rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1

Browse Source 
- Update to upstream
	* Remove setrans management from semanage, as it does not work
	  from Dan Walsh.
	* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
This commit is contained in:
Daniel J Walsh 2009-11-18 22:20:42 +00:00
parent c5e196508e
commit e973847bf6
4 changed files with 137 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -209,3 +209,4 @@ sepolgen-1.0.17.tgz
policycoreutils-2.0.73.tgz
policycoreutils-2.0.74.tgz
policycoreutils-2.0.75.tgz
policycoreutils-2.0.76.tgz

349
policycoreutils-rhat.patch
View File

@ -39,22 +39,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
# This is the default if no input is specified
f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.75/load_policy/Makefile
--- nsapolicycoreutils/load_policy/Makefile 2008-08-28 09:34:24.000000000 -0400
--- nsapolicycoreutils/load_policy/Makefile 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.75/load_policy/Makefile 2009-11-03 09:44:56.000000000 -0500
@@ -1,6 +1,7 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
-SBINDIR ?= $(PREFIX)/sbin
+SBINDIR ?= $(DESTDIR)/sbin
+USRSBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -17,6 +18,8 @@
install -m 755 $(TARGETS) $(SBINDIR)
@@ -19,7 +19,7 @@
test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(USRSBINDIR)
-mkdir -p $(USRSBINDIR)
- ln -sf /sbin/load_policy $(USRSBINDIR)/load_policy
+ ln -s /sbin/load_policy $(USRSBINDIR)/load_policy
clean:
@ -2303,9 +2294,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
install: all
-mkdir -p $(BINDIR)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.75/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.75/semanage/semanage 2009-11-03 09:44:56.000000000 -0500
@@ -39,19 +39,27 @@
@@ -39,16 +39,25 @@
__builtin__.__dict__['_'] = unicode
if __name__ == '__main__':
@ -2323,7 +2314,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
semanage [ -S store ] -i [ input_file | - ]
+semanage [ -S store ] -o [ output_file | - ]
-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
-semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
+semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
@ -2332,11 +2323,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+semanage module -{a|d|m} [--enable|--disable] module
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-frst] file_spec
-semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
semanage dontaudit [ on | off ]
@@ -62,7 +70,9 @@
@@ -61,7 +70,9 @@
-d, --delete Delete a OBJECT record NAME
-m, --modify Modify a OBJECT record NAME
-i, --input Input multiple semange commands in a transaction
@ -2346,7 +2334,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
-C, --locallist List OBJECTS local customizations
-D, --deleteall Remove all OBJECTS local customizations
@@ -85,14 +95,15 @@
@@ -84,12 +95,15 @@
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
@ -2354,8 +2342,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
- -T, --trans SELinux Level Translation (MLS/MCS Systems only)
-
-s, --seuser SELinux User Name
-t, --type SELinux Type for the object
-r, --range MLS/MCS Security Range (MLS/MCS Systems only)
@ -2364,7 +2350,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
""")
raise ValueError("%s\n%s" % (text, message))
@@ -104,7 +115,7 @@
@@ -101,7 +115,7 @@
def get_options():
valid_option={}
@ -2373,7 +2359,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
valid_option["login"] = []
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
@@ -115,11 +126,11 @@
@@ -112,8 +126,10 @@
valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
valid_option["node"] = []
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
@ -2383,12 +2369,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] += valid_everyone + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
valid_option["dontaudit"] = [ '-S', '--store' ]
- valid_option["translation"] = []
- valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
valid_option["permissive"] = []
@@ -173,6 +184,8 @@
@@ -168,6 +184,8 @@
return ret
def process_args(argv):
@ -2397,15 +2380,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
serange = ""
port = ""
proto = ""
@@ -180,7 +193,6 @@
selevel = ""
setype = ""
ftype = ""
- setrans = ""
roles = ""
seuser = ""
prefix = "user"
@@ -190,10 +202,14 @@
@@ -184,10 +202,14 @@
modify = False
delete = False
deleteall = False
@ -2420,11 +2395,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
object = argv[0]
option_dict=get_options()
@@ -203,10 +219,14 @@
@@ -197,10 +219,14 @@
args = argv[1:]
gopts, cmds = getopt.getopt(args,
- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
- '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
+ '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
