Add FILENAME support to sepolgen
- Add back support for '<<none>>' in semanage fcontext.
This commit is contained in:
parent
b017084e09
commit
f4d9a59205
|
@ -1,6 +1,6 @@
|
|||
diff -up policycoreutils-2.1.13/gui/domainsPage.py.f19 policycoreutils-2.1.13/gui/domainsPage.py
|
||||
--- policycoreutils-2.1.13/gui/domainsPage.py.f19 2013-03-19 20:06:36.341223283 -0400
|
||||
+++ policycoreutils-2.1.13/gui/domainsPage.py 2013-03-19 20:06:36.515223688 -0400
|
||||
--- policycoreutils-2.1.13/gui/domainsPage.py.f19 2013-04-17 11:46:20.547725750 -0400
|
||||
+++ policycoreutils-2.1.13/gui/domainsPage.py 2013-04-17 11:46:20.727726444 -0400
|
||||
@@ -26,7 +26,7 @@ import sys
|
||||
import seobject
|
||||
import selinux
|
||||
|
@ -20,8 +20,8 @@ diff -up policycoreutils-2.1.13/gui/domainsPage.py.f19 policycoreutils-2.1.13/gu
|
|||
|
||||
def get_modules(self):
|
||||
diff -up policycoreutils-2.1.13/gui/statusPage.py.f19 policycoreutils-2.1.13/gui/statusPage.py
|
||||
--- policycoreutils-2.1.13/gui/statusPage.py.f19 2013-03-19 20:06:36.346223294 -0400
|
||||
+++ policycoreutils-2.1.13/gui/statusPage.py 2013-03-19 20:06:36.515223688 -0400
|
||||
--- policycoreutils-2.1.13/gui/statusPage.py.f19 2013-04-17 11:46:20.555725781 -0400
|
||||
+++ policycoreutils-2.1.13/gui/statusPage.py 2013-04-17 11:46:20.727726444 -0400
|
||||
@@ -177,7 +177,11 @@ class statusPage:
|
||||
|
||||
def read_selinux_config(self):
|
||||
|
@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.13/gui/statusPage.py.f19 policycoreutils-2.1.13/gui
|
|||
self.enabledOptionMenu.set_active(self.enabled + 1 )
|
||||
|
||||
diff -up policycoreutils-2.1.13/restorecond/restorecond.conf.f19 policycoreutils-2.1.13/restorecond/restorecond.conf
|
||||
--- policycoreutils-2.1.13/restorecond/restorecond.conf.f19 2013-03-19 20:06:36.492223634 -0400
|
||||
+++ policycoreutils-2.1.13/restorecond/restorecond.conf 2013-03-19 20:06:36.515223688 -0400
|
||||
--- policycoreutils-2.1.13/restorecond/restorecond.conf.f19 2013-04-17 11:46:20.706726363 -0400
|
||||
+++ policycoreutils-2.1.13/restorecond/restorecond.conf 2013-04-17 11:46:20.727726444 -0400
|
||||
@@ -1,6 +1,7 @@
|
||||
/etc/services
|
||||
/etc/resolv.conf
|
||||
|
@ -48,7 +48,7 @@ diff -up policycoreutils-2.1.13/restorecond/restorecond.conf.f19 policycoreutils
|
|||
/root/*
|
||||
diff -up policycoreutils-2.1.13/restorecond/user.c.f19 policycoreutils-2.1.13/restorecond/user.c
|
||||
--- policycoreutils-2.1.13/restorecond/user.c.f19 2012-09-25 16:17:37.000000000 -0400
|
||||
+++ policycoreutils-2.1.13/restorecond/user.c 2013-03-19 20:06:36.516223690 -0400
|
||||
+++ policycoreutils-2.1.13/restorecond/user.c 2013-04-17 11:46:20.727726444 -0400
|
||||
@@ -54,6 +54,7 @@ static const char *PATH="/org/selinux/Re
|
||||
static const char *INTERFACE="org.selinux.RestorecondIface";
|
||||
static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'";
|
||||
|
@ -101,8 +101,8 @@ diff -up policycoreutils-2.1.13/restorecond/user.c.f19 policycoreutils-2.1.13/re
|
|||
return 0;
|
||||
}
|
||||
diff -up policycoreutils-2.1.13/sandbox/seunshare.c.f19 policycoreutils-2.1.13/sandbox/seunshare.c
|
||||
--- policycoreutils-2.1.13/sandbox/seunshare.c.f19 2013-03-19 20:06:36.492223634 -0400
|
