Fix semange node handling of ipv6 addresses
This commit is contained in:
parent
6d8189f150
commit
ed4c843b48
|
@ -4211,7 +4211,7 @@ index 70d1a20..fb6a79b 100644
|
||||||
+.br
|
+.br
|
||||||
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
||||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||||
index b7d257b..d5920aa 100644
|
index b7d257b..4462c9e 100644
|
||||||
--- a/policycoreutils/semanage/seobject.py
|
--- a/policycoreutils/semanage/seobject.py
|
||||||
+++ b/policycoreutils/semanage/seobject.py
|
+++ b/policycoreutils/semanage/seobject.py
|
||||||
@@ -25,51 +25,17 @@ import pwd, grp, string, selinux, tempfile, os, re, sys, stat
|
@@ -25,51 +25,17 @@ import pwd, grp, string, selinux, tempfile, os, re, sys, stat
|
||||||
|
@ -4593,18 +4593,18 @@ index b7d257b..d5920aa 100644
|
||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
if heading:
|
if heading:
|
||||||
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
|
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
|
||||||
@@ -958,21 +1094,35 @@ class portRecords(semanageRecords):
|
@@ -958,21 +1094,36 @@ class portRecords(semanageRecords):
|
||||||
class nodeRecords(semanageRecords):
|
class nodeRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self,store)
|
semanageRecords.__init__(self,store)
|
||||||
-
|
|
||||||
- def __add(self, addr, mask, proto, serange, ctype):
|
|
||||||
+ self.protocol = ["ipv4", "ipv6"]
|
+ self.protocol = ["ipv4", "ipv6"]
|
||||||
+
|
+
|
||||||
+ def validate(self, addr, mask, protocol):
|
+ def validate(self, addr, mask, protocol):
|
||||||
+ newaddr=""
|
+ newaddr=addr
|
||||||
+ newmask=""
|
+ newmask=mask
|
||||||
+ newprotocol=""
|
+ newprotocol=""
|
||||||
|
|
||||||
|
- def __add(self, addr, mask, proto, serange, ctype):
|
||||||
if addr == "":
|
if addr == "":
|
||||||
raise ValueError(_("Node Address is required"))
|
raise ValueError(_("Node Address is required"))
|
||||||
|
|
||||||
|
@ -4619,14 +4619,14 @@ index b7d257b..d5920aa 100644
|
||||||
+ # verify valid comination
|
+ # verify valid comination
|
||||||
+ if len(mask) == 0 or mask[0] == "/":
|
+ if len(mask) == 0 or mask[0] == "/":
|
||||||
+ i = IP(addr + mask)
|
+ i = IP(addr + mask)
|
||||||
+ else:
|
+ newaddr = i.strNormal(0)
|
||||||
+ i = IP(addr + "/" + mask)
|
+ newmask = str(i.netmask())
|
||||||
+ newaddr = i.strNormal(0)
|
+ if newmask == "0.0.0.0" and i.version() == 6:
|
||||||
+ newmask = str(i.netmask())
|
+ newmask = "::"
|
||||||
+ if protocol == "":
|
+
|
||||||
+ protocol = "ipv%d" % i.version()
|
+ protocol = "ipv%d" % i.version()
|
||||||
+
|
+
|
||||||
+ try:
|
+ try:
|
||||||
+ newprotocol = self.protocol.index(protocol)
|
+ newprotocol = self.protocol.index(protocol)
|
||||||
+ except:
|
+ except:
|
||||||
raise ValueError(_("Unknown or missing protocol"))
|
raise ValueError(_("Unknown or missing protocol"))
|
||||||
|
@ -4639,7 +4639,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
if serange == "":
|
if serange == "":
|
||||||
@@ -991,11 +1141,13 @@ class nodeRecords(semanageRecords):
|
@@ -991,11 +1142,13 @@ class nodeRecords(semanageRecords):
|
||||||
|
|
||||||
(rc, exists) = semanage_node_exists(self.sh, k)
|
(rc, exists) = semanage_node_exists(self.sh, k)
|
||||||
if exists:
|
if exists:
|
||||||
|
@ -4654,7 +4654,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
rc = semanage_node_set_addr(self.sh, node, proto, addr)
|
rc = semanage_node_set_addr(self.sh, node, proto, addr)
