rpms/policycoreutils/devel .cvsignore, 1.94, 1.95 policycoreutils-rhat.patch, 1.148, 1.149 policycoreutils.spec, 1.217, 1.218 sources, 1.98, 1.99
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jan 18 17:43:25 UTC 2006
- Previous message (by thread): rpms/indent/devel indent-2.2.9-explicits.patch, NONE, 1.1 indent.spec, 1.15, 1.16
- Next message (by thread): rpms/glib2/devel .cvsignore, 1.43, 1.44 glib2.spec, 1.73, 1.74 sources, 1.43, 1.44
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv26633
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Wed Jan 18 2006 Dan Walsh <dwalsh at redhat.com> 1.29.8-1
- Update to match NSA
* Merged semanage fixes from Ivan Gyurdiev.
* Merged semanage fixes from Russell Coker.
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- .cvsignore 14 Jan 2006 03:51:29 -0000 1.94
+++ .cvsignore 18 Jan 2006 17:43:23 -0000 1.95
@@ -80,3 +80,4 @@
policycoreutils-1.29.4.tgz
policycoreutils-1.29.5.tgz
policycoreutils-1.29.7.tgz
+policycoreutils-1.29.8.tgz
policycoreutils-rhat.patch:
scripts/chcat | 12 ++++++++++--
semanage/seobject.py | 42 ++++++++++++++++++++++++++++++++----------
2 files changed, 42 insertions(+), 12 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.148
retrieving revision 1.149
diff -u -r1.148 -r1.149
--- policycoreutils-rhat.patch 15 Jan 2006 15:31:28 -0000 1.148
+++ policycoreutils-rhat.patch 18 Jan 2006 17:43:23 -0000 1.149
@@ -1,1277 +1,109 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.7/scripts/genhomedircon
---- nsapolicycoreutils/scripts/genhomedircon 2006-01-13 09:47:40.000000000 -0500
-+++ policycoreutils-1.29.7/scripts/genhomedircon 2006-01-15 08:42:38.000000000 -0500
-@@ -327,6 +327,9 @@
- sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
-
-
-+if os.getuid() > 0 or os.geteuid() > 0:
-+ print "You must be root to run %s." % sys.argv[0]
-+ sys.exit(0)
-
- #
- # This script will generate home dir file context
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2006-01-13 09:47:40.000000000 -0500
-+++ policycoreutils-1.29.7/semanage/semanage 2006-01-15 09:04:05.000000000 -0500
-@@ -20,23 +20,27 @@
- # 02111-1307 USA
- #
- #
--import sys, getopt
-+import os, sys, getopt
- import seobject
-
- if __name__ == '__main__':
-+ if os.getuid() > 0 or os.geteuid() > 0:
-+ print "You must be root to run %s." % sys.argv[0]
-+ sys.exit(0)
-
- def usage(message = ""):
- print '\
--semanage user [-admsRrh] SELINUX_USER\n\
--semanage login [-admsrh] LOGIN_NAME\n\
--semanage port [-admth] PORT | PORTRANGE\n\
--semanage interface [-admth] INTERFACE\n\
--semanage fcontext [-admhfst] INTERFACE\n\
-+semanage user [-admLRr] SELINUX_USER\n\
-+semanage login [-admsr] LOGIN_NAME\n\
-+semanage port [-admtpr] PORT | PORTRANGE\n\
-+semanage interface [-admtr] INTERFACE\n\
-+semanage fcontext [-admhfrst] INTERFACE\n\
- -a, --add Add a OBJECT record NAME\n\
- -d, --delete Delete a OBJECT record NAME\n\
- -f, --ftype File Type of OBJECT \n\
- -h, --help display this message\n\
