Compare commits
108 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
392fa03072 | ||
|
17d137e658 | ||
|
d8501aad3c | ||
|
69eb1aef5e | ||
|
8b928d80e8 | ||
|
9a9e7b5d7e | ||
|
493b35df7b | ||
|
c77a77e39c | ||
|
cd558df935 | ||
|
5785621283 | ||
|
396291943b | ||
|
d6eb24d48f | ||
|
d39a6454a2 | ||
|
f7e6d7dcb5 | ||
|
041e7a130b | ||
|
d085b2403d | ||
|
b028c6a81b | ||
|
3c028107aa | ||
|
8840b49782 | ||
|
1396e21e63 | ||
|
8ea3353198 | ||
|
e1c3bd6193 | ||
|
4d63e5997c | ||
|
c62a76dec8 | ||
|
8e66d37730 | ||
|
7a283c335f | ||
|
bb087c8236 | ||
|
7f0685b7c9 | ||
|
b8e16f5ac1 | ||
|
b5ddd6cd6d | ||
|
2598e73c59 | ||
|
5f644f84d1 | ||
|
1d41610e25 | ||
|
082b752534 | ||
|
5443cd02b9 | ||
|
aae45ee479 | ||
|
0818b3952b | ||
|
ec182abe69 | ||
|
618f976e7b | ||
|
fd63d73041 | ||
|
b2615bd52c | ||
|
56ba584672 | ||
|
950d0d171f | ||
|
3bb977d8b3 | ||
|
a5d7dbf23d | ||
|
9ad7d4e48a | ||
|
f73658f908 | ||
|
afb5e45daa | ||
|
efa4712a7b | ||
|
2dcce95b10 | ||
|
02d7a5d1d7 | ||
|
3a754fee08 | ||
|
1924f09170 | ||
|
7672531487 | ||
|
051ad0ff37 | ||
|
be3765e54a | ||
|
5739cf73a2 | ||
|
13a8a83732 | ||
|
4006d5c5b4 | ||
|
869ecbd188 | ||
|
ccf0ebfefc | ||
|
7bfe6fa0af | ||
|
e236753025 | ||
|
526a5264e3 | ||
|
d570700ddd | ||
|
fdd5e434b3 | ||
|
442c972d4b | ||
|
12efca860a | ||
|
689c214584 | ||
|
d5a84f04a0 | ||
|
2123a2995d | ||
|
1299b6abea | ||
|
362ac1c345 | ||
|
04f559dd9d | ||
|
a34c9ef118 | ||
|
26a78c68ba | ||
|
a4af57962c | ||
|
e46f55812d | ||
|
300f5dde54 | ||
|
07282d3796 | ||
|
4424caacde | ||
|
5e80f4b5b1 | ||
|
a8a75e40d8 | ||
|
364e31e4d9 | ||
|
80eec9ca44 | ||
|
ed27604c5e | ||
|
f346ebaaf7 | ||
|
056d64edc9 | ||
|
e461113079 | ||
|
90685bf953 | ||
|
665320d083 | ||
|
abcfd7caf6 | ||
|
75dffcc440 | ||
|
7d9f204bf2 | ||
|
af4b0ecbe6 | ||
|
3caf5ed4b7 | ||
|
4dcc6b1421 | ||
|
87ef079e2e | ||
|
a71f281069 | ||
|
87688b7eb6 | ||
|
33f5961ddc | ||
|
9bac5f8821 | ||
|
100f5e541c | ||
|
aa84f5eb45 | ||
|
f713292352 | ||
|
5ee61040d8 | ||
|
cb2ae8409a | ||
|
5edcaf9a0f |
13
.gitignore
vendored
13
.gitignore
vendored
@ -1 +1,14 @@
|
||||
setools-3.3.7.tar.bz2
|
||||
setools-3.3.8.tar.bz2
|
||||
setools-3.3.8-f1e5b20.tar.bz2
|
||||
/4.1.0.tar.gz
|
||||
/4.1.1.tar.gz
|
||||
/4.2.0-beta.tar.gz
|
||||
/4.2.0-rc.tar.gz
|
||||
/4.2.0.tar.gz
|
||||
/4.2.1.tar.gz
|
||||
/4.2.2.tar.gz
|
||||
/4.3.0.tar.gz
|
||||
/05e90ee.tar.gz
|
||||
/16c0696.tar.gz
|
||||
/4.4.0.tar.gz
|
||||
|
90
0001-Make-seinfo-output-predictable.patch
Normal file
90
0001-Make-seinfo-output-predictable.patch
Normal file
@ -0,0 +1,90 @@
|
||||
From 8ed316d6bfb65e5e9b57f3761ea8490022ab3a05 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 18 Nov 2021 13:59:08 +0100
|
||||
Subject: [PATCH] Make seinfo output predictable
|
||||
|
||||
There are few places where frozenset is used. Given that frozenset is an unordered
|
||||
collection the output generated from this is unpredictable.
|
||||
|
||||
The following command outputs are fixed using sorted() on frozensets:
|
||||
|
||||
seinfo --constrain
|
||||
seinfo --common
|
||||
seinfo -c -x
|
||||
seinfo -r -x
|
||||
seinfo -u -x
|
||||
|
||||
Fixes: https://github.com/SELinuxProject/setools/issues/65
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
setools/policyrep/constraint.pxi | 2 +-
|
||||
setools/policyrep/objclass.pxi | 4 ++--
|
||||
setools/policyrep/role.pxi | 2 +-
|
||||
setools/policyrep/user.pxi | 2 +-
|
||||
4 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi
|
||||
index 01c63d87425b..0b4c5b9bcf6a 100644
|
||||
--- a/setools/policyrep/constraint.pxi
|
||||
+++ b/setools/policyrep/constraint.pxi
|
||||
@@ -72,7 +72,7 @@ cdef class Constraint(BaseConstraint):
|
||||
|
||||
def statement(self):
|
||||
if len(self.perms) > 1:
|
||||
- perms = "{{ {0} }}".format(' '.join(self.perms))
|
||||
+ perms = "{{ {0} }}".format(' '.join(sorted(self.perms)))
|
||||
else:
|
||||
# convert to list since sets cannot be indexed
|
||||
perms = list(self.perms)[0]
|
||||
diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
|
||||
index b7ec7b7de5c3..8ed2be5a9bed 100644
|
||||
--- a/setools/policyrep/objclass.pxi
|
||||
+++ b/setools/policyrep/objclass.pxi
|
||||
@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol):
|
||||
return other in self.perms
|
||||
|
||||
def statement(self):
|
||||
- return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
|
||||
+ return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms)))
|
||||
|
||||
|
||||
cdef class ObjClass(PolicySymbol):
|
||||
@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
|
||||
|
||||
# a class that inherits may not have additional permissions
|
||||
if len(self.perms) > 0:
|
||||
- stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
|
||||
+ stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
|
||||
|
||||
return stmt
|
||||
|
||||
diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi
|
||||
index 9a0dd39f27d9..3af8a3f72a1f 100644
|
||||
--- a/setools/policyrep/role.pxi
|
||||
+++ b/setools/policyrep/role.pxi
|
||||
@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol):
|
||||
if count == 1:
|
||||
stmt += " types {0}".format(types[0])
|
||||
else:
|
||||
- stmt += " types {{ {0} }}".format(' '.join(types))
|
||||
+ stmt += " types {{ {0} }}".format(' '.join(sorted(types)))
|
||||
|
||||
stmt += ";"
|
||||
return stmt
|
||||
diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi
|
||||
index 9c82aa92eb72..e37af2939820 100644
|
||||
--- a/setools/policyrep/user.pxi
|
||||
+++ b/setools/policyrep/user.pxi
|
||||
@@ -81,7 +81,7 @@ cdef class User(PolicySymbol):
|
||||
if count == 1:
|
||||
stmt += roles[0]
|
||||
else:
|
||||
- stmt += "{{ {0} }}".format(' '.join(roles))
|
||||
+ stmt += "{{ {0} }}".format(' '.join(sorted(roles)))
|
||||
|
||||
if self._level:
|
||||
stmt += " level {0.mls_level} range {0.mls_range};".format(self)
|
||||
--
|
||||
2.33.1
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,133 +0,0 @@
|
||||
From 667fe9187c203ffcba855e821dff11c8f71ef000 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Tue, 20 Sep 2011 15:39:51 -0400
|
||||
Subject: [PATCH 2/6] setools-should-exit-with-an-error-status-if-it-gets-an
|
||||
error
|
||||
|
||||
---
|
||||
secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------
|
||||
1 files changed, 27 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/secmds/seinfo.c b/secmds/seinfo.c
|
||||
index fdf23e9..3088f88 100644
|
||||
--- a/secmds/seinfo.c
|
||||
+++ b/secmds/seinfo.c
|
||||
@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy
|
||||
*/
|
||||
static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
|
||||
{
|
||||
- int retval = 0;
|
||||
+ int retval = -1;
|
||||
apol_cat_query_t *query = NULL;
|
||||
apol_vector_t *v = NULL;
|
||||
const qpol_cat_t *cat_datum = NULL;
|
||||
@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy
|
||||
fprintf(fp, " %s\n", tmp);
|
||||
free(tmp);
|
||||
}
|
||||
- if (type && !apol_vector_get_size(v))
|
||||
+ if (type && !apol_vector_get_size(v)) {
|
||||
ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
|
||||
-
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
retval = 0;
|
||||
cleanup:
|
||||
apol_fs_use_query_destroy(&query);
|
||||
@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
|
||||
ERR(policydb, "%s", strerror(ENOMEM));
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
if (apol_genfscon_query_set_filesystem(policydb, query, type))
|
||||
goto cleanup;
|
||||
if (apol_genfscon_get_by_query(policydb, query, &v))
|
||||
@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
|
||||
free(tmp);
|
||||
}
|
||||
|
||||
- if (type && !apol_vector_get_size(v))
|
||||
+ if (type && !apol_vector_get_size(v)) {
|
||||
ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
retval = 0;
|
||||
cleanup:
|
||||
@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc.
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
+ int rc = 0;
|
||||
int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
|
||||
node, port, permissives, polcaps, constrain, linebreaks;
|
||||
apol_policy_t *policydb = NULL;
|
||||
@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
|
||||
|
||||
/* display requested info */
|
||||
if (stats || all)
|
||||
- print_stats(stdout, policydb);
|
||||
+ rc = print_stats(stdout, policydb);
|
||||
if (classes || all)
|
||||
- print_classes(stdout, class_name, expand, policydb);
|
||||
+ rc = print_classes(stdout, class_name, expand, policydb);
|
||||
if (types || all)
|
||||
- print_types(stdout, type_name, expand, policydb);
|
||||
+ rc = print_types(stdout, type_name, expand, policydb);
|
||||
if (attribs || all)
|
||||
- print_attribs(stdout, attrib_name, expand, policydb);
|
||||
+ rc = print_attribs(stdout, attrib_name, expand, policydb);
|
||||
if (roles || all)
|
||||
- print_roles(stdout, role_name, expand, policydb);
|
||||
+ rc = print_roles(stdout, role_name, expand, policydb);
|
||||
if (users || all)
|
||||
- print_users(stdout, user_name, expand, policydb);
|
||||
+ rc = print_users(stdout, user_name, expand, policydb);
|
||||
if (bools || all)
|
||||
- print_booleans(stdout, bool_name, expand, policydb);
|
||||
+ rc = print_booleans(stdout, bool_name, expand, policydb);
|
||||
if (sens || all)
|
||||
- print_sens(stdout, sens_name, expand, policydb);
|
||||
+ rc = print_sens(stdout, sens_name, expand, policydb);
|
||||
if (cats || all)
|
||||
- print_cats(stdout, cat_name, expand, policydb);
|
||||
+ rc = print_cats(stdout, cat_name, expand, policydb);
|
||||
if (fsuse || all)
|
||||
- print_fsuse(stdout, fsuse_type, policydb);
|
||||
+ rc = print_fsuse(stdout, fsuse_type, policydb);
|
||||
if (genfs || all)
|
||||
- print_genfscon(stdout, genfs_type, policydb);
|
||||
+ rc = print_genfscon(stdout, genfs_type, policydb);
|
||||
if (netif || all)
|
||||
- print_netifcon(stdout, netif_name, policydb);
|
||||
+ rc = print_netifcon(stdout, netif_name, policydb);
|
||||
if (node || all)
|
||||
- print_nodecon(stdout, node_addr, policydb);
|
||||
+ rc = print_nodecon(stdout, node_addr, policydb);
|
||||
if (port || all)
|
||||
- print_portcon(stdout, port_num, protocol, policydb);
|
||||
+ rc = print_portcon(stdout, port_num, protocol, policydb);
|
||||
if (isids || all)
|
||||
- print_isids(stdout, isid_name, expand, policydb);
|
||||
+ rc = print_isids(stdout, isid_name, expand, policydb);
|
||||
if (permissives || all)
|
||||
- print_permissives(stdout, permissive_name, expand, policydb);
|
||||
+ rc = print_permissives(stdout, permissive_name, expand, policydb);
|
||||
if (polcaps || all)
|
||||
- print_polcaps(stdout, polcap_name, expand, policydb);
|
||||
+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
|
||||
if (constrain || all)
|
||||
- print_constraints(stdout, expand, policydb, linebreaks);
|
||||
+ rc = print_constraints(stdout, expand, policydb, linebreaks);
|
||||
|
||||
apol_policy_destroy(&policydb);
|
||||
apol_policy_path_destroy(&pol_path);
|
||||
free(policy_file);
|
||||
- exit(0);
|
||||
+ exit(rc);
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
1.7.6.2
|
||||
|
@ -1,28 +0,0 @@
|
||||
From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Tue, 20 Sep 2011 15:40:28 -0400
|
||||
Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail
|
||||
|
||||
---
|
||||
libqpol/src/avrule_query.c | 5 +++--
|
||||
1 files changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
|
||||
index 749565b..76dcaa3 100644
|
||||
--- a/libqpol/src/avrule_query.c
|
||||
+++ b/libqpol/src/avrule_query.c
|
||||
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
|
||||
|
||||
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
|
||||
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
|
||||
- errno = ENOTSUP;
|
||||
- return STATUS_ERR;
|
||||
+/* errno = ENOTSUP;
|
||||
+ return STATUS_ERR; */
|
||||
+ return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
db = &policy->p->p;
|
||||
--
|
||||
1.7.6.2
|
||||
|
@ -1,78 +0,0 @@
|
||||
From b3c8ef5822dbf3e3272fc29627ddac7e20e936d5 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Tue, 20 Sep 2011 15:41:12 -0400
|
||||
Subject: [PATCH 4/6] Fix-man-pages-and-getoptions
|
||||
|
||||
---
|
||||
man/replcon.1 | 2 ++
|
||||
man/seinfo.1 | 6 +++++-
|
||||
seaudit/seaudit-report.c | 2 +-
|
||||
sediff/sediff.c | 2 +-
|
||||
4 files changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/replcon.1 b/man/replcon.1
|
||||
index 8aca08a..478dc51 100644
|
||||
--- a/man/replcon.1
|
||||
+++ b/man/replcon.1
|
||||
@@ -44,6 +44,8 @@ Search for files which include PATH.