||||
+++ policycoreutils-2.1.13/sandbox/seunshare.c 2013-03-25 09:23:39.404480393 -0400
|
||||
--- policycoreutils-2.1.13/sandbox/seunshare.c.f19 2013-04-17 11:46:20.706726363 -0400
|
||||
+++ policycoreutils-2.1.13/sandbox/seunshare.c 2013-04-17 11:46:20.727726444 -0400
|
||||
@@ -31,12 +31,6 @@
|
||||
#include <selinux/context.h> /* for context-mangling functions */
|
||||
#include <dirent.h>
|
||||
|
@ -262,9 +262,68 @@ diff -up policycoreutils-2.1.13/sandbox/seunshare.c.f19 policycoreutils-2.1.13/s
|
|||
free(display);
|
||||
free(LANG);
|
||||
exit(-1);
|
||||
diff -up policycoreutils-2.1.13/semanage/semanage.8.f19 policycoreutils-2.1.13/semanage/semanage.8
|
||||
--- policycoreutils-2.1.13/semanage/semanage.8.f19 2013-04-23 13:20:31.640489842 -0400
|
||||
+++ policycoreutils-2.1.13/semanage/semanage.8 2013-04-23 13:20:37.522515873 -0400
|
||||
@@ -14,15 +14,15 @@ Input local customizations
|
||||
Manage booleans. Booleans allow the administrator to modify the confinement of
|
||||
processes based on his configuration.
|
||||
.br
|
||||
-.B semanage boolean [\-S store] \-{d|m|l|D} [\-nN] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
|
||||
+.B semanage boolean [\-S store] \-{d|m|l|D|E} [\-nN] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
|
||||
|
||||
Manage SELinux confined users (Roles and levels for an SELinux user)
|
||||
.br
|
||||
-.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnNPrR] selinux_name
|
||||
+.B semanage user [\-S store] \-{a|d|m|l|D|E} [\-LnNPrR] selinux_name
|
||||
|
||||
Manage login mappings between linux users and SELinux confined users.
|
||||
.br
|
||||
-.B semanage login [\-S store] \-{a|d|m|l|D} [\-nNrs] login_name | %groupname
|
||||
+.B semanage login [\-S store] \-{a|d|m|l|D|E} [\-nNrs] login_name | %groupname
|
||||
|
||||
Manage policy modules.
|
||||
.br
|
||||
@@ -30,16 +30,16 @@ Manage policy modules.
|
||||
|
||||
Manage network port type definitions
|
||||
.br
|
||||
-.B semanage port [\-S store] \-{a|d|m|l|D} [\-nNrt] [\-p proto] port | port_range
|
||||
+.B semanage port [\-S store] \-{a|d|m|l|D|E} [\-nNrt] [\-p proto] port | port_range
|
||||
.br
|
||||
|
||||
Manage network interface type definitions
|
||||
.br
|
||||
-.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nNrt] interface_spec
|
||||
+.B semanage interface [\-S store] \-{a|d|m|l|D|E} [\-nNrt] interface_spec
|
||||
|
||||
Manage network node type definitions
|
||||
.br
|
||||
-.B semanage node [\-S store] -{a|d|m|l|D} [-nNrt] [ -p protocol ] [-M netmask] address
|
||||
+.B semanage node [\-S store] -{a|d|m|l|D|E} [-nNrt] [ -p protocol ] [-M netmask] address
|
||||
.br
|
||||
|
||||
Manage file context mapping definitions
|
||||
@@ -123,11 +123,15 @@ Currently booleans only.
|
||||
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-display this message
|
||||
+display usage message
|
||||
.TP
|
||||
.I \-l, \-\-list
|
||||
List the OBJECTS
|
||||
.TP
|
||||
+.I \-E, \-\-extract
|
||||
+Extract custommizable commands, which could then be used on another machine.
|
||||
+Command output is suitable for a transaction. See also --output
|
||||
+.TP
|
||||
.I \-C, \-\-locallist
|
||||
List only locally defined settings, not base policy settings.
