diff --git a/policycoreutils-fix-semanage-python3.patch b/policycoreutils-fix-semanage-python3.patch new file mode 100644 index 0000000..e4f2676 --- /dev/null +++ b/policycoreutils-fix-semanage-python3.patch @@ -0,0 +1,261 @@ +diff --git a/policycoreutils/semanage/seobject/__init__.py b/policycoreutils/semanage/seobject/__init__.py +index 33f5fa9..d489a90 100644 +--- a/policycoreutils/semanage/seobject/__init__.py ++++ b/policycoreutils/semanage/seobject/__init__.py +@@ -520,7 +520,15 @@ class loginRecords(semanageRecords): + else: + serange = RANGE + +- (rc, k) = semanage_seuser_key_create(self.sh, name) ++ (rc, u) = semanage_seuser_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_seuser_set_name(self.sh, u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_seuser_key_extract(self.sh, u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + +@@ -529,6 +537,7 @@ class loginRecords(semanageRecords): + raise ValueError(_("Could not check if login mapping for %s is defined") % name) + if exists: + semanage_seuser_key_free(k) ++ semanage_seuser_free(u) + return self.__modify(name, sename, serange) + + if name[0] == '%': +@@ -542,14 +551,6 @@ class loginRecords(semanageRecords): + except: + raise ValueError(_("Linux User %s does not exist") % name) + +- (rc, u) = semanage_seuser_create(self.sh) +- if rc < 0: +- raise ValueError(_("Could not create login mapping for %s") % name) +- +- rc = semanage_seuser_set_name(self.sh, u, name) +- if rc < 0: +- raise ValueError(_("Could not set name for %s") % name) +- + if serange: + rc = semanage_seuser_set_mlsrange(self.sh, u, serange) + if rc < 0: +@@ -594,7 +595,15 @@ class loginRecords(semanageRecords): + else: + self.serange = RANGE + +- (rc, k) = semanage_seuser_key_create(self.sh, name) ++ (rc, tmp_u) = semanage_seuser_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_seuser_set_name(self.sh, tmp_u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_seuser_key_extract(self.sh, tmp_u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + +@@ -624,6 +633,7 @@ class loginRecords(semanageRecords): + raise ValueError(_("Could not modify login mapping for %s") % name) + + semanage_seuser_key_free(k) ++ semanage_seuser_free(tmp_u) + semanage_seuser_free(u) + self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) + +@@ -641,7 +651,15 @@ class loginRecords(semanageRecords): + userrec = seluserRecords() + RANGE, (rc, oldserole) = userrec.get(self.oldsename) + +- (rc, k) = semanage_seuser_key_create(self.sh, name) ++ (rc, u) = semanage_seuser_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_seuser_set_name(self.sh, u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_seuser_key_extract(self.sh, u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + +@@ -662,6 +680,7 @@ class loginRecords(semanageRecords): + raise ValueError(_("Could not delete login mapping for %s") % name) + + semanage_seuser_key_free(k) ++ semanage_seuser_free(u) + + rec, self.sename, self.serange = selinux.getseuserbyname("__default__") + RANGE, (rc, serole) = userrec.get(self.sename) +@@ -763,7 +782,15 @@ class seluserRecords(semanageRecords): + semanageRecords.__init__(self, store) + + def get(self, name): +- (rc, k) = semanage_user_key_create(self.sh, name) ++ (rc, tmp_u) = semanage_user_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_user_set_name(self.sh, tmp_u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_user_key_extract(self.sh, tmp_u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + (rc, exists) = semanage_user_exists(self.sh, k) +@@ -775,6 +802,7 @@ class seluserRecords(semanageRecords): + serange = semanage_user_get_mlsrange(u) + serole = semanage_user_get_roles(self.sh, u) + semanage_user_key_free(k) ++ semanage_user_free(tmp_u) + semanage_user_free(u) + return serange, serole + +@@ -793,7 +821,15 @@ class seluserRecords(semanageRecords): + if len(roles) < 1: + raise ValueError(_("You must add at least one role for %s") % name) + +- (rc, k) = semanage_user_key_create(self.sh, name) ++ (rc, u) = semanage_user_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_user_set_name(self.sh, u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_user_key_extract(self.sh, u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + +@@ -802,16 +838,9 @@ class seluserRecords(semanageRecords): + raise ValueError(_("Could not check if SELinux user %s is defined") % name) + if exists: + semanage_user_key_free(k) ++ semanage_user_free(u) + return self.