rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SELinux userspace 3.0-rc1 release candidate

This commit is contained in:
Petr Lautrbach 2019-10-16 11:36:01 +02:00
parent d4e16d7c7d
commit da2585a281
28 changed files with 142 additions and 569 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -301,3 +301,10 @@ policycoreutils-2.0.83.tgz
/selinux-python-2.9.tar.gz
/selinux-sandbox-2.9.tar.gz
/semodule-utils-2.9.tar.gz
/policycoreutils-3.0-rc1.tar.gz
/restorecond-3.0-rc1.tar.gz
/selinux-dbus-3.0-rc1.tar.gz
/selinux-gui-3.0-rc1.tar.gz
/selinux-python-3.0-rc1.tar.gz
/selinux-sandbox-3.0-rc1.tar.gz
/semodule-utils-3.0-rc1.tar.gz

43
0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
View File

@ -1,43 +0,0 @@
From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 5 Mar 2019 17:38:55 +0100
Subject: [PATCH] gui: Install polgengui.py to /usr/bin/selinux-polgengui
polgengui.py is a standalone gui tool which should be in /usr/bin with other
tools.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
gui/Makefile | 2 +-
gui/modulesPage.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/gui/Makefile b/gui/Makefile
index c2f982de..b2375fbf 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -31,7 +31,7 @@ install: all
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index 34c5d9e3..cb856b2d 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -118,7 +118,7 @@ class modulesPage(semanagePage):
def new_module(self, args):
try:
- Popen(["/usr/share/system-config-selinux/polgengui.py"])
+ Popen(["selinux-polgengui"])
except ValueError as e:
self.error(e.args[0])
--
2.22.0

6
0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch → 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
View File

@ -1,4 +1,4 @@
From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001
From c42aea829e3f64e09f501007afd0a7ea475f1bcc Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 20 Aug 2015 12:58:41 +0200
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
@ -9,7 +9,7 @@ Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
index eaa500d0..47745280 100644
index eaa500d08143..4774528027ef 100644
--- a/sandbox/sandboxX.sh
+++ b/sandbox/sandboxX.sh
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
@ -22,5 +22,5 @@ index eaa500d0..47745280 100644
cat > ~/seremote << __EOF
#!/bin/sh
--
2.22.0
2.23.0

6
0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch → 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
View File

@ -1,4 +1,4 @@
From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001
From a7acf25006b7625360f42682c8b7f01e23398cff Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 21 Apr 2014 13:54:40 -0400
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
@ -9,7 +9,7 @@ Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 1d367962..24e311a3 100755
index 442608191cc8..2ee9e37fde9f 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -735,10 +735,13 @@ Default Defined Ports:""")
@ -42,5 +42,5 @@ index 1d367962..24e311a3 100755
self.fd.write(r"""
.I The following file types are defined for %(domainname)s:
--
2.22.0
2.23.0

49
0002-gui-Install-.desktop-files-to-usr-share-applications.patch
View File

@ -1,49 +0,0 @@
From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 5 Mar 2019 17:25:00 +0100
Subject: [PATCH] gui: Install .desktop files to /usr/share/applications by
default
/usr/share/applications is a standard directory for .desktop files.
Installation path can be changed using DESKTOPDIR variable in installation
phase, e.g.
make DESKTOPDIR=/usr/local/share/applications install
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
gui/Makefile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gui/Makefile b/gui/Makefile
index b2375fbf..ca965c94 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
+DESKTOPDIR ?= $(PREFIX)/share/applications
TARGETS= \
booleansPage.py \
@@ -29,6 +30,7 @@ install: all
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
-mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ -mkdir -p $(DESTDIR)$(DESKTOPDIR)
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
@@ -44,7 +46,7 @@ install: all
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
+ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR)
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
--
2.22.0

6
0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch → 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
View File

@ -1,4 +1,4 @@
From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001
From d0903a1f9bf17e16abc9a44f01ffae413d1103d1 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 12 May 2014 14:11:22 +0200
Subject: [PATCH] If there is no executable we don't want to print a part of
@ -9,7 +9,7 @@ Subject: [PATCH] If there is no executable we don't want to print a part of
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 24e311a3..46092be0 100755
index 2ee9e37fde9f..ec17fb145375 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
@ -23,5 +23,5 @@ index 24e311a3..46092be0 100755
.B STANDARD FILE CONTEXT
--
2.22.0
2.23.0

10
0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch → 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
View File

@ -1,4 +1,4 @@
From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001
From 7e3f0b790e59d0d296ee689b74339dda0490f829 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 19 Feb 2015 17:45:15 +0100
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
@ -11,10 +11,10 @@ Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
2 files changed, 13 insertions(+), 77 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 6aed31bd..88a2b8f6 100644
index e4540977d042..ad718797ca68 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1209,27 +1209,14 @@ def boolean_desc(boolean):
@@ -1208,27 +1208,14 @@ def boolean_desc(boolean):
def get_os_version():
@ -49,7 +49,7 @@ index 6aed31bd..88a2b8f6 100644
def reinit():
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 46092be0..d60acfaf 100755
index ec17fb145375..8c529ddb07cd 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -149,10 +149,6 @@ def prettyprint(f, trim):
@ -165,5 +165,5 @@ index 46092be0..d60acfaf 100755
if len(self.manpage_roles[letter]):
fd.write("""
--
2.22.0
2.23.0