|
||||
.IP "-c CLASS, --class=CLASS"
|
||||
Search only files of object class CLASS.
|
||||
.SH OPTIONS
|
||||
+.IP "-R, --regex"
|
||||
+Enable regular expressions
|
||||
.IP "-v, --verbose"
|
||||
Display context info during replacement.
|
||||
.IP "-h, --help"
|
||||
diff --git a/man/seinfo.1 b/man/seinfo.1
|
||||
index 8612119..6bc17db 100644
|
||||
--- a/man/seinfo.1
|
||||
+++ b/man/seinfo.1
|
||||
@@ -76,6 +76,10 @@ There is no expanded information for this component.
|
||||
.IP "--nodecon[=ADDR]"
|
||||
Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
|
||||
There is no expanded information for this component.
|
||||
+.IP "--polcap"
|
||||
+Print policy capabilities.
|
||||
+.IP "--permissive"
|
||||
+Print permissive types.
|
||||
.IP "--portcon[=PORT]"
|
||||
Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
|
||||
There is no expanded information for this component.
|
||||
@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss
|
||||
This option is not available for all component types; see the description of each component for the details this option will provide.
|
||||
.IP "--stats"
|
||||
Print policy statistics including policy type and version information and counts of all components and rules.
|
||||
-.IP "-l"
|
||||
+.IP "-l, --line-breaks"
|
||||
Print line breaks when displaying constraint statements.
|
||||
.IP "-h, --help"
|
||||
Print help information and exit.
|
||||
diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c
|
||||
index af3c6fb..d436c18 100644
|
||||
--- a/seaudit/seaudit-report.c
|
||||
+++ b/seaudit/seaudit-report.c
|
||||
@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief)
|
||||
printf(" -s, --stdin read log data from standard input\n");
|
||||
printf(" -m, --malformed include malformed log messages\n");
|
||||
printf(" -o FILE, --output=FILE output to FILE\n");
|
||||
- printf(" --config=FILE read configuration from FILE\n");
|
||||
+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
|
||||
printf(" --html set output format to HTML\n");
|
||||
printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
|
||||
printf(" (ignored if --html is not given)\n");
|
||||
diff --git a/sediff/sediff.c b/sediff/sediff.c
|
||||
index 6022775..341c650 100644
|
||||
--- a/sediff/sediff.c
|
||||
+++ b/sediff/sediff.c
|
||||
@@ -420,7 +420,7 @@ int main(int argc, char **argv)
|
||||
poldiff_t *diff = NULL;
|
||||
size_t total = 0;
|
||||
|
||||
- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
|
||||
+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
|
||||
switch (optc) {
|
||||
case 0:
|
||||
break;
|
||||
--
|
||||
1.7.6.2
|
||||
|
@ -1,34 +0,0 @@
|
||||
From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Tue, 20 Sep 2011 15:46:38 -0400
|
||||
Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
|
||||
|
||||
---
|
||||
configure.ac | 4 ++--
|
||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e837e03..3c11e23 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
|
||||
[AC_LANG_SOURCE([
|
||||
#include <sepol/policydb/expand.h>
|
||||
int main () {
|
||||
- return role_set_expand(NULL, NULL, NULL, NULL);
|
||||
+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
|
||||
}])],
|
||||
sepol_new_user_role_mapping="yes",
|
||||
sepol_new_user_role_mapping="no")
|
||||
@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
|
||||
[AC_LANG_SOURCE([
|
||||
#include <sepol/policydb/expand.h>
|
||||
int main () {
|
||||
- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
|
||||
+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
|
||||
}])],
|
||||
AC_MSG_RESULT([yes]),
|
||||
AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
|
||||
--
|
||||
1.7.6.2
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,277 +0,0 @@
|
||||
From e30036e358b8f1c3f56048b467e8646fa3bfffb6 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Tue, 20 Sep 2011 16:40:26 -0400
|
||||
Subject: [PATCH 7/7] Remove unused variables
|
||||
|
||||
---
|
||||
libapol/src/ftrule-query.c | 11 ++----
|
||||
libqpol/src/ftrule_query.c | 2 -
|
||||
secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++-----------
|
||||
3 files changed, 68 insertions(+), 31 deletions(-)
|
||||
|
||||
diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
|
||||
index dc248de..9c7a23b 100644
|
||||
--- a/libapol/src/ftrule-query.c
|
||||
+++ b/libapol/src/ftrule-query.c
|
||||
@@ -45,14 +45,11 @@ struct apol_filename_trans_query
|
||||
int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
|
||||
{
|
||||
apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
|
||||
- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
|
||||
- char *bool_name = NULL;
|
||||
+ int retval = -1, source_as_any = 0, is_regex = 0;
|
||||
*v = NULL;
|
||||
- unsigned int flags = 0;
|
||||
- qpol_iterator_t *iter = NULL, *type_iter = NULL;
|
||||
+ qpol_iterator_t *iter = NULL;
|
||||
|
||||
if (t != NULL) {
|
||||
- flags = t->flags;
|
||||
is_regex = t->flags & APOL_QUERY_REGEX;
|
||||
if (t->source != NULL &&
|
||||
(source_list =
|
||||
@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
|
||||
if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
|
||||
+ int match_source = 0, match_target = 0, match_default = 0;
|
||||
size_t i;
|
||||
|
||||
if (source_list == NULL) {
|
||||
@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
|
||||
{
|
||||
char *tmp = NULL;
|
||||
const char *tmp_name = NULL;
|
||||
- const char *filename_trans_type_str;
|
||||
int error = 0;
|
||||
size_t tmp_sz = 0;
|
||||
- uint32_t filename_trans_type = 0;
|
||||
const qpol_type_t *type = NULL;
|
||||
const qpol_class_t *obj_class = NULL;
|
||||
|
||||
diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
|
||||
index d6db848..3148d30 100644
|
||||
--- a/libqpol/src/ftrule_query.c
|
||||
+++ b/libqpol/src/ftrule_query.c
|
||||
@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
|
||||
|
||||
int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
|
||||
{
|
||||
- policydb_t *db = NULL;
|
||||
filename_trans_t *ft = NULL;
|
||||
|
||||
if (name) {
|
||||
@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
|
||||
return STATUS_ERR;
|
||||
}
|
||||
|
||||
- db = &policy->p->p;
|
||||
ft = (filename_trans_t *) rule;
|
||||
|
||||
*name = ft->name;
|
||||
diff --git a/secmds/sesearch.c b/secmds/sesearch.c
|
||||
index e44b3bc..319ffe7 100644
|
||||
--- a/secmds/sesearch.c
|
||||
+++ b/secmds/sesearch.c
|
||||
@@ -72,6 +72,7 @@ static struct option const longopts[] = {
|
||||
|
||||
{"source", required_argument, NULL, 's'},
|
||||
{"target", required_argument, NULL, 't'},
|
||||
+ {"default", required_argument, NULL, 'D'},
|
||||
{"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
|
||||
{"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
|
||||
{"class", required_argument, NULL, 'c'},
|
||||
@@ -92,6 +93,7 @@ typedef struct options
|
||||
{
|
||||
char *src_name;
|
||||
char *tgt_name;
|
||||
+ char *default_name;
|
||||
char *src_role_name;
|
||||
char *tgt_role_name;
|
||||
char *class_name;
|
||||
@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
|
||||
tmp = apol_cond_expr_render(policy, cond);
|
||||
enable_char = (enabled ? 'E' : 'D');
|
||||
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
|
||||
- asprintf(&expr, "[ %s ]", tmp);
|
||||
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
|
||||
+ goto cleanup;
|
||||
free(tmp);
|
||||
tmp = NULL;
|
||||
if (!expr)
|
||||
@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
|
||||
qpol_iterator_destroy(&iter);
|
||||
enable_char = (enabled ? 'E' : 'D');
|
||||
branch_char = (list ? 'T' : 'F');
|
||||
- asprintf(&expr, "[ %s ]", tmp);
|
||||
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
|
||||
+ goto cleanup;
|
||||
free(tmp);
|
||||
tmp = NULL;
|
||||
if (!expr)
|
||||
@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
|
||||
tmp = apol_cond_expr_render(policy, cond);
|
||||
enable_char = (enabled ? 'E' : 'D');
|
||||
branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
|
||||
- asprintf(&expr, "[ %s ]", tmp);
|
||||
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
|
||||
+ goto cleanup;
|
||||
free(tmp);
|
||||
tmp = NULL;
|
||||
if (!expr)
|
||||
@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
|
||||
qpol_iterator_destroy(&iter);
|
||||
enable_char = (enabled ? 'E' : 'D');
|
||||
branch_char = (list ? 'T' : 'F');
|
||||
- asprintf(&expr, "[ %s ]", tmp);
|
||||
+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
|
||||
+ goto cleanup;
|
||||
free(tmp);
|
||||
tmp = NULL;
|
||||
if (!expr)
|
||||
@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
|
||||
+ if (!opt->type && !opt->all) {
|
||||
*v = NULL;
|
||||
return 0; /* no search to do */
|
||||
}
|
||||
@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
|
||||
|
||||
apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
|
||||
if (opt->src_name) {
|
||||
- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
|
||||
+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
|
||||
error = errno;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
+
|
||||
if (opt->tgt_name) {
|
||||
if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
|
||||
error = errno;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
+ if (opt->default_name) {
|
||||
+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
|
||||
+ error = errno;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (opt->class_name) {
|
||||
+ if (opt->class_vector == NULL) {
|
||||
+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
|
||||
+ error = errno;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ } else {
|
||||
+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
|
||||
+ char *class_name;
|
||||
+ class_name = apol_vector_get_element(opt->class_vector, i);
|
||||
+ if (!class_name)
|
||||
+ continue;
|
||||
+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
|
||||
+ error = errno;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (apol_filename_trans_get_by_query(policy, ftq, v)) {
|
||||
error = errno;
|
||||
@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
|
||||
|
||||
static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
|
||||
{
|
||||
- qpol_policy_t *q = apol_policy_get_qpol(policy);
|
||||
- size_t i, num_rules = 0;
|
||||
- const qpol_filename_trans_t *rule = NULL;
|
||||
- char *tmp = NULL, *rule_str = NULL, *expr = NULL;
|
||||
+ size_t i, num_filename_trans = 0;
|
||||
+ const qpol_filename_trans_t *filename_trans = NULL;
|
||||
+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
|
||||
char enable_char = ' ', branch_char = ' ';
|
||||
qpol_iterator_t *iter = NULL;
|
||||
const qpol_cond_t *cond = NULL;
|
||||
uint32_t enabled = 0, list = 0;
|
||||
|
||||
- if (!(num_rules = apol_vector_get_size(v)))
|
||||
+ if (!(num_filename_trans = apol_vector_get_size(v)))
|
||||
goto cleanup;
|
||||
|
||||
- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
|
||||
+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
|
||||
|
||||
- for (i = 0; i < num_rules; i++) {
|
||||
+ for (i = 0; i < num_filename_trans; i++) {
|
||||
enable_char = branch_char = ' ';
|
||||
- if (!(rule = apol_vector_get_element(v, i)))
|
||||
+ if (!(filename_trans = apol_vector_get_element(v, i)))
|
||||
goto cleanup;
|
||||
|
||||
- if (!(rule_str = apol_filename_trans_render(policy, rule)))
|
||||
+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
|
||||
goto cleanup;
|
||||
- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
|
||||
- free(rule_str);
|
||||
- rule_str = NULL;
|
||||
+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
|
||||
+ free(filename_trans_str);
|
||||
+ filename_trans_str = NULL;
|
||||
free(expr);
|
||||
expr = NULL;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
free(tmp);
|
||||
- free(rule_str);
|
||||
+ free(filename_trans_str);
|
||||
free(expr);
|
||||
}
|
||||
|
||||
@@ -930,7 +962,7 @@ int main(int argc, char **argv)
|
||||
|
||||
memset(&cmd_opts, 0, sizeof(cmd_opts));
|
||||
cmd_opts.indirect = true;
|
||||
- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
|
||||
+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
|
||||
switch (optc) {
|
||||
case 0:
|
||||
break;
|
||||
@@ -946,6 +978,18 @@ int main(int argc, char **argv)
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
+ case 'D': /* source */
|
||||
+ if (optarg == 0) {
|
||||
+ usage(argv[0], 1);
|
||||
+ printf("Missing source default type for -D (--default)\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ cmd_opts.default_name = strdup(optarg);
|
||||
+ if (!cmd_opts.default_name) {
|
||||
+
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ break;
|
||||
case 't': /* target */
|
||||
if (optarg == 0) {
|
||||
usage(argv[0], 1);
|
||||
@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
|
||||
fprintf(stdout, "\n");
|
||||
}
|
||||
|
||||
- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
|
||||
+ if (cmd_opts.all || cmd_opts.type) {
|
||||
apol_vector_destroy(&v);
|
||||
if (perform_ft_query(policy, &cmd_opts, &v)) {
|
||||
rt = 1;
|
||||
--
|
||||
1.7.6.2
|
||||
|
@ -1,34 +0,0 @@
|
||||
From 2f89d9acc12c0a7b50a94e4247b015242ce712c9 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Wed, 21 Sep 2011 15:15:02 -0400
|
||||
Subject: [PATCH 8/8] Fix output to match policy lines