|
||||||
(rc, con) = semanage_context_create(self.sh)
|
(rc, con) = semanage_context_create(self.sh)
|
||||||
@@ -1005,8 +1157,7 @@ class nodeRecords(semanageRecords):
|
@@ -1005,8 +1158,7 @@ class nodeRecords(semanageRecords):
|
||||||
rc = semanage_node_set_mask(self.sh, node, proto, mask)
|
rc = semanage_node_set_mask(self.sh, node, proto, mask)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not set mask for %s") % addr)
|
raise ValueError(_("Could not set mask for %s") % addr)
|
||||||
|
@ -4664,7 +4664,7 @@ index b7d257b..d5920aa 100644
|
||||||
rc = semanage_context_set_user(self.sh, con, "system_u")
|
rc = semanage_context_set_user(self.sh, con, "system_u")
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not set user in addr context for %s") % addr)
|
raise ValueError(_("Could not set user in addr context for %s") % addr)
|
||||||
@@ -1042,18 +1193,8 @@ class nodeRecords(semanageRecords):
|
@@ -1042,18 +1194,8 @@ class nodeRecords(semanageRecords):
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
def __modify(self, addr, mask, proto, serange, setype):
|
def __modify(self, addr, mask, proto, serange, setype):
|
||||||
|
@ -4684,7 +4684,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
raise ValueError(_("Requires setype or serange"))
|
raise ValueError(_("Requires setype or serange"))
|
||||||
@@ -1068,12 +1209,11 @@ class nodeRecords(semanageRecords):
|
@@ -1068,12 +1210,11 @@ class nodeRecords(semanageRecords):
|
||||||
if not exists:
|
if not exists:
|
||||||
raise ValueError(_("Addr %s is not defined") % addr)
|
raise ValueError(_("Addr %s is not defined") % addr)
|
||||||
|
|
||||||
|
@ -4698,7 +4698,7 @@ index b7d257b..d5920aa 100644
|
||||||
if serange != "":
|
if serange != "":
|
||||||
semanage_context_set_mls(self.sh, con, untranslate(serange))
|
semanage_context_set_mls(self.sh, con, untranslate(serange))
|
||||||
if setype != "":
|
if setype != "":
|
||||||
@@ -1092,18 +1232,8 @@ class nodeRecords(semanageRecords):
|
@@ -1092,18 +1233,8 @@ class nodeRecords(semanageRecords):
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
def __delete(self, addr, mask, proto):
|
def __delete(self, addr, mask, proto):
|
||||||
|
@ -4718,7 +4718,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1132,6 +1262,16 @@ class nodeRecords(semanageRecords):
|
@@ -1132,6 +1263,16 @@ class nodeRecords(semanageRecords):
|
||||||
self.__delete(addr, mask, proto)
|
self.__delete(addr, mask, proto)
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
|
@ -4735,7 +4735,7 @@ index b7d257b..d5920aa 100644
|
||||||
def get_all(self, locallist = 0):
|
def get_all(self, locallist = 0):
|
||||||
ddict = {}
|
ddict = {}
|
||||||
if locallist :
|
if locallist :
|
||||||
@@ -1145,15 +1285,20 @@ class nodeRecords(semanageRecords):
|
@@ -1145,15 +1286,20 @@ class nodeRecords(semanageRecords):
|
||||||
con = semanage_node_get_con(node)
|
con = semanage_node_get_con(node)
|
||||||
addr = semanage_node_get_addr(self.sh, node)
|
addr = semanage_node_get_addr(self.sh, node)
|
||||||
mask = semanage_node_get_mask(self.sh, node)
|
mask = semanage_node_get_mask(self.sh, node)
|
||||||
|
@ -4761,7 +4761,7 @@ index b7d257b..d5920aa 100644
|
||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
if heading:
|
if heading:
|
||||||
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
|
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
|
||||||
@@ -1193,7 +1338,8 @@ class interfaceRecords(semanageRecords):