8
0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch → 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
View File

@ -1,4 +1,4 @@
From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001
From 3fa844ec73d6ed98968e876687e45a884e41b71c Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:01 +0100
Subject: [PATCH] We want to remove the trailing newline for
@ -9,10 +9,10 @@ Subject: [PATCH] We want to remove the trailing newline for
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 88a2b8f6..0c66f4d5 100644
index ad718797ca68..ea05d892bf3b 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1212,7 +1212,7 @@ def get_os_version():
@@ -1211,7 +1211,7 @@ def get_os_version():
system_release = ""
try:
with open('/etc/system-release') as f:
@ -22,5 +22,5 @@ index 88a2b8f6..0c66f4d5 100644
system_release = "Misc"
--
2.22.0
2.23.0

6
0008-Fix-title-in-manpage.py-to-not-contain-online.patch → 0006-Fix-title-in-manpage.py-to-not-contain-online.patch
View File

@ -1,4 +1,4 @@
From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001
From 374e2a3ade4345887d2fe8bda2f3b41b7d76e78c Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:53 +0100
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
@ -8,7 +8,7 @@ Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index d60acfaf..de8184d8 100755
index 8c529ddb07cd..10e2c1745f8b 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -220,7 +220,7 @@ class HTMLManPages:
@ -21,5 +21,5 @@ index d60acfaf..de8184d8 100755
<body>
<h1>SELinux man pages for %s</h1>
--
2.22.0
2.23.0

6
0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch → 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
View File

@ -1,4 +1,4 @@
From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001
From bbec5a6e4da0cc3ac839dd343a374c36e3276c36 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 14 Feb 2014 12:32:12 -0500
Subject: [PATCH] Don't be verbose if you are not on a tty
@ -8,7 +8,7 @@ Subject: [PATCH] Don't be verbose if you are not on a tty
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index b2779581..53d28c7b 100755
index 5d7770348349..fd43aab0cb6a 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
@ -20,5 +20,5 @@ index b2779581..53d28c7b 100755
RPMFILES=""
PREFC=""
--
2.22.0
2.23.0

6
0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch → 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
View File

@ -1,4 +1,4 @@
From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001
From d903f0809b2a8a2e19360e5d42886e78f2b1f244 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 27 Feb 2017 17:12:39 +0100
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
@ -11,7 +11,7 @@ Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index de8184d8..f8a94fc0 100755
index 10e2c1745f8b..9a4b24743aca 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -125,8 +125,24 @@ def gen_domains():
@ -59,5 +59,5 @@ index de8184d8..f8a94fc0 100755
if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"]
--
2.22.0
2.23.0

8
0011-sepolicy-Another-small-optimization-for-mcs-types.patch → 0009-sepolicy-Another-small-optimization-for-mcs-types.patch
View File

@ -1,4 +1,4 @@
From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001
From 2a10ed38c8c08618a370b2446929e60457547e72 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 28 Feb 2017 21:29:46 +0100
Subject: [PATCH] sepolicy: Another small optimization for mcs types
@ -8,7 +8,7 @@ Subject: [PATCH] sepolicy: Another small optimization for mcs types
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index f8a94fc0..67d39301 100755
index 9a4b24743aca..736ae13b0524 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -142,6 +142,15 @@ def _gen_entry_types():
@ -35,7 +35,7 @@ index f8a94fc0..67d39301 100755
if self.source_files:
self.fcpath = self.root + "file_contexts"
@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
@@ -944,11 +954,7 @@ All executables with the default executable label, usually stored in /usr/bin an
%s""" % ", ".join(paths))
def _mcs_types(self):
@ -49,5 +49,5 @@ index f8a94fc0..67d39301 100755
self.fd.write ("""
.SH "MCS Constrained"
--
2.22.0
2.23.0

26
0012-Move-po-translation-files-into-the-right-sub-directo.patch → 0010-Move-po-translation-files-into-the-right-sub-directo.patch
View File