|
||||
|
||||
---
|
||||
libapol/src/ftrule-query.c | 4 ++--
|
||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
|
||||
index 9c7a23b..1d5f5c8 100644
|
||||
--- a/libapol/src/ftrule-query.c
|
||||
+++ b/libapol/src/ftrule-query.c
|
||||
@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
|
||||
error = errno;
|
||||
goto err;
|
||||
}
|
||||
- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
|
||||
+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
|
||||
error = errno;
|
||||
ERR(policy, "%s", strerror(error));
|
||||
goto err;
|
||||
@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
|
||||
goto err;
|
||||
}
|
||||
|
||||
- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
|
||||
+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) {
|
||||
error = errno;
|
||||
ERR(policy, "%s", strerror(error));
|
||||
goto err;
|
||||
--
|
||||
1.7.6.2
|
||||
|
@ -1,583 +0,0 @@
|
||||
#diff -Nur old_setools/libqpol/swig/qpol.i setools-3.3.7/libqpol/swig/qpol.i
|
||||
diff -Nur setools-3.3.7/libqpol/swig/qpol.i.current setools-3.3.7/libqpol/swig/qpol.i
|
||||
--- old_setools/libqpol/swig/qpol.i 2010-04-30 18:23:28.000000000 +0200
|
||||
+++ setools-3.3.7/libqpol/swig/qpol.i 2012-07-03 19:20:45.383016553 +0200
|
||||
@@ -228,7 +228,7 @@
|
||||
#define QPOL_MODULE_OTHER 2
|
||||
typedef struct qpol_module {} qpol_module_t;
|
||||
%extend qpol_module_t {
|
||||
- qpol_module_t(const char *path) {
|
||||
+ qpol_module(const char *path) {
|
||||
qpol_module_t *m;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_module_create_from_file(path, &m)) {
|
||||
@@ -239,7 +239,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_module_t() {
|
||||
+ ~qpol_module() {
|
||||
qpol_module_destroy(&self);
|
||||
};
|
||||
const char *get_path() {
|
||||
@@ -330,7 +330,7 @@
|
||||
} qpol_capability_e;
|
||||
|
||||
%extend qpol_policy_t {
|
||||
- qpol_policy_t(const char *path, const int options) {
|
||||
+ qpol_policy(const char *path, const int options) {
|
||||
qpol_policy_t *p;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) {
|
||||
@@ -341,7 +341,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
}
|
||||
- ~qpol_policy_t() {
|
||||
+ ~qpol_policy() {
|
||||
qpol_policy_destroy(&self);
|
||||
};
|
||||
void reevaluate_conds() {
|
||||
@@ -687,14 +687,14 @@
|
||||
typedef struct qpol_iterator {} qpol_iterator_t;
|
||||
%extend qpol_iterator_t {
|
||||
/* user never directly creates, but SWIG expects a constructor */
|
||||
- qpol_iterator_t() {
|
||||
+ qpol_iterator() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_TypeError, "User may not create iterators difectly");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_iterator_t() {
|
||||
+ ~qpol_iterator() {
|
||||
qpol_iterator_destroy(&self);
|
||||
};
|
||||
void *get_item() {
|
||||
@@ -736,7 +736,7 @@
|
||||
/* qpol type */
|
||||
typedef struct qpol_type {} qpol_type_t;
|
||||
%extend qpol_type_t {
|
||||
- qpol_type_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_type(qpol_policy_t *p, const char *name) {
|
||||
BEGIN_EXCEPTION
|
||||
const qpol_type_t *t;
|
||||
if (qpol_policy_get_type_by_name(p, name, &t)) {
|
||||
@@ -747,7 +747,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_type_t() {
|
||||
+ ~qpol_type() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -851,7 +851,7 @@
|
||||
/* qpol role */
|
||||
typedef struct qpol_role {} qpol_role_t;
|
||||
%extend qpol_role_t {
|
||||
- qpol_role_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_role(qpol_policy_t *p, const char *name) {
|
||||
const qpol_role_t *r;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_role_by_name(p, name, &r)) {
|
||||
@@ -862,7 +862,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_role_t() {
|
||||
+ ~qpol_role() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -919,7 +919,7 @@
|
||||
/* qpol level */
|
||||
typedef struct qpol_level {} qpol_level_t;
|
||||
%extend qpol_level_t {
|
||||
- qpol_level_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_level(qpol_policy_t *p, const char *name) {
|
||||
const qpol_level_t *l;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_level_by_name(p, name, &l)) {
|
||||
@@ -930,7 +930,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_level_t() {
|
||||
+ ~qpol_level() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -997,7 +997,7 @@
|
||||
/* qpol cat */
|
||||
typedef struct qpol_cat {} qpol_cat_t;
|
||||
%extend qpol_cat_t {
|
||||
- qpol_cat_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_cat(qpol_policy_t *p, const char *name) {
|
||||
const qpol_cat_t *c;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_cat_by_name(p, name, &c)) {
|
||||
@@ -1008,7 +1008,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_cat_t() {
|
||||
+ ~qpol_cat() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1064,14 +1064,14 @@
|
||||
/* qpol mls range */
|
||||
typedef struct qpol_mls_range {} qpol_mls_range_t;
|
||||
%extend qpol_mls_range_t {
|
||||
- qpol_mls_range_t() {
|
||||
+ qpol_mls_range() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
}
|
||||
- ~qpol_mls_range_t() {
|
||||
+ ~qpol_mls_range() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1105,14 +1105,14 @@
|
||||
/* qpol mls level */
|
||||
typedef struct qpol_mls_level {} qpol_mls_level_t;
|
||||
%extend qpol_mls_level_t {
|
||||
- qpol_mls_level_t() {
|
||||
+ qpol_mls_level() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
}
|
||||
- ~qpol_mls_level_t() {
|
||||
+ ~qpol_mls_level() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1147,7 +1147,7 @@
|
||||
/* qpol user */
|
||||
typedef struct qpol_user {} qpol_user_t;
|
||||
%extend qpol_user_t {
|
||||
- qpol_user_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_user(qpol_policy_t *p, const char *name) {
|
||||
const qpol_user_t *u;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_user_by_name(p, name, &u)) {
|
||||
@@ -1158,7 +1158,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_user_t() {
|
||||
+ ~qpol_user() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1223,7 +1223,7 @@
|
||||
/* qpol bool */
|
||||
typedef struct qpol_bool {} qpol_bool_t;
|
||||
%extend qpol_bool_t {
|
||||
- qpol_bool_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_bool(qpol_policy_t *p, const char *name) {
|
||||
qpol_bool_t *b;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_bool_by_name(p, name, &b)) {
|
||||
@@ -1233,7 +1233,7 @@
|
||||
fail:
|
||||
return b;
|
||||
};
|
||||
- ~qpol_bool_t() {
|
||||
+ ~qpol_bool() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1295,14 +1295,14 @@
|
||||
/* qpol context */
|
||||
typedef struct qpol_context {} qpol_context_t;
|
||||
%extend qpol_context_t {
|
||||
- qpol_context_t() {
|
||||
+ qpol_context() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_context_t() {
|
||||
+ ~qpol_context() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1356,7 +1356,7 @@
|
||||
/* qpol class */
|
||||
typedef struct qpol_class {} qpol_class_t;
|
||||
%extend qpol_class_t {
|
||||
- qpol_class_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_class(qpol_policy_t *p, const char *name) {
|
||||
const qpol_class_t *c;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_class_by_name(p, name, &c)) {
|
||||
@@ -1366,7 +1366,7 @@
|
||||
fail:
|
||||
return (qpol_class_t*)c;
|
||||
};
|
||||
- ~qpol_class_t() {
|
||||
+ ~qpol_class() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1443,7 +1443,7 @@
|
||||
/* qpol common */
|
||||
typedef struct qpol_common {} qpol_common_t;
|
||||
%extend qpol_common_t {
|
||||
- qpol_common_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_common(qpol_policy_t *p, const char *name) {
|
||||
const qpol_common_t *c;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_common_by_name(p, name, &c)) {
|
||||
@@ -1453,7 +1453,7 @@
|
||||
fail:
|
||||
return (qpol_common_t*)c;
|
||||
};
|
||||
- ~qpol_common_t() {
|
||||
+ ~qpol_common() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1515,7 +1515,7 @@
|
||||
#define QPOL_FS_USE_PSID 6U
|
||||
#endif
|
||||
typedef struct qpol_fs_use {} qpol_fs_use_t;
|
||||
-%extend qpol_fs_use_t {
|
||||
+%extend qpol_fs_use {
|
||||
qpol_fs_use_t(qpol_policy_t *p, const char *name) {
|
||||
const qpol_fs_use_t *f;
|
||||
BEGIN_EXCEPTION
|
||||
@@ -1526,7 +1526,7 @@
|
||||
fail:
|
||||
return (qpol_fs_use_t*)f;
|
||||
};
|
||||
- ~qpol_fs_use_t() {
|
||||
+ ~qpol_fs_use() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1594,7 +1594,7 @@
|
||||
#endif
|
||||
typedef struct qpol_genfscon {} qpol_genfscon_t;
|
||||
%extend qpol_genfscon_t {
|
||||
- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) {
|
||||
+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) {
|
||||
qpol_genfscon_t *g;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) {
|
||||
@@ -1604,7 +1604,7 @@
|
||||
fail:
|
||||
return g;
|
||||
};
|
||||
- ~qpol_genfscon_t() {
|
||||
+ ~qpol_genfscon() {
|
||||
free(self);
|
||||
};
|
||||
const char *get_name(qpol_policy_t *p) {
|
||||
@@ -1656,7 +1656,7 @@
|
||||
|
||||
/* qpol isid */
|
||||
typedef struct qpol_isid {} qpol_isid_t;
|
||||
-%extend qpol_isid_t {
|
||||
+%extend qpol_isid {
|
||||
qpol_isid_t(qpol_policy_t *p, const char *name) {
|
||||
const qpol_isid_t *i;
|
||||
BEGIN_EXCEPTION
|
||||
@@ -1667,7 +1667,7 @@
|
||||
fail:
|
||||
return (qpol_isid_t*)i;
|
||||
};
|
||||
- ~qpol_isid_t() {
|
||||
+ ~qpol_isid() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1701,7 +1701,7 @@
|
||||
/* qpol netifcon */
|
||||
typedef struct qpol_netifcon {} qpol_netifcon_t;
|
||||
%extend qpol_netifcon_t {
|
||||
- qpol_netifcon_t(qpol_policy_t *p, const char *name) {
|
||||
+ qpol_netifcon(qpol_policy_t *p, const char *name) {
|
||||
const qpol_netifcon_t *n;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_netifcon_by_name(p, name, &n)) {
|
||||
@@ -1711,7 +1711,7 @@
|
||||
fail:
|
||||
return (qpol_netifcon_t*)n;
|
||||
};
|
||||
- ~qpol_netifcon_t() {
|
||||
+ ~qpol_netifcon() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1757,7 +1757,7 @@
|
||||
#define QPOL_IPV6 1
|
||||
typedef struct qpol_nodecon {} qpol_nodecon_t;
|
||||
%extend qpol_nodecon_t {
|
||||
- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
|
||||
+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
|
||||
uint32_t a[4], m[4];
|
||||
qpol_nodecon_t *n;
|
||||
BEGIN_EXCEPTION
|
||||
@@ -1772,7 +1772,7 @@
|
||||
fail:
|
||||
return n;
|
||||
}
|
||||
- ~qpol_nodecon_t() {
|
||||
+ ~qpol_nodecon() {
|
||||
free(self);
|
||||
};
|
||||
uint32_t *get_addr(qpol_policy_t *p) {
|
||||
@@ -1830,7 +1830,7 @@
|
||||
#define IPPROTO_UDP 17
|
||||
typedef struct qpol_portcon {} qpol_portcon_t;
|
||||
%extend qpol_portcon_t {
|
||||
- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
|
||||
+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
|
||||
const qpol_portcon_t *qp;
|
||||
BEGIN_EXCEPTION
|
||||
if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) {
|
||||
@@ -1840,7 +1840,7 @@
|
||||
fail:
|
||||
return (qpol_portcon_t*)qp;
|
||||
};
|
||||
- ~qpol_portcon_t() {
|
||||
+ ~qpol_portcon() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -1893,7 +1893,7 @@
|
||||
|
||||
/* qpol constraint */
|
||||
typedef struct qpol_constraint {} qpol_constraint_t;
|
||||
-%extend qpol_constraint_t {
|
||||
+%extend qpol_constraint {
|
||||
qpol_constraint_t() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects");
|
||||
@@ -1901,7 +1901,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_constraint_t() {
|
||||
+ ~qpol_constraint() {
|
||||
free(self);
|
||||
};
|
||||
const qpol_class_t *get_class(qpol_policy_t *p) {
|
||||
@@ -1945,7 +1945,7 @@
|
||||
|
||||
/* qpol validatetrans */
|
||||
typedef struct qpol_validatetrans {} qpol_validatetrans_t;
|
||||
-%extend qpol_validatetrans_t {
|
||||
+%extend qpol_validatetrans {
|
||||
qpol_validatetrans_t() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects");
|
||||
@@ -1953,7 +1953,7 @@
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_validatetrans_t() {
|
||||
+ ~qpol_validatetrans() {
|
||||
free(self);
|
||||
};
|
||||
const qpol_class_t *get_class(qpol_policy_t *p) {
|
||||
@@ -2011,14 +2011,14 @@
|
||||
#define QPOL_CEXPR_OP_INCOMP 5
|
||||
typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
|
||||
%extend qpol_constraint_expr_node_t {
|
||||
- qpol_constraint_expr_node_t() {
|
||||
+ qpol_constraint_expr_node() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_constraint_expr_node_t() {
|
||||
+ ~qpol_constraint_expr_node() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2073,14 +2073,14 @@
|
||||
/* qpol role allow */
|
||||
typedef struct qpol_role_allow {} qpol_role_allow_t;
|
||||
%extend qpol_role_allow_t {
|
||||
- qpol_role_allow_t() {
|
||||
+ qpol_role_allow() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_role_allow_t() {
|
||||
+ ~qpol_role_allow() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2114,14 +2114,14 @@
|
||||
/* qpol role trans */
|
||||
typedef struct qpol_role_trans {} qpol_role_trans_t;
|
||||
%extend qpol_role_trans_t {
|
||||
- qpol_role_trans_t() {
|
||||
+ qpol_role_trans() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_role_trans_t() {
|
||||
+ ~qpol_role_trans() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2165,14 +2165,14 @@
