rpms/policycoreutils/devel policycoreutils-rhat.patch,1.147,1.148
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sun Jan 15 15:31:36 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9117
Modified Files:
policycoreutils-rhat.patch
Log Message:
* Sat Jan 14 2006 Dan Walsh <dwalsh at redhat.com> 1.29.7-3
- Add check for root for semanage, genhomedircon
policycoreutils-rhat.patch:
scripts/genhomedircon | 3
semanage/semanage | 41 +-
semanage/semanage.8 | 74 +++-
semanage/seobject.py | 748 +++++++++++++++++++++++++++++++-------------------
semanage/seobject.pyc |binary
5 files changed, 548 insertions(+), 318 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.147
retrieving revision 1.148
diff -u -r1.147 -r1.148
--- policycoreutils-rhat.patch 14 Jan 2006 14:00:29 -0000 1.147
+++ policycoreutils-rhat.patch 15 Jan 2006 15:31:28 -0000 1.148
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.7/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2006-01-13 09:47:40.000000000 -0500
-+++ policycoreutils-1.29.7/scripts/genhomedircon 2006-01-14 08:39:02.000000000 -0500
++++ policycoreutils-1.29.7/scripts/genhomedircon 2006-01-15 08:42:38.000000000 -0500
@@ -327,6 +327,9 @@
sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
@@ -13,8 +13,8 @@
# This script will generate home dir file context
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-01-13 09:47:40.000000000 -0500
-+++ policycoreutils-1.29.7/semanage/semanage 2006-01-14 08:38:35.000000000 -0500
-@@ -20,10 +20,13 @@
++++ policycoreutils-1.29.7/semanage/semanage 2006-01-15 09:04:05.000000000 -0500
+@@ -20,23 +20,27 @@
# 02111-1307 USA
#
#
@@ -29,7 +29,83 @@
def usage(message = ""):
print '\
-@@ -210,8 +214,13 @@
+-semanage user [-admsRrh] SELINUX_USER\n\
+-semanage login [-admsrh] LOGIN_NAME\n\
+-semanage port [-admth] PORT | PORTRANGE\n\
+-semanage interface [-admth] INTERFACE\n\
+-semanage fcontext [-admhfst] INTERFACE\n\
++semanage user [-admLRr] SELINUX_USER\n\
++semanage login [-admsr] LOGIN_NAME\n\
++semanage port [-admtpr] PORT | PORTRANGE\n\
++semanage interface [-admtr] INTERFACE\n\
++semanage fcontext [-admhfrst] INTERFACE\n\
+ -a, --add Add a OBJECT record NAME\n\
+ -d, --delete Delete a OBJECT record NAME\n\
+ -f, --ftype File Type of OBJECT \n\
+ -h, --help display this message\n\
+ -l, --list List the OBJECTS\n\
++ -L, --level Default SELinux Level\n\
+ -n, --noheading Do not print heading when listing OBJECTS\n\
+ -m, --modify Modify a OBJECT record NAME\n\
+ -r, --range MLS/MCS Security Range\n\
+@@ -84,7 +88,7 @@
+
+ args = sys.argv[2:]
+ gopts, cmds = getopt.getopt(args,
+- 'adf:lhmnp:P:s:R:r:t:v',
++ 'adf:lhmnp:P:s:R:L:r:t:v',
+ ['add',
+ 'delete',
+ 'ftype=',
+@@ -96,6 +100,7 @@
+ 'proto=',
+ 'seuser=',
+ 'range=',
++ 'level=',
+ 'roles=',
+ 'type=',
+ 'verbose'
+@@ -106,7 +111,7 @@
+ usage()
+ add = 1
+
+- if o == "-d" or o == "--delese":
++ if o == "-d" or o == "--delete":
+ if modify or add:
+ usage()
+ delete = 1
+@@ -126,21 +131,24 @@
+ if o == "-r" or o == '--range':
+ serange = a