|
||||
.TP
|
||||
diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/semanage/semanage
|
||||
--- policycoreutils-2.1.13/semanage/semanage.f19 2013-03-19 20:06:36.494223639 -0400
|
||||
+++ policycoreutils-2.1.13/semanage/semanage 2013-03-19 20:06:36.516223690 -0400
|
||||
--- policycoreutils-2.1.13/semanage/semanage.f19 2013-04-17 11:46:20.708726371 -0400
|
||||
+++ policycoreutils-2.1.13/semanage/semanage 2013-04-23 13:20:11.522400405 -0400
|
||||
@@ -61,7 +61,7 @@ semanage interface -{a|d|m|l|D|E} [-Nntr
|
||||
semanage module -{a|d|m} [--enable|--disable] [-N] module
|
||||
semanage node -{a|d|m|l|D|E} [-Nntr] [ -p protocol ] [-M netmask] addr
|
||||
|
@ -274,6 +333,15 @@ diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/sem
|
|||
semanage permissive -{d|a|l} [-Nn] type
|
||||
semanage dontaudit [ on | off ] [-N]
|
||||
|
||||
@@ -73,7 +73,7 @@ Primary Options:
|
||||
-i, --input Input multiple semange commands in a transaction
|
||||
-o, --output Output current customizations as semange commands
|
||||
-l, --list List the OBJECTS
|
||||
- -E, --extract extract customizable commands
|
||||
+ -E, --extract Extract customizable commands, for use within a transaction
|
||||
-C, --locallist List OBJECTS local customizations
|
||||
-D, --deleteall Remove all OBJECTS local customizations
|
||||
|
||||
@@ -376,11 +376,8 @@ Object-specific Options (see above):
|
||||
OBJECT = seobject.moduleRecords(store)
|
||||
|
||||
|
@ -298,8 +366,8 @@ diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/sem
|
|||
return
|
||||
|
||||
diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/semanage/seobject.py
|
||||
--- policycoreutils-2.1.13/semanage/seobject.py.f19 2013-03-19 20:06:36.494223639 -0400
|
||||
+++ policycoreutils-2.1.13/semanage/seobject.py 2013-03-19 20:06:36.517223693 -0400
|
||||
--- policycoreutils-2.1.13/semanage/seobject.py.f19 2013-04-17 11:46:20.709726374 -0400
|
||||
+++ policycoreutils-2.1.13/semanage/seobject.py 2013-04-23 13:19:12.826140783 -0400
|
||||
@@ -373,7 +373,11 @@ class permissiveRecords(semanageRecords)
|
||||
|
||||
def add(self, type):
|
||||
|
@ -337,21 +405,22 @@ diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/
|
|||
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self,store)
|
||||
@@ -1634,8 +1644,11 @@ class interfaceRecords(semanageRecords):
|
||||
@@ -1634,8 +1644,12 @@ class interfaceRecords(semanageRecords):
|
||||
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
|
||||
|
||||
class fcontextRecords(semanageRecords):
|
||||
- valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
|
||||
- valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
|
||||
+ valid_types = ["<<none>>"]
|
||||
+ try:
|
||||
+ valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
|
||||
+ valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
|
||||
+ valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
|
||||
+ except RuntimeError:
|
||||
+ valid_types = []
|
||||
+ pass
|
||||
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
@@ -2018,6 +2031,9 @@ class booleanRecords(semanageRecords):
|
||||
@@ -2018,6 +2032,9 @@ class booleanRecords(semanageRecords):
|
||||
self.modify_local = False
|
||||
|
||||
def __mod(self, name, value):
|
||||
|