['add',
'delete',
@ -2436,15 +2411,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
'ftype=',
'file',
'help',
@@ -225,7 +245,6 @@
'level=',
'roles=',
'type=',
- 'trans=',
'prefix=',
'mask='
])
@@ -235,26 +254,42 @@
@@ -228,26 +254,42 @@
for o,a in gopts:
if o == "-a" or o == "--add":
@ -2494,7 +2461,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if o == "-n" or o == "--noheading":
heading = False
@@ -263,8 +298,7 @@
@@ -256,8 +298,7 @@
locallist = True
if o == "-m"or o == "--modify":
@ -2504,15 +2471,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
modify = True
if o == "-S" or o == '--store':
@@ -297,14 +331,12 @@
if o == "-t" or o == "--type":
setype = a
- if o == "-T" or o == "--trans":
- setrans = a
-
if o == "--on" or o == "-1":
value = "on"
@@ -295,6 +336,7 @@
if o == "--off" or o == "-0":
value = "off"
@ -2520,20 +2479,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if object == "login":
OBJECT = seobject.loginRecords(store)
@@ -325,9 +357,10 @@
@@ -315,6 +357,10 @@
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
+ modify = True
- if object == "translation":
- OBJECT = seobject.setransRecords()
+
+ if object == "module":
+ OBJECT = seobject.moduleRecords(store)
if object == "permissive":
OBJECT = seobject.permissiveRecords(store)
@@ -343,8 +376,13 @@
@@ -330,8 +376,13 @@
OBJECT.deleteall()
return
@ -2548,17 +2505,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
target = cmds[0]
@@ -358,9 +396,6 @@
if object == "login":
OBJECT.add(target, seuser, serange)
- if object == "translation":
- OBJECT.add(target, setrans)
-
if object == "user":
OBJECT.add(target, roles.split(), selevel, serange, prefix)
@@ -370,11 +405,17 @@
@@ -354,11 +405,17 @@
if object == "interface":
OBJECT.add(target, serange, setype)
@ -2577,14 +2524,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if object == "permissive":
OBJECT.add(target)
@@ -387,13 +428,18 @@
if object == "login":
OBJECT.modify(target, seuser, serange)
- if object == "translation":
- OBJECT.modify(target, setrans)
-
if object == "user":
@@ -375,6 +432,14 @@
rlist = roles.split()
OBJECT.modify(target, rlist, selevel, serange, prefix)
@ -2599,7 +2539,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if object == "port":
OBJECT.modify(target, proto, serange, setype)
@@ -404,7 +450,10 @@
@@ -385,7 +450,10 @@
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
@ -2611,7 +2551,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
return
@@ -423,12 +472,13 @@
@@ -404,12 +472,13 @@
return
@ -2626,7 +2566,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
input = None
store = ""
@@ -436,7 +486,7 @@
@@ -417,7 +486,7 @@
usage(_("Requires 2 or more arguments"))
gopts, cmds = getopt.getopt(sys.argv[1:],
@ -2635,7 +2575,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
['add',
'delete',
'deleteall',
@@ -450,6 +500,7 @@
@@ -431,6 +500,7 @@
'localist',
'off',
'on',
@ -2643,7 +2583,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
'proto=',
'seuser=',
'store=',
@@ -465,6 +516,16 @@
@@ -438,6 +508,7 @@
'level=',
'roles=',
'type=',
+ 'trans=',
'prefix='
])
for o, a in gopts:
@@ -445,6 +516,16 @@
store = a
if o == "-i" or o == '--input':
input = a
@ -2660,7 +2608,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if input != None:
if input == "-":
@@ -474,6 +535,7 @@
@@ -454,6 +535,7 @@
trans = seobject.semanageRecords(store)
trans.start()
for l in fd.readlines():
@ -2668,8 +2616,39 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
process_args(mkargv(l))
trans.finish()
else:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.75/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.75/semanage/semanage.8 2009-11-03 09:21:41.000000000 -0500
@@ -3,7 +3,7 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
+.B semanage {boolean|login|user|port|interface|node|fcontext|translation} \-{l|D} [\-n] [\-S store]
.br
.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
.br
@@ -22,6 +22,8 @@
.B semanage permissive \-{a|d} type
.br
.B semanage dontaudit [ on | off ]
+.br
+.B semanage translation \-{a|d|m} [\-T] level
.P
.SH "DESCRIPTION"
@@ -99,6 +101,9 @@
.TP
.I \-t, \-\-type
SELinux Type for the object
+.TP
+.I \-T, \-\-trans
+SELinux Translation
.SH EXAMPLE
.nf
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.75/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400
--- nsapolicycoreutils/semanage/seobject.py 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.75/semanage/seobject.py 2009-11-16 16:52:53.000000000 -0500
@@ -37,40 +37,6 @@
@ -2712,119 +2691,40 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
file_types = {}
file_types[""] = SEMANAGE_FCONTEXT_ALL;
file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
@@ -194,127 +160,152 @@
@@ -194,44 +160,151 @@
return trans
else:
return raw
-
-class setransRecords:
- def __init__(self):
- self.filename = selinux.selinux_translations_path()
- try:
- fd = open(self.filename, "r")
- translations = fd.readlines()
- fd.close()
- except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
-
- self.ddict = {}
- self.comments = []
- for r in translations:
- if len(r) == 0:
- continue
- i = r.strip()
- if i == "" or i[0] == "#":
- self.comments.append(r)
- continue
- i = i.split("=")
- if len(i) != 2:
- self.comments.append(r)
- continue
- if self.ddict.has_key(i[0]) == 0:
- self.ddict[i[0]] = i[1]
- def get_all(self):
- return self.ddict
+class semanageRecords:
+
class semanageRecords:
- def __init__(self, store):
+ transaction = False
+ handle = None
- def out(self):
- rec = ""
- for c in self.comments:
- rec += c
- keys = self.ddict.keys()
- keys.sort()
- for k in keys:
- rec += "%s=%s\n" % (k, self.ddict[k])
- return rec
-
- def list(self, heading = 1, locallist = 0):
- if heading:
- print "\n%-25s %s\n" % (_("Level"), _("Translation"))
- keys = self.ddict.keys()
- keys.sort()
- for k in keys:
- print "%-25s %s" % (k, self.ddict[k])
-
- def add(self, raw, trans):
- if trans.find(" ") >= 0:
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
+
+ def __init__(self, store):
+ global handle
+
+ self.sh = self.get_handle(store)
- if validate_level(raw) == None:
- raise ValueError(_("Invalid Level '%s' ") % raw)
-
- if self.ddict.has_key(raw):
- raise ValueError(_("%s already defined in translations") % raw)
- else:
- self.ddict[raw] = trans
- self.save()
-
- def modify(self, raw, trans):
- if trans.find(" ") >= 0:
+ def get_handle(self, store):
+ global is_mls_enabled
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
- if self.ddict.has_key(raw):
- self.ddict[raw] = trans
- else:
- raise ValueError(_("%s not defined in translations") % raw)
- self.save()
-
- def delete(self, raw):
- self.ddict.pop(raw)
- self.save()
-
- def save(self):
- (fd, newfilename) = tempfile.mkstemp('', self.filename)
- os.write(fd, self.out())
- os.close(fd)
- os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
- os.rename(newfilename, self.filename)
- os.system("/sbin/service mcstrans reload > /dev/null")
+ if semanageRecords.handle:
+ return semanageRecords.handle
-class semanageRecords:
- def __init__(self, store):
- global handle
+ handle = semanage_handle_create()
+ if not handle:
+ raise ValueError(_("Could not create semanage handle"))
+
+ if store != "":
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
global handle
- if handle != None:
- self.sh = handle
- else:
- self.sh = get_handle(store)
- self.transaction = False
+ self.sh = self.get_handle(store)
+
+ def get_handle(self, store):
+ global is_mls_enabled
+
+ if semanageRecords.handle:
+ return semanageRecords.handle
+
+ handle = semanage_handle_create()
+ if not handle:
+ raise ValueError(_("Could not create semanage handle"))
+
+ if store != "":
+ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
+
+ if not semanage_is_managed(handle):
+ semanage_handle_destroy(handle)
+ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
@ -2882,8 +2782,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
raise ValueError(_("Semanage transaction not in progress"))
- self.transaction = False
+ semanageRecords.transaction = False
self.commit()
+ self.commit()
+
+class moduleRecords(semanageRecords):
+ def __init__(self, store):
+ semanageRecords.__init__(self, store)
@ -2947,18 +2847,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ if rc < 0 and rc != -2:
+ raise ValueError(_("Could not remove module %s (remove failed)") % m)
+
+ self.commit()
self.commit()
+
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+ all = " ".join(l[0])
+ self.delete(all)
+
class dontauditClass(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
@@ -341,6 +332,7 @@
@@ -259,6 +332,7 @@
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@ -2966,7 +2865,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
return l
def list(self, heading = 1, locallist = 0):
@@ -425,7 +417,9 @@
@@ -343,7 +417,9 @@
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@ -2977,7 +2876,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if name[0] == '%':
try:
grp.getgrnam(name[1:])
@@ -557,6 +551,16 @@
@@ -475,6 +551,16 @@
mylog.log(1, "delete SELinux user mapping", name);
@ -2994,7 +2893,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -571,6 +575,15 @@
@@ -489,6 +575,15 @@
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@ -3010,7 +2909,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
@@ -613,7 +626,8 @@
@@ -531,7 +626,8 @@
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@ -3020,7 +2919,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
@@ -764,6 +778,16 @@
@@ -682,6 +778,16 @@
mylog.log(1,"delete SELinux user record", name)
