* Thu Nov 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14

- Fix semanage to handle state where policy.xml is not installed
2007-11-09 17:10:22 +00:00 · 2007-11-09 17:10:22 +00:00 · f5a3b73fcd
parent 3ac73d19b1
commit f5a3b73fcd
2 changed files with 73 additions and 37 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -207,7 +207,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2007-10-07 21:46:43.000000000 -0400
-+++ policycoreutils-2.0.31/semanage/seobject.py	2007-11-02 15:54:42.000000000 -0400
+++ policycoreutils-2.0.31/semanage/seobject.py	2007-11-09 12:00:35.000000000 -0500
@@ -1,5 +1,5 @@
 #! /usr/bin/python -E
 -# Copyright (C) 2005 Red Hat 
@ -215,7 +215,62 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 # see file 'COPYING' for use and warranty information
 #
 # semanage is a tool for managing SELinux configuration files
-@@ -1095,7 +1095,13 @@
+@@ -88,6 +88,35 @@
+ 			
+ mylog = logger()		
+ 
+import sys, os
+import re
+import xml.etree.ElementTree
+
+booleans_dict={}
+try:
+       tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+       for l in  tree.findall("layer"):
+              for m in  l.findall("module"):
+                     for b in  m.findall("tunable"):
+                            desc = b.find("desc").find("p").text.strip("\n")
+                            desc = re.sub("\n", " ", desc)
+                            booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+                     for b in  m.findall("bool"):
+                            desc = b.find("desc").find("p").text.strip("\n")
+                            desc = re.sub("\n", " ", desc)
+                            booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+              for i in  tree.findall("bool"):
+                     desc = i.find("desc").find("p").text.strip("\n")
+                     desc = re.sub("\n", " ", desc)
+                     booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+       for i in  tree.findall("tunable"):
+              desc = i.find("desc").find("p").text.strip("\n")
+              desc = re.sub("\n", " ", desc)
+              booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+except IOError, e:
+       print _("Failed to translate booleans.\n%s") % e
+       pass
+
+ def validate_level(raw):
+ 	sensitivity = "s[0-9]*"
+ 	category = "c[0-9]*"
+@@ -139,7 +168,7 @@
+ 			translations = fd.readlines()
+ 			fd.close()
+ 		except IOError, e:
+-			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
+			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
+ 			
+ 		self.ddict = {}
+ 		self.comments = []
+@@ -236,9 +265,6 @@
+ 		if rc < 0:
+ 			semanage_handle_destroy(self.sh)
+ 			raise ValueError(_("Could not establish semanage connection"))
+-        def deleteall(self):
+-               raise ValueError(_("Not yet implemented"))
+-               
+ 
+ class loginRecords(semanageRecords):
+ 	def __init__(self, store = ""):
+@@ -1095,7 +1121,13 @@
 
                 return con
                
@ -229,7 +284,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		if is_mls_enabled == 1:
                        serange = untranslate(serange)
 			
-@@ -1154,6 +1160,7 @@
+@@ -1154,6 +1186,7 @@
 	def modify(self, target, setype, ftype, serange, seuser):
 		if serange == "" and setype == "" and seuser == "":
 			raise ValueError(_("Requires setype, serange or seuser"))
@ -237,43 +292,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 
 		(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
 		if rc < 0:
-@@ -1303,9 +1310,35 @@
- 			else:
+@@ -1304,6 +1337,7 @@
 				print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
 				
-+import sys, os
-+import re
-+import xml.etree.ElementTree
-+
 class booleanRecords(semanageRecords):
 +
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
-+                self.dict={}
-+
-+                tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
-+                for l in  tree.findall("layer"):
-+                       for m in  l.findall("module"):
-+                              for b in  m.findall("tunable"):
-+                                     desc = b.find("desc").find("p").text.strip("\n")
-+                                     desc = re.sub("\n", " ", desc)
-+                                     self.dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
-+                              for b in  m.findall("bool"):
-+                                     desc = b.find("desc").find("p").text.strip("\n")
-+                                     desc = re.sub("\n", " ", desc)
-+                                     self.dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
-+                for i in  tree.findall("bool"):
-+                       desc = i.find("desc").find("p").text.strip("\n")
-+                       desc = re.sub("\n", " ", desc)
-+                       self.dict[i.get('name')] = ("Global", i.get('dftval'), desc)
-+                for i in  tree.findall("tunable"):
-+                       desc = i.find("desc").find("p").text.strip("\n")
-+                       desc = re.sub("\n", " ", desc)
-+                       self.dict[i.get('name')] = ("Global", i.get('dftval'), desc)
 
- 	def modify(self, name, value = ""):
- 		if value == "":
-@@ -1328,11 +1361,14 @@
+@@ -1328,11 +1362,14 @@
 		if value != "":
 			nvalue = int(value)
 			semanage_bool_set_value(b, nvalue)
@ -288,15 +315,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
 		rc = semanage_bool_modify_local(self.sh, k, b)
 		if rc < 0:
 			raise ValueError(_("Could not modify boolean %s") % name)
-@@ -1416,11 +1452,19 @@
+@@ -1416,11 +1453,25 @@
 
 		return ddict
 			
 +        def get_desc(self, boolean):
-+               if boolean in self.dict:
-+                      return _(self.dict[boolean][2])
+               if boolean in booleans_dict:
+                      return _(booleans_dict[boolean][2])
 +               else:
 +                      return boolean
+
+        def get_category(self, boolean):
+               if boolean in booleans_dict:
+                      return _(booleans_dict[boolean][0])
+               else:
+                      return _("unknown")
 +
 	def list(self, heading = 1, locallist = 0):
 +                on_off = (_("off"),_("on")) 
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.31
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -207,6 +207,9 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Thu Nov 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14
+- Fix semanage to handle state where policy.xml is not installed
+
 * Mon Nov 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-13
 - Remove -v from restorecon in fixfiles