@ -361,9 +430,86 @@ diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/
|
|||
name = selinux.selinux_boolean_sub(name)
|
||||
|
||||
(rc, k) = semanage_bool_key_create(self.sh, name)
|
||||
diff -up policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py.f19 policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py
|
||||
--- policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py.f19 2013-04-23 13:23:29.135260349 -0400
|
||||
+++ policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py 2013-04-23 13:23:39.420304400 -0400
|
||||
@@ -65,6 +65,7 @@ tokens = (
|
||||
'BAR',
|
||||
'EXPL',
|
||||
'EQUAL',
|
||||
+ 'FILENAME',
|
||||
'IDENTIFIER',
|
||||
'NUMBER',
|
||||
'PATH',
|
||||
@@ -249,11 +250,17 @@ def t_refpolicywarn(t):
|
||||
t.lexer.lineno += 1
|
||||
|
||||
def t_IDENTIFIER(t):
|
||||
- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*'
|
||||
+ r'[a-zA-Z_\$][a-zA-Z0-9_\-\+\.\$\*~]*'
|
||||
# Handle any keywords
|
||||
t.type = reserved.get(t.value,'IDENTIFIER')
|
||||
return t
|
||||
|
||||
+def t_FILENAME(t):
|
||||
+ r'\"[a-zA-Z0-9_\-\+\.\$\*~ :]+\"'
|
||||
+ # Handle any keywords
|
||||
+ t.type = reserved.get(t.value,'FILENAME')
|
||||
+ return t
|
||||
+
|
||||
def t_comment(t):
|
||||
r'\#.*\n'
|
||||
# Ignore all comments
|
||||
@@ -450,6 +457,7 @@ def p_interface_call_param(p):
|
||||
| nested_id_set
|
||||
| TRUE
|
||||
| FALSE
|
||||
+ | FILENAME
|
||||
'''
|
||||
# Intentionally let single identifiers pass through
|
||||
# List means set, non-list identifier
|
||||
@@ -461,6 +469,7 @@ def p_interface_call_param(p):
|
||||
def p_interface_call_param_list(p):
|
||||
'''interface_call_param_list : interface_call_param
|
||||
| interface_call_param_list COMMA interface_call_param
|
||||
+ | interface_call_param_list COMMA interface_call_param COMMA interface_call_param_list
|
||||
'''
|
||||
if len(p) == 2:
|
||||
p[0] = [p[1]]
|
||||
@@ -787,6 +796,7 @@ def p_avrule_def(p):
|
||||
|
||||
def p_typerule_def(p):
|
||||
'''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
|
||||
+ | TYPE_TRANSITION names names COLON names IDENTIFIER FILENAME SEMI
|
||||
| TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
|
||||
| TYPE_CHANGE names names COLON names IDENTIFIER SEMI
|
||||
| TYPE_MEMBER names names COLON names IDENTIFIER SEMI
|
||||
@@ -800,6 +810,7 @@ def p_typerule_def(p):
|
||||
t.tgt_types = p[3]
|
||||
t.obj_classes = p[5]
|
||||
t.dest_type = p[6]
|
||||
+ t.file_name = p[7]
|
||||
p[0] = t
|
||||
|
||||
def p_bool(p):
|
||||
diff -up policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py.f19 policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py
|
||||
--- policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py.f19 2013-04-23 13:23:01.751142859 -0400
|
||||
+++ policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py 2013-04-23 13:23:08.986173931 -0400
|
||||
@@ -361,9 +361,9 @@ class TypeAttribute(Leaf):
|
||||
return "typeattribute %s %s;" % (self.type, self.attributes.to_comma_str())
|
||||
|
||||
class RoleAttribute(Leaf):
|
||||
- """SElinux typeattribute statement.
|
||||
+ """SElinux roleattribute statement.
|
||||
|
||||
- This class represents a typeattribute statement.
|
||||
+ This class represents a roleattribute statement.