+
++ if o == "-l" or o == "--list":
++ list = 1
++
++ if o == "-L" or o == '--level':
++ selevel = a
++
+ if o == "-P" or o == '--proto':
+ proto = a
+
+ if o == "-R" or o == '--roles':
+ roles = a
+
+- if o == "-t" or o == "--type":
+- setype = a
+-
+- if o == "-l" or o == "--list":
+- list = 1
+-
+ if o == "-s" or o == "--seuser":
+ seuser = a
+
++ if o == "-t" or o == "--type":
++ setype = a
++
+ if o == "-v" or o == "--verbose":
+ verbose = 1
+
+@@ -210,8 +218,13 @@
if delete:
if object == "port":
OBJECT.delete(target, proto)
@@ -43,10 +119,165 @@
sys.exit(0);
usage()
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.7/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8 2005-11-29 10:55:01.000000000 -0500
++++ policycoreutils-1.29.7/semanage/semanage.8 2006-01-15 09:04:56.000000000 -0500
+@@ -3,55 +3,71 @@
+ semanage \- SELinux Policy Management tool
+
+ .SH "SYNOPSIS"
+-.B semanage OBJECTTYPE [\-admsrh] OBJECT
+-.B semanage login [\-admsrh] login_name
++.B semanage {login|user|port|interface|fcontext} \-l
+ .br
+-.B semanage seuser [\-admsrh] selinux_name
++.B semanage login \-{a|d|m} [\-sr] login_name
+ .br
+-.B semanage port [\-admth] port_number
++.B semanage user \-{a|d|m} [\-LrR] selinux_name
++.br
++.B semanage port \-{a|d|m} [\-tp] port_number
++.br
++.B semanage interface \-{a|d|m} [\-tr] interface_spec
++.br
++.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+ .P
+-This tool is used to manage configuration of the SELinux policy
++
++This tool is used to configure SELinux policy
+
+ .SH "DESCRIPTION"
+ This manual page describes the
+ .BR semanage
+ program.
+ .br
+-This tool is used to manage configuration of SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users.
+-
++This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces.
+
+ .SH "OPTIONS"
+-.TP
+- \-a, \-\-add
+-.P
++.TP
++.I \-a, \-\-add
+ Add a OBJECT record NAME
+-.B \-d, \-\-delete
+-.P
++.TP
++.I \-d, \-\-delete
+ Delete a OBJECT record NAME
+-.B \-h, \-\-help
+-.P
++.TP
++.I \-h, \-\-help
+ display this message
+-.B \-l, \-\-list
+-.P
++.TP
++.I \-f, \-\-ftype
++File Type. This is used with fcontext.
++Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
++.TP
++.I \-l, \-\-list
+ List the OBJECTS
+-.B \-m, \-\-modify
+-.P
++.TP
++.I \-L, \-\-level
++Default SELinux Level for SELinux use. (s0)
++.TP
++.I \-m, \-\-modify
+ Modify a OBJECT record NAME
+-.B \-r, \-\-range
+-.P
++.TP
++.I \-p, \-\-proto
++Protocol for the specified port (tcp|udp).
++.TP
++.I \-R, \-\-role
++SELinux Roles (Separate by spaces)
++.TP
++.I \-r, \-\-range
+ MLS/MCS Security Range
+-.B \-s, \-\-seuser
+-.P
++.TP
++.I \-s, \-\-seuser
+ SELinux user name
+-.B \-t, \-\-type
+-.P
++.TP
++.I \-t, \-\-type
+ SELinux Type for the object
+-.B \-v, \-\-verbose
+-.P
++.TP
++.I \-v, \-\-verbose
+ verbose output
+
+ .SH "AUTHOR"
+-This man page was written by Daniel Walsh <dwalsh at redhat.com>.
+-
+-
++This man page was written by Daniel Walsh <dwalsh at redhat.com> and
++Russell Coker <rcoker at redhat.com>.