|
||||
/* qpol range trans */
|
||||
typedef struct qpol_range_trans {} qpol_range_trans_t;
|
||||
%extend qpol_range_trans_t {
|
||||
- qpol_range_trans_t() {
|
||||
+ qpol_range_trans() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_range_trans_t() {
|
||||
+ ~qpol_range_trans() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2228,14 +2228,14 @@
|
||||
#define QPOL_RULE_DONTAUDIT 4
|
||||
typedef struct qpol_avrule {} qpol_avrule_t;
|
||||
%extend qpol_avrule_t {
|
||||
- qpol_avrule_t() {
|
||||
+ qpol_avrule() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_avrule_t() {
|
||||
+ ~qpol_avrule() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2348,14 +2348,14 @@
|
||||
#define QPOL_RULE_TYPE_MEMBER 32
|
||||
typedef struct qpol_terule {} qpol_terule_t;
|
||||
%extend qpol_terule_t {
|
||||
- qpol_terule_t() {
|
||||
+ qpol_terule() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_terule_t() {
|
||||
+ ~qpol_terule() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2464,14 +2464,14 @@
|
||||
/* qpol conditional */
|
||||
typedef struct qpol_cond {} qpol_cond_t;
|
||||
%extend qpol_cond_t {
|
||||
- qpol_cond_t() {
|
||||
+ qpol_cond() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_cond_t() {
|
||||
+ ~qpol_cond() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2557,14 +2557,14 @@
|
||||
#define QPOL_COND_EXPR_NEQ 7 /* bool != bool */
|
||||
typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
|
||||
%extend qpol_cond_expr_node_t {
|
||||
- qpol_cond_expr_node_t() {
|
||||
+ qpol_cond_expr_node() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_cond_expr_node_t() {
|
||||
+ ~qpol_cond_expr_node() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2602,14 +2602,14 @@
|
||||
/* qpol type set */
|
||||
typedef struct qpol_type_set {} qpol_type_set_t;
|
||||
%extend qpol_type_set_t {
|
||||
- qpol_type_set_t() {
|
||||
+ qpol_type_set() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_type_set_t() {
|
||||
+ ~qpol_type_set() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2665,14 +2665,14 @@
|
||||
/* qpol syn av rule */
|
||||
typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
|
||||
%extend qpol_syn_avrule_t {
|
||||
- qpol_syn_avrule_t() {
|
||||
+ qpol_syn_avrule() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_syn_avrule_t() {
|
||||
+ ~qpol_syn_avrule() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
||||
@@ -2778,14 +2778,14 @@
|
||||
/* qpol syn te rule */
|
||||
typedef struct qpol_syn_terule {} qpol_syn_terule_t;
|
||||
%extend qpol_syn_terule_t {
|
||||
- qpol_syn_terule_t() {
|
||||
+ qpol_syn_terule() {
|
||||
BEGIN_EXCEPTION
|
||||
SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects");
|
||||
END_EXCEPTION
|
||||
fail:
|
||||
return NULL;
|
||||
};
|
||||
- ~qpol_syn_terule_t() {
|
||||
+ ~qpol_syn_terule() {
|
||||
/* no op */
|
||||
return;
|
||||
};
|
@ -1,84 +0,0 @@
|
||||
diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c
|
||||
--- setools-3.3.7/libqpol/src/util.c.current 2010-04-23 12:22:08.000000000 -0400
|
||||
+++ setools-3.3.7/libqpol/src/util.c 2012-02-16 12:01:33.030434514 -0500
|
||||
@@ -84,75 +84,12 @@ static int get_binpol_version(const char
|
||||
|
||||
static int search_policy_binary_file(char **path)
|
||||
{
|
||||
- const char *binary_path;
|
||||
- if ((binary_path = selinux_binary_policy_path()) == NULL) {
|
||||
- return -1;
|
||||
+ const char *binary_path = selinux_current_policy_path();
|
||||
+ if (binary_path) {
|
||||
+ *path = strdup(binary_path);
|
||||
+ if (*path) return 0;
|
||||
}
|
||||
-
|
||||
- int expected_version = -1, latest_version = -1;
|
||||
-#ifdef LIBSELINUX
|
||||
- /* if the system has SELinux enabled, prefer the policy whose
|
||||
- name matches the current policy version */
|
||||
- if ((expected_version = security_policyvers()) < 0) {
|
||||
- return -1;
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
- glob_t glob_buf;
|
||||
- struct stat fs;
|
||||
- int rt, error = 0, retval = -1;
|
||||
- size_t i;
|
||||
- char *pattern = NULL;
|
||||
- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
|
||||
- return -1;
|
||||
- }
|
||||
- glob_buf.gl_offs = 1;
|
||||
- glob_buf.gl_pathc = 0;
|
||||
- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
|
||||
- if (rt != 0 && rt != GLOB_NOMATCH) {
|
||||
- errno = EIO;
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- for (i = 0; i < glob_buf.gl_pathc; i++) {
|
||||
- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
|
||||
- if (stat(p, &fs) != 0) {
|
||||
- error = errno;
|
||||
- goto cleanup;
|
||||
- }
|
||||
- if (S_ISDIR(fs.st_mode))
|
||||
- continue;
|
||||
-
|
||||
- if ((rt = get_binpol_version(p)) < 0) {
|
||||
- error = errno;
|
||||
- goto cleanup;
|
||||
- }
|
||||
-
|
||||
- if (rt > latest_version || rt == expected_version) {
|
||||
- free(*path);
|
||||
- if ((*path = strdup(p)) == NULL) {
|
||||
- error = errno;
|
||||
- goto cleanup;
|
||||
- }
|
||||
- if (rt == expected_version) {
|
||||
- break;
|
||||
- }
|
||||
- latest_version = rt;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- if (*path == NULL) {
|
||||
- retval = 1;
|
||||
- } else {
|
||||
- retval = 0;
|
||||
- }
|
||||
- cleanup:
|
||||
- free(pattern);
|
||||
- globfree(&glob_buf);
|
||||
- if (retval == -1) {
|
||||
- errno = error;
|
||||
- }
|
||||
- return retval;
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
int qpol_default_policy_find(char **path)
|
142
1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Normal file
142
1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Normal file
@ -0,0 +1,142 @@
|
||||
From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Fri, 26 Apr 2019 15:27:25 +0200
|
||||
Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
|
||||
setools.DomainTransitionAnalysis
|
||||
|
||||
dta and infoflow modules require networkx which brings lot of dependencies.
|
||||
These dependencies are not necessary for setools module itself as it's
|
||||
used in policycoreutils.
|
||||
|
||||
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
|
||||
setools.dta.DomainTransitionAnalysis and let the package containing
|
||||
sedta and seinfoflow to require python3-networkx
|
||||
---
|
||||
sedta | 5 +++--
|
||||
seinfoflow | 4 ++--
|
||||
setools/__init__.py | 4 ----
|
||||
setoolsgui/apol/dta.py | 2 +-
|
||||
setoolsgui/apol/infoflow.py | 2 +-
|
||||
tests/dta.py | 2 +-
|
||||
tests/infoflow.py | 2 +-
|
||||
7 files changed, 9 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/sedta b/sedta
|
||||
index 57070098fe10..51890ea8ea73 100755
|
||||
--- a/sedta
|
||||
+++ b/sedta
|
||||
@@ -23,9 +23,10 @@ import logging
|
||||
import signal
|
||||
|
||||
import setools
|
||||
+import setools.dta
|
||||
|
||||
|
||||
-def print_transition(trans: setools.DomainTransition) -> None:
|
||||
+def print_transition(trans: setools.dta.DomainTransition) -> None:
|
||||
if trans.transition:
|
||||
print("Domain transition rule(s):")
|
||||
for t in trans.transition:
|
||||
@@ -114,7 +115,7 @@ else:
|
||||
|
||||
try:
|
||||
p = setools.SELinuxPolicy(args.policy)
|
||||
- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
|
||||
+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
|
||||
|
||||
if args.shortest_path or args.all_paths:
|
||||
if args.shortest_path:
|
||||
diff --git a/seinfoflow b/seinfoflow
|
||||
index 0ddcfdc7c1fb..8321718b2640 100755
|
||||
--- a/seinfoflow
|
||||
+++ b/seinfoflow
|
||||
@@ -17,7 +17,7 @@
|
||||
# along with SETools. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
-import setools
|
||||
+import setools.infoflow
|
||||
import argparse
|
||||
import sys
|
||||
import logging
|
||||
@@ -102,7 +102,7 @@ elif args.booleans is not None:
|
||||
try:
|
||||
p = setools.SELinuxPolicy(args.policy)
|
||||
m = setools.PermissionMap(args.map)
|
||||
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
|
||||
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
|
||||
booleans=booleans)
|
||||
|
||||
if args.shortest_path or args.all_paths:
|
||||
diff --git a/setools/__init__.py b/setools/__init__.py
|
||||
index d72d343e7e79..642485b9018d 100644
|
||||
--- a/setools/__init__.py
|
||||
+++ b/setools/__init__.py
|
||||
@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
|
||||
from .devicetreeconquery import DevicetreeconQuery
|
||||
|
||||
# Information Flow Analysis
|
||||
-from .infoflow import InfoFlowAnalysis
|
||||
from .permmap import PermissionMap, RuleWeight, Mapping
|
||||
|
||||
-# Domain Transition Analysis
|
||||
-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
|
||||
-
|
||||
# Policy difference
|
||||
from .diff import PolicyDifference
|
||||
|
||||
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
|
||||
index 62dbf04d9a5e..0ea000e790f0 100644
|
||||
--- a/setoolsgui/apol/dta.py
|
||||
+++ b/setoolsgui/apol/dta.py
|
||||
@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||
from PyQt5.QtGui import QPalette, QTextCursor
|
||||
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
||||
QTreeWidgetItem
|
||||
-from setools import DomainTransitionAnalysis
|
||||
+from setools.dta import DomainTransitionAnalysis
|
||||
|
||||
from ..logtosignal import LogHandlerToSignal
|
||||
from .analysistab import AnalysisSection, AnalysisTab
|
||||
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
|
||||
index 28009aa2329c..92d350bf727c 100644
|
||||
--- a/setoolsgui/apol/infoflow.py
|
||||
+++ b/setoolsgui/apol/infoflow.py
|
||||
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
|
||||
from PyQt5.QtGui import QPalette, QTextCursor
|
||||
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
|
||||
QTreeWidgetItem
|
||||
-from setools import InfoFlowAnalysis
|
||||
+from setools.infoflow import InfoFlowAnalysis
|
||||
from setools.exception import UnmappedClass, UnmappedPermission
|
||||
|
||||
from ..logtosignal import LogHandlerToSignal
|
||||
diff --git a/tests/dta.py b/tests/dta.py
|
||||
index a0cc9381469c..177e6fb0b961 100644
|
||||
--- a/tests/dta.py
|
||||
+++ b/tests/dta.py
|
||||
@@ -18,7 +18,7 @@
|
||||
import os
|
||||
import unittest
|
||||
|
||||
-from setools import DomainTransitionAnalysis
|
||||
+from setools.dta import DomainTransitionAnalysis
|
||||
from setools import TERuletype as TERT
|
||||
from setools.exception import InvalidType
|
||||
from setools.policyrep import Type
|
||||
diff --git a/tests/infoflow.py b/tests/infoflow.py
|
||||
index aa0e44a7e4f8..fca2848aeca5 100644
|
||||
--- a/tests/infoflow.py
|
||||
+++ b/tests/infoflow.py
|
||||
@@ -18,7 +18,7 @@
|
||||
import os
|
||||
import unittest
|
||||
|
||||
-from setools import InfoFlowAnalysis
|
||||
+from setools.infoflow import InfoFlowAnalysis
|
||||
from setools import TERuletype as TERT
|
||||
from setools.exception import InvalidType
|
||||
from setools.permmap import PermissionMap
|
||||
--
|
||||
2.30.0
|
||||
|
24
1003-Require-networkx-on-package-level.patch
Normal file
24
1003-Require-networkx-on-package-level.patch
Normal file
@ -0,0 +1,24 @@
|
||||
From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 2 Apr 2020 16:06:14 +0200
|
||||
Subject: [PATCH 2/2] Require networkx on package level
|
||||
|
||||
It allows us to ship python3-setools without dependency on python3-networkx
|
||||
---
|
||||
setup.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index c593b786cc61..0551811e3fd1 100644
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -163,5 +163,5 @@ setup(name='setools',
|
||||
# setup also requires libsepol and libselinux
|
||||
# C libraries and headers to compile.
|
||||
setup_requires=['setuptools', 'Cython>=0.27'],
|
||||
- install_requires=['setuptools', 'networkx>=2.0']
|
||||
+ install_requires=['setuptools']
|
||||
)
|
||||
--
|
||||
2.30.0
|
||||
|
@ -2,11 +2,10 @@
|
||||
Name=SELinux Policy Analysis
|
||||
GenericName=SELinux Policy Analysis Tool
|
||||
Comment=This tool can examine, search, and relate policy components and policy rules
|
||||
Icon=apol.png
|
||||
Icon=apol
|
||||
Exec=/usr/bin/apol
|
||||
Type=Application
|
||||
Terminal=false
|
||||
Encoding=UTF-8
|
||||
Categories=System;
|
||||
X-Desktop-File-Install-Version=0.2
|
||||
StartupNotify=true
|
||||
|
16
gating.yaml
Normal file
16
gating.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
3
rpminspect.yaml
Normal file
3
rpminspect.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
emptyrpm:
|
||||
expected_empty:
|
||||
- setools
|
@ -6,7 +6,6 @@ Icon=seaudit.png
|
||||
Exec=/usr/bin/seaudit
|
||||
Type=Application
|
||||
Terminal=false
|
||||
Encoding=UTF-8
|
||||
Categories=System;
|
||||
X-Desktop-File-Install-Version=0.2
|
||||
StartupNotify=true
|
||||
|
@ -5,7 +5,6 @@ Comment=This tool allows you to compare two policy files
|
||||
Exec=/usr/bin/sediffx
|
||||
Type=Application
|
||||
Terminal=false
|
||||
Encoding=UTF-8
|
||||
Categories=System;
|
||||
X-Desktop-File-Install-Version=0.2
|
||||
StartupNotify=true
|
||||
|
@ -1,59 +0,0 @@
|
||||
diff -up setools-3.3.7/man/replcon.1.cmdline setools-3.3.7/man/replcon.1
|
||||
--- setools-3.3.7/man/replcon.1.cmdline 2007-08-02 17:16:33.000000000 -0400
|
||||
+++ setools-3.3.7/man/replcon.1 2010-11-17 16:31:01.000000000 -0500
|
||||
@@ -44,6 +44,8 @@ Search for files which include PATH.