|
||||
"""
|
||||
def __init__(self, parent=None):
|
||||
Leaf.__init__(self, parent)
|
||||
diff -up policycoreutils-2.1.13/sepolicy/info.c.f19 policycoreutils-2.1.13/sepolicy/info.c
|
||||
--- policycoreutils-2.1.13/sepolicy/info.c.f19 2013-03-19 20:06:36.495223641 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/info.c 2013-03-19 20:06:36.518223695 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/info.c.f19 2013-04-17 11:46:20.710726378 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/info.c 2013-04-17 11:46:20.728726447 -0400
|
||||
@@ -988,39 +988,51 @@ PyObject* info( int type, const char *na
|
||||
{
|
||||
PyObject* output = NULL;
|
||||
|
@ -433,8 +579,8 @@ diff -up policycoreutils-2.1.13/sepolicy/info.c.f19 policycoreutils-2.1.13/sepol
|
|||
|
||||
void init_info (PyObject *m) {
|
||||
diff -up policycoreutils-2.1.13/sepolicy/Makefile.f19 policycoreutils-2.1.13/sepolicy/Makefile
|
||||
--- policycoreutils-2.1.13/sepolicy/Makefile.f19 2013-03-19 20:06:36.495223641 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/Makefile 2013-03-19 20:06:36.518223695 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/Makefile.f19 2013-04-17 11:46:20.709726374 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/Makefile 2013-04-17 11:46:20.728726447 -0400
|
||||
@@ -23,10 +23,10 @@ clean:
|
||||
-rm -rf build *~ \#* *pyc .#*
|
||||
|
||||
|
@ -449,8 +595,8 @@ diff -up policycoreutils-2.1.13/sepolicy/Makefile.f19 policycoreutils-2.1.13/sep
|
|||
install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)
|
||||
- install -m 644 *.8 $(MANDIR)/man8
|
||||
diff -up policycoreutils-2.1.13/sepolicy/policy.c.f19 policycoreutils-2.1.13/sepolicy/policy.c
|
||||
--- policycoreutils-2.1.13/sepolicy/policy.c.f19 2013-03-19 20:06:36.495223641 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/policy.c 2013-03-19 20:06:36.518223695 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/policy.c.f19 2013-04-17 11:46:20.710726378 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/policy.c 2013-04-17 11:46:20.729726451 -0400
|
||||
@@ -66,7 +66,6 @@ PyObject *wrap_policy(PyObject *UNUSED(s
|
||||
}
|
||||
apol_vector_destroy(&mod_paths);
|
||||
|
@ -460,8 +606,8 @@ diff -up policycoreutils-2.1.13/sepolicy/policy.c.f19 policycoreutils-2.1.13/sep
|
|||
apol_policy_path_destroy(&pol_path);
|
||||
if (!policy) {
|
||||
diff -up policycoreutils-2.1.13/sepolicy/search.c.f19 policycoreutils-2.1.13/sepolicy/search.c
|
||||
--- policycoreutils-2.1.13/sepolicy/search.c.f19 2013-03-19 20:06:36.496223644 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/search.c 2013-03-19 20:06:36.519223697 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/search.c.f19 2013-04-17 11:46:20.710726378 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/search.c 2013-04-17 11:46:20.729726451 -0400
|
||||
@@ -204,14 +204,14 @@ static PyObject* get_ra_results(const ap
|
||||
goto err;
|
||||
|
||||
|
@ -600,8 +746,8 @@ diff -up policycoreutils-2.1.13/sepolicy/search.c.f19 policycoreutils-2.1.13/sep
|
|||
+ return search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist);
|
||||
}
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 2013-03-19 20:06:36.496223644 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh 2013-03-19 20:06:36.519223697 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 2013-04-17 11:46:20.711726382 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh 2013-04-17 11:46:20.729726451 -0400
|
||||
@@ -45,6 +45,9 @@ __get_all_user_role_interaces () {
|
||||
__get_all_user_domains () {
|
||||
seinfo -auserdomain -x 2> /dev/null | tail -n +2
|
||||
|
@ -666,8 +812,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 policyc
|
|||
return 0
|
||||
elif test "$prev" = "-p" || test "$prev" = "--path" ; then
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 policycoreutils-2.1.13/sepolicy/sepolicy-generate.8
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 2013-03-19 20:06:36.497223646 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy-generate.8 2013-03-19 20:06:36.519223697 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 2013-04-17 11:46:20.711726382 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy-generate.8 2013-04-17 11:46:20.729726451 -0400
|
||||
@@ -5,15 +5,21 @@ sepolicy-generate \- Generate an initial
|
||||
.SH "SYNOPSIS"
|
||||
|
||||
|
@ -728,8 +874,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 policycoreutils
|
|||
Generate Policy for Sandbox
|
||||
.TP
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/generate.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 2013-03-19 20:06:36.499223651 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/generate.py 2013-03-19 20:06:36.520223699 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 2013-04-17 11:46:20.713726390 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/generate.py 2013-04-17 11:46:20.730726455 -0400
|
||||
@@ -24,6 +24,7 @@
|
||||
import os, sys, stat
|
||||
import re
|
||||
|
@ -1024,8 +1170,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 policycoreutil
|
|||
if self.initscript != "":
|
||||
newspec += re.sub("FILENAME", self.initscript, spec.define_relabel_files_end)
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 2013-03-19 20:06:36.498223648 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py 2013-03-19 20:06:36.521223702 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 2013-04-17 11:46:20.712726386 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py 2013-04-17 11:46:20.730726455 -0400
|
||||
@@ -7,6 +7,9 @@ import _policy
|
||||
import selinux, glob
|
||||
PROGNAME="policycoreutils"
|
||||
|
@ -1288,8 +1434,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutil
|
|||
booleans_dict = None
|
||||
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/interface.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 2013-03-19 20:06:36.499223651 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/interface.py 2013-03-19 20:06:36.521223702 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 2013-04-17 11:46:20.713726390 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/interface.py 2013-04-17 11:46:20.730726455 -0400
|
||||
@@ -22,14 +22,12 @@
|
||||
#
|
||||
#
|
||||
|
@ -1347,8 +1493,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 policycoreuti
|
|||
trans_list.append(m[0])
|
||||
return trans_list
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 2013-03-19 20:06:36.497223646 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8 2013-03-19 20:06:36.521223702 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 2013-04-17 11:46:20.711726382 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8 2013-04-17 11:46:20.730726455 -0400
|
||||
@@ -5,7 +5,7 @@ sepolicy-manpage \- Generate a man page
|
||||
.SH "SYNOPSIS"
|
||||
|
||||
|
@ -1369,8 +1515,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 policycoreutils-
|
|||
Generate an additional HTML man pages for the specified domain(s).