__modify(name, roles, selevel, serange, prefix) + +- (rc, u) = semanage_user_create(self.sh) +- if rc < 0: +- raise ValueError(_("Could not create SELinux user for %s") % name) +- +- rc = semanage_user_set_name(self.sh, u, name) +- if rc < 0: +- raise ValueError(_("Could not set name for %s") % name) +- + for r in roles: + rc = semanage_user_add_role(self.sh, u, r) + if rc < 0: +@@ -859,7 +888,15 @@ class seluserRecords(semanageRecords): + else: + raise ValueError(_("Requires prefix or roles")) + +- (rc, k) = semanage_user_key_create(self.sh, name) ++ (rc, tmp_u) = semanage_user_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_user_set_name(self.sh, tmp_u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_user_key_extract(self.sh, tmp_u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + +@@ -899,6 +936,7 @@ class seluserRecords(semanageRecords): + raise ValueError(_("Could not modify SELinux user %s") % name) + + semanage_user_key_free(k) ++ semanage_user_free(tmp_u) + semanage_user_free(u) + + role = ",".join(newroles.split()) +@@ -916,7 +954,15 @@ class seluserRecords(semanageRecords): + raise error + + def __delete(self, name): +- (rc, k) = semanage_user_key_create(self.sh, name) ++ (rc, tmp_u) = semanage_user_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ ++ rc = semanage_user_set_name(self.sh, tmp_u, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_user_key_extract(self.sh, tmp_u) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + +@@ -944,6 +990,7 @@ class seluserRecords(semanageRecords): + raise ValueError(_("Could not delete SELinux user %s") % name) + + semanage_user_key_free(k) ++ semanage_user_free(tmp_u) + semanage_user_free(u) + + self.mylog.log_remove("seuser", oldsename=name, oldserange=oldserange, oldserole=oldserole) +@@ -2119,7 +2166,14 @@ class booleanRecords(semanageRecords): + def __mod(self, name, value): + name = selinux.selinux_boolean_sub(name) + +- (rc, k) = semanage_bool_key_create(self.sh, name) ++ (rc, t_b) = semanage_bool_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ rc = semanage_bool_set_name(self.sh, t_b, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_bool_key_extract(self.sh, t_b) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + (rc, exists) = semanage_bool_exists(self.sh, k) +@@ -2137,7 +2191,7 @@ class booleanRecords(semanageRecords): + else: + raise ValueError(_("You must specify one of the following values: %s") % ", ".join(list(self.dict.keys()))) + +- if self.modify_local and name in self.current_booleans: ++ if self.modify_local and name.encode() in self.current_booleans: + rc = semanage_bool_set_active(self.sh, k, b) + if rc < 0: + raise ValueError(_("Could not set active value of boolean %s") % name) +@@ -2145,6 +2199,7 @@ class booleanRecords(semanageRecords): + if rc < 0: + raise ValueError(_("Could not modify boolean %s") % name) + semanage_bool_key_free(k) ++ semanage_bool_free(t_b) + semanage_bool_free(b) + + def modify(self, name, value=None, use_file=False): +@@ -2170,7 +2225,14 @@ class booleanRecords(semanageRecords): + def __delete(self, name): + name = selinux.selinux_boolean_sub(name) + +- (rc, k) = semanage_bool_key_create(self.sh, name) ++ (rc, t_b) = semanage_bool_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create login mapping for %s") % name) ++ rc = semanage_bool_set_name(self.sh, t_b, name) ++ if rc < 0: ++ raise ValueError(_("Could not set name for %s") % name) ++ ++ (rc, k) = semanage_bool_key_extract(self.sh, t_b) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + (rc, exists) = semanage_bool_exists(self.sh, k) +@@ -2190,6 +2252,7 @@ class booleanRecords(semanageRecords): + raise ValueError(_("Could not delete boolean %s") % name) + + semanage_bool_key_free(k) ++ semanage_bool_free(t_b) + + def delete(self, name): + self.begin() diff --git a/policycoreutils.spec b/policycoreutils.spec index b6d1458..c0a4958 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -21,6 +21,7 @@ Source4: sepolicy-icons.tgz # HEAD https://github.com/fedora-selinux/selinux/commit/eb5c289a0e39d67b1cb12c85a166be236892b08a Patch: policycoreutils-rhat.patch Patch1: sepolgen-rhat.patch +Patch100: policycoreutils-fix-semanage-python3.patch Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 Provides: /sbin/fixfiles @@ -52,6 +53,9 @@ to switch roles. # create selinux/ directory and extract %{SOURCE0} there %setup -q -c -n selinux %patch -p1 -b .policycoreutils-rhat +pushd policycoreutils-%{version} +%patch100 -p2 -b .semanage-python3 +popd cp %{SOURCE3} policycoreutils-%{version}/gui/ tar -xvf %{SOURCE4} -C policycoreutils-%{version}/