|
||||
.IP "-c CLASS, --class=CLASS"
|
||||
Search only files of object class CLASS.
|
||||
.SH OPTIONS
|
||||
+.IP "-R, --regex"
|
||||
+Enable regular expressions
|
||||
.IP "-v, --verbose"
|
||||
Display context info during replacement.
|
||||
.IP "-h, --help"
|
||||
diff -up setools-3.3.7/man/seinfo.1.cmdline setools-3.3.7/man/seinfo.1
|
||||
--- setools-3.3.7/man/seinfo.1.cmdline 2010-05-03 12:39:02.000000000 -0400
|
||||
+++ setools-3.3.7/man/seinfo.1 2010-11-17 16:23:36.000000000 -0500
|
||||
@@ -76,6 +76,10 @@ There is no expanded information for thi
|
||||
.IP "--nodecon[=ADDR]"
|
||||
Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
|
||||
There is no expanded information for this component.
|
||||
+.IP "--polcap"
|
||||
+Print policy capabilities.
|
||||
+.IP "--permissive"
|
||||
+Print permissive types.
|
||||
.IP "--portcon[=PORT]"
|
||||
Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
|
||||
There is no expanded information for this component.
|
||||
@@ -93,7 +97,7 @@ These details include the types assigned
|
||||
This option is not available for all component types; see the description of each component for the details this option will provide.
|
||||
.IP "--stats"
|
||||
Print policy statistics including policy type and version information and counts of all components and rules.
|
||||
-.IP "-l"
|
||||
+.IP "-l, --line-breaks"
|
||||
Print line breaks when displaying constraint statements.
|
||||
.IP "-h, --help"
|
||||
Print help information and exit.
|
||||
diff -up setools-3.3.7/seaudit/seaudit-report.c.cmdline setools-3.3.7/seaudit/seaudit-report.c
|
||||
--- setools-3.3.7/seaudit/seaudit-report.c.cmdline 2010-11-17 16:09:48.000000000 -0500
|
||||
+++ setools-3.3.7/seaudit/seaudit-report.c 2010-11-17 16:11:06.000000000 -0500
|
||||
@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(co
|
||||
printf(" -s, --stdin read log data from standard input\n");
|
||||
printf(" -m, --malformed include malformed log messages\n");
|
||||
printf(" -o FILE, --output=FILE output to FILE\n");
|
||||
- printf(" --config=FILE read configuration from FILE\n");
|
||||
+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
|
||||
printf(" --html set output format to HTML\n");
|
||||
printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
|
||||
printf(" (ignored if --html is not given)\n");
|
||||
diff -up setools-3.3.7/sediff/sediff.c.cmdline setools-3.3.7/sediff/sediff.c
|
||||
--- setools-3.3.7/sediff/sediff.c.cmdline 2007-08-02 17:16:33.000000000 -0400
|
||||
+++ setools-3.3.7/sediff/sediff.c 2010-11-17 16:20:01.000000000 -0500
|
||||
@@ -420,7 +420,7 @@ int main(int argc, char **argv)
|
||||
poldiff_t *diff = NULL;
|
||||
size_t total = 0;
|
||||
|
||||
- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
|
||||
+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
|
||||
switch (optc) {
|
||||
case 0:
|
||||
break;
|
@ -1,119 +0,0 @@
|
||||
diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c
|
||||
--- setools-3.3.7/secmds/seinfo.c.exitstatus 2010-05-03 12:39:02.000000000 -0400
|
||||
+++ setools-3.3.7/secmds/seinfo.c 2010-11-05 09:54:39.000000000 -0400
|
||||
@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c
|
||||
*/
|
||||
static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
|
||||
{
|
||||
- int retval = 0;
|
||||
+ int retval = -1;
|
||||
apol_cat_query_t *query = NULL;
|
||||
apol_vector_t *v = NULL;
|
||||
const qpol_cat_t *cat_datum = NULL;
|
||||
@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const
|
||||
fprintf(fp, " %s\n", tmp);
|
||||
free(tmp);
|
||||
}
|
||||
- if (type && !apol_vector_get_size(v))
|
||||
+ if (type && !apol_vector_get_size(v)) {
|
||||
ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
|
||||
-
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
retval = 0;
|
||||
cleanup:
|
||||
apol_fs_use_query_destroy(&query);
|
||||
@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con
|
||||
ERR(policydb, "%s", strerror(ENOMEM));
|
||||
goto cleanup;
|
||||
}
|
||||
-
|
||||
if (apol_genfscon_query_set_filesystem(policydb, query, type))
|
||||
goto cleanup;
|
||||
if (apol_genfscon_get_by_query(policydb, query, &v))
|
||||
@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con
|
||||
free(tmp);
|
||||
}
|
||||
|
||||
- if (type && !apol_vector_get_size(v))
|
||||
+ if (type && !apol_vector_get_size(v)) {
|
||||
ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
|
||||
retval = 0;
|
||||
cleanup:
|
||||
@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
+ int rc = 0;
|
||||
int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
|
||||
node, port, permissives, polcaps, constrain, linebreaks;
|
||||
apol_policy_t *policydb = NULL;
|
||||
@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
|
||||
|
||||
/* display requested info */
|
||||
if (stats || all)
|
||||
- print_stats(stdout, policydb);
|
||||
+ rc = print_stats(stdout, policydb);
|
||||
if (classes || all)
|
||||
- print_classes(stdout, class_name, expand, policydb);
|
||||
+ rc = print_classes(stdout, class_name, expand, policydb);
|
||||
if (types || all)
|
||||
- print_types(stdout, type_name, expand, policydb);
|
||||
+ rc = print_types(stdout, type_name, expand, policydb);
|
||||
if (attribs || all)
|
||||
- print_attribs(stdout, attrib_name, expand, policydb);
|
||||
+ rc = print_attribs(stdout, attrib_name, expand, policydb);
|
||||
if (roles || all)
|
||||
- print_roles(stdout, role_name, expand, policydb);
|
||||
+ rc = print_roles(stdout, role_name, expand, policydb);
|
||||
if (users || all)
|
||||
- print_users(stdout, user_name, expand, policydb);
|
||||
+ rc = print_users(stdout, user_name, expand, policydb);
|
||||
if (bools || all)
|
||||
- print_booleans(stdout, bool_name, expand, policydb);
|
||||
+ rc = print_booleans(stdout, bool_name, expand, policydb);
|
||||
if (sens || all)
|
||||
- print_sens(stdout, sens_name, expand, policydb);
|
||||
+ rc = print_sens(stdout, sens_name, expand, policydb);
|
||||
if (cats || all)
|
||||
- print_cats(stdout, cat_name, expand, policydb);
|
||||
+ rc = print_cats(stdout, cat_name, expand, policydb);
|
||||
if (fsuse || all)
|
||||
- print_fsuse(stdout, fsuse_type, policydb);
|
||||
+ rc = print_fsuse(stdout, fsuse_type, policydb);
|
||||
if (genfs || all)
|
||||
- print_genfscon(stdout, genfs_type, policydb);
|
||||
+ rc = print_genfscon(stdout, genfs_type, policydb);
|
||||
if (netif || all)
|
||||
- print_netifcon(stdout, netif_name, policydb);
|
||||
+ rc = print_netifcon(stdout, netif_name, policydb);
|
||||
if (node || all)
|
||||
- print_nodecon(stdout, node_addr, policydb);
|
||||
+ rc = print_nodecon(stdout, node_addr, policydb);
|
||||
if (port || all)
|
||||
- print_portcon(stdout, port_num, protocol, policydb);
|
||||
+ rc = print_portcon(stdout, port_num, protocol, policydb);
|
||||
if (isids || all)
|
||||
- print_isids(stdout, isid_name, expand, policydb);
|
||||
+ rc = print_isids(stdout, isid_name, expand, policydb);
|
||||
if (permissives || all)
|
||||
- print_permissives(stdout, permissive_name, expand, policydb);
|
||||
+ rc = print_permissives(stdout, permissive_name, expand, policydb);
|
||||
if (polcaps || all)
|
||||
- print_polcaps(stdout, polcap_name, expand, policydb);
|
||||
+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
|
||||
if (constrain || all)
|
||||
- print_constraints(stdout, expand, policydb, linebreaks);
|
||||
+ rc = print_constraints(stdout, expand, policydb, linebreaks);
|
||||
|
||||
apol_policy_destroy(&policydb);
|
||||
apol_policy_path_destroy(&pol_path);
|
||||
free(policy_file);
|
||||
- exit(0);
|
||||
+ exit(rc);
|
||||
}
|
||||
|
||||
/**
|
@ -1,15 +0,0 @@
|
||||
diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c
|
||||
--- setools-3.3.7/libqpol/src/avrule_query.c~ 2010-04-23 12:22:08.000000000 -0400
|
||||
+++ setools-3.3.7/libqpol/src/avrule_query.c 2011-01-06 10:42:50.000000000 -0500
|
||||
@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp
|
||||
|
||||
if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
|
||||
ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
|
||||
- errno = ENOTSUP;
|
||||
- return STATUS_ERR;
|
||||
+/* errno = ENOTSUP;
|
||||
+ return STATUS_ERR; */
|
||||
+ return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
db = &policy->p->p;
|
2747
setools-python.patch
2747
setools-python.patch
File diff suppressed because it is too large
Load Diff
925
setools.spec
925
setools.spec
@ -1,160 +1,42 @@
|
||||
%define setools_maj_ver 3.3
|
||||
%define setools_min_ver 7
|
||||
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
|
||||
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||
%global sepol_ver 3.4-1
|
||||
%global selinux_ver 3.4-1
|
||||
|
||||
Name: setools
|
||||
Version: %{setools_maj_ver}.%{setools_min_ver}
|
||||
Release: 28%{?dist}
|
||||
Version: 4.4.0
|
||||
Release: 9%{?dist}
|
||||
Summary: Policy analysis tools for SELinux
|
||||
|
||||
License: GPLv2
|
||||
URL: http://oss.tresys.com/projects/setools
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
Source: http://oss.tresys.com/projects/setools/chrome/site/dists/setools-%{version}/setools-%{version}.tar.bz2
|
||||
URL: https://github.com/SELinuxProject/setools/wiki
|
||||
Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz
|
||||
Source1: setools.pam
|
||||
Source2: apol.desktop
|
||||
Source3: seaudit.desktop
|
||||
Source4: sediffx.desktop
|
||||
Patch1: 0001-add-setools-seinfo-and-sesearch-python-bindings.patch
|
||||
Patch2: 0002-setools-should-exit-with-an-error-status-if-it-gets-.patch
|
||||
Patch3: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
|
||||
Patch4: 0004-Fix-man-pages-and-getoptions.patch
|
||||
Patch5: 0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch
|
||||
Patch6: 0006-Changes-to-support-named-file_trans-rules.patch
|
||||
Patch7: 0007-Remove-unused-variables.patch
|
||||
Patch8: 0008-Fix-output-to-match-policy-lines.patch
|
||||
Patch9: 0009-Fix-swig-coding-style-for-structures.patch
|
||||
Patch10: 0010-selinux_current_policy_path.patch
|
||||
Patch0001: 0001-Make-seinfo-output-predictable.patch
|
||||
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||
Patch1003: 1003-Require-networkx-on-package-level.patch
|
||||
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
||||
BuildRequires: flex, bison
|
||||
BuildRequires: glibc-devel, gcc, git-core
|
||||
BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
|
||||
BuildRequires: qt5-qtbase-devel
|
||||
BuildRequires: swig
|
||||
BuildRequires: python3-Cython
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
BuildRequires: libselinux-devel
|
||||
|
||||
Summary: Policy analysis tools for SELinux
|
||||
Group: System Environment/Base
|
||||
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release} setools-gui = %{version}-%{release} setools-console = %{version}-%{release}
|
||||
|
||||
# external requirements
|
||||
%define autoconf_ver 2.59
|
||||
%define bwidget_ver 1.8
|
||||
%define java_ver 1.2
|
||||
%define gtk_ver 2.8
|
||||
%define python_ver 2.3
|
||||
%define sepol_ver 2.1.5-3
|
||||
%define selinux_ver 2.1.9-9
|
||||
%define sqlite_ver 3.2.0
|
||||
%define swig_ver 2.0.7-3
|
||||
%define tcltk_ver 8.4.9
|
||||
Requires: %{name}-console = %{version}-%{release}
|
||||
Requires: %{name}-console-analyses = %{version}-%{release}
|
||||
Requires: %{name}-gui = %{version}-%{release}
|
||||
|
||||
%description
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This meta-package depends upon the main packages necessary to run
|
||||
SETools.
