diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index beda037..cb47e5f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -680134,7 +680134,7 @@ index 28a9022..90b142e 100644 +usage: semanage [-h] + diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py -index 85bc37f..c78b6ef 100644 +index 85bc37f..70bbaed 100644 --- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py @@ -1,5 +1,5 @@ @@ -680144,6 +680144,15 @@ index 85bc37f..c78b6ef 100644 # see file 'COPYING' for use and warranty information # # semanage is a tool for managing SELinux configuration files +@@ -21,7 +21,7 @@ + # + # + +-import pwd, grp, string, selinux, tempfile, os, re, sys, stat ++import pwd, grp, string, selinux, os, re, sys, stat + from semanage import *; + PROGNAME = "policycoreutils" + import sepolicy @@ -32,32 +32,47 @@ from IPy import IP import gettext gettext.bindtextdomain(PROGNAME, "/usr/share/locale") @@ -680153,10 +680162,10 @@ index 85bc37f..c78b6ef 100644 -except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode -+ -+import gettext +translation=gettext.translation(PROGNAME, localedir = "/usr/share/locale", fallback=True) +_=translation.ugettext ++ ++is_mls_enabled = True import syslog @@ -680207,20 +680216,28 @@ index 85bc37f..c78b6ef 100644 if sename != "": message += " sename=" + sename if oldsename != "": -@@ -270,6 +285,12 @@ class moduleRecords(semanageRecords): +@@ -270,21 +285,31 @@ class moduleRecords(semanageRecords): l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod))) return l +- def list(self, heading = 1, locallist = 0): +- all = self.get_all() +- if len(all) == 0: + def customized(self): -+ all = self.get_all() -+ if len(all) == 0: ++ ALL = self.get_all() ++ if len(ALL) == 0: + return -+ return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, all)) ++ return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, ALL)) + - def list(self, heading = 1, locallist = 0): - all = self.get_all() - if len(all) == 0: -@@ -281,10 +302,14 @@ class moduleRecords(semanageRecords): ++ def list(self, heading = True, locallist = False): ++ ALL = self.get_all() ++ if len(ALL) == 0: + return + + if heading: + print "\n%-25s%-10s\n" % (_("Modules Name"), _("Version")) +- for t in all: ++ for t in ALL: if t[2] == 0: disabled = _("Disabled") else: @@ -680235,6 +680252,15 @@ index 85bc37f..c78b6ef 100644 rc = semanage_module_install_file(self.sh, file); if rc >= 0: self.commit() +@@ -312,7 +337,7 @@ class moduleRecords(semanageRecords): + self.commit() + + def modify(self, file): +- rc = semanage_module_update_file(self.sh, file); ++ rc = semanage_module_upgrade_file(self.sh, file); + if rc >= 0: + self.commit() + @@ -324,6 +349,11 @@ class moduleRecords(semanageRecords): self.commit() @@ -680247,6 +680273,83 @@ index 85bc37f..c78b6ef 100644 class dontauditClass(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) +@@ -332,7 +362,7 @@ class dontauditClass(semanageRecords): + if dontaudit not in [ "on", "off" ]: + raise ValueError(_("dontaudit requires either 'on' or 'off'")) + self.begin() +- rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off") ++ semanage_set_disable_dontaudit(self.sh, dontaudit == "off") + self.commit() + + class permissiveRecords(semanageRecords): +@@ -352,26 +382,27 @@ class permissiveRecords(semanageRecords): + l.append(name.split("permissive_")[1]) + return l + +- def list(self, heading = 1, locallist = 0): +- all = map(lambda y: y["name"], filter(lambda x: