords):
  
  class seluserRecords(semanageRecords):
  
@@ -447,7 +448,7 @@ index 70fd192..99e1cd8 100644
  
      def get(self, name):
          (rc, k) = semanage_user_key_create(self.sh, name)
-@@ -1042,8 +1058,8 @@ class portRecords(semanageRecords):
+@@ -1042,8 +1062,8 @@ class portRecords(semanageRecords):
      except RuntimeError:
          valid_types = []
  
@@ -458,7 +459,7 @@ index 70fd192..99e1cd8 100644
  
      def __genkey(self, port, proto):
          if proto == "tcp":
-@@ -1317,8 +1333,8 @@ class ibpkeyRecords(semanageRecords):
+@@ -1317,8 +1337,8 @@ class ibpkeyRecords(semanageRecords):
      except:
          valid_types = []
  
@@ -469,7 +470,7 @@ index 70fd192..99e1cd8 100644
  
      def __genkey(self, pkey, subnet_prefix):
          if subnet_prefix == "":
-@@ -1540,9 +1556,8 @@ class ibpkeyRecords(semanageRecords):
+@@ -1540,9 +1560,8 @@ class ibpkeyRecords(semanageRecords):
      def customized(self):
          l = []
          ddict = self.get_all(True)
@@ -481,7 +482,7 @@ index 70fd192..99e1cd8 100644
              if k[0] == k[1]:
                  l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
              else:
-@@ -1554,11 +1569,10 @@ class ibpkeyRecords(semanageRecords):
+@@ -1554,11 +1573,10 @@ class ibpkeyRecords(semanageRecords):
          keys = ddict.keys()
          if len(keys) == 0:
              return
@@ -494,7 +495,7 @@ index 70fd192..99e1cd8 100644
              rec = "%-30s %-18s " % i
              rec += "%s" % ddict[i][0]
              for p in ddict[i][1:]:
-@@ -1572,8 +1586,8 @@ class ibendportRecords(semanageRecords):
+@@ -1572,8 +1590,8 @@ class ibendportRecords(semanageRecords):
      except:
          valid_types = []
  
@@ -505,7 +506,7 @@ index 70fd192..99e1cd8 100644
  
      def __genkey(self, ibendport, ibdev_name):
          if ibdev_name == "":
-@@ -1782,10 +1796,9 @@ class ibendportRecords(semanageRecords):
+@@ -1782,10 +1800,9 @@ class ibendportRecords(semanageRecords):
      def customized(self):
          l = []
          ddict = self.get_all(True)
@@ -519,7 +520,7 @@ index 70fd192..99e1cd8 100644
          return l
  
      def list(self, heading=1, locallist=0):
-@@ -1793,11 +1806,10 @@ class ibendportRecords(semanageRecords):
+@@ -1793,11 +1810,10 @@ class ibendportRecords(semanageRecords):
          keys = ddict.keys()
          if len(keys) == 0:
              return
@@ -532,7 +533,7 @@ index 70fd192..99e1cd8 100644
              rec = "%-30s %-18s " % i
              rec += "%s" % ddict[i][0]
              for p in ddict[i][1:]:
-@@ -1810,8 +1822,8 @@ class nodeRecords(semanageRecords):
+@@ -1810,8 +1826,8 @@ class nodeRecords(semanageRecords):
      except RuntimeError:
          valid_types = []
  
@@ -543,7 +544,7 @@ index 70fd192..99e1cd8 100644
          self.protocol = ["ipv4", "ipv6"]
  
      def validate(self, addr, mask, protocol):
-@@ -2046,8 +2058,8 @@ class nodeRecords(semanageRecords):
+@@ -2046,8 +2062,8 @@ class nodeRecords(semanageRecords):
  
  class interfaceRecords(semanageRecords):
  
@@ -554,7 +555,7 @@ index 70fd192..99e1cd8 100644
  
      def __add(self, interface, serange, ctype):
          if is_mls_enabled == 1:
-@@ -2243,8 +2255,8 @@ class fcontextRecords(semanageRecords):
+@@ -2243,8 +2259,8 @@ class fcontextRecords(semanageRecords):
      except RuntimeError:
          valid_types = []
  
@@ -565,7 +566,7 @@ index 70fd192..99e1cd8 100644
          self.equiv = {}
          self.equiv_dist = {}
          self.equal_ind = False
-@@ -2566,10 +2578,15 @@ class fcontextRecords(semanageRecords):
+@@ -2566,10 +2582,15 @@ class fcontextRecords(semanageRecords):
              if rc < 0:
                  raise ValueError(_("Could not list file contexts"))
  
@@ -581,7 +582,7 @@ index 70fd192..99e1cd8 100644
              self.flist += fclocal
  
          ddict = {}
-@@ -2627,8 +2644,8 @@ class fcontextRecords(semanageRecords):
+@@ -2627,8 +2648,8 @@ class fcontextRecords(semanageRecords):
  
  class booleanRecords(semanageRecords):