|
||||
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 2013-03-19 20:06:36.500223653 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py 2013-03-19 20:06:36.522223704 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 2013-04-17 11:46:20.714726394 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py 2013-04-17 11:46:20.731726459 -0400
|
||||
@@ -28,12 +28,12 @@ import string
|
||||
import argparse
|
||||
import selinux
|
||||
|
@ -1774,8 +1920,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
|
|||
.SH NETWORK
|
||||
""")
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/network.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 2013-03-19 20:06:36.500223653 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/network.py 2013-03-19 20:06:36.522223704 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 2013-04-17 11:46:20.714726394 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/network.py 2013-04-17 11:46:20.731726459 -0400
|
||||
@@ -25,27 +25,6 @@ import sepolicy
|
||||
search=sepolicy.search
|
||||
info=sepolicy.info
|
||||
|
@ -1813,8 +1959,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 policycoreutils
|
|||
tlist = get_types(src, "%s_socket" % protocol, [perm])
|
||||
if len(tlist) > 0:
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 2013-03-19 20:06:36.498223648 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy.py 2013-03-19 20:06:36.523223706 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 2013-04-17 11:46:20.712726386 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy.py 2013-04-17 11:46:20.731726459 -0400
|
||||
@@ -22,6 +22,8 @@
|
||||
#
|
||||
#
|
||||
|
@ -2202,8 +2348,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
|
|||
sys.exit(0)
|
||||
except ValueError,e:
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 2013-03-19 20:06:36.501223655 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py 2013-03-19 20:06:36.523223706 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 2013-04-17 11:46:20.715726397 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py 2013-04-17 11:46:20.731726459 -0400
|
||||
@@ -446,7 +446,7 @@ EXECUTABLE -- gen_context(system_u:obje
|
||||
"""
|
||||
|
||||
|
@ -2214,8 +2360,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 po
|
|||
|
||||
fc_initscript="""\
|
||||
diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 2013-03-19 20:06:36.501223655 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py 2013-03-19 20:06:36.523223706 -0400
|
||||
--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 2013-04-17 11:46:20.715726397 -0400
|
||||
+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py 2013-04-17 11:46:20.732726463 -0400
|
||||
@@ -20,7 +20,7 @@
|
||||
#
|
||||
#
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.13
|
||||
Release: 59%{?dist}
|
||||
Release: 60%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
|
@ -23,7 +23,7 @@ Source8: policycoreutils_man_ru2.tar.bz2
|
|||
Source10: restorecond.service
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: policycoreutils-sepolgen.patch
|
||||
Patch2: policycoreutils-rawhide.patch
|
||||
Patch2: policycoreutils-f19.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3
|
||||
Provides: /sbin/fixfiles
|
||||
|
@ -340,6 +340,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Tue Apr 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-60
|
||||
- Add FILENAME support to sepolgen
|
||||
- Add back support for '<<none>>' in semanage fcontext.
|
||||
|
||||
* Mon Mar 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-59
|
||||
- Can not unshare IPC in sandbox, since it blows up Xephyr
|
||||
- Remove bogus error message sandbox about reseting setfsuid
|
||||
|
|
Loading…
Reference in New Issue