|
||||
|
||||
%package libs
|
||||
License: LGPLv2
|
||||
Summary: Policy analysis support libraries for SELinux
|
||||
Group: System Environment/Libraries
|
||||
Requires: libselinux >= %{selinux_ver} libsepol >= %{sepol_ver} sqlite >= %{sqlite_ver}
|
||||
BuildRequires: flex bison pkgconfig
|
||||
BuildRequires: glibc-devel libstdc++-devel gcc gcc-c++
|
||||
BuildRequires: libselinux-devel >= %{selinux_ver} libsepol-devel >= %{sepol_ver}
|
||||
BuildRequires: libsepol-static >= %{sepol_ver}
|
||||
BuildRequires: sqlite-devel >= %{sqlite_ver} libxml2-devel
|
||||
BuildRequires: tcl-devel >= %{tcltk_ver}
|
||||
BuildRequires: autoconf >= %{autoconf_ver} automake
|
||||
|
||||
%description libs
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes the following run-time libraries:
|
||||
|
||||
libapol policy analysis library
|
||||
libpoldiff semantic policy difference library
|
||||
libqpol library that abstracts policy internals
|
||||
libseaudit parse and filter SELinux audit messages in log files
|
||||
libsefs SELinux file contexts library
|
||||
|
||||
%package libs-python
|
||||
License: LGPLv2
|
||||
Summary: Python bindings for SELinux policy analysis
|
||||
Group: Development/Languages
|
||||
Requires: setools-libs = %{version}-%{release} python2 >= %{python_ver} bzip2-libs
|
||||
BuildRequires: python2-devel >= %{python_ver} swig >= %{swig_ver} bzip2-devel
|
||||
|
||||
%description libs-python
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes Python bindings for the following libraries:
|
||||
|
||||
libapol policy analysis library
|
||||
libpoldiff semantic policy difference library
|
||||
libqpol library that abstracts policy internals
|
||||
libseaudit parse and filter SELinux audit messages in log files
|
||||
libsefs SELinux file contexts library
|
||||
|
||||
%package libs-java
|
||||
License: LGPLv2
|
||||
Summary: Java bindings for SELinux policy analysis
|
||||
Group: Development/Languages
|
||||
Requires: setools-libs = %{version}-%{release} java >= %{java_ver}
|
||||
BuildRequires: java-devel >= %{java_ver} swig >= %{swig_ver}
|
||||
|
||||
%description libs-java
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes Java bindings for the following libraries:
|
||||
|
||||
libapol policy analysis library
|
||||
libpoldiff semantic policy difference library
|
||||
libqpol library that abstracts policy internals
|
||||
libseaudit parse and filter SELinux audit messages in log files
|
||||
libsefs SELinux file contexts library
|
||||
|
||||
%package libs-tcl
|
||||
License: LGPLv2
|
||||
Summary: Tcl bindings for SELinux policy analysis
|
||||
Group: Development/Languages
|
||||
Requires: setools-libs = %{version}-%{release} tcl >= %{tcltk_ver}
|
||||
BuildRequires: tcl-devel >= %{tcltk_ver} swig >= %{swig_ver}
|
||||
|
||||
%description libs-tcl
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes Tcl bindings for the following libraries:
|
||||
|
||||
libapol policy analysis library
|
||||
libpoldiff semantic policy difference library
|
||||
libqpol library that abstracts policy internals
|
||||
libseaudit parse and filter SELinux audit messages in log files
|
||||
libsefs SELinux file contexts library
|
||||
|
||||
%package devel
|
||||
License: LGPLv2
|
||||
Summary: Policy analysis development files for SELinux
|
||||
Group: Development/Libraries
|
||||
Requires: libselinux-devel >= %{selinux_ver} libsepol-devel >= %{sepol_ver} setools-libs = %{version}-%{release}
|
||||
BuildRequires: sqlite-devel >= %{sqlite_ver} libxml2-devel
|
||||
|
||||
%description devel
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes header files and archives for the following
|
||||
libraries:
|
||||
|
||||
libapol policy analysis library
|
||||
libpoldiff semantic policy difference library
|
||||
libqpol library that abstracts policy internals
|
||||
libseaudit parse and filter SELinux audit messages in log files
|
||||
libsefs SELinux file contexts library
|
||||
Python modules designed to facilitate SELinux policy analysis.
|
||||
|
||||
%package console
|
||||
Summary: Policy analysis command-line tools for SELinux
|
||||
Group: System Environment/Base
|
||||
License: GPLv2
|
||||
Requires: setools-libs = %{version}-%{release}
|
||||
Requires: python3-setools = %{version}-%{release}
|
||||
Requires: libselinux >= %{selinux_ver}
|
||||
|
||||
%description console
|
||||
@ -163,603 +45,264 @@ libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes the following console tools:
|
||||
|
||||
seaudit-report audit log analysis tool
|
||||
sechecker SELinux policy checking tool
|
||||
secmds command line tools: seinfo, sesearch, findcon,
|
||||
replcon, and indexcon
|
||||
sediff semantic policy difference tool
|
||||
sediff Compare two policies to find differences.
|
||||
seinfo List policy components.
|
||||
sesearch Search rules (allow, type_transition, etc.)
|
||||
|
||||
%package gui
|
||||
Summary: Policy analysis graphical tools for SELinux
|
||||
Group: System Environment/Base
|
||||
Requires: tcl >= %{tcltk_ver} tk >= %{tcltk_ver} bwidget >= %{bwidget_ver}
|
||||
Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{release}
|
||||
Requires: glib2 gtk2 >= %{gtk_ver} usermode
|
||||
BuildRequires: gtk2-devel >= %{gtk_ver} libglade2-devel libxml2-devel tk-devel >= %{tcltk_ver}
|
||||
BuildRequires: desktop-file-utils
|
||||
|
||||
%description gui
|
||||
%package console-analyses
|
||||
Summary: Policy analysis command-line tools for SELinux
|
||||
License: GPLv2
|
||||
Requires: python3-setools = %{version}-%{release}
|
||||
Requires: libselinux >= %{selinux_ver}
|
||||
Requires: python3-networkx
|
||||
|
||||
%description console-analyses
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
libraries designed to facilitate SELinux policy analysis.
|
||||
|
||||
This package includes the following graphical tools:
|
||||
This package includes the following console tools:
|
||||
|
||||
apol policy analysis tool
|
||||
seaudit audit log analysis tool
|
||||
sediffx semantic policy difference tool
|
||||
sedta Perform domain transition analyses.
|
||||
seinfoflow Perform information flow analyses.
|
||||
|
||||
|
||||
%package -n python3-setools
|
||||
Summary: Policy analysis tools for SELinux
|
||||
Obsoletes: setools-libs < 4.0.0
|
||||
%{?python_provide:%python_provide python3-setools}
|
||||
Requires: python3-setuptools
|
||||
|
||||
%description -n python3-setools
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
Python 3 modules designed to facilitate SELinux policy analysis.
|
||||
|
||||
|
||||
%package gui
|
||||
Summary: Policy analysis graphical tools for SELinux
|
||||
Requires: python3-setools = %{version}-%{release}
|
||||
Requires: python3-qt5
|
||||
Requires: python3-networkx
|
||||
|
||||
%description gui
|
||||
SETools is a collection of graphical tools, command-line tools, and
|
||||
Python modules designed to facilitate SELinux policy analysis.
|
||||
|
||||
%define setoolsdir %{_datadir}/setools-%{setools_maj_ver}
|
||||
%define pkg_py_lib %{python_sitelib}/setools
|
||||
%define pkg_py_arch %{python_sitearch}/setools
|
||||
%define javajardir %{_datadir}/java
|
||||
%define tcllibdir %{_libdir}/setools
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p 1 -b .python
|
||||
%patch2 -p 1 -b .exitstatus
|
||||
%patch3 -p 1 -b .neverallow
|
||||
%patch4 -p 1 -b .manpage
|
||||
%patch5 -p 1 -b .libsepol
|
||||
%patch6 -p 1 -b .filenametrans
|
||||
%patch7 -p 1 -b .unused
|
||||
%patch8 -p 1 -b .fixoutput
|
||||
%patch9 -p 1 -b .fixswig
|
||||
%patch10 -p 1 -b .current
|
||||
|
||||
%ifarch sparc sparcv9 sparc64 s390 s390x
|
||||
for file in `find . -name Makefile.am`; do
|
||||
sed -i -e 's:-fpic:-fPIC:' $file;
|
||||
done
|
||||
%endif
|
||||
# Fixup expected version of SWIG:
|
||||
sed -i -e "s|AC_PROG_SWIG(1.3.28)|AC_PROG_SWIG(2.0.0)|g" configure.ac
|
||||
# and rebuild the autotooled files:
|
||||
autoreconf
|
||||
%autosetup -p 1 -S git -n setools-%{version}
|
||||
|
||||
|
||||
%build
|
||||
%configure --libdir=%{_libdir} --disable-bwidget-check --disable-selinux-check \
|
||||
--enable-swig-python --enable-swig-java --enable-swig-tcl --with-java-prefix=/usr/lib/jvm/java
|
||||
# work around issue with gcc 4.3 + gnu99 + swig-generated code:
|
||||
sed -i -e 's:$(CC):gcc -std=gnu89:' libseaudit/swig/python/Makefile
|
||||
make %{?_smp_mflags}
|
||||
%py3_build
|
||||
|
||||
|
||||
%install
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
make DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" install
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/applications
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/pixmaps
|
||||
install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d
|
||||
install -p -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/seaudit
|
||||
install -d -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps
|
||||
install -p -m 644 packages/rpm/seaudit.console ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/seaudit
|
||||
install -d -m 755 ${RPM_BUILD_ROOT}%{_datadir}/applications
|
||||
install -p -m 644 apol/apol.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/apol.png
|
||||
install -p -m 644 seaudit/seaudit.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/seaudit.png
|
||||
install -p -m 644 sediff/sediffx.png ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/sediffx.png
|
||||
desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications %{SOURCE2} %{SOURCE3} %{SOURCE4}
|
||||
ln -sf consolehelper ${RPM_BUILD_ROOT}/%{_bindir}/seaudit
|
||||
# replace absolute symlinks with relative symlinks
|
||||
ln -sf ../setools-%{setools_maj_ver}/qpol.jar ${RPM_BUILD_ROOT}/%{javajardir}/qpol.jar
|
||||
ln -sf ../setools-%{setools_maj_ver}/apol.jar ${RPM_BUILD_ROOT}/%{javajardir}/apol.jar
|
||||
ln -sf ../setools-%{setools_maj_ver}/poldiff.jar ${RPM_BUILD_ROOT}/%{javajardir}/poldiff.jar
|
||||
ln -sf ../setools-%{setools_maj_ver}/seaudit.jar ${RPM_BUILD_ROOT}/%{javajardir}/seaudit.jar
|
||||
ln -sf ../setools-%{setools_maj_ver}/sefs.jar ${RPM_BUILD_ROOT}/%{javajardir}/sefs.jar
|
||||
# remove static libs
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/*.a
|
||||
# ensure permissions are correct
|
||||
chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/*.so.*
|
||||
chmod 0755 ${RPM_BUILD_ROOT}/%{_libdir}/%{name}/*/*.so.*
|
||||
chmod 0755 ${RPM_BUILD_ROOT}/%{pkg_py_arch}/*.so.*
|
||||
chmod 0755 ${RPM_BUILD_ROOT}/%{setoolsdir}/seaudit-report-service
|
||||
chmod 0644 ${RPM_BUILD_ROOT}/%{tcllibdir}/*/pkgIndex.tcl
|
||||
%py3_install
|
||||
|
||||
%check
|
||||
%if %{?_with_check:1}%{!?_with_check:0}
|
||||
%{__python3} setup.py test
|
||||
%endif
|
||||
|
||||
%clean
|
||||
rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
|
||||
%files libs
|
||||
%defattr(-,root,root,-)
|
||||
%doc AUTHORS ChangeLog COPYING COPYING.GPL COPYING.LGPL KNOWN-BUGS NEWS README
|
||||
%{_libdir}/libqpol.so.*
|
||||
%{_libdir}/libapol.so.*
|
||||
%{_libdir}/libpoldiff.so.*
|
||||
%{_libdir}/libsefs.so.*
|
||||
%{_libdir}/libseaudit.so.*
|
||||
%dir %{setoolsdir}
|
||||
|
||||
%files libs-python
|
||||
%defattr(-,root,root,-)
|
||||
%{pkg_py_lib}/
|
||||
%ifarch x86_64 ppc64 sparc64 s390x
|
||||
%{pkg_py_arch}/
|
||||
%endif
|
||||
%{python_sitearch}/setools*.egg-info
|
||||
|
||||
%files libs-java
|
||||
%defattr(-,root,root,-)
|
||||
%{_libdir}/libjqpol.so.*
|
||||
%{_libdir}/libjapol.so.*
|
||||
%{_libdir}/libjpoldiff.so.*
|
||||
%{_libdir}/libjseaudit.so.*
|
||||
%{_libdir}/libjsefs.so.*
|
||||
%{setoolsdir}/*.jar
|
||||
%{javajardir}/*.jar
|
||||
|
||||
%files libs-tcl
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{tcllibdir}
|
||||
%{tcllibdir}/qpol/
|
||||
%{tcllibdir}/apol/
|
||||
%{tcllibdir}/poldiff/
|
||||
%{tcllibdir}/seaudit/
|
||||
%{tcllibdir}/sefs/
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
%{_libdir}/*.so
|
||||
%{_libdir}/pkgconfig/*
|
||||
%{_includedir}/qpol/
|
||||
%{_includedir}/apol/
|
||||
%{_includedir}/poldiff/
|
||||
%{_includedir}/seaudit/
|
||||
%{_includedir}/sefs/
|
||||
|
||||
%files console
|
||||
%defattr(-,root,root,-)
|
||||
%{_bindir}/seinfo
|
||||
%{_bindir}/sesearch
|
||||
%{_bindir}/indexcon
|
||||
%{_bindir}/findcon
|
||||
%{_bindir}/replcon
|
||||
%{_bindir}/sechecker
|
||||
%{_bindir}/sediff
|
||||
%{_bindir}/seaudit-report
|
||||
%{setoolsdir}/sechecker-profiles/
|
||||
%{setoolsdir}/sechecker_help.txt
|
||||
%{setoolsdir}/seaudit-report-service
|
||||
%{setoolsdir}/seaudit-report.conf
|
||||
%{setoolsdir}/seaudit-report.css
|
||||
%{_mandir}/man1/findcon.1.gz
|
||||
%{_mandir}/man1/indexcon.1.gz
|
||||
%{_mandir}/man1/replcon.1.gz
|
||||
%{_mandir}/man1/sechecker.1.gz
|
||||
%{_mandir}/man1/sediff.1.gz
|
||||
%{_mandir}/man1/seinfo.1.gz
|
||||
%{_mandir}/man1/sesearch.1.gz
|
||||
%{_mandir}/man8/seaudit-report.8.gz
|
||||
%{_bindir}/seinfo
|
||||
%{_bindir}/sesearch
|
||||
%{_mandir}/man1/sechecker*
|
||||
%{_mandir}/man1/sediff*
|
||||
%{_mandir}/man1/seinfo*
|
||||
%{_mandir}/man1/sesearch*
|
||||
%{_mandir}/ru/man1/sediff*
|
||||
%{_mandir}/ru/man1/seinfo*
|
||||
%{_mandir}/ru/man1/sesearch*
|
||||
|
||||
%files console-analyses
|
||||
%{_bindir}/sedta
|
||||
%{_bindir}/seinfoflow
|
||||
%{_mandir}/man1/sedta*
|
||||
%{_mandir}/man1/seinfoflow*
|
||||
%{_mandir}/ru/man1/sedta*
|
||||
%{_mandir}/ru/man1/seinfoflow*
|
||||
|
||||
%files -n python3-setools
|
||||
%license COPYING COPYING.GPL COPYING.LGPL
|
||||
%{python3_sitearch}/setools
|
||||
%{python3_sitearch}/setools-*
|
||||
|
||||
%files gui
|
||||
%defattr(-,root,root,-)
|
||||
%{_bindir}/seaudit
|
||||
%{_bindir}/sediffx
|
||||
%{_bindir}/apol
|
||||
%{tcllibdir}/apol_tcl/
|
||||
%{setoolsdir}/sediff_help.txt
|
||||
%{setoolsdir}/apol_help.txt
|
||||
%{setoolsdir}/domaintrans_help.txt
|
||||
%{setoolsdir}/file_relabel_help.txt
|
||||
%{setoolsdir}/infoflow_help.txt
|
||||
%{setoolsdir}/types_relation_help.txt
|
||||
%{setoolsdir}/apol_perm_mapping_*
|
||||
%{setoolsdir}/seaudit_help.txt
|
||||