@ -1,4 +1,4 @@
From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001
From 45771768cd00225bf82fa260e59f55c5a2641b9c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:23:00 +0200
Subject: [PATCH] Move po/ translation files into the right sub-directories
@ -35,7 +35,7 @@ See https://github.com/fedora-selinux/selinux/issues/43
create mode 100644 sandbox/po/POTFILES
diff --git a/gui/Makefile b/gui/Makefile
index ca965c94..5a5bf6dc 100644
index ca965c942912..5a5bf6dcae19 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -22,6 +22,7 @@ system-config-selinux.ui \
@ -57,7 +57,7 @@ index ca965c94..5a5bf6dc 100644
indent:
diff --git a/gui/po/Makefile b/gui/po/Makefile
new file mode 100644
index 00000000..a0f5439f
index 000000000000..a0f5439f2d1c
--- /dev/null
+++ b/gui/po/Makefile
@@ -0,0 +1,82 @@
@ -145,7 +145,7 @@ index 00000000..a0f5439f
+relabel:
diff --git a/gui/po/POTFILES b/gui/po/POTFILES
new file mode 100644
index 00000000..1795c5c1
index 000000000000..1795c5c1951b
--- /dev/null
+++ b/gui/po/POTFILES
@@ -0,0 +1,17 @@
@ -167,7 +167,7 @@ index 00000000..1795c5c1
+../system-config-selinux.ui
+../usersPage.py
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
index 575e1431..18bc1dff 100644
index 575e143122e6..18bc1dff8d1f 100644
--- a/policycoreutils/po/Makefile
+++ b/policycoreutils/po/Makefile
@@ -3,7 +3,6 @@
@ -267,7 +267,7 @@ index 575e1431..18bc1dff 100644
for cat in $(POFILES); do \
diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
new file mode 100644
index 00000000..12237dc6
index 000000000000..12237dc61ee4
--- /dev/null
+++ b/policycoreutils/po/POTFILES
@@ -0,0 +1,9 @@
@ -281,7 +281,7 @@ index 00000000..12237dc6
+../setfiles/setfiles.c
+../secon/secon.c
diff --git a/python/Makefile b/python/Makefile
index 9b66d52f..00312dbd 100644
index 9b66d52fbd4d..00312dbdb5c6 100644
--- a/python/Makefile
+++ b/python/Makefile
@@ -1,4 +1,4 @@
@ -292,7 +292,7 @@ index 9b66d52f..00312dbd 100644
@for subdir in $(SUBDIRS); do \
diff --git a/python/po/Makefile b/python/po/Makefile
new file mode 100644
index 00000000..4e052d5a
index 000000000000..4e052d5a2bd7
--- /dev/null
+++ b/python/po/Makefile
@@ -0,0 +1,83 @@
@ -381,7 +381,7 @@ index 00000000..4e052d5a
+relabel:
diff --git a/python/po/POTFILES b/python/po/POTFILES
new file mode 100644
index 00000000..128eb870
index 000000000000..128eb870a69e
--- /dev/null
+++ b/python/po/POTFILES
@@ -0,0 +1,10 @@
@ -396,7 +396,7 @@ index 00000000..128eb870
+../sepolicy/sepolicy/interface.py
+../sepolicy/sepolicy.py
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 9da5e58d..b817824e 100644
index 9da5e58db9e6..b817824e2102 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
@ -417,7 +417,7 @@ index 9da5e58d..b817824e 100644
@$(PYTHON) test_sandbox.py -v
diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
new file mode 100644
index 00000000..0556bbe9
index 000000000000..0556bbe953f0
--- /dev/null
+++ b/sandbox/po/Makefile
@@ -0,0 +1,82 @@
@ -505,11 +505,11 @@ index 00000000..0556bbe9
+relabel:
diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
new file mode 100644
index 00000000..deff3f2f
index 000000000000..deff3f2f4656
--- /dev/null
+++ b/sandbox/po/POTFILES
@@ -0,0 +1 @@
+../sandbox
--
2.22.0
2.23.0

50
0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch → 0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch
View File