- -l, --list List the OBJECTS\n\
-+ -L, --level Default SELinux Level\n\
- -n, --noheading Do not print heading when listing OBJECTS\n\
- -m, --modify Modify a OBJECT record NAME\n\
- -r, --range MLS/MCS Security Range\n\
-@@ -84,7 +88,7 @@
-
- args = sys.argv[2:]
- gopts, cmds = getopt.getopt(args,
-- 'adf:lhmnp:P:s:R:r:t:v',
-+ 'adf:lhmnp:P:s:R:L:r:t:v',
- ['add',
- 'delete',
- 'ftype=',
-@@ -96,6 +100,7 @@
- 'proto=',
- 'seuser=',
- 'range=',
-+ 'level=',
- 'roles=',
- 'type=',
- 'verbose'
-@@ -106,7 +111,7 @@
- usage()
- add = 1
-
-- if o == "-d" or o == "--delese":
-+ if o == "-d" or o == "--delete":
- if modify or add:
- usage()
- delete = 1
-@@ -126,21 +131,24 @@
- if o == "-r" or o == '--range':
- serange = a
-
-+ if o == "-l" or o == "--list":
-+ list = 1
-+
-+ if o == "-L" or o == '--level':
-+ selevel = a
-+
- if o == "-P" or o == '--proto':
- proto = a
-
- if o == "-R" or o == '--roles':
- roles = a
-
-- if o == "-t" or o == "--type":
-- setype = a
--
-- if o == "-l" or o == "--list":
-- list = 1
--
- if o == "-s" or o == "--seuser":
- seuser = a
-
-+ if o == "-t" or o == "--type":
-+ setype = a
-+
- if o == "-v" or o == "--verbose":
- verbose = 1
-
-@@ -210,8 +218,13 @@
- if delete:
- if object == "port":
- OBJECT.delete(target, proto)
-+
-+ if object == "fcontext":
-+ OBJECT.delete(target, ftype)
-+
- else:
- OBJECT.delete(target)
-+
- sys.exit(0);
- usage()
-
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.7/semanage/semanage.8
---- nsapolicycoreutils/semanage/semanage.8 2005-11-29 10:55:01.000000000 -0500
-+++ policycoreutils-1.29.7/semanage/semanage.8 2006-01-15 09:04:56.000000000 -0500
-@@ -3,55 +3,71 @@
- semanage \- SELinux Policy Management tool
-
- .SH "SYNOPSIS"
--.B semanage OBJECTTYPE [\-admsrh] OBJECT
--.B semanage login [\-admsrh] login_name
-+.B semanage {login|user|port|interface|fcontext} \-l
- .br
--.B semanage seuser [\-admsrh] selinux_name
-+.B semanage login \-{a|d|m} [\-sr] login_name
- .br
--.B semanage port [\-admth] port_number
-+.B semanage user \-{a|d|m} [\-LrR] selinux_name
-+.br
-+.B semanage port \-{a|d|m} [\-tp] port_number
-+.br
-+.B semanage interface \-{a|d|m} [\-tr] interface_spec
-+.br
-+.B semanage fcontext \-{a|d|m} [\-frst] file_spec
- .P
--This tool is used to manage configuration of the SELinux policy
-+
-+This tool is used to configure SELinux policy
-
- .SH "DESCRIPTION"
- This manual page describes the
- .BR semanage
- program.
- .br
--This tool is used to manage configuration of SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users.
--
-+This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces.
-
- .SH "OPTIONS"
--.TP
-- \-a, \-\-add
--.P
-+.TP
-+.I \-a, \-\-add
- Add a OBJECT record NAME
--.B \-d, \-\-delete
--.P
-+.TP
-+.I \-d, \-\-delete
- Delete a OBJECT record NAME
--.B \-h, \-\-help
--.P
-+.TP
-+.I \-h, \-\-help
- display this message
--.B \-l, \-\-list
--.P
-+.TP
-+.I \-f, \-\-ftype
-+File Type. This is used with fcontext.