%{setoolsdir}/*.glade
|
||||
%{setoolsdir}/*.png
|
||||
%{setoolsdir}/apol.gif
|
||||
%{setoolsdir}/dot_seaudit
|
||||
%{_mandir}/man1/apol.1.gz
|
||||
%{_mandir}/man1/sediffx.1.gz
|
||||
%{_mandir}/man8/seaudit.8.gz
|
||||
%{_sbindir}/seaudit
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/seaudit
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/seaudit
|
||||
%{_datadir}/applications/*
|
||||
%attr(0644,root,root) %{_datadir}/pixmaps/*.png
|
||||
|
||||
%post libs -p /sbin/ldconfig
|
||||
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%post libs-java -p /sbin/ldconfig
|
||||
|
||||
%postun libs-java -p /sbin/ldconfig
|
||||
|
||||
%post libs-tcl -p /sbin/ldconfig
|
||||
|
||||
%postun libs-tcl -p /sbin/ldconfig
|
||||
%{python3_sitearch}/setoolsgui
|
||||
%{_mandir}/man1/apol*
|
||||
%{_mandir}/ru/man1/apol*
|
||||
|
||||
%changelog
|
||||
* Mon Aug 20 2012 Dan Horák <dan[at]danny.cz> - 3.3.7-28
|
||||
- use autoreconf to rebuild all autotooled files (FTBFS)
|
||||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-27
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.4.0-8
|
||||
- Rebuilt for Python 3.11
|
||||
|
||||
* Wed Jul 11 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-26
|
||||
- mgrepl patch to Fix swig coding style for structures related to SWIG changes
|
||||
* Mon Jun 13 2022 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-7
|
||||
- Update required userspace versions to 3.4
|
||||
- Drop unnecessary Recommends
|
||||
|
||||
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-25
|
||||
- Fix swig coding style for structures related to SWIG changes
|
||||
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.4.0-6
|
||||
- Rebuilt for Python 3.11
|
||||
|
||||
* Wed May 2 2012 Dan Walsh <dwalsh@redhat.com> - 3.3.7-24
|
||||
- Revert setools current patch
|
||||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
- Rebuild to get latest libsepol which fixes the file_name transition problems
|
||||
- Use selinux_current_policy_path to read by default policy
|
||||
* Fri Nov 19 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-4
|
||||
- Make seinfo output predictable
|
||||
https://github.com/SELinuxProject/setools/issues/65
|
||||
|
||||
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-22
|
||||
- Rebuilt for c++ ABI breakage
|
||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-21
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 4.4.0-2
|
||||
- Rebuilt for Python 3.10
|
||||
|
||||
* Tue Dec 20 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-20
|
||||
- Rebuild to use latest libsepol
|
||||
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-1
|
||||
- SETools 4.4.0 release
|
||||
|
||||
* Wed Oct 26 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-19
|
||||
- Add ftrule*h in apol and qpol
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-0.3.20210121git16c0696
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Sep 21 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-18
|
||||
- Fix output to match input in policy
|
||||
* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
|
||||
- Rebuild with SELinux userspace 3.2-rc1
|
||||
- Update to 16c0696
|
||||
|
||||
* Tue Sep 20 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-17
|
||||
- Fix to build with latest libsepol
|
||||
- Show filename transition files
|
||||
* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
|
||||
- Fix imports in /usr/bin/sedta
|
||||
|
||||
* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-16
|
||||
- Rebuild for new sepol
|
||||
* Tue Nov 3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
|
||||
- Update to 05e90ee
|
||||
- Add /usr/bin/sechecker
|
||||
- Adapt to new libsepol filename transition structures
|
||||
- Rebuild with libsepol.so.2
|
||||
|
||||
* Fri Apr 15 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-15
|
||||
- Rebuild for new sepol
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sun Apr 9 2011 Dan Walsh <dwalsh@redhat.com> - 3.3.7-14
|
||||
- Rebuild for new sepol
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sun Feb 27 2011 Dennis Gilmore <dennis@ausil.us> - 3.3.7-13
|
||||
- switch in -fPIC in Makefile.am in prep stage
|
||||
* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-3
|
||||
- rebuild with SELinux userspace 3.1 release
|
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.7-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.3.0-2
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-10
|
||||
- Exit seinfo and sesearch with proper status
|
||||
* Thu Apr 2 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-1
|
||||
- SETools 4.3.0 release
|
||||
- Revised sediff method for TE rules. This drastically reduced memory and run time.
|
||||
- Added infiniband context support to seinfo, sediff, and apol.
|
||||
- Added apol configuration for location of Qt assistant.
|
||||
- Fixed sediff issue where properties header would display when not requested.
|
||||
- Fixed sediff issue with type_transition file name comparison.
|
||||
- Fixed permission map socket sendto information flow direction.
|
||||
- Added methods to TypeAttribute class to make it a complete Python collection.
|
||||
- Genfscon now will look up classes rather than using fixed values which
|
||||
were dropped from libsepol.
|
||||
|
||||
* Fri Nov 5 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-9
|
||||
- Rebuild for new libxml2
|
||||
* Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5
|
||||
- setools requires -console, -console-analyses and -gui packages (#1794314)
|
||||
|
||||
* Thu Oct 14 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-8
|
||||
- Return None when no records match python setools.sesearch
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Aug 19 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-7
|
||||
- Add range to ports in seinfo python
|
||||
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-3
|
||||
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||
|
||||
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-6
|
||||
- Return range with ports
|
||||
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-2
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Tue Aug 3 2010 Dan Walsh <dwalsh@redhat.com> 3.3.6-5
|
||||
- Add port support to setools python
|
||||
* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1}
|
||||
- SETools 4.2.2 release
|
||||
|
||||
* Mon Jul 26 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-4
|
||||
- fixup configure.ac to expect SWIG 2.0.0; bump the python version to 2.7 in
|
||||
patch 1
|
||||
* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
|
||||
- Use %set_build_flags instead of %optflags
|
||||
|
||||
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 3.3.7-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||
* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
|
||||
- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
|
||||
|
||||
* Wed May 12 2010 Chris PeBenito <cpebenito@tresys.com> 3.3.7-2
|
||||
- Add missing bzip2 dependencies.
|
||||
* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
|
||||
- SETools 4.2.1 release (#1581761, #1595582)
|
||||
|
||||
* Wed May 12 2010 Chris PeBenito <cpebenito@tresys.com> 3.3.7-1
|
||||
* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
|
||||
- Update source to SETools 4.2.0 release
|
||||
|
||||
* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
|
||||
- Update upstream source to 4.2.0-rc
|
||||
|
||||
* Wed Sep 19 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.2.beta
|
||||
- Require userspace release 2.8
|
||||
- setools-gui requires python3-setools
|
||||
- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
|
||||
- Drop python2 subpackage (4.2.0 no longer supports python2)
|
||||
|
||||
* Wed Aug 29 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-13
|
||||
- Add Requires for python[23]-setuptools - no longer required (just recommended)
|
||||
by python[23] (#1623371)
|
||||
|
||||
* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-12.1
|
||||
- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 4.1.1-10
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Thu Jun 14 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-9
|
||||
- Move gui python files to -gui subpackage
|
||||
|
||||
* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
|
||||
- Add support for SCTP protocol (#1568333)
|
||||
|
||||
* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
|
||||
- Update Python 2 dependency declarations to new packaging standards
|
||||
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Mon Sep 04 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-5
|
||||
- setools-python2 requires python2-enum34
|
||||
|
||||
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-4
|
||||
- Add Provides for the old name without %%_isa
|
||||
|
||||
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.1-3
|
||||
- Python 2 binary package renamed to python2-setools
|
||||
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
|
||||
- Python 3 binary package renamed to python3-setools
|
||||
|
||||
* Thu Aug 10 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-2
|
||||
- bswap_* macros are defined in byteswap.h
|
||||
|
||||
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-1
|
||||
- New upstream release
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Mon May 22 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-3
|
||||
- setools-python{,3} packages should have a weak dependency on libselinux-python{,3}
|
||||
(#1447747)
|
||||
|
||||
* Thu Feb 23 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-2
|
||||
- Move python networkx dependency to -gui and -console-analyses
|
||||
- Ship sedta and seinfoflow in setools-console-analyses
|
||||
|
||||
* Wed Feb 15 2017 Petr Lautrbach <plautrba@redhat.com> - 4.1.0-1
|
||||
- New upstream release.
|
||||
|
||||
* Tue Aug 11 2009 Dan Walsh <dwalsh@redhat.com> 3.3.6-4
|
||||
- Add python bindings for sesearch and seinfo
|
||||
|
||||
* Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.3.6-3
|
||||
- Fix qpol install of include files
|
||||
|
||||
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Wed Jul 22 2009 Chris PeBenito <cpebenito@tresys.com> 3.3.6-1
|
||||
- New upstream release.
|
||||
|
||||
* Sun Apr 5 2009 Dan Horák <dan[at]danny.cz> - 3.3.5-8
|
||||
- don't expect that java-devel resolves as gcj
|
||||
|
||||
* Sun Apr 5 2009 Dan Horák <dan[at]danny.cz> - 3.3.5-7
|
||||
- add support for s390x
|
||||
|
||||
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.3.5-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 3.3.5-5
|
||||
- Rebuild for Python 2.6
|
||||
|
||||
* Mon Dec 1 2008 Michael Schwendt <mschwendt@fedoraproject.org> - 3.3.5-4
|
||||
- Include %%tcllibdir directory in -libs-tcl package.
|
||||
|
||||
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 3.3.5-3
|
||||
- Rebuild for Python 2.6
|
||||
|
||||
* Wed Sep 17 2008 Dennis Gilmore <dennis@ausil.us> 3.3.5-2
|
||||
- fix building in sparc and s390 arches
|
||||
|
||||
* Tue Aug 26 2008 Chris PeBenito <cpebenito@tresys.com> 3.3.5-1
|
||||
- Update to upstream version 3.3.5.
|
||||
|
||||
* Wed Feb 27 2008 Chris PeBenito <cpebenito@tresys.com> 3.3.4-1
|
||||
- Fixes gcc 4.3, glibc 2.7, tcl 8.5, and libsepol 2.0.20 issues.
|
||||
- Fix policy loading when policy on disk is higher version than the kernel.
|
||||
|
||||
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 3.3.2-3
|
||||
- Autorebuild for GCC 4.3
|
||||
|
||||
* Tue Jan 29 2008 Chris Pebenito <cpebenito@tresys.com> 3.3.2-2.fc9
|
||||
- Bump to pick up new libsepol and policy 22.
|
||||
|
||||
* Wed Nov 28 2007 Chris Pebenito <cpebenito@tresys.com> 3.3.2-1.fc9
|
||||
- Update for 3.3.2.
|
||||
|
||||
* Thu Oct 18 2007 Chris PeBenito <cpebenito@tresys.com> 3.3.1-7.fc8
|
||||
- Rebuild to fix ppc64 issue.
|
||||
|
||||
* Wed Oct 17 2007 Chris PeBenito <cpebenito@tresys.com> 3.3.1-6.fc8
|
||||
- Update for 3.3.1.
|
||||
|
||||
* Tue Aug 28 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 3.2-4
|
||||
- Rebuild for selinux ppc32 issue.
|
||||
|
||||
* Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 3.2-3
|
||||
- Move to Tresys spec file
|
||||
|
||||
* Wed Jun 13 2007 Dan Walsh <dwalsh@redhat.com> 3.2-2
|
||||
- Bump for rebuild
|
||||
|
||||
* Mon Apr 30 2007 Dan Walsh <dwalsh@redhat.com> 3.2-1
|
||||
- Start shipping the rest of the setools command line apps
|
||||
|
||||
* Wed Apr 25 2007 Jason Tang <jtang@tresys.com> 3.2-0
|
||||
- update to SETools 3.2 release
|
||||
|
||||
* Mon Feb 02 2007 Jason Tang <jtang@tresys.com> 3.1-1
|
||||
- update to SETools 3.1 release
|
||||
|
||||
* Mon Oct 30 2006 Dan Walsh <dwalsh@redhat.com> 3.0-2.fc6
|
||||
- bump for fc6
|
||||
|
||||
* Thu Oct 26 2006 Dan Walsh <dwalsh@redhat.com> 3.0-2
|
||||
- Build on rawhide
|
||||
|
||||
* Sun Oct 15 2006 Dan Walsh <dwalsh@redhat.com> 3.0-1
|
||||
- Update to upstream
|
||||
|
||||
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
|
||||
- rebuild
|
||||
|
||||
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 2.4-2
|
||||
- Remove sqlite include directory
|
||||
|
||||
* Wed May 3 2006 Dan Walsh <dwalsh@redhat.com> 2.4-1
|
||||
- Update from upstream
|
||||
|
||||
* Mon Apr 10 2006 Dan Walsh <dwalsh@redhat.com> 2.3-3
|
||||
- Fix help
|
||||
- Add icons
|
||||
|
||||
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 2.3-2
|
||||
- Remove console apps for sediff, sediffx and apol
|
||||
|
||||
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.3-1.2
|
||||
- bump again for double-long bug on ppc(64)
|
||||
|
||||
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.3-1.1
|
||||
- rebuilt for new gcc4.1 snapshot and glibc changes
|
||||
|
||||
* Tue Jan 31 2006 Dan Walsh <dwalsh@redhat.com> 2.3-1
|
||||
- Update from upstream
|
||||
* apol:
|
||||
added new MLS components tab for sensitivities,
|
||||
levels, and categories.