x["permissive"], sepolicy.info(sepolicy.TYPE))) +- if len(all) == 0: ++ def list(self, heading = True, locallist = False): ++ ALL = map(lambda y: y["name"], filter(lambda x: x["permissive"], sepolicy.info(sepolicy.TYPE))) ++ if len(ALL) == 0: + return + +- if heading: +- print "\n%-25s\n" % (_("Builtin Permissive Types")) + customized = self.get_all() +- for t in all: +- if t not in customized: +- print t +- +- if len(customized) == 0: +- return +- + if heading: + print "\n%-25s\n" % (_("Customized Permissive Types")) + for t in customized: + print t + ++ if locallist: ++ return ++ ++ if heading: ++ print "\n%-25s\n" % (_("Builtin Permissive Types")) ++ ++ for t in ALL: ++ if t not in customized: ++ print t ++ + def add(self, type): + import glob + try: +@@ -427,8 +458,7 @@ permissive %s; + def deleteall(self): + l = self.get_all() + if len(l) > 0: +- all = " ".join(l) +- self.delete(all) ++ self.delete(" ".join(l)) + + class loginRecords(semanageRecords): + def __init__(self, store = ""): +@@ -444,14 +474,14 @@ class loginRecords(semanageRecords): + sename = "user_u" + + userrec = seluserRecords() +- range, (rc, oldserole) = userrec.get(self.oldsename) +- range, (rc, serole) = userrec.get(sename) ++ RANGE, (rc, oldserole) = userrec.get(self.oldsename) ++ RANGE, (rc, serole) = userrec.get(sename) + + if is_mls_enabled == 1: + if serange != "": + serange = untranslate(serange) + else: +- serange = range ++ serange = RANGE + + (rc, k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: @@ -461,7 +491,9 @@ class loginRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) @@ -680258,6 +680361,63 @@ index 85bc37f..c78b6ef 100644 if name[0] == '%': try: grp.getgrnam(name[1:]) +@@ -513,17 +545,17 @@ class loginRecords(semanageRecords): + raise ValueError(_("Requires seuser or serange")) + + userrec = seluserRecords() +- range, (rc, oldserole) = userrec.get(self.oldsename) ++ RANGE, (rc, oldserole) = userrec.get(self.oldsename) + + if sename != "": +- range, (rc, serole) = userrec.get(sename) ++ RANGE, (rc, serole) = userrec.get(sename) + else: + serole=oldserole + + if serange != "": + self.serange=serange + else: +- self.serange=range ++ self.serange=RANGE + + (rc, k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: +@@ -569,7 +601,7 @@ class loginRecords(semanageRecords): + def __delete(self, name): + rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name) + userrec = seluserRecords() +- range, (rc, oldserole) = userrec.get(self.oldsename) ++ RANGE, (rc, oldserole) = userrec.get(self.oldsename) + + (rc, k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: +@@ -594,7 +626,7 @@ class loginRecords(semanageRecords): + semanage_seuser_key_free(k) + + rec, self.sename, self.serange = selinux.getseuserbyname("__default__") +- range, (rc, serole) = userrec.get(self.sename) ++ RANGE, (rc, serole) = userrec.get(self.sename) + + self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange); + +@@ -637,7 +669,7 @@ class loginRecords(semanageRecords): + pass + return ddict + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + ddict = {} + if locallist: + (rc, self.ulist) = semanage_seuser_list_local(self.sh) +@@ -660,7 +692,7 @@ class loginRecords(semanageRecords): + l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k)) + return l + +- def list(self,heading = 1, locallist = 0): ++ def list(self,heading = True, locallist = False): + ddict = self.get_all(locallist) + ldict = self.get_all_logins() + lkeys = ldict.keys() @@ -731,7 +763,8 @@ class seluserRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) @@ -680282,11 +680442,28 @@ index 85bc37f..c78b6ef 100644 rc = semanage_user_set_prefix(self.sh, u, prefix) if rc < 0: - raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) -+ raise ValueError(_("Could not add prefix %(ROLE)s for %(PREFIX)s") % {"ROLE":r, "PREFIX": prefix)) ++ raise ValueError(_("Could not add prefix %(ROLE)s for %(PREFIX)s") % {"ROLE":r, "PREFIX": prefix}) (rc, key) = semanage_user_key_extract(self.sh,u) if rc < 0: raise ValueError(_("Could not extract key for %s") % name) -@@ -928,7 +961,7 @@ class seluserRecords(semanageRecords): +@@ -770,7 +803,6 @@ class seluserRecords(semanageRecords): + self.mylog.log("seuser", sename=name, serole=",".join(roles), serange=serange) + + def add(self, name, roles, selevel, serange, prefix): +- serole = " ".join(roles) + try: + self.begin() + self.__add( name, roles, selevel, serange, prefix) +@@ -902,7 +934,7 @@ class seluserRecords(semanageRecords): + self.mylog.commit(0) + raise error + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + ddict = {} + if locallist: + (rc, self.ulist) = semanage_user_list_local(self.sh) +@@ -928,10 +960,10 @@ class seluserRecords(semanageRecords): keys = ddict.keys() keys.sort() for k in keys: @@ -680294,8 +680471,12 @@ index 85bc37f..c78b6ef 100644 + l.append("-a -l %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k)) return l - def list(self, heading = 1, locallist = 0): -@@ -982,7 +1015,7 @@ class portRecords(semanageRecords): +- def list(self, heading = 1, locallist = 0): ++ def list(self, heading = True, locallist = False): + ddict = self.get_all(locallist) + keys = ddict.keys() + if len(keys) == 0: +@@ -982,7 +1014,7 @@ class portRecords(semanageRecords): (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d) if rc < 0: @@ -680304,7 +680485,7 @@ index 85bc37f..c78b6ef 100644 return ( k, proto_d, low, high ) def __add(self, port, proto, serange, type): -@@ -999,47 +1032,49 @@ class portRecords(semanageRecords): +@@ -999,47 +1031,49 @@ class portRecords(semanageRecords): raise ValueError(_("Type %s is invalid, must be a port type") % type) ( k, proto_d, low, high ) = self.__genkey(port, proto) @@ -680366,7 +680547,7 @@ index 85bc37f..c78b6ef 100644 semanage_context_free(con) semanage_port_key_free(k) -@@ -1064,13 +1099,13 @@ class portRecords(semanageRecords): +@@ -1064,13 +1098,13 @@ class portRecords(semanageRecords): (rc, exists) = semanage_port_exists(self.sh, k) if rc < 0: @@ -680383,7 +680564,7 @@ index 85bc37f..c78b6ef 100644 con = semanage_port_get_con(p) -@@ -1081,7 +1116,7 @@ class portRecords(semanageRecords): +@@ -1081,7 +1115,7 @@ class portRecords(semanageRecords): rc = semanage_port_modify_local(self.sh, k, p) if rc < 0: @@ -680392,7 +680573,7 @@ index 85bc37f..c78b6ef 100644 semanage_port_key_free(k) semanage_port_free(p) -@@ -1119,19 +1154,19 @@ class portRecords(semanageRecords): +@@ -1119,19 +1153,19 @@ class portRecords(semanageRecords): ( k, proto_d, low, high ) = self.__genkey(port, proto) (rc, exists) = semanage_port_exists(self.sh, k) if rc < 0: @@ -680417,7 +680598,34 @@ index 85bc37f..c78b6ef 100644 semanage_port_key_free(k) -@@ -1274,7 +1309,8 @@ class nodeRecords(semanageRecords): +@@ -1140,7 +1174,7 @@ class portRecords(semanageRecords): + self.