diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 4b0db1f..9b8c264 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -135,9 +135,74 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po } free(scontext); close(fd); +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.31/semanage/semanage +--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400 ++++ policycoreutils-2.0.31/semanage/semanage 2007-11-02 15:50:54.000000000 -0400 +@@ -1,5 +1,5 @@ + #! /usr/bin/python -E +-# Copyright (C) 2005 Red Hat ++# Copyright (C) 2005, 2006, 2007 Red Hat + # see file 'COPYING' for use and warranty information + # + # semanage is a tool for managing SELinux configuration files +@@ -115,7 +115,7 @@ + valid_option["translation"] = [] + valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] + valid_option["boolean"] = [] +- valid_option["boolean"] += valid_everyone ++ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ] + return valid_option + + # +@@ -135,7 +135,7 @@ + seuser = "" + prefix = "" + heading=1 +- ++ value=0 + add = 0 + modify = 0 + delete = 0 +@@ -154,7 +154,7 @@ + args = sys.argv[2:] + + gopts, cmds = getopt.getopt(args, +- 'adf:lhmnp:s:CDR:L:r:t:T:P:S:', ++ '01adf:lhmnp:s:CDR:L:r:t:T:P:S:', + ['add', + 'delete', + 'deleteall', +@@ -164,6 +164,8 @@ + 'modify', + 'noheading', + 'localist', ++ 'off', ++ 'on', + 'proto=', + 'seuser=', + 'store=', +@@ -242,6 +244,11 @@ + if o == "-T" or o == "--trans": + setrans = a + ++ if o == "--on" or o == "-1": ++ value = 1 ++ if o == "-off" or o == "-0": ++ value = 0 ++ + if object == "login": + OBJECT = seobject.loginRecords(store) + diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2007-10-07 21:46:43.000000000 -0400 -+++ policycoreutils-2.0.31/semanage/seobject.py 2007-10-31 06:52:51.000000000 -0400 ++++ policycoreutils-2.0.31/semanage/seobject.py 2007-11-02 15:51:27.000000000 -0400 +@@ -1,5 +1,5 @@ + #! /usr/bin/python -E +-# Copyright (C) 2005 Red Hat ++# Copyright (C) 2005, 2006, 2007 Red Hat + # see file 'COPYING' for use and warranty information + # + # semanage is a tool for managing SELinux configuration files @@ -1095,7 +1092,13 @@ return con @@ -160,3 +225,76 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: +@@ -1303,9 +1307,35 @@ + else: + print "%-50s %-18s <>" % (fcon[0], fcon[1]) + ++import sys, os ++import re ++import xml.etree.ElementTree ++ + class booleanRecords(semanageRecords): ++ + def __init__(self, store = ""): + semanageRecords.__init__(self, store) ++ self.dict={} ++ ++ tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") ++ for l in tree.findall("layer"): ++ for m in l.findall("module"): ++ for b in m.findall("tunable"): ++ desc = b.find("desc").find("p").text.strip("\n") ++ desc = re.sub("\n", " ", desc) ++ self.dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc) ++ for b in m.findall("bool"): ++ desc = b.find("desc").find("p").text.strip("\n") ++ desc = re.sub("\n", " ", desc) ++ self.dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc) ++ for i in tree.findall("bool"): ++ desc = i.find("desc").find("p").text.strip("\n") ++ desc = re.sub("\n", " ", desc) ++ self.dict[i.get('name')] = ("Global", i.get('dftval'), desc) ++ for i in tree.findall("tunable"): ++ desc = i.find("desc").find("p").text.strip("\n") ++ desc = re.sub("\n", " ", desc) ++ self.dict[i.get('name')] = ("Global", i.get('dftval'), desc) + + def modify(self, name, value = ""): + if value == "": +@@ -1328,11 +1358,14 @@ + if value != "": + nvalue = int(value) + semanage_bool_set_value(b, nvalue) ++ else: ++ raise ValueError(_("You must specify a value")) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + ++ rc = semanage_bool_set_active(self.sh, k, b) + rc = semanage_bool_modify_local(self.sh, k, b) + if rc < 0: + raise ValueError(_("Could not modify boolean %s") % name) +@@ -1416,11 +1449,19 @@ + + return ddict + ++ def get_desc(self, boolean): ++ if boolean in self.dict: ++ return _(self.dict[boolean][2]) ++ else: ++ return boolean ++ + def list(self, heading = 1, locallist = 0): ++ on_off = (_("off"),_("on")) + if heading: +- print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") ) ++ print "%-40s %s\n" % (_("SELinux boolean"), _("Description")) + ddict = self.get_all(locallist) + keys = ddict.keys() + for k in keys: + if ddict[k]: +- print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2]) ++ print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k)) ++ diff --git a/policycoreutils.spec b/policycoreutils.spec index 6933d59..076ac3a 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.31 -Release: 9%{?dist} +Release: 11%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -111,7 +111,7 @@ Requires: gnome-python2, pygtk2, pygtk2-libglade, gnome-python2-canvas Requires: usermode, rhpl Requires: python >= 2.4 BuildRequires: desktop-file-utils -Requires: selinux-policy +Requires: selinux-policy-devel %description gui system-config-selinux is a utility for managing the SELinux environment @@ -208,6 +208,13 @@ fi %changelog +* Fri Nov 2 2007 Dan Walsh 2.0.31-11 +- Translate booleans via policy.xml +- Allow booleans to be set via semanage + +* Thu Nov 1 2007 Dan Walsh 2.0.31-10 +- Require use of selinux-policy-devel + * Wed Oct 31 2007 Dan Walsh 2.0.31-9 - Validate semanage fcontext input - Fix template names for log files in gui