-+Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
-+.TP
-+.I \-l, \-\-list
- List the OBJECTS
--.B \-m, \-\-modify
--.P
-+.TP
-+.I \-L, \-\-level
-+Default SELinux Level for SELinux use. (s0)
-+.TP
-+.I \-m, \-\-modify
- Modify a OBJECT record NAME
--.B \-r, \-\-range
--.P
-+.TP
-+.I \-p, \-\-proto
-+Protocol for the specified port (tcp|udp).
-+.TP
-+.I \-R, \-\-role
-+SELinux Roles (Separate by spaces)
-+.TP
-+.I \-r, \-\-range
- MLS/MCS Security Range
--.B \-s, \-\-seuser
--.P
-+.TP
-+.I \-s, \-\-seuser
- SELinux user name
--.B \-t, \-\-type
--.P
-+.TP
-+.I \-t, \-\-type
- SELinux Type for the object
--.B \-v, \-\-verbose
--.P
-+.TP
-+.I \-v, \-\-verbose
- verbose output
-
- .SH "AUTHOR"
--This man page was written by Daniel Walsh <dwalsh at redhat.com>.
--
--
-+This man page was written by Daniel Walsh <dwalsh at redhat.com> and
-+Russell Coker <rcoker at redhat.com>.
-
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.7/scripts/chcat
+--- nsapolicycoreutils/scripts/chcat 2006-01-18 11:12:43.000000000 -0500
++++ policycoreutils-1.29.7/scripts/chcat 2006-01-18 10:31:40.000000000 -0500
+@@ -281,6 +282,7 @@
+ print "Usage %s -d File ..." % sys.argv[0]
+ print "Usage %s -l -d user ..." % sys.argv[0]
+ print "Usage %s -L" % sys.argv[0]
++ print "Usage %s -L -l user" % sys.argv[0]
+ print "Use -- to end option list. For example"
+ print "chcat -- -CompanyConfidential /docs/businessplan.odt"
+ print "chcat -l +CompanyConfidential juser"
+@@ -350,10 +352,17 @@
+ if delete_ind:
+ sys.exit(chcat_replace(["s0"], ["s0"], cmds, login_ind))
+
++ if login_ind:
++ if len(cmds) >= 1:
++ for u in cmds:
++ try:
++ pwd.getpwnam(u)
++ except KeyError, e:
++ error( "User %s does not exist" % u)
++ else:
++ cmds.append(os.getlogin())
+ if list_ind:
+ if login_ind:
+- if len(cmds) < 1:
+- usage()
+ sys.exit(listusercats(cmds))
+ else:
+ if len(cmds) > 0:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2006-01-13 08:39:11.000000000 -0500
-+++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-15 09:50:28.000000000 -0500
-@@ -21,8 +21,39 @@
- #
- #
-
--import pwd, string
-+import pwd, string, selinux
- from semanage import *;
-+
-+def translate(raw, prepend=1):
-+ if prepend == 1:
-+ context="a:b:c:%s" % raw
-+ else:
-+ context=raw
-+ (rc, trans)=selinux.selinux_raw_to_trans_context(context)
-+ if rc != 0:
-+ return raw
-+ if prepend:
-+ trans = trans.strip("a:b:c")
-+ if trans == "":
-+ return raw
-+ else:
-+ return trans
-+
-+def untranslate(trans, prepend=1):
-+ if prepend == 1:
-+ context="a:b:c:%s" % trans
-+ else:
-+ context=raw
-+ (rc, raw)=selinux.selinux_trans_to_raw_context(context)
-+ if rc != 0:
-+ return trans
-+ if prepend:
-+ raw = raw.strip("a:b:c")
-+ if raw == "":
-+ return trans
-+ else:
-+ return raw
-+
- class semanageRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
-@@ -37,6 +68,9 @@
- def add(self, name, sename, serange):
- if serange == "":
- serange = "s0"
-+ else:
-+ serange = untranslate(serange)
-+
- if sename == "":
- sename = "user_u"
-
-@@ -46,7 +80,7 @@
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if exists:
-- raise ValueError("SELinux User %s mapping already defined" % name)
-+ raise ValueError("Login mapping for %s is already defined" % name)
- try:
- pwd.getpwnam(name)
- except:
-@@ -54,40 +88,65 @@
-
- (rc,u) = semanage_seuser_create(self.sh)
- if rc < 0:
-- raise ValueError("Could not create seuser for %s" % name)
-+ raise ValueError("Could not create login mapping for %s" % name)
-
-- semanage_seuser_set_name(self.sh, u, name)
-- semanage_seuser_set_mlsrange(self.sh, u, serange)
-- semanage_seuser_set_sename(self.sh, u, sename)
-- semanage_begin_transaction(self.sh)
-- semanage_seuser_add(self.sh, k, u)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add SELinux user mapping")