@ -1,4 +1,4 @@
From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001
From 7e88d2395d39f7a15d812c8d3e4d176a832da7ae Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:37:07 +0200
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
@ -29,7 +29,7 @@ https://github.com/fedora-selinux/selinux/issues/43
21 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/gui/booleansPage.py b/gui/booleansPage.py
index 7849bea2..dd12b6d6 100644
index 7849bea26a06..dd12b6d6ab86 100644
--- a/gui/booleansPage.py
+++ b/gui/booleansPage.py
@@ -38,7 +38,7 @@ DISABLED = 2
@ -42,7 +42,7 @@ index 7849bea2..dd12b6d6 100644
import gettext
kwargs = {}
diff --git a/gui/domainsPage.py b/gui/domainsPage.py
index bad5140d..6bbe4de5 100644
index bad5140d8c59..6bbe4de5884f 100644
--- a/gui/domainsPage.py
+++ b/gui/domainsPage.py
@@ -30,7 +30,7 @@ from semanagePage import *
@ -55,7 +55,7 @@ index bad5140d..6bbe4de5 100644
import gettext
kwargs = {}
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
index 370bbee4..e424366d 100644
index 370bbee40786..e424366da26f 100644
--- a/gui/fcontextPage.py
+++ b/gui/fcontextPage.py
@@ -47,7 +47,7 @@ class context:
@ -68,7 +68,7 @@ index 370bbee4..e424366d 100644
import gettext
kwargs = {}
diff --git a/gui/loginsPage.py b/gui/loginsPage.py
index b67eb8bc..cbfb0cc2 100644
index b67eb8bc42af..cbfb0cc23f65 100644
--- a/gui/loginsPage.py
+++ b/gui/loginsPage.py
@@ -29,7 +29,7 @@ from semanagePage import *
@ -81,7 +81,7 @@ index b67eb8bc..cbfb0cc2 100644
import gettext
kwargs = {}
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index cb856b2d..26ac5404 100644
index 0584acf9b3a4..35a0129bab9c 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -30,7 +30,7 @@ from semanagePage import *
@ -94,7 +94,7 @@ index cb856b2d..26ac5404 100644
import gettext
kwargs = {}
diff --git a/gui/polgengui.py b/gui/polgengui.py
index b1cc9937..46a1bd2c 100644
index d284ded65279..01f541bafae8 100644
--- a/gui/polgengui.py
+++ b/gui/polgengui.py
@@ -63,7 +63,7 @@ def get_all_modules():
@ -107,7 +107,7 @@ index b1cc9937..46a1bd2c 100644
import gettext
kwargs = {}
diff --git a/gui/portsPage.py b/gui/portsPage.py
index 30f58383..a537ecc8 100644
index 30f58383bc1d..a537ecc8c0a1 100644
--- a/gui/portsPage.py
+++ b/gui/portsPage.py
@@ -35,7 +35,7 @@ from semanagePage import *
@ -120,7 +120,7 @@ index 30f58383..a537ecc8 100644
import gettext
kwargs = {}
diff --git a/gui/semanagePage.py b/gui/semanagePage.py
index 4127804f..5361d69c 100644
index 4127804fbbee..5361d69c1313 100644
--- a/gui/semanagePage.py
+++ b/gui/semanagePage.py
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
@ -133,7 +133,7 @@ index 4127804f..5361d69c 100644
import gettext
kwargs = {}
diff --git a/gui/statusPage.py b/gui/statusPage.py
index 766854b1..a8f079b9 100644
index 766854b19cba..a8f079b9b163 100644
--- a/gui/statusPage.py
+++ b/gui/statusPage.py
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
@ -146,7 +146,7 @@ index 766854b1..a8f079b9 100644
import gettext
kwargs = {}
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
index c42301b6..1e0d5eb1 100644
index 3f70122b87e8..8c46c987b974 100644
--- a/gui/system-config-selinux.py
+++ b/gui/system-config-selinux.py
@@ -45,7 +45,7 @@ import selinux
@ -159,7 +159,7 @@ index c42301b6..1e0d5eb1 100644
import gettext
kwargs = {}
diff --git a/gui/usersPage.py b/gui/usersPage.py
index 26794ed5..d15d4c5a 100644
index 26794ed5c3f3..d15d4c5a71dd 100644
--- a/gui/usersPage.py
+++ b/gui/usersPage.py
@@ -29,7 +29,7 @@ from semanagePage import *
@ -172,7 +172,7 @@ index 26794ed5..d15d4c5a 100644
import gettext
kwargs = {}
diff --git a/python/chcat/chcat b/python/chcat/chcat
index ba398684..df2509f2 100755
index fdd2e46ee3f9..839ddd3b54b6 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -30,7 +30,7 @@ import getopt
@ -185,7 +185,7 @@ index ba398684..df2509f2 100755
import gettext
kwargs = {}
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 144cc000..56db3e0d 100644
index b2fabea67a87..3cc30a160a74 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -27,7 +27,7 @@ import traceback
@ -198,7 +198,7 @@ index 144cc000..56db3e0d 100644
import gettext
kwargs = {}
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 13fdf531..b90b1070 100644
index dc413ca5864c..4340495caef2 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -29,7 +29,7 @@ import sys
@ -211,7 +211,7 @@ index 13fdf531..b90b1070 100644
import setools
from IPy import IP
diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
index 998c4356..56ebd807 100644
index 998c4356415c..56ebd807c69c 100644
--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
@@ -19,7 +19,7 @@
@ -224,11 +224,11 @@ index 998c4356..56ebd807 100644
except:
def _(str):
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index 1934cd86..8bd6a579 100755
index 7b2230651099..32956e58f52e 100755
--- a/python/sepolicy/sepolicy.py
+++ b/python/sepolicy/sepolicy.py
@@ -27,7 +27,7 @@ import selinux
import sepolicy
@@ -28,7 +28,7 @@ import sepolicy
from multiprocessing import Pool
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
import argparse
-PROGNAME = "policycoreutils"
@ -237,7 +237,7 @@ index 1934cd86..8bd6a579 100755
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 0c66f4d5..b6ca57c3 100644
index ea05d892bf3b..9a9c2ae9f237 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -13,7 +13,7 @@ import os
@ -250,7 +250,7 @@ index 0c66f4d5..b6ca57c3 100644
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 019e7836..7175d36b 100644
index 973edb9d6b91..6202e30d69ac 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults
@ -263,7 +263,7 @@ index 019e7836..7175d36b 100644
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 00fd7a11..805cee67 100644
index 1e86422b864a..c9ca158ddd09 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -41,7 +41,7 @@ import os
@ -276,7 +276,7 @@ index 00fd7a11..805cee67 100644
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
index 583091ae..e2b8d23b 100644
index 187419fa7822..5a5d919dcfaa 100644
--- a/python/sepolicy/sepolicy/interface.py
+++ b/python/sepolicy/sepolicy/interface.py
@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
@ -289,7 +289,7 @@ index 583091ae..e2b8d23b 100644
import gettext
kwargs = {}
diff --git a/sandbox/sandbox b/sandbox/sandbox
index 1dec07ac..a12403b3 100644
index ca5f1e030a51..16c43b51eaaa 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -37,7 +37,7 @@ import sepolicy
@ -302,5 +302,5 @@ index 1dec07ac..a12403b3 100644
import gettext
kwargs = {}
--
2.22.0
2.23.0

10
0014-Initial-.pot-files-for-gui-python-sandbox.patch → 0012-Initial-.pot-files-for-gui-python-sandbox.patch
View File