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-01-13 08:39:11.000000000 -0500
-+++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-14 01:50:09.000000000 -0500
-@@ -46,7 +46,7 @@
++++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-15 09:50:28.000000000 -0500
+@@ -21,8 +21,39 @@
+ #
+ #
+
+-import pwd, string
++import pwd, string, selinux
+ from semanage import *;
++
++def translate(raw, prepend=1):
++ if prepend == 1:
++ context="a:b:c:%s" % raw
++ else:
++ context=raw
++ (rc, trans)=selinux.selinux_raw_to_trans_context(context)
++ if rc != 0:
++ return raw
++ if prepend:
++ trans = trans.strip("a:b:c")
++ if trans == "":
++ return raw
++ else:
++ return trans
++
++def untranslate(trans, prepend=1):
++ if prepend == 1:
++ context="a:b:c:%s" % trans
++ else:
++ context=raw
++ (rc, raw)=selinux.selinux_trans_to_raw_context(context)
++ if rc != 0:
++ return trans
++ if prepend:
++ raw = raw.strip("a:b:c")
++ if raw == "":
++ return trans
++ else:
++ return raw
++
+ class semanageRecords:
+ def __init__(self):
+ self.sh = semanage_handle_create()
+@@ -37,6 +68,9 @@
+ def add(self, name, sename, serange):
+ if serange == "":
+ serange = "s0"
++ else:
++ serange = untranslate(serange)
++
+ if sename == "":
+ sename = "user_u"
+
+@@ -46,7 +80,7 @@
(rc,exists) = semanage_seuser_exists(self.sh, k)
if exists:
@@ -55,7 +286,7 @@
try:
pwd.getpwnam(name)
except:
-@@ -54,40 +54,65 @@
+@@ -54,40 +88,65 @@
(rc,u) = semanage_seuser_create(self.sh)
if rc < 0:
@@ -119,7 +350,8 @@
+ raise ValueError("Could not query seuser for %s" % name)
if serange != "":
- semanage_seuser_set_mlsrange(self.sh, u, serange)
+- semanage_seuser_set_mlsrange(self.sh, u, serange)
++ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
if sename != "":
semanage_seuser_set_sename(self.sh, u, sename)
- semanage_begin_transaction(self.sh)
@@ -142,7 +374,7 @@
def delete(self, name):
(rc,k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
-@@ -95,15 +120,26 @@
+@@ -95,15 +154,26 @@
(rc,exists) = semanage_seuser_exists(self.sh, k)
if not exists:
@@ -175,7 +407,29 @@
for idx in range(self.usize):
u = semanage_seuser_by_idx(self.ulist, idx)
name = semanage_seuser_get_name(u)
-@@ -134,40 +170,59 @@
+@@ -117,7 +187,7 @@
+ keys=dict.keys()
+ keys.sort()
+ for k in keys:
+- print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1])
++ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
+ class seluserRecords(semanageRecords):
+ def __init__(self):
+@@ -126,87 +196,134 @@
+ def add(self, name, roles, selevel, serange):
+ if serange == "":
+ serange = "s0"
++ else:
++ serange = untranslate(serange)
++
+ if selevel == "":
+ selevel = "s0"
++ else:
++ selevel = untranslate(selevel)
+
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
raise ValueError("Could not create a key for %s" % name)
(rc,exists) = semanage_user_exists(self.sh, k)
@@ -251,7 +505,13 @@
if rc < 0:
raise ValueError("Could not query user for %s" % name)
-@@ -178,35 +233,57 @@
+ if serange != "":
+- semanage_user_set_mlsrange(self.sh, u, serange)
++ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
+ if selevel != "":
+- semanage_user_set_mlslevel(self.sh, u, selevel)
++ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
++
if len(roles) != 0:
for r in roles:
semanage_user_add_role(self.sh, u, r)
@@ -326,7 +586,33 @@
roles = ""
if rlist_size:
-@@ -278,62 +355,97 @@
+@@ -219,13 +336,13 @@
+
+ def list(self, heading=1):
+ if heading:
+- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
+- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
++ print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
++ print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
+ dict=self.get_all()
+ keys=dict.keys()
+ keys.sort()
+ for k in keys:
+- print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2])