-+ rc = semanage_seuser_set_name(self.sh, u, name)
-+ if rc < 0:
-+ raise ValueError("Could not set name for %s" % name)
-+
-+ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
-+ if rc < 0:
-+ raise ValueError("Could not set MLS range for %s" % name)
-+
-+ rc = semanage_seuser_set_sename(self.sh, u, sename)
-+ if rc < 0:
-+ raise ValueError("Could not set SELinux user for %s" % name)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_seuser_modify(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Failed to add login mapping for %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add login mapping for %s" % name)
-
- def modify(self, name, sename = "", serange = ""):
-+ if sename == "" and serange == "":
-+ raise ValueError("Requires seuser or serange")
-+
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
-- if sename == "" and serange == "":
-- raise ValueError("Requires, seuser or serange")
--
- (rc,exists) = semanage_seuser_exists(self.sh, k)
-- if exists:
-- (rc,u) = semanage_seuser_query(self.sh, k)
-- if rc < 0:
-- raise ValueError("Could not query seuser for %s" % name)
-- else:
-- raise ValueError("SELinux user %s mapping is not defined." % name)
-+ if not exists:
-+ raise ValueError("Login mapping for %s is not defined" % name)
-+
-+ (rc,u) = semanage_seuser_query(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not query seuser for %s" % name)
+--- nsapolicycoreutils/semanage/seobject.py 2006-01-18 11:12:43.000000000 -0500
++++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-18 11:12:01.000000000 -0500
+@@ -421,11 +421,11 @@
- if serange != "":
-- semanage_seuser_set_mlsrange(self.sh, u, serange)
-+ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
- if sename != "":
- semanage_seuser_set_sename(self.sh, u, sename)
-- semanage_begin_transaction(self.sh)
-- semanage_seuser_modify_local(self.sh, k, u)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to modify SELinux user mapping")
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not srart semanage transaction")
-+
-+ rc = semanage_seuser_modify(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Failed to modify login mapping for %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to modify login mapping for %s" % name)
-+
- def delete(self, name):
- (rc,k) = semanage_seuser_key_create(self.sh, name)
+ rc = semanage_port_modify_local(self.sh, k, p)
if rc < 0:
-@@ -95,15 +154,26 @@
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if not exists:
-- raise ValueError("SELinux user %s mapping is not defined." % name)
-- semanage_begin_transaction(self.sh)
-- semanage_seuser_del(self.sh, k)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("SELinux User %s mapping not defined" % name)
-+ raise ValueError("Login mapping for %s is not defined" % name)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_seuser_del(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Failed to delete login mapping for %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to delete login mapping for %s" % name)
-
- def get_all(self):
- dict={}
-- (status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
-+ (rc, self.ulist, self.usize) = semanage_seuser_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list login mappings")
-+
- for idx in range(self.usize):
- u = semanage_seuser_by_idx(self.ulist, idx)
- name = semanage_seuser_get_name(u)
-@@ -117,7 +187,7 @@
- keys=dict.keys()
- keys.sort()
- for k in keys:
-- print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1])
-+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
-
- class seluserRecords(semanageRecords):
- def __init__(self):
-@@ -126,87 +196,134 @@
- def add(self, name, roles, selevel, serange):
- if serange == "":