@ -1,4 +1,4 @@
From c8c59758d2fb7f6cbe368c9ff8f356ea7acebb4b Mon Sep 17 00:00:00 2001
From 51fec6b3c4a2c3de15217be121503fd6829f0c9b Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 14:23:19 +0200
Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/
@ -15,7 +15,7 @@ https://github.com/fedora-selinux/selinux/issues/43
diff --git a/gui/po/gui.pot b/gui/po/gui.pot
new file mode 100644
index 00000000..1663b4ca
index 000000000000..1663b4caa7c3
--- /dev/null
+++ b/gui/po/gui.pot
@@ -0,0 +1,964 @@
@ -985,7 +985,7 @@ index 00000000..1663b4ca
+msgstr ""
diff --git a/python/po/python.pot b/python/po/python.pot
new file mode 100644
index 00000000..a279b0e8
index 000000000000..a279b0e8d540
--- /dev/null
+++ b/python/po/python.pot
@@ -0,0 +1,3375 @@
@ -4366,7 +4366,7 @@ index 00000000..a279b0e8
+msgstr ""
diff --git a/sandbox/po/sandbox.pot b/sandbox/po/sandbox.pot
new file mode 100644
index 00000000..328b4f01
index 000000000000..328b4f0159d3
--- /dev/null
+++ b/sandbox/po/sandbox.pot
@@ -0,0 +1,157 @@
@ -4528,5 +4528,5 @@ index 00000000..328b4f01
+msgid "Invalid value %s"
+msgstr ""
--
2.22.0
2.23.0

6
0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch → 0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch
View File

@ -1,4 +1,4 @@
From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001
From 4582e6315f8107cdea7833732ddcab3568ef4a55 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Mar 2018 08:51:31 +0100
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
@ -13,7 +13,7 @@ Resolves: rhbz#1271327
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index ccaaf4de..a8a76c86 100644
index c9f8be063c5a..de7c4b784312 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
@ -26,5 +26,5 @@ index ccaaf4de..a8a76c86 100644
.BI \-e \ directory
directory to exclude (repeat option for more than one directory).
--
2.22.0
2.23.0

6
0017-sepolicy-generate-Handle-more-reserved-port-types.patch → 0014-sepolicy-generate-Handle-more-reserved-port-types.patch
View File

@ -1,4 +1,4 @@
From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001
From 3537da12ca15942763bf70a64cbf6f4fd0659154 Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Thu, 14 Dec 2017 15:57:58 +0900
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
@ -52,7 +52,7 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 7175d36b..93caedee 100644
index 6202e30d69ac..da45f49a06ce 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -100,7 +100,9 @@ def get_all_ports():
@ -67,5 +67,5 @@ index 7175d36b..93caedee 100644
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
return dict
--
2.22.0
2.23.0

6
0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch → 0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
View File

@ -1,4 +1,4 @@
From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001
From d53fcf1cb3f84a4f125efdd6e6f8162bafef4a34 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 8 Nov 2018 09:20:58 +0100
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
@ -8,7 +8,7 @@ Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
1 file changed, 1 insertion(+)
diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
index 3515234e..7b75b3fd 100644
index 3515234e36de..7b75b3fd9bb4 100644
--- a/semodule-utils/semodule_package/semodule_package.c
+++ b/semodule-utils/semodule_package/semodule_package.c
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
@ -20,5 +20,5 @@ index 3515234e..7b75b3fd 100644
}
--
2.22.0
2.23.0

10
0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch → 0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
View File

@ -1,4 +1,4 @@
From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001
From 380ea80e85eedd07ed4adfbca96cad20e02c3ef4 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 18 Jul 2018 09:09:35 +0200
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
@ -10,7 +10,7 @@ Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
3 files changed, 3 insertions(+), 17 deletions(-)
diff --git a/sandbox/sandbox b/sandbox/sandbox
index a12403b3..707959a6 100644
index 16c43b51eaaa..7709a6585665 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -268,7 +268,7 @@ class Sandbox:
@ -32,7 +32,7 @@ index a12403b3..707959a6 100644
parser.add_option("-l", "--level", dest="level",
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
index d83fee76..90ef4951 100644
index d83fee76f335..90ef4951c8c2 100644
--- a/sandbox/sandbox.8
+++ b/sandbox/sandbox.8
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
@ -45,7 +45,7 @@ index d83fee76..90ef4951 100644
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
index 47745280..c211ebc1 100644
index 4774528027ef..c211ebc14549 100644
--- a/sandbox/sandboxX.sh
+++ b/sandbox/sandboxX.sh
@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
@ -70,5 +70,5 @@ index 47745280..c211ebc1 100644
export DISPLAY=:$D
cat > ~/seremote << __EOF
--
2.22.0
2.23.0

10
0020-python-Use-ipaddress-instead-of-IPy.patch → 0017-python-Use-ipaddress-instead-of-IPy.patch
View File

@ -1,4 +1,4 @@
From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001
From fe39bba27704da0fbcda0677e41b16976be0dab8 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 3 Dec 2018 14:40:09 +0100
Subject: [PATCH] python: Use ipaddress instead of IPy
@ -9,7 +9,7 @@ ipaddress module was added in python 3.3 and this allows us to drop python3-IPy
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index b90b1070..58497e3b 100644
index 4340495caef2..69523066f7f5 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -32,7 +32,7 @@ from semanage import *
@ -21,9 +21,9 @@ index b90b1070..58497e3b 100644
try:
import gettext
@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords):
@@ -1856,13 +1856,13 @@ class nodeRecords(semanageRecords):
# verify valid comination
# verify valid combination
if len(mask) == 0 or mask[0] == "/":
- i = IP(addr + mask)
- newaddr = i.strNormal(0)
@ -41,5 +41,5 @@ index b90b1070..58497e3b 100644
try:
newprotocol = self.protocol.index(protocol)
--
2.22.0
2.23.0