|
@@ -1193,7 +1339,8 @@ class interfaceRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||||
if exists:
|
if exists:
|
||||||
|
@ -4771,7 +4771,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
(rc, iface) = semanage_iface_create(self.sh)
|
(rc, iface) = semanage_iface_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1307,6 +1453,16 @@ class interfaceRecords(semanageRecords):
|
@@ -1307,6 +1454,16 @@ class interfaceRecords(semanageRecords):
|
||||||
self.__delete(interface)
|
self.__delete(interface)
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
|
@ -4788,7 +4788,7 @@ index b7d257b..d5920aa 100644
|
||||||
def get_all(self, locallist = 0):
|
def get_all(self, locallist = 0):
|
||||||
ddict = {}
|
ddict = {}
|
||||||
if locallist:
|
if locallist:
|
||||||
@@ -1322,6 +1478,15 @@ class interfaceRecords(semanageRecords):
|
@@ -1322,6 +1479,15 @@ class interfaceRecords(semanageRecords):
|
||||||
|
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
|
@ -4804,7 +4804,7 @@ index b7d257b..d5920aa 100644
|
||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
if heading:
|
if heading:
|
||||||
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
|
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
|
||||||
@@ -1338,6 +1503,48 @@ class interfaceRecords(semanageRecords):
|
@@ -1338,6 +1504,48 @@ class interfaceRecords(semanageRecords):
|
||||||
class fcontextRecords(semanageRecords):
|
class fcontextRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self, store)
|
semanageRecords.__init__(self, store)
|
||||||
|
@ -4853,7 +4853,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
def createcon(self, target, seuser = "system_u"):
|
def createcon(self, target, seuser = "system_u"):
|
||||||
(rc, con) = semanage_context_create(self.sh)
|
(rc, con) = semanage_context_create(self.sh)
|
||||||
@@ -1364,6 +1571,8 @@ class fcontextRecords(semanageRecords):
|
@@ -1364,6 +1572,8 @@ class fcontextRecords(semanageRecords):
|
||||||
def validate(self, target):
|
def validate(self, target):
|
||||||
if target == "" or target.find("\n") >= 0:
|
if target == "" or target.find("\n") >= 0:
|
||||||
raise ValueError(_("Invalid file specification"))
|
raise ValueError(_("Invalid file specification"))
|
||||||
|
@ -4862,7 +4862,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
||||||
self.validate(target)
|
self.validate(target)
|
||||||
@@ -1388,7 +1597,8 @@ class fcontextRecords(semanageRecords):
|
@@ -1388,7 +1598,8 @@ class fcontextRecords(semanageRecords):
|
||||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
|
||||||
if exists:
|
if exists:
|
||||||
|
@ -4872,7 +4872,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1504,9 +1714,16 @@ class fcontextRecords(semanageRecords):
|
@@ -1504,9 +1715,16 @@ class fcontextRecords(semanageRecords):
|
||||||
raise ValueError(_("Could not delete the file context %s") % target)
|
raise ValueError(_("Could not delete the file context %s") % target)
|
||||||
semanage_fcontext_key_free(k)
|
semanage_fcontext_key_free(k)
|
||||||
|
|
||||||
|
@ -4889,7 +4889,7 @@ index b7d257b..d5920aa 100644
|
||||||
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create a key for %s") % target)
|
raise ValueError(_("Could not create a key for %s") % target)
|
||||||
@@ -1561,12 +1778,22 @@ class fcontextRecords(semanageRecords):
|
@@ -1561,12 +1779,22 @@ class fcontextRecords(semanageRecords):
|
||||||
|