++ print "%-15s %-10s %-30s %s" % (k, translate(dict[k][0]), translate(dict[k][1]), dict[k][2])
+
+ class portRecords(semanageRecords):
+ def __init__(self):
+@@ -258,6 +375,8 @@
+ def add(self, port, proto, serange, type):
+ if serange == "":
+ serange="s0"
++ else:
++ serange=untranslate(serange)
+
+ if type == "":
+ raise ValueError("Type is required")
+@@ -278,62 +397,97 @@
if rc < 0:
raise ValueError("Could not create context for %s/%s" % (proto, port))
@@ -394,7 +680,8 @@
- raise ValueError("Could not get port context for %s/%s" % (proto, port))
if serange != "":
- semanage_context_set_mls(self.sh, con, serange)
+- semanage_context_set_mls(self.sh, con, serange)
++ semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
semanage_context_set_type(self.sh, con, setype)
- semanage_begin_transaction(self.sh)
@@ -456,7 +743,15 @@
for idx in range(self.psize):
u = semanage_port_by_idx(self.plist, idx)
con = semanage_port_get_con(u)
-@@ -375,83 +487,122 @@
+@@ -369,89 +523,130 @@
+ def add(self, interface, serange, type):
+ if serange == "":
+ serange="s0"
++ else:
++ serange=untranslate(serange)
+
+ if type == "":
+ raise ValueError("SELinux Type is required")
(rc,k) = semanage_iface_key_create(self.sh, interface)
if rc < 0:
@@ -550,7 +845,8 @@
- raise ValueError("Could not get interface context for %s" % interface)
if serange != "":
- semanage_context_set_mls(self.sh, con, serange)
+- semanage_context_set_mls(self.sh, con, serange)
++ semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
semanage_context_set_type(self.sh, con, setype)
@@ -618,7 +914,24 @@
for idx in range(self.psize):
interface = semanage_iface_by_idx(self.plist, idx)
con = semanage_iface_get_ifcon(interface)
-@@ -501,48 +652,69 @@
+@@ -466,7 +661,7 @@
+ keys=dict.keys()
+ keys.sort()
+ for k in keys:
+- print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3])
++ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], translate(dict[k][3], False))
+
+ class fcontextRecords(semanageRecords):
+ def __init__(self):
+@@ -495,89 +690,127 @@
+
+ if serange == "":
+ serange="s0"
++ else:
++ serange=untranslate(serange)
+
+ if type == "":
+ raise ValueError("SELinux Type is required")
(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
if rc < 0:
@@ -708,8 +1021,10 @@
- raise ValueError("Could not get fcontext context for %s" % target)
if serange != "":
- semanage_context_set_mls(self.sh, con, serange)
-@@ -551,33 +723,48 @@
+- semanage_context_set_mls(self.sh, con, serange)
++ semanage_context_set_mls(self.sh, con, untranslate(serange))
+ if seuser != "":
+ semanage_context_set_user(self.sh, con, seuser)
if setype != "":
semanage_context_set_type(self.sh, con, setype)
@@ -777,7 +1092,16 @@
for idx in range(self.psize):
fcontext = semanage_fcontext_by_idx(self.plist, idx)
-@@ -606,117 +793,82 @@
+@@ -598,7 +831,7 @@
+ keys=dict.keys()
+ for k in keys:
+ if dict[k]:
+- print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
++ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], translate(dict[k][3],False))
+ else:
+ print "%-50s %-18s <<None>>" % (k[0], k[1])
+
+@@ -606,117 +839,82 @@
def __init__(self):
semanageRecords.__init__(self)
@@ -802,13 +1126,13 @@
- if exists:
- raise ValueError("fcontext %s already defined" % target)
- (rc,fcontext) = semanage_fcontext_create(self.sh)
-+ (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
+- if rc < 0:
- raise ValueError("Could not create fcontext for %s" % target)
-
- rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
- (rc, con) = semanage_context_create(self.sh)
-- if rc < 0:
++ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
- raise ValueError("Could not create context for %s" % target)
-
- semanage_context_set_user(self.sh, con, seuser)
More information about the fedora-cvs-commits
mailing list