@ -3037,7 +2936,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -784,6 +808,15 @@
@@ -702,6 +808,15 @@
return ddict
@ -3053,7 +2952,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
@@ -822,12 +855,16 @@
@@ -740,12 +855,16 @@
low = int(ports[0])
high = int(ports[1])
@ -3070,7 +2969,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -890,6 +927,7 @@
@@ -808,6 +927,7 @@
self.commit()
def __modify(self, port, proto, serange, setype):
@ -3078,7 +2977,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
@@ -1024,6 +1062,18 @@
@@ -942,6 +1062,18 @@
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@ -3097,7 +2996,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
@@ -1040,7 +1090,8 @@
@@ -958,7 +1090,8 @@
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
@ -3107,7 +3006,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def __add(self, addr, mask, proto, serange, ctype):
if addr == "":
raise ValueError(_("Node Address is required"))
@@ -1048,14 +1099,11 @@
@@ -966,14 +1099,11 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@ -3125,7 +3024,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
@@ -1073,7 +1121,8 @@
@@ -991,7 +1121,8 @@
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@ -3135,7 +3034,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
@@ -1120,7 +1169,7 @@
@@ -1038,7 +1169,7 @@
def add(self, addr, mask, proto, serange, ctype):
self.begin()
@ -3144,7 +3043,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
self.commit()
def __modify(self, addr, mask, proto, serange, setype):
@@ -1129,13 +1178,10 @@
@@ -1047,13 +1178,10 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@ -3162,7 +3061,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
@@ -1180,11 +1226,9 @@
@@ -1098,11 +1226,9 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@ -3177,7 +3076,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
raise ValueError(_("Unknown or missing protocol"))
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
@@ -1214,6 +1258,16 @@
@@ -1132,6 +1258,16 @@
self.__delete(addr, mask, proto)
self.commit()
@ -3194,7 +3093,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist :
@@ -1227,15 +1281,20 @@
@@ -1145,15 +1281,20 @@
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@ -3220,7 +3119,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
@@ -1275,7 +1334,8 @@
@@ -1193,7 +1334,8 @@
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@ -3230,7 +3129,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
@@ -1389,6 +1449,16 @@
@@ -1307,6 +1449,16 @@
self.__delete(interface)
self.commit()
@ -3247,7 +3146,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -1404,6 +1474,15 @@
@@ -1322,6 +1474,15 @@
return ddict
@ -3263,7 +3162,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
@@ -1420,6 +1499,48 @@
@@ -1338,6 +1499,48 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@ -3312,7 +3211,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
@@ -1446,6 +1567,8 @@
@@ -1364,6 +1567,8 @@
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@ -3321,7 +3220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
@@ -1470,7 +1593,8 @@
@@ -1388,7 +1593,8 @@
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@ -3331,7 +3230,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
@@ -1586,9 +1710,16 @@
@@ -1504,9 +1710,16 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@ -3348,7 +3247,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
@@ -1643,12 +1774,22 @@
@@ -1561,12 +1774,22 @@
return ddict
@ -3373,7 +3272,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
@@ -1794,6 +1935,16 @@
@@ -1712,6 +1935,16 @@
else:
return _("unknown")
@ -3609,3 +3508,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
argv[0]);
exit(1);
}
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.75/VERSION
--- nsapolicycoreutils/VERSION 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.75/VERSION 2009-11-03 09:21:41.000000000 -0500
@@ -1 +1 @@
-2.0.76
+2.0.75

10
policycoreutils.spec
View File

@ -5,8 +5,8 @@
%define sepolgenver 1.0.17
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.75
Release: 3%{?dist}
Version: 2.0.76
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -296,6 +296,12 @@ fi
exit 0
%changelog
* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
- Update to upstream
* Remove setrans management from semanage, as it does not work
from Dan Walsh.
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
- Raise exception if user tries to add file context with an embedded space

3
sources
View File

@ -1,3 +1,2 @@
480cc64a050735fa1163a87dc89c4f49 sepolgen-1.0.17.tgz
3798f448cdc084e535507f0eee209fc7 policycoreutils-2.0.75.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
0762f1174561dacad12bc9b30aa12307 policycoreutils-2.0.76.tgz