rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix semanage module error handling

This commit is contained in:
Dan Walsh 2013-06-24 17:32:33 -04:00
parent 863699842d
commit e396b39f10
2 changed files with 62 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
policycoreutils-rhat.patch
View File

@ -246698,7 +246698,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 6e33c85..1b5c89d 100644
index 6e33c85..423ee5a 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -1,5 +1,7 @@
@ -246710,7 +246710,7 @@ index 6e33c85..1b5c89d 100644
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
@@ -19,564 +21,771 @@
@@ -19,564 +21,770 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA
#
@ -247170,16 +247170,15 @@ index 6e33c85..1b5c89d 100644
+def handleModule(args):
+ OBJECT = seobject.moduleRecords(store)
+ OBJECT.set_reload(args.noreload)
+
+ if args.action is "add":
+ OBJECT.add(args.module)
+ if args.action is "enable":
+ OBJECT.enable(args.module)
+ if args.action is "disable":
+ OBJECT.disable(args.module)
+ if args.action is "delete":
+ OBJECT.delete(args.module)
+ if args.action is "list":
+ if args.action == "add":
+ OBJECT.add(args.module_name)
+ if args.action == "enable":
+ OBJECT.enable(args.module_name)
+ if args.action == "disable":
+ OBJECT.disable(args.module_name)
+ if args.action == "delete":
+ OBJECT.delete(args.module_name)
+ if args.action == "list":
+ OBJECT.list(args.noheading)
+
+def setupModuleParser(subparsers):
@ -249151,7 +249150,7 @@ index 28a9022..90b142e 100644
+usage: semanage [-h]
+
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 85bc37f..eddd414 100644
index 85bc37f..d7e6e7f 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -32,11 +32,10 @@ from IPy import IP
@ -249170,7 +249169,16 @@ index 85bc37f..eddd414 100644
import syslog
@@ -461,7 +460,9 @@ class loginRecords(semanageRecords):
@@ -285,6 +284,8 @@ class moduleRecords(semanageRecords):
print "%-25s%-10s%s" % (t[0], t[1], disabled)
def add(self, file):
+ if not os.path.exists(file):
+ raise ValueError(_("Module does not exists %s ") % file)
rc = semanage_module_install_file(self.sh, file);
if rc >= 0:
self.commit()
@@ -461,7 +462,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@ -249181,7 +249189,7 @@ index 85bc37f..eddd414 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
@@ -731,7 +732,8 @@ class seluserRecords(semanageRecords):
@@ -731,7 +734,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@ -249191,7 +249199,7 @@ index 85bc37f..eddd414 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
@@ -1274,7 +1276,8 @@ class nodeRecords(semanageRecords):
@@ -1274,7 +1278,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@ -249201,7 +249209,7 @@ index 85bc37f..eddd414 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
@@ -1475,7 +1478,8 @@ class interfaceRecords(semanageRecords):
@@ -1475,7 +1480,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@ -249211,7 +249219,7 @@ index 85bc37f..eddd414 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
@@ -1777,7 +1781,8 @@ class fcontextRecords(semanageRecords):
@@ -1777,7 +1783,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@ -249221,7 +249229,7 @@ index 85bc37f..eddd414 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
@@ -1970,7 +1975,7 @@ class fcontextRecords(semanageRecords):
@@ -1970,7 +1977,7 @@ class fcontextRecords(semanageRecords):
if len(self.equiv):
for target in self.equiv.keys():
@ -249230,7 +249238,7 @@ index 85bc37f..eddd414 100644
return l
def list(self, heading = 1, locallist = 0 ):
@@ -2156,7 +2161,7 @@ class booleanRecords(semanageRecords):
@@ -2156,7 +2163,7 @@ class booleanRecords(semanageRecords):
keys.sort()
for k in keys:
if ddict[k]:
@ -250323,7 +250331,7 @@ index b25d3b2..f38c17c 100755
except KeyboardInterrupt:
sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index 5e7415c..08c371a 100644
index 5e7415c..1454071 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -7,6 +7,9 @@ import _policy
@ -250336,7 +250344,7 @@ index 5e7415c..08c371a 100644
