diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 7fd06d3..151a6b7 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -246698,7 +246698,7 @@ index 0000000..e2befdb + packages=["policycoreutils"], +) diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage -index 6e33c85..1b5c89d 100644 +index 6e33c85..423ee5a 100644 --- a/policycoreutils/semanage/semanage +++ b/policycoreutils/semanage/semanage @@ -1,5 +1,7 @@ @@ -246710,7 +246710,7 @@ index 6e33c85..1b5c89d 100644 # see file 'COPYING' for use and warranty information # # semanage is a tool for managing SELinux configuration files -@@ -19,564 +21,771 @@ +@@ -19,564 +21,770 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # 02111-1307 USA # @@ -247170,16 +247170,15 @@ index 6e33c85..1b5c89d 100644 +def handleModule(args): + OBJECT = seobject.moduleRecords(store) + OBJECT.set_reload(args.noreload) -+ -+ if args.action is "add": -+ OBJECT.add(args.module) -+ if args.action is "enable": -+ OBJECT.enable(args.module) -+ if args.action is "disable": -+ OBJECT.disable(args.module) -+ if args.action is "delete": -+ OBJECT.delete(args.module) -+ if args.action is "list": ++ if args.action == "add": ++ OBJECT.add(args.module_name) ++ if args.action == "enable": ++ OBJECT.enable(args.module_name) ++ if args.action == "disable": ++ OBJECT.disable(args.module_name) ++ if args.action == "delete": ++ OBJECT.delete(args.module_name) ++ if args.action == "list": + OBJECT.list(args.noheading) + +def setupModuleParser(subparsers): @@ -249151,7 +249150,7 @@ index 28a9022..90b142e 100644 +usage: semanage [-h] + diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py -index 85bc37f..eddd414 100644 +index 85bc37f..d7e6e7f 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -32,11 +32,10 @@ from IPy import IP @@ -249170,7 +249169,16 @@ index 85bc37f..eddd414 100644 import syslog -@@ -461,7 +460,9 @@ class loginRecords(semanageRecords): +@@ -285,6 +284,8 @@ class moduleRecords(semanageRecords): + print "%-25s%-10s%s" % (t[0], t[1], disabled) + + def add(self, file): ++ if not os.path.exists(file): ++ raise ValueError(_("Module does not exists %s ") % file) + rc = semanage_module_install_file(self.sh, file); + if rc >= 0: + self.commit() +@@ -461,7 +462,9 @@ class loginRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: @@ -249181,7 +249189,7 @@ index 85bc37f..eddd414 100644 if name[0] == '%': try: grp.getgrnam(name[1:]) -@@ -731,7 +732,8 @@ class seluserRecords(semanageRecords): +@@ -731,7 +734,8 @@ class seluserRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: @@ -249191,7 +249199,7 @@ index 85bc37f..eddd414 100644 (rc, u) = semanage_user_create(self.sh) if rc < 0: -@@ -1274,7 +1276,8 @@ class nodeRecords(semanageRecords): +@@ -1274,7 +1278,8 @@ class nodeRecords(semanageRecords): (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -249201,7 +249209,7 @@ index 85bc37f..eddd414 100644 (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1475,7 +1478,8 @@ class interfaceRecords(semanageRecords): +@@ -1475,7 +1480,8 @@ class interfaceRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -249211,7 +249219,7 @@ index 85bc37f..eddd414 100644 (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1777,7 +1781,8 @@ class fcontextRecords(semanageRecords): +@@ -1777,7 +1783,8 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -249221,7 +249229,7 @@ index 85bc37f..eddd414 100644 (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1970,7 +1975,7 @@ class fcontextRecords(semanageRecords): +@@ -1970,7 +1977,7 @@ class fcontextRecords(semanageRecords): if len(self.equiv): for target in self.equiv.keys(): @@ -249230,7 +249238,7 @@ index 85bc37f..eddd414 100644 return l def list(self, heading = 1, locallist = 0 ): -@@ -2156,7 +2161,7 @@ class booleanRecords(semanageRecords): +@@ -2156,7 +2163,7 @@ class booleanRecords(semanageRecords): keys.sort() for k in keys: if ddict[k]: @@ -250323,7 +250331,7 @@ index b25d3b2..f38c17c 100755 except KeyboardInterrupt: sys.exit(0) diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index 5e7415c..08c371a 100644 +index 5e7415c..1454071 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -7,6 +7,9 @@ import _policy @@ -250336,7 +250344,7 @@ index 5e7415c..08c371a 100644 gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) try: -@@ -37,9 +40,162 @@ CLASS = 'class' +@@ -37,9 +40,176 @@ CLASS = 'class' TRANSITION = 'transition' ROLE_ALLOW = 'role_allow' @@ -250410,10 +250418,22 @@ index 5e7415c..08c371a 100644 + return mpaths + +import os, pprint, re, sys -+def find_file(reg, path): ++def find_file(reg): ++ if os.path.exists(reg): ++ return [ reg ] ++ pat = re.compile(r"%s$" % reg) ++ p = reg ++ if p.endswith("(/.