- serange = "s0"
-+ else:
-+ serange = untranslate(serange)
-+
- if selevel == "":
- selevel = "s0"
-+ else:
-+ selevel = untranslate(selevel)
-
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- (rc,exists) = semanage_user_exists(self.sh, k)
-- if not exists:
-- raise ValueError("SELinux user %s is already defined." % name)
-+ if exists:
-+ raise ValueError("SELinux user %s is already defined" % name)
-
- (rc,u) = semanage_user_create(self.sh)
- if rc < 0:
-- raise ValueError("Could not create login mapping for %s" % name)
-+ raise ValueError("Could not create SELinux user for %s" % name)
-+
-+ rc = semanage_user_set_name(self.sh, u, name)
-+ if rc < 0:
-+ raise ValueError("Could not set name for %s" % name)
-
-- semanage_user_set_name(self.sh, u, name)
- for r in roles:
-- semanage_user_add_role(self.sh, u, r)
-- semanage_user_set_mlsrange(self.sh, u, serange)
-- semanage_user_set_mlslevel(self.sh, u, selevel)
-+ rc = semanage_user_add_role(self.sh, u, r)
-+ if rc < 0:
-+ raise ValueError("Could not add role %s for %s" % (r, name))
-+
-+ rc = semanage_user_set_mlsrange(self.sh, u, serange)
-+ if rc < 0:
-+ raise ValueError("Could not set MLS range for %s" % name)
-+
-+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
-+ if rc < 0:
-+ raise ValueError("Could not set MLS level for %s" % name)
-+
- (rc,key) = semanage_user_key_extract(self.sh,u)
- if rc < 0:
- raise ValueError("Could not extract key for %s" % name)
-
-- semanage_begin_transaction(self.sh)
-- semanage_user_modify_local(self.sh, k, u)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add SELinux user")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_user_modify_local(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Failed to add SELinux user %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add SELinux user %s" % name)
-
- def modify(self, name, roles = [], selevel = "", serange = ""):
- if len(roles) == 0 and serange == "" and selevel == "":
-- raise ValueError("Requires, roles, level or range")
-+ raise ValueError("Requires roles, level or range")
-
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
- (rc,exists) = semanage_user_exists(self.sh, k)
-- if exists:
-- (rc,u) = semanage_user_query(self.sh, k)
-- else:
-- raise ValueError("SELinux user %s mapping is not defined locally." % name)
-+ if not exists:
-+ raise ValueError("SELinux user %s is not defined" % name)
-+
-+ (rc,u) = semanage_user_query(self.sh, k)
- if rc < 0:
- raise ValueError("Could not query user for %s" % name)
-
- if serange != "":
-- semanage_user_set_mlsrange(self.sh, u, serange)
-+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
- if selevel != "":
-- semanage_user_set_mlslevel(self.sh, u, selevel)
-+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
-+
- if len(roles) != 0:
- for r in roles:
- semanage_user_add_role(self.sh, u, r)
-- semanage_begin_transaction(self.sh)
-- semanage_user_modify_local(self.sh, k, u)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to modify SELinux user")
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_user_modify_local(self.sh, k, u)
-+ if rc < 0:
-+ raise ValueError("Failed to modify SELinux user %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to modify SELinux user %s" % name)
-
- def delete(self, name):
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
-- raise ValueError("Could not crpppeate a key for %s" % name)
-+ raise ValueError("Could not create a key for %s" % name)
-+
- (rc,exists) = semanage_user_exists(self.sh, k)
- if not exists:
-- raise ValueError("user %s is not defined" % name)
-- else:
-- (rc,exists) = semanage_user_exists_local(self.sh, k)
-- if not exists:
-- raise ValueError("user %s is not defined locally, can not delete " % name)
--
-- semanage_begin_