__delete(port, proto) + self.commit() + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + ddict = {} + if locallist: + (rc, self.plist) = semanage_port_list_local(self.sh) +@@ -1162,7 +1196,7 @@ class portRecords(semanageRecords): + ddict[(low, high, proto_str)] = (ctype, level) + return ddict + +- def get_all_by_type(self, locallist = 0): ++ def get_all_by_type(self, locallist = False): + ddict = {} + if locallist: + (rc, self.plist) = semanage_port_list_local(self.sh) +@@ -1200,7 +1234,7 @@ class portRecords(semanageRecords): + l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1])) + return l + +- def list(self, heading = 1, locallist = 0): ++ def list(self, heading = True, locallist = False): + ddict = self.get_all_by_type(locallist) + keys = ddict.keys() + if len(keys) == 0: +@@ -1274,7 +1308,8 @@ class nodeRecords(semanageRecords): (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -680427,7 +680635,25 @@ index 85bc37f..c78b6ef 100644 (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1475,7 +1511,8 @@ class interfaceRecords(semanageRecords): +@@ -1406,7 +1441,7 @@ class nodeRecords(semanageRecords): + self.__delete(semanage_node_get_addr(self.sh, node)[1], semanage_node_get_mask(self.sh, node)[1], self.protocol[semanage_node_get_proto(node)]) + self.commit() + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + ddict = {} + if locallist : + (rc, self.ilist) = semanage_node_list_local(self.sh) +@@ -1433,7 +1468,7 @@ class nodeRecords(semanageRecords): + l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2],ddict[k][2], k[0])) + return l + +- def list(self, heading = 1, locallist = 0): ++ def list(self, heading = True, locallist = False): + ddict = self.get_all(locallist) + keys = ddict.keys() + if len(keys) == 0: +@@ -1475,7 +1510,8 @@ class interfaceRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -680437,7 +680663,25 @@ index 85bc37f..c78b6ef 100644 (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1643,6 +1680,7 @@ class fcontextRecords(semanageRecords): +@@ -1599,7 +1635,7 @@ class interfaceRecords(semanageRecords): + self.__delete(semanage_iface_get_name(i)) + self.commit() + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + ddict = {} + if locallist: + (rc, self.ilist) = semanage_iface_list_local(self.sh) +@@ -1623,7 +1659,7 @@ class interfaceRecords(semanageRecords): + l.append("-a -t %s %s" % (ddict[k][2], k)) + return l + +- def list(self, heading = 1, locallist = 0): ++ def list(self, heading = True, locallist = False): + ddict = self.get_all(locallist) + keys = ddict.keys() + if len(keys) == 0: +@@ -1643,6 +1679,7 @@ class fcontextRecords(semanageRecords): try: valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"] valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"] @@ -680445,7 +680689,7 @@ index 85bc37f..c78b6ef 100644 except RuntimeError: valid_types = [] -@@ -1696,6 +1734,12 @@ class fcontextRecords(semanageRecords): +@@ -1696,6 +1733,12 @@ class fcontextRecords(semanageRecords): def add_equal(self, target, substitute): self.begin() @@ -680458,7 +680702,7 @@ index 85bc37f..c78b6ef 100644 if target in self.equiv.keys(): raise ValueError(_("Equivalence class for %s already exists") % target) self.validate(target) -@@ -1703,7 +1747,7 @@ class fcontextRecords(semanageRecords): +@@ -1703,7 +1746,7 @@ class fcontextRecords(semanageRecords): for fdict in (self.equiv, self.equiv_dist): for i in fdict: if i.startswith(target + "/"): @@ -680467,12 +680711,12 @@ index 85bc37f..c78b6ef 100644 self.equiv[target] = substitute self.equal_ind = True -@@ -1748,12 +1792,18 @@ class fcontextRecords(semanageRecords): +@@ -1748,12 +1791,18 @@ class fcontextRecords(semanageRecords): for i in fdict: if target.startswith(i+"/"): t = re.sub(i, fdict[i], target) - raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t)) -+ raise ValueError(_("File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' instead") % {"TARGET":target, "SOURCE": i, "DEST":fdict[i], "DEST1": t)) ++ raise ValueError(_("File spec %(TARGET)s conflicts with equivalency rule '%(SOURCE)s %(DEST)s'; Try adding '%(DEST1)s' instead") % {"TARGET":target, "SOURCE": i, "DEST":fdict[i], "DEST1": t}) - def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"): @@ -680488,7 +680732,7 @@ index 85bc37f..c78b6ef 100644 if is_mls_enabled == 1: serange = untranslate(serange) -@@ -1777,7 +1827,8 @@ class fcontextRecords(semanageRecords): +@@ -1777,7 +1826,8 @@ class fcontextRecords(semanageRecords): raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -680498,7 +680742,16 @@ index 85bc37f..c78b6ef 100644 (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1966,11 +2017,11 @@ class fcontextRecords(semanageRecords): +@@ -1932,7 +1982,7 @@ class fcontextRecords(semanageRecords): + self.__delete( target, ftype) + self.commit() + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + if locallist: + (rc, self.flist) = semanage_fcontext_list_local(self.sh) + else: +@@ -1966,14 +2016,14 @@ class fcontextRecords(semanageRecords): keys.sort() for k in keys: if fcon_dict[k]: @@ -680511,17 +680764,30 @@ index 85bc37f..c78b6ef 100644 + l.append("-a -e %s %s" % (self.equiv[target], target)) return l - def list(self, heading = 1, locallist = 0 ): -@@ -2068,7 +2119,7 @@ class booleanRecords(semanageRecords): +- def list(self, heading = 1, locallist = 0 ): ++ def list(self, heading = True, locallist = False ): + fcon_dict = self.get_all(locallist) + keys = fcon_dict.keys() + if len(keys) != 0: +@@ -2068,7 +2118,7 @@ class booleanRecords(semanageRecords): try: boolname, val = b.split("=") except ValueError: - raise ValueError(_("Bad format %s: Record %s" % ( name, b) )) -+ raise ValueError(_("Bad format %(BOOLNAME)s: Record %(VALUE)s" % { "BOOLNAME": name, "VALUE": b) )) ++ raise ValueError(_("Bad format %(BOOLNAME)s: Record %(VALUE)s" % { "BOOLNAME": name, "VALUE": b } )) self.__mod(boolname.strip(), val.strip()) fd.close() else: -@@ -2156,7 +2207,7 @@ class booleanRecords(semanageRecords): +@@ -2118,7 +2168,7 @@ class booleanRecords(semanageRecords): + + self.commit() + +- def get_all(self, locallist = 0): ++ def get_all(self, locallist = False): + ddict = {} + if locallist: + (rc, self.blist) = semanage_bool_list_local(self.sh) +@@ -2156,7 +2206,7 @@ class booleanRecords(semanageRecords): keys.sort() for k in keys: if ddict[k]: @@ -682556,7 +682822,7 @@ index b25d3b2..2d61ad7 100755 sys.exit(0) + diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py -index 5e7415c..a6d9088 100644 +index 5e7415c..6152424 100644 --- a/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py @@ -1,12 +1,15 @@ @@ -682576,7 +682842,7 @@ index 5e7415c..a6d9088 100644 gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.textdomain(PROGNAME) try: -@@ -37,16 +40,384 @@ CLASS = 'class' +@@ -37,16 +40,385 @@ CLASS = 'class' TRANSITION = 'transition' ROLE_ALLOW = 'role_allow' @@ -682585,19 +682851,20 @@ index 5e7415c..a6d9088 100644 + dict_list = _policy.info(setype, name) + return dict_list + -+def search(types, info = {} ): ++def search(types, info = {}): ++ seinfo = info + valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] -+ for type in types: -+ if type not in valid_types: ++ for setype in types: ++ if setype not in valid_types: + raise ValueError("Type has to be in %s" % valid_types) -+ info[type] = True ++ seinfo[setype] = True + + perms = [] -+ if PERMS in info: ++ if PERMS in seinfo: + perms = info[PERMS] -+ info[PERMS] = ",".join(info[PERMS]) ++ seinfo[PERMS] = ",".join(seinfo[PERMS]) + -+ dict_list = _policy.search(info) ++ dict_list = _policy.search(seinfo) + if dict_list and len(perms) != 0: + dict_list = filter(lambda x: _dict_has_perms(x, perms), dict_list) + return dict_list @@ -682964,7 +683231,7 @@ index 5e7415c..a6d9088 100644 all_types = None def get_all_types(): global all_types -@@ -54,23 +425,31 @@ def get_all_types(): +@@ -54,23 +426,31 @@ def get_all_types(): all_types = map(lambda x: x['name'], info(TYPE)) return all_types @@ -683009,7 +683276,7 @@ index 5e7415c..a6d9088 100644 all_domains = [] types=get_all_types() types.sort() -@@ -81,138 +460,366 @@ def get_all_entrypoint_domains(): +@@ -81,138 +461,366 @@ def get_all_entrypoint_domains(): all_domains.append(m[0]) return all_domains @@ -683460,7 +683727,7 @@ index 5e7415c..a6d9088 100644 def boolean_category(boolean): booleans_dict = gen_bool_dict() -@@ -233,18 +840,58 @@ def get_os_version(): +@@ -233,18 +841,58 @@ def get_os_version(): os_version = "" pkg_name = "selinux-policy" try: @@ -687251,10 +687518,10 @@ index 0000000..344b3d7 + - SELinux does not block access. + diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py -index 8b063ca..c7dac62 100644 +index 8b063ca..53e4dc2 100644 --- a/policycoreutils/sepolicy/sepolicy/interface.py +++ b/policycoreutils/sepolicy/sepolicy/interface.py -@@ -21,15 +21,13 @@ +@@ -21,15 +21,12 @@ # 02111-1307 USA # # @@ -687267,14 +687534,13 @@ index 8b063ca..c7dac62 100644 ADMIN_TRANSITION_INTERFACE = "_admin$" USER_TRANSITION_INTERFACE = "_role$" -from sepolicy.generate import get_all_types -+import selinux -__all__ = [ 'get', 'get_admin', 'get_user' ] +__all__ = [ 'get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_user' ,'get_interface_dict', 'get_interface_format_text', 'get_interface_compile_format_text', 'get_xml_file', 'interface_compile_test' ] ## ## I18N -@@ -48,34 +46,173 @@ except IOError: +@@ -48,34 +45,173 @@ except IOError: import __builtin__ __builtin__.__dict__['_'] = unicode @@ -687297,8 +687563,8 @@ index 8b063ca..c7dac62 100644 +def get_interfaces_from_xml(path): + """ Get all interfaces from given xml file""" + interfaces_list = [] -+ interface_dict = get_interface_dict(path) -+ for k in interface_dict.keys(): ++ idict = get_interface_dict(path) ++ for k in idict.keys(): + interfaces_list.append(k) + return interfaces_list + @@ -687324,8 +687590,8 @@ index 8b063ca..c7dac62 100644 + if path: + try: + xml_path = get_xml_file(path) -+ interface_dict = get_interface_dict(xml_path) -+ for k in interface_dict.keys(): ++ idict = get_interface_dict(xml_path) ++ for k in idict.keys(): + if k.endswith("_admin"): + admin_list.append(k) + except IOError, e: @@ -687351,8 +687617,8 @@ index 8b063ca..c7dac62 100644 + if path: + try: + xml_path = get_xml_file(path) -+ interface_dict = get_interface_dict(xml_path) -+ for k in interface_dict.keys(): ++ idict = get_interface_dict(xml_path) ++ for k in idict.keys(): + if k.endswith("_role"): + if (("%s_exec_t" % k[:-5]) in sepolicy.get_all_types()): + trans_list.append(k) @@ -687411,8 +687677,8 @@ index 8b063ca..c7dac62 100644 + return interface_dict + +def