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
|
@ -4914,7 +4914,7 @@ index b7d257b..d5920aa 100644
|
||||||
for k in keys:
|
for k in keys:
|
||||||
if fcon_dict[k]:
|
if fcon_dict[k]:
|
||||||
if is_mls_enabled:
|
if is_mls_enabled:
|
||||||
@@ -1575,6 +1802,12 @@ class fcontextRecords(semanageRecords):
|
@@ -1575,6 +1803,12 @@ class fcontextRecords(semanageRecords):
|
||||||
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||||
else:
|
else:
|
||||||
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||||
|
@ -4927,7 +4927,7 @@ index b7d257b..d5920aa 100644
|
||||||
|
|
||||||
class booleanRecords(semanageRecords):
|
class booleanRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
@@ -1587,6 +1820,18 @@ class booleanRecords(semanageRecords):
|
@@ -1587,6 +1821,18 @@ class booleanRecords(semanageRecords):
|
||||||
self.dict["1"] = 1
|
self.dict["1"] = 1
|
||||||
self.dict["0"] = 0
|
self.dict["0"] = 0
|
||||||
|
|
||||||
|
@ -4946,7 +4946,7 @@ index b7d257b..d5920aa 100644
|
||||||
def __mod(self, name, value):
|
def __mod(self, name, value):
|
||||||
(rc, k) = semanage_bool_key_create(self.sh, name)
|
(rc, k) = semanage_bool_key_create(self.sh, name)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1606,9 +1851,10 @@ class booleanRecords(semanageRecords):
|
@@ -1606,9 +1852,10 @@ class booleanRecords(semanageRecords):
|
||||||
else:
|
else:
|
||||||
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
|
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
|
||||||
|
|
||||||
|
@ -4960,7 +4960,7 @@ index b7d257b..d5920aa 100644
|
||||||
rc = semanage_bool_modify_local(self.sh, k, b)
|
rc = semanage_bool_modify_local(self.sh, k, b)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not modify boolean %s") % name)
|
raise ValueError(_("Could not modify boolean %s") % name)
|
||||||
@@ -1691,8 +1937,12 @@ class booleanRecords(semanageRecords):
|
@@ -1691,8 +1938,12 @@ class booleanRecords(semanageRecords):
|
||||||
value = []
|
value = []
|
||||||
name = semanage_bool_get_name(boolean)
|
name = semanage_bool_get_name(boolean)
|
||||||
value.append(semanage_bool_get_value(boolean))
|
value.append(semanage_bool_get_value(boolean))
|
||||||
|
@ -4975,7 +4975,7 @@ index b7d257b..d5920aa 100644
|
||||||
ddict[name] = value
|
ddict[name] = value
|
||||||
|
|
||||||
return ddict
|
return ddict
|
||||||
@@ -1706,6 +1956,16 @@ class booleanRecords(semanageRecords):
|
@@ -1706,6 +1957,16 @@ class booleanRecords(semanageRecords):
|
||||||
else:
|
else:
|
||||||
return _("unknown")
|
return _("unknown")
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.85
|
Version: 2.0.85
|
||||||
Release: 26%{?dist}
|
Release: 27%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
|
@ -331,9 +331,15 @@ fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 24 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-27
|
||||||
|
- Fix semange node handling of ipv6 addresses
|
||||||
|
|
||||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
||||||
- Fix sepolgen-ifgen call, add -p option
|
- Fix sepolgen-ifgen call, add -p option
|
||||||
|
|
||||||
|
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-25
|
||||||
|
- Fix sepolgen-ifgen call
|
||||||
|
|
||||||
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
||||||
- Fix rsync command to work if the directory is old.
|
- Fix rsync command to work if the directory is old.
|
||||||
- Fix all tests
|
- Fix all tests
|
||||||
|
|
Loading…
Reference in New Issue