*)?"): ++ p = p[:-6] + "/" ++ ++ path = os.path.dirname(p) ++ ++ if path[-1] != "/": ++ path += "/" ++ + try: + pat = re.compile(r"%s$" % reg) -+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path))) ++ return filter(pat.match, map(lambda x: path + x, os.listdir(path))) + except: + return [] + @@ -250441,9 +250461,8 @@ index 5e7415c..08c371a 100644 + t = rec[-1].split(":")[2] + if t in fcdict: + fcdict[t]["regex"].append(rec[0]) -+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0]))) + else: -+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype} ++ fcdict[t] = { "regex": [ rec[0] ], "ftype": ftype} + except: + pass + fcdict["logfile"] = { "regex" : [ "all log files" ]} @@ -250465,13 +250484,15 @@ index 5e7415c..08c371a 100644 + return None + +def get_transitions(setype): - try: -- path = selinux.selinux_binary_policy_path() ++ try: + return search([TRANSITION],{'source':setype, 'class':'process'}) + except TypeError: + pass + return None + ++def get_all_entrypoints(): ++ return get_types_from_attribute("entry_type") ++ +def get_entrypoint_types(setype): + entrypoints = None + entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'})) @@ -250485,7 +250506,7 @@ index 5e7415c..08c371a 100644 + pass + return None + -+def get_all_entrypoints(setype): ++def get_entrypoints(setype): + fcdict = get_fcdict() + mpaths = {} + for f in get_entrypoint_types(setype): @@ -250496,12 +250517,13 @@ index 5e7415c..08c371a 100644 + return mpaths + +def get_installed_policy(root = "/"): -+ try: + try: +- path = selinux.selinux_binary_policy_path() + path = root + selinux.selinux_binary_policy_path() policies = glob.glob ("%s.*" % path ) policies.sort() return policies[-1] -@@ -47,6 +203,27 @@ def __get_installed_policy(): +@@ -47,6 +217,27 @@ def __get_installed_policy(): pass raise ValueError(_("No SELinux Policy installed")) @@ -250529,7 +250551,7 @@ index 5e7415c..08c371a 100644 all_types = None def get_all_types(): global all_types -@@ -54,6 +231,13 @@ def get_all_types(): +@@ -54,6 +245,13 @@ def get_all_types(): all_types = map(lambda x: x['name'], info(TYPE)) return all_types @@ -250543,7 +250565,7 @@ index 5e7415c..08c371a 100644 role_allows = None def get_all_role_allows(): global role_allows -@@ -71,6 +255,7 @@ def get_all_role_allows(): +@@ -71,6 +269,7 @@ def get_all_role_allows(): return role_allows def get_all_entrypoint_domains(): @@ -250551,7 +250573,7 @@ index 5e7415c..08c371a 100644 all_domains = [] types=get_all_types() types.sort() -@@ -81,11 +266,54 @@ def get_all_entrypoint_domains(): +@@ -81,11 +280,54 @@ def get_all_entrypoint_domains(): all_domains.append(m[0]) return all_domains @@ -250607,7 +250629,7 @@ index 5e7415c..08c371a 100644 return all_domains roles = None -@@ -139,50 +367,95 @@ def get_all_attributes(): +@@ -139,50 +381,95 @@ def get_all_attributes(): return all_attributes def policy(policy_file): @@ -250728,7 +250750,7 @@ index 5e7415c..08c371a 100644 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): global booleans_dict if booleans_dict: -@@ -191,7 +464,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): +@@ -191,7 +478,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): import re booleans_dict = {} try: diff --git a/policycoreutils.spec b/policycoreutils.spec index 6db6a2d..62055d7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 59%{?dist} +Release: 60%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -309,6 +309,9 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Mon Jun 24 2013 Dan Walsh - 2.1.14-60 +- Fix semanage module error handling + * Sun Jun 23 2013 Dan Walsh - 2.1.14-59 - Add back default exception handling for errors, which argparse rewrite removed.