93
0021-python-semanage-Do-not-traceback-when-the-default-po.patch
View File

@ -1,93 +0,0 @@
From e9b08da87ed222059c1f1f0c0de7cc760f485552 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 4 Apr 2019 23:02:56 +0200
Subject: [PATCH] python/semanage: Do not traceback when the default policy is
not available
"import seobject" causes "import sepolicy" which crashes when the system policy
is not available. It's better to provide an error message instead.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/semanage/semanage | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 56db3e0d..4c766ae3 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -25,7 +25,6 @@
import traceback
import argparse
-import seobject
import sys
PROGNAME = "selinux-python"
try:
@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action):
sys.exit(1)
setattr(namespace, self.dest, values)
-# define dictonary for seobject OBEJCTS
-object_dict = {
- 'login': seobject.loginRecords,
- 'user': seobject.seluserRecords,
- 'port': seobject.portRecords,
- 'module': seobject.moduleRecords,
- 'interface': seobject.interfaceRecords,
- 'node': seobject.nodeRecords,
- 'fcontext': seobject.fcontextRecords,
- 'boolean': seobject.booleanRecords,
- 'permissive': seobject.permissiveRecords,
- 'dontaudit': seobject.dontauditClass,
- 'ibpkey': seobject.ibpkeyRecords,
- 'ibendport': seobject.ibendportRecords
-}
def generate_custom_usage(usage_text, usage_dict):
# generate custom usage from given text and dictonary
@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers):
def handleModule(args):
+ import seobject
OBJECT = seobject.moduleRecords(args)
if args.action_add:
OBJECT.add(args.action_add[0], args.priority)
@@ -846,6 +831,7 @@ def mkargv(line):
def handleImport(args):
+ import seobject
trans = seobject.semanageRecords(args)
trans.start()
@@ -887,6 +873,25 @@ def createCommandParser():
#To add a new subcommand define the parser for it in a function above and call it here.
subparsers = commandParser.add_subparsers(dest='subcommand')
subparsers.required = True
+
+ import seobject
+ # define dictonary for seobject OBEJCTS
+ global object_dict
+ object_dict = {
+ 'login': seobject.loginRecords,
+ 'user': seobject.seluserRecords,
+ 'port': seobject.portRecords,
+ 'module': seobject.moduleRecords,
+ 'interface': seobject.interfaceRecords,
+ 'node': seobject.nodeRecords,
+ 'fcontext': seobject.fcontextRecords,
+ 'boolean': seobject.booleanRecords,
+ 'permissive': seobject.permissiveRecords,
+ 'dontaudit': seobject.dontauditClass,
+ 'ibpkey': seobject.ibpkeyRecords,
+ 'ibendport': seobject.ibendportRecords
+ }
+
setupImportParser(subparsers)
setupExportParser(subparsers)
setupLoginParser(subparsers)
--
2.22.0

108
0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
View File

@ -1,108 +0,0 @@
From d3f8b2c3cd9e044aba909f63a2ca78f53db11fe0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 2 Jul 2019 17:11:32 +0200
Subject: [PATCH] policycoreutils/fixfiles: Fix [-B] [-F] onboot
Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel"
command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
`fixfiles -B onboot` to show usage instead of updating /.autorelabel
The code is restructured to handle -B for different modes correctly.
Fixes:
# fixfiles -B onboot
Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel
...
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
policycoreutils/scripts/fixfiles | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 53d28c7b..9dd44213 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -112,7 +112,7 @@ VERBOSE="-p"
FORCEFLAG=""
RPMFILES=""
PREFC=""
-RESTORE_MODE="DEFAULT"
+RESTORE_MODE=""
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
FILESYSTEMSRW=`get_rw_labeled_mounts`
@@ -214,16 +214,17 @@ restore () {
OPTION=$1
shift
-case "$RESTORE_MODE" in
- PREFC)
- diff_filecontext $*
- return
- ;;
- BOOTTIME)
+# [-B | -N time ]
+if [ -z "$BOOTTIME" ]; then
newer $BOOTTIME $*
return
- ;;
-esac
+fi
+
+# -C PREVIOUS_FILECONTEXT
+if [ "$RESTORE_MODE" == PREFC ]; then
+ diff_filecontext $*
+ return
+fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in
FILEPATH)
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
;;
- DEFAULT)
+ *)
if [ -n "${FILESYSTEMSRW}" ]; then
LogReadOnly
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
@@ -272,7 +273,7 @@ fullrelabel() {
relabel() {
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
usage
exit 1
fi
@@ -306,7 +307,7 @@ case "$1" in
verify) restore Verify -n;;
relabel) relabel;;
onboot)
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
usage
exit 1
fi
@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then
fi
set_restore_mode() {
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" ]; then
# can't specify two different modes
usage
exit 1
@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do
case "$i" in
B)
BOOTTIME=`/bin/who -b | awk '{print $3}'`
- set_restore_mode BOOTTIME
+ set_restore_mode DEFAULT
;;
N)
BOOTTIME=$OPTARG
--
2.22.0