get_interface_format_text(interface,path = "/usr/share/selinux/devel/policy.xml"): -+ interface_dict = get_interface_dict(path) -+ interface_text = "%s(%s) %s" % (interface, ", ".join(interface_dict[interface][0]), " ".join(interface_dict[interface][1].split("\n"))) ++ idict = get_interface_dict(path) ++ interface_text = "%s(%s) %s" % (interface, ", ".join(idict[interface][0]), " ".join(idict[interface][1].split("\n"))) + + return interface_text + @@ -687425,11 +687691,11 @@ index 8b063ca..c7dac62 100644 + + return interface_text + -+def generate_compile_te(interface, interface_dict, name="compiletest"): ++def generate_compile_te(interface, idict, name="compiletest"): + from templates import test_module + te = "" + te += re.sub("TEMPLATETYPE", name, test_module.te_test_module ) -+ te += get_interface_compile_format_text(interface_dict,interface) ++ te += get_interface_compile_format_text(idict,interface) + + return te + @@ -687452,13 +687718,13 @@ index 8b063ca..c7dac62 100644 + + import commands, os + policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"} -+ interface_dict = get_interface_dict(path) ++ idict = get_interface_dict(path) + -+ if not (interface.split("_")[0] in exclude_interfaces or interface_dict[interface][2] in exclude_interface_type): ++ if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type): + print(_("Compiling %s interface" % interface)) + try: + fd = open(policy_files['te'], "w") -+ fd.write(generate_compile_te(interface, interface_dict)) ++ fd.write(generate_compile_te(interface, idict)) + fd.close() + rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile %s" % policy_files['pp'] ) + if rc != 0: @@ -687466,7 +687732,7 @@ index 8b063ca..c7dac62 100644 + sys.stderr.write(_("\nCompile test for %s failed.\n") % interface) + + except EnvironmentError, e: -+ sys.stderr.write(_("\nCompile test for %s has not run.\n") % interface) ++ sys.stderr.write(_("\nCompile test for %s has not run. %s\n") % (interface, e)) + for v in policy_files.values(): + if os.path.exists(v): + os.remove(v) @@ -687958,10 +688224,15 @@ index 25062da..ba15b2c 100755 def _home_exec(self): permlist = sepolicy.search([sepolicy.ALLOW],{'source':self.type,'target':'user_home_type', 'class':'file', 'permlist':['ioctl', 'read', 'getattr', 'execute', 'execute_no_trans', 'open']}) diff --git a/policycoreutils/sepolicy/sepolicy/network.py b/policycoreutils/sepolicy/sepolicy/network.py -index 66efe26..6a7dab7 100755 +index 66efe26..3a75d7c 100755 --- a/policycoreutils/sepolicy/sepolicy/network.py +++ b/policycoreutils/sepolicy/sepolicy/network.py -@@ -25,47 +25,22 @@ import sepolicy +@@ -20,52 +20,26 @@ + # 02111-1307 USA + # + # +-import sys + import sepolicy search=sepolicy.search info=sepolicy.info @@ -688011,7 +688282,7 @@ index 66efe26..6a7dab7 100755 for i in tlist: if i == "ephemeral_port_type": if "unreserved_port_type" in tlist: -@@ -77,16 +52,18 @@ def get_network_connect(src, protocol, perm): +@@ -77,16 +51,18 @@ def get_network_connect(src, protocol, perm): if "port_t" in tlist: continue if i == "port_t": @@ -688037,17 +688308,15 @@ index 66efe26..6a7dab7 100755 return d diff --git a/policycoreutils/sepolicy/sepolicy/sedbus.py b/policycoreutils/sepolicy/sepolicy/sedbus.py new file mode 100644 -index 0000000..f40924d +index 0000000..c6645ef --- /dev/null +++ b/policycoreutils/sepolicy/sepolicy/sedbus.py -@@ -0,0 +1,60 @@ +@@ -0,0 +1,58 @@ +import sys +import dbus +import dbus.service +import dbus.mainloop.glib -+import