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
try:
@@ -37,9 +40,162 @@ CLASS = 'class'
@@ -37,9 +40,176 @@ CLASS = 'class'
TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow'
@ -250410,10 +250418,22 @@ index 5e7415c..08c371a 100644
+ return mpaths
+
+import os, pprint, re, sys
+def find_file(reg, path):
+def find_file(reg):
+ if os.path.exists(reg):
+ return [ reg ]
+ pat = re.compile(r"%s$" % reg)
+ p = reg
+ if p.endswith("(/.*)?"):
+ p = p[:-6] + "/"
+
+ path = os.path.dirname(p)
+
+ if path[-1] != "/":
+ path += "/"
+
+ try:
+ pat = re.compile(r"%s$" % reg)
+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path)))
+ return filter(pat.match, map(lambda x: path + x, os.listdir(path)))
+ except:
+ return []
+
@ -250441,9 +250461,8 @@ index 5e7415c..08c371a 100644
+ t = rec[-1].split(":")[2]
+ if t in fcdict:
+ fcdict[t]["regex"].append(rec[0])
+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
+ else:
+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype}
+ fcdict[t] = { "regex": [ rec[0] ], "ftype": ftype}
+ except:
+ pass
+ fcdict["logfile"] = { "regex" : [ "all log files" ]}
@ -250465,13 +250484,15 @@ index 5e7415c..08c371a 100644
+ return None
+
+def get_transitions(setype):
try:
- path = selinux.selinux_binary_policy_path()
+ try:
+ return search([TRANSITION],{'source':setype, 'class':'process'})
+ except TypeError:
+ pass
+ return None
+
+def get_all_entrypoints():
+ return get_types_from_attribute("entry_type")
+
+def get_entrypoint_types(setype):
+ entrypoints = None
+ entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'}))
@ -250485,7 +250506,7 @@ index 5e7415c..08c371a 100644
+ pass
+ return None
+
+def get_all_entrypoints(setype):
+def get_entrypoints(setype):
+ fcdict = get_fcdict()
+ mpaths = {}
+ for f in get_entrypoint_types(setype):
@ -250496,12 +250517,13 @@ index 5e7415c..08c371a 100644
+ return mpaths
+
+def get_installed_policy(root = "/"):
+ try:
try:
- path = selinux.selinux_binary_policy_path()
+ path = root + selinux.selinux_binary_policy_path()
policies = glob.glob ("%s.*" % path )
policies.sort()
return policies[-1]
@@ -47,6 +203,27 @@ def __get_installed_policy():
@@ -47,6 +217,27 @@ def __get_installed_policy():
pass
raise ValueError(_("No SELinux Policy installed"))
@ -250529,7 +250551,7 @@ index 5e7415c..08c371a 100644
all_types = None
def get_all_types():
global all_types
@@ -54,6 +231,13 @@ def get_all_types():
@@ -54,6 +245,13 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE))
return all_types
@ -250543,7 +250565,7 @@ index 5e7415c..08c371a 100644
role_allows = None
def get_all_role_allows():
global role_allows
@@ -71,6 +255,7 @@ def get_all_role_allows():
@@ -71,6 +269,7 @@ def get_all_role_allows():
return role_allows
def get_all_entrypoint_domains():
@ -250551,7 +250573,7 @@ index 5e7415c..08c371a 100644
all_domains = []
types=get_all_types()
types.sort()
@@ -81,11 +266,54 @@ def get_all_entrypoint_domains():
@@ -81,11 +280,54 @@ def get_all_entrypoint_domains():
all_domains.append(m[0])
return all_domains
@ -250607,7 +250629,7 @@ index 5e7415c..08c371a 100644
return all_domains
roles = None
@@ -139,50 +367,95 @@ def get_all_attributes():
@@ -139,50 +381,95 @@ def get_all_attributes():
return all_attributes
def policy(policy_file):
@ -250728,7 +250750,7 @@ index 5e7415c..08c371a 100644
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
global booleans_dict
if booleans_dict:
@@ -191,7 +464,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
@@ -191,7 +478,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
import re
booleans_dict = {}
try:

5
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
Release: 59%{?dist}
Release: 60%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -309,6 +309,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Mon Jun 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-60
- Fix semanage module error handling
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
- Add back default exception handling for errors, which argparse rewrite removed.