33
0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
View File

@ -1,33 +0,0 @@
From 105eeda97b0f35773bc32222d0802de4d0b5a8e9 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 2 Jul 2019 17:12:07 +0200
Subject: [PATCH] policycoreutils/fixfiles: Force full relabel when SELinux is
disabled
The previous check used getfilecon to check whether / slash contains a label,
but getfilecon fails only when SELinux is disabled. Therefore it's better to
check this using selinuxenabled.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
policycoreutils/scripts/fixfiles | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 9dd44213..a9d27d13 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -314,8 +314,8 @@ case "$1" in
> /.autorelabel || exit $?
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
- # Force full relabel if / does not have a label on it
- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
+ # Force full relabel if SELinux is not enabled
+ selinuxenabled || echo -F > /.autorelabel
echo "System will relabel on next boot"
;;
*)
--
2.22.0

32
0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
View File

@ -1,32 +0,0 @@
From e240bf9a547374dff8e7998b0bedce1d523b3dd4 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Aug 2019 17:43:25 +0200
Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem
Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix
[-B] [-F] onboot"), which broke "fixfiles relabel":
#fixfiles relabel
/sbin/fixfiles: line 151: $1: unbound variable
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
policycoreutils/scripts/fixfiles | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index a9d27d13..df0042aa 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -215,7 +215,7 @@ OPTION=$1
shift
# [-B | -N time ]
-if [ -z "$BOOTTIME" ]; then
+if [ -n "$BOOTTIME" ]; then
newer $BOOTTIME $*
return
fi
--
2.23.0

38
0025-gui-Fix-remove-module-in-system-config-selinux.patch
View File

@ -1,38 +0,0 @@
From eed9aca2fa1b5668b9ddca10cfe96695fa7d2b9f Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 29 Aug 2019 08:58:20 +0200
Subject: [PATCH] gui: Fix remove module in system-config-selinux
When a user tried to remove a policy module with priority other than 400 via
GUI, it failed with a message:
libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
"semodule -r NAME".
From Jono Hein <fredwacko40@hotmail.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
gui/modulesPage.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index 26ac5404..35a0129b 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -125,9 +125,10 @@ class modulesPage(semanagePage):
def delete(self):
store, iter = self.view.get_selection().get_selected()
module = store.get_value(iter, 0)
+ priority = store.get_value(iter, 1)
try:
self.wait()
- status, output = getstatusoutput("semodule -r %s" % module)
+ status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module))
self.ready()
if status != 0:
self.error(output)
--
2.23.0

30
0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
View File

@ -1,30 +0,0 @@
From 4b1ede292c0de742b6fed12881c5916f3a6bc38b Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 3 Sep 2019 15:17:27 +0200
Subject: [PATCH] python/semanage: Do not use default s0 range in "semanage
login -a"
Using the "s0" default means that new login mappings are always added with "s0"
range instead of the range of SELinux user.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/semanage/semanage | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 4c766ae3..fa78afce 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -221,7 +221,7 @@ def parser_add_level(parser, name):
def parser_add_range(parser, name):
- parser.add_argument('-r', '--range', default="s0",
+ parser.add_argument('-r', '--range', default='',
help=_('''
MLS/MCS Security Range (MLS/MCS Systems only)
SELinux Range for SELinux login mapping
--
2.23.0

78
policycoreutils.spec
View File

@ -1,8 +1,8 @@
%global libauditver 3.0
%global libsepolver 2.9-1
%global libsemanagever 2.9-1
%global libselinuxver 2.9-1
%global sepolgenver 2.9
%global libsepolver 3.0
%global libsemanagever 3.0
%global libselinuxver 3.0
%global sepolgenver 3.0
%global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -11,17 +11,17 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.9
Release: 7%{?dist}
Version: 3.0
Release: 0.rc1.1%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz
Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz
Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz
Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz
Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz
Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/20191031/policycoreutils-3.0-rc1.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/20191031/selinux-python-3.0-rc1.tar.gz
Source2: https://github.com/SELinuxProject/selinux/releases/download/20191031/selinux-gui-3.0-rc1.tar.gz
Source3: https://github.com/SELinuxProject/selinux/releases/download/20191031/selinux-sandbox-3.0-rc1.tar.gz
Source4: https://github.com/SELinuxProject/selinux/releases/download/20191031/selinux-dbus-3.0-rc1.tar.gz
Source5: https://github.com/SELinuxProject/selinux/releases/download/20191031/semodule-utils-3.0-rc1.tar.gz
Source6: https://github.com/SELinuxProject/selinux/releases/download/20191031/restorecond-3.0-rc1.tar.gz
URL: https://github.com/SELinuxProject/selinux
Source13: system-config-selinux.png
Source14: sepolicy-icons.tgz
@ -35,35 +35,27 @@ Source21: python-po.tgz
Source22: gui-po.tgz
Source23: sandbox-po.tgz
# https://github.com/fedora-selinux/selinux
# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ git format-patch -N 20191031 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch
Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch
Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch
Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch
Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch
# this is too big and it's covered by sources 20 - 23
# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch
Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch
Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
# Patch list start
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch
Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
Patch0009: 0009-sepolicy-Another-small-optimization-for-mcs-types.patch
Patch0010: 0010-Move-po-translation-files-into-the-right-sub-directo.patch
Patch0011: 0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch
Patch0012: 0012-Initial-.pot-files-for-gui-python-sandbox.patch
Patch0013: 0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch
Patch0014: 0014-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0015: 0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0016: 0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0017: 0017-python-Use-ipaddress-instead-of-IPy.patch
# Patch list end
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -108,8 +100,8 @@ to switch roles.
%autosetup -S git -N -T -D -a 6 -n selinux
for i in *; do
git mv $i ${i/-%{version}/}
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
git mv $i ${i/-%{version}-rc1/}
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}-rc1/}"
done
for i in selinux-*; do