|
||||
Changed users tab to support ranges and default
|
||||
levels.
|
||||
added range transition tab for searching range
|
||||
Transition rules.
|
||||
added new tab for network context components.
|
||||
added new tab for file system context components.
|
||||
* libapol:
|
||||
added binpol support for MLS, network contexts,
|
||||
and file system contexts.
|
||||
* seinfo:
|
||||
added command line options for MLS components.
|
||||
added command line options for network contexts
|
||||
and file system contexts.
|
||||
* sesearch:
|
||||
added command line option for searching for rules
|
||||
by conditional boolean name.
|
||||
* seaudit:
|
||||
added new column in the log view for the 'comm'
|
||||
field found in auditd log files.
|
||||
added filters for the 'comm' field and 'message'
|
||||
field.
|
||||
* manpages:
|
||||
added manpages for all tools.
|
||||
|
||||
|
||||
|
||||
* Fri Dec 16 2005 Jesse Keating <jkeating@redhat.com>
|
||||
- rebuilt for new gcj
|
||||
|
||||
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 2.2-4
|
||||
- Fix dessktop files
|
||||
- Apply fixes from bkyoung
|
||||
|
||||
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-3
|
||||
- Move more gui files out of base into gui
|
||||
|
||||
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-2
|
||||
- Move sediff from gui to main package
|
||||
|
||||
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 2.2-1
|
||||
- Upgrade to upstream version
|
||||
|
||||
* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 2.1.3-1
|
||||
- Upgrade to upstream version
|
||||
|
||||
* Mon Oct 10 2005 Tomas Mraz <tmraz@redhat.com> 2.1.2-3
|
||||
- use include instead of pam_stack in pam config
|
||||
|
||||
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-2
|
||||
- Fix spec file
|
||||
|
||||
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
|
||||
- Upgrade to upstream version
|
||||
|
||||
* Thu Aug 18 2005 Florian La Roche <laroche@redhat.com>
|
||||
- do not package debug files into the -devel package
|
||||
|
||||
* Wed Aug 17 2005 Jeremy Katz <katzj@redhat.com> - 2.1.1-3
|
||||
- rebuild against new cairo
|
||||
|
||||
* Wed May 25 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-0
|
||||
- Upgrade to upstream version
|
||||
|
||||
* Mon May 23 2005 Bill Nottingham <notting@redhat.com> 2.1.0-5
|
||||
- put libraries in the right place (also puts debuginfo in the right
|
||||
package)
|
||||
- add %%defattr for -devel too
|
||||
|
||||
* Thu May 12 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-4
|
||||
- Move sepcut to gui apps.
|
||||
|
||||
* Fri May 6 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-3
|
||||
- Fix Missing return code.
|
||||
|
||||
* Wed Apr 20 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-2
|
||||
- Fix requires line
|
||||
|
||||
* Tue Apr 19 2005 Dan Walsh <dwalsh@redhat.com> 2.1.0-1
|
||||
- Update to latest from tresys
|
||||
|
||||
* Tue Apr 5 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-2
|
||||
- Fix buildrequires lines in spec file
|
||||
|
||||
* Tue Mar 2 2005 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
|
||||
- Update to latest from tresys
|
||||
|
||||
* Mon Nov 29 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-6
|
||||
- add FALLBACK=true to /etc/security/console.apps/apol
|
||||
|
||||
* Wed Nov 10 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-3
|
||||
- Add badtcl patch from Tresys.
|
||||
|
||||
* Mon Nov 8 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-2
|
||||
- Apply malloc problem patch provided by Sami Farin
|
||||
|
||||
* Mon Nov 1 2004 Dan Walsh <dwalsh@redhat.com> 1.5.1-1
|
||||
- Update to latest from Upstream
|
||||
|
||||
* Wed Oct 6 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-5
|
||||
- Update tresys patch
|
||||
|
||||
* Mon Oct 4 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-4
|
||||
- Fix directory ownership
|
||||
|
||||
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.4.1-1
|
||||
- Latest from Tresys
|
||||
|
||||
* Wed Jun 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
|
||||
- Add build requires libselinux
|
||||
|
||||
* Tue Jun 22 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
|
||||
- Add support for policy.18
|
||||
|
||||
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Thu Jun 10 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
|
||||
- Fix install locations of policy_src_dir
|
||||
|
||||
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 1.4-1
|
||||
- Update to latest from TRESYS.
|
||||
|
||||
* Tue Jun 1 2004 Dan Walsh <dwalsh@redhat.com> 1.3-3
|
||||
- Make changes to work with targeted/strict policy
|
||||
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-2
|
||||
- Take out requirement for policy file
|
||||
|
||||
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1
|
||||
- Fix doc location
|
||||
|
||||
* Fri Apr 16 2004 Dan Walsh <dwalsh@redhat.com> 1.3-1
|
||||
- Latest from TRESYS
|
||||
|
||||
* Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-8
|
||||
- fix location of policy.conf file
|
||||
|
||||
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-7
|
||||
- Obsolete setools-devel
|
||||
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-6
|
||||
- Fix location of
|
||||
* Tue Apr 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-5
|
||||
- Remove devel libraries
|
||||
- Fix installdir for lib64
|
||||
|
||||
* Sat Apr 3 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-4
|
||||
- Add usr_t file read to policy
|
||||
|
||||
* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-3
|
||||
- Use tcl8.4
|
||||
|
||||
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-1
|
||||
- New patch
|
||||
|
||||
* Fri Feb 6 2004 Dan Walsh <dwalsh@redhat.com> 1.2-1
|
||||
- Latest upstream version
|
||||
|
||||
* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1.1-1
|
||||
- New version from upstream
|
||||
- Remove seuser.te. Now in policy file.
|
||||
|
||||
* Tue Dec 30 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
|
||||
- Add Defattr to devel
|
||||
- move libs to base kit
|
||||
|
||||
* Fri Dec 19 2003 Dan Walsh <dwalsh@redhat.com> 1.1-1
|
||||
- Update to latest code from tresys
|
||||
- Break into three separate packages for cmdline, devel and gui
|
||||
- Incorporate the tcl patch
|
||||
|
||||
* Mon Dec 15 2003 Jens Petersen <petersen@redhat.com> - 1.0.1-3
|
||||
- apply setools-1.0.1-tcltk.patch to build against tcl/tk 8.4
|
||||
- buildrequire tk-devel
|
||||
|
||||
* Thu Nov 20 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-2
|
||||
- Add Bwidgets to this RPM
|
||||
|
||||
* Tue Nov 4 2003 Dan Walsh <dwalsh@redhat.com> 1.0.1-1
|
||||
- Upgrade to 1.0.1
|
||||
|
||||
* Wed Oct 15 2003 Dan Walsh <dwalsh@redhat.com> 1.0-6
|
||||
- Clean up build
|
||||
|
||||
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.0-5
|
||||
- Update with correct seuser.te
|
||||
|
||||
* Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.0-4
|
||||
- Update with final release from Tresys
|
||||
|
||||
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
|
||||
- Initial version
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
206d1b31d1dda4ace2fbf6ce02d13814 setools-3.3.7.tar.bz2
|
||||
SHA512 (4.4.0.tar.gz) = 4033ce54213e47e3afd1bdb03b99b0ee3d977f085310d746b34dcfcfe48ac3a562ae0aa2f730d629a298b56dbf295ad219669d13f82578521866b465f8c976e8
|
||||
|
@ -0,0 +1,63 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
|
||||
# Description: Make sure setools requires setools-console and setools-gui
|
||||
# Author: Vit Mojzis <vmojzis@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2020 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Make sure setools requires setools-console and setools-gui" >> $(METADATA)
|
||||
@echo "Type: Regression" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: setools" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Bug: 1820078" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
54
tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh
Executable file
54
tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh
Executable file
@ -0,0 +1,54 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools
|
||||
# Description: Make sure setools requires setools-console and setools-gui
|
||||
# Author: Vit Mojzis <vmojzis@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2020 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="setools"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console"
|
||||
OUTPUT_FILE=`mktemp`
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "bz#1820078"
|
||||
rlRun "dnf -y install ${PACKAGE}" 0
|
||||
rlAssertRpm "${PACKAGE}-gui"
|
||||
rlAssertRpm "${PACKAGE}-console"
|
||||
# make sure that setools-* packages do not require setools
|
||||
rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1
|
||||
rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1
|
||||
if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rm -f ${OUTPUT_FILE}
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
63
tests/Sanity/sedta/Makefile
Normal file
63
tests/Sanity/sedta/Makefile
Normal file
@ -0,0 +1,63 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/setools/Sanity/sedta
|
||||
# Description: Does sedta work as expected? Does it support all features?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/setools/Sanity/sedta
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Milos Malik <mmalik@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Does sedta work as expected? Does it support all features?" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 1h" >> $(METADATA)
|
||||
@echo "RunFor: setools" >> $(METADATA)
|
||||
@echo "Requires: policycoreutils setools-console-analyses" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
||||
|
3
tests/Sanity/sedta/PURPOSE
Normal file
3
tests/Sanity/sedta/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
||||
PURPOSE of /CoreOS/setools/Sanity/sedta
|
||||
Description: Does sedta work as expected? Does it support all features?
|
||||
Author: Milos Malik <mmalik@redhat.com>
|
88
tests/Sanity/sedta/runtest.sh
Executable file
88
tests/Sanity/sedta/runtest.sh
Executable file
@ -0,0 +1,88 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/setools/Sanity/sedta
|
||||
# Description: Does sedta work as expected? Does it support all features?
|
||||
# Author: Milos Malik <mmalik@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2019 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="setools"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm ${PACKAGE}-console-analyses
|
||||
OUTPUT_FILE=`mktemp`
|
||||
rlRun "semodule -i testpolicy.cil"
|
||||
rlRun "semodule -l | grep testpolicy"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "invalid values"
|
||||
rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1
|
||||
rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1
|
||||
rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1
|
||||
rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1
|
||||
rlRun "grep -i 'must be positive' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "valid values"
|
||||
# transitivity
|
||||
rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
# reflexivity
|
||||
rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
# path is longer than limit
|
||||
rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
# non-existent relation
|
||||
rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
# non-existent relation
|
||||
rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}"
|
||||
rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "semodule -r testpolicy"
|
||||
rlRun "semodule -l | grep testpolicy" 1
|
||||
rm -f ${OUTPUT_FILE}
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
|
21
tests/Sanity/sedta/testpolicy.cil
Normal file
21
tests/Sanity/sedta/testpolicy.cil
Normal file
@ -0,0 +1,21 @@
|
||||
( type xyz_t )
|
||||
|
||||
( type first_t )
|
||||
( type first_exec_t )
|
||||
( type second_t )
|
||||
( type second_exec_t )
|
||||
( type third_t )
|
||||
( type third_exec_t )
|
||||
|
||||
( typetransition first_t second_exec_t process second_t )
|
||||
( typetransition second_t third_exec_t process third_t )
|
||||
|
||||
( allow first_t second_exec_t ( file ( getattr open read execute )))
|
||||
( allow first_t second_t ( process ( transition )))
|
||||
( allow second_t third_exec_t ( file ( getattr open read execute )))
|
||||
( allow second_t third_t ( process ( transition )))
|
||||
|
||||
( allow first_t first_exec_t ( file ( entrypoint )))
|
||||
( allow second_t second_exec_t ( file ( entrypoint )))
|
||||
( allow third_t third_exec_t ( file ( entrypoint )))
|
||||
|
64
tests/Sanity/seinfo-consistent-output/Makefile
Normal file
64
tests/Sanity/seinfo-consistent-output/Makefile
Normal file
@ -0,0 +1,64 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of Sanity/seinfo-consistent-output
|
||||
# Description: Check whether different 2 or more runs of same seinfo commands produce same output
|
||||
# Author: Petr Lautrbach <plautrba@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2021 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=Sanity/seinfo-consistent-output
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: setools" >> $(METADATA)
|
||||
@echo "Requires: setools-console" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2+" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
@echo "Bug: 2019962" >> $(METADATA)
|
||||
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
3
tests/Sanity/seinfo-consistent-output/PURPOSE
Normal file
3
tests/Sanity/seinfo-consistent-output/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
||||
PURPOSE of Sanity/seinfo-consistent-output
|
||||
Description: Check whether different 2 or more runs of same seinfo commands produce same output
|
||||
Author: Petr Lautrbach <plautrba@redhat.com>
|
64
tests/Sanity/seinfo-consistent-output/runtest.sh
Executable file
64
tests/Sanity/seinfo-consistent-output/runtest.sh
Executable file
@ -0,0 +1,64 @@
|
||||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of Sanity/seinfo-consistent-output
|
||||
# Description: Check whether different 2 or more runs of same seinfo commands produce same output
|
||||
# Author: Petr Lautrbach <plautrba@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2021 Red Hat, Inc.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation, either version 2 of
|
||||
# the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="setools-console"
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlAssertRpm $PACKAGE
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlPhaseEnd
|
||||
|
||||
commands=(
|
||||
"seinfo --all -x"
|
||||
"seinfo --constrain"
|
||||
"seinfo --common"
|
||||
"seinfo -c -x"
|
||||
"seinfo -r -x"
|
||||
"seinfo -u -x"
|
||||
)
|
||||
|
||||
for c in "${commands[@]}"; do
|
||||
|
||||
rlPhaseStartTest "$c"
|
||||
rlRun "$c > 1.out"
|
||||
rlRun "$c > 2.out"
|
||||
rlRun "cmp 1.out 2.out" 0
|
||||
rlPhaseEnd
|
||||
done
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
22
tests/tests.yml
Normal file
22
tests/tests.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
# Test to run in classic context
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
repositories:
|
||||
- repo: "https://src.fedoraproject.org/tests/selinux.git"
|
||||
dest: "selinux"
|
||||
fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy"
|
||||
|
||||
# Test to run in classic context
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
tests:
|
||||
- Sanity/sedta
|
||||
- Regression/The-setools-package-doesn-t-install-any-tools
|
||||
- Sanity/seinfo-consistent-output
|
Loading…
Reference in New Issue
Block a user