slip.dbus.service +from slip.dbus import polkit -+import os + +class SELinuxDBus (object): + def __init__ (self): @@ -694035,17 +694304,46 @@ index 79f3997..1ff9d2c 100644 ') """ diff --git a/policycoreutils/sepolicy/sepolicy/transition.py b/policycoreutils/sepolicy/sepolicy/transition.py -index 5850622..1688c97 100755 +index 5850622..11834c7 100755 --- a/policycoreutils/sepolicy/sepolicy/transition.py +++ b/policycoreutils/sepolicy/sepolicy/transition.py -@@ -60,12 +60,18 @@ class setrans: +@@ -20,10 +20,9 @@ + # 02111-1307 USA + # + # +-import sepolicy, sys ++import sepolicy + search=sepolicy.search + info=sepolicy.info +-_failedlist = [] + __all__ = [ 'setrans', ] + + def _entrypoint(src): +@@ -32,11 +31,11 @@ def _entrypoint(src): + + + def _get_trans(src): +- foundstr = "" + return search([sepolicy.TRANSITION],{sepolicy.SOURCE:src, sepolicy.CLASS:"process"}) + + class setrans: + def __init__(self, source, dest=None): ++ self.seen = [] + self.sdict = {} + self.source=source + self.dest=dest +@@ -58,19 +57,25 @@ class setrans: + for s in self.sdict[source]["child"]: + self._process(s) - def out(self, name, seen=[], header=""): +- def out(self, name, seen=[], header=""): ++ def out(self, name, header=""): buf = "" -+ boolean_text="" - if name in seen: +- if name in seen: ++ if name in self.seen: return buf - seen.append(name) +- seen.append(name) ++ self.seen.append(name) - for t in self.sdict[name]["map"]: - buf += "%s%s @ %s --> %s\n" % (header, t["source"], t["target"], t["transtype"]) @@ -694059,6 +694357,13 @@ index 5850622..1688c97 100755 if "child" in self.sdict[name]: for x in self.sdict[name]["child"]: +- buf+= self.out(x, seen, "%s%s ... " % (header, name)) ++ buf+= self.out(x, "%s%s ... " % (header, name)) + return buf + + def output(self): ++ self.seen = [] + print self.out(self.source) diff --git a/policycoreutils/sepolicy/setup.py b/policycoreutils/sepolicy/setup.py index 1edb4fd..d8e2d64 100644 --- a/policycoreutils/sepolicy/setup.py @@ -694238,7 +694543,7 @@ index 4b44b3c..98f4f7d 100644 LDLIBS = -lselinux -lsepol -L$(LIBDIR) diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index a0e5415..7fe4166 100644 +index a0e5415..2a7cfa3 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c @@ -118,7 +118,7 @@ static int restore(FTSENT *ftsent, int recurse) @@ -694250,6 +694555,15 @@ index a0e5415..7fe4166 100644 } else { if (r_opts->nfile > 0) { progress = (r_opts->count < r_opts->nfile) ? (100.0 * r_opts->count / r_opts->nfile) : 100; +@@ -375,7 +375,7 @@ int process_glob(char *name, int recurse) { + size_t i = 0; + int errors; + memset(&globbuf, 0, sizeof(globbuf)); +- errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK, NULL, &globbuf); ++ errors = glob(name, GLOB_TILDE | GLOB_PERIOD | GLOB_NOCHECK | GLOB_BRACE, NULL, &globbuf); + if (errors) + return errors; + diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h index 57ae46a..406594b 100644 --- a/policycoreutils/setfiles/restore.h diff --git a/policycoreutils.spec b/policycoreutils.spec index 99466be..2946949 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.14 -Release: 87%{?dist} +Release: 88%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -344,6 +344,10 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Wed Oct 16 2013 Dan Walsh - 2.1.14-88 +- Cleanup errors found by pychecker +- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs + * Fri Oct 11 2013 Dan Walsh - 2.1.14-87 - sepolicy gui - mgrepl fixes for users and login