14
sources
View File

@ -1,10 +1,10 @@
SHA512 (policycoreutils-2.9.tar.gz) = d8356115671ba66de05f1c13193ab47fab69cc4d09603a92171ed40afafc084dd191591bf336b7d722de637378ad09622ebb6eca85c06063ca9ddd6db10e02a2
SHA512 (restorecond-2.9.tar.gz) = 6de9dd4c6b8e5d8275221aba5df27437998f635cfe83a5da75de479e260ceea884a36253eb873a8d71e1a77ed67544d8657fb75fe409af1f630052ce73ec5d8a
SHA512 (selinux-dbus-2.9.tar.gz) = f7a9ab2975eb97ff389a78ddaa2fcf3cd1c5fe590abdbe6aa0aa0c3f0c3a96cc0f34ce54b14e0348b46c1de9257ebe5288e16d585c96a9d8149d969788af359e
SHA512 (selinux-gui-2.9.tar.gz) = b6e1847c9f2668670cbe9c2fc65e18001eb03e1d73af049ad6520af486950cf657885a9fb71ad9679c0060fb3ee7dd166d4354e863ad517a9f3aee93587ea57e
SHA512 (selinux-python-2.9.tar.gz) = 1138661128635004fec04dc5e39f035680b5f21beb1b79f3328690a1b93a3984d522a02724af793340112a5e647d363dda8a7d3536de959b34ffd69aa396254d
SHA512 (selinux-sandbox-2.9.tar.gz) = 429994f6140d7ba03b023681d04b365af837e23c5d64e998f849febe08872549bffc0bc490717d6f500332845ec849483ba0d3dfffa77e02b6a2cd2f631c9f1f
SHA512 (semodule-utils-2.9.tar.gz) = 688f1fcb34042b837019302debda76847691657709130b99bf937a85774a0ae69d789ee82b0633a4d2dc661dc6d0a1706a878ac681317df2abe68418bec3f952
SHA512 (policycoreutils-3.0-rc1.tar.gz) = 96cbcb5024dc1eb0037fe41fc14b94faeecee64bc1f4aad6b0a916af9d596f90db09aba87202b476737c25b9f31a5575e0db840d5ba8d5f433185fdd1d4f4e13
SHA512 (restorecond-3.0-rc1.tar.gz) = 170a863cc150a92dc8a3d62e7527f8a13c11753b46524ef572f8fe341f3d5390fe67f576c43547befe4f3de4237897bae76ff3432a2b42ba5f87a17f16109261
SHA512 (selinux-dbus-3.0-rc1.tar.gz) = 0867c70261098f9ccfbc66b6348ba821b62d77c33cc7360795744b076d41e75649c8405b39030e4abc2161f38f8a263b3615331341caca38e9d874dbce5c1685
SHA512 (selinux-gui-3.0-rc1.tar.gz) = 7a73c605b40138e7a17f6cfd17e540f0155cdd05195ef30e838634589992ca42e700d557335977d891d8758e99204681df6d07fe3c3db27b9ca4e0372934d3a8
SHA512 (selinux-python-3.0-rc1.tar.gz) = fc6da30a881be857f1da2e95e095a25371fa67132a7fce6ede143edcd5d19d761b0b410315df48e12a93446e666e5271c1e18e034aec287308b1ae81368c1282
SHA512 (selinux-sandbox-3.0-rc1.tar.gz) = 6ae1fe10b825a0b24b76aa0afe0e2cc13c5d2c55c8c9916129a8b8432244c7d2c95f9cf7214346a42d77931f26c3b4e4fe2924f0dbff1c873d57636803d6fd4b
SHA512 (semodule-utils-3.0-rc1.tar.gz) = 9984dfcbd4d393d2728dc13398b0b4b776e14856620a4e1dc34b09b4173d8b28fed88f7ac3c025e7c65d05cc45e77eb849626d5230b5453ba0aff36b89264efa
SHA512 (gui-po.tgz) = 8e0855256b825eea422b8e2b82cc0decf66b902c9930840905c5ad5dda7bef3679943a22db62709907d48f8a331d67edc5efed3e2638b53e379959b14077b4ea
SHA512 (policycoreutils-po.tgz) = 66b908f7a167225bebded46f9cf92f42eb194daa2a083d48de43c2a5d33fa42724c5add0a9d029ac9d62c500f6f1c8d3bc138dd598b1fd97e609d7cc7160be72
SHA512 (python-po.tgz) = 7f2a082b77c7b4417d5d3dac35d86dd635635a9c05a80e5f9284d03604e2f2a06ec879fb29b056d1a46d3fc448cd76e6fd25196834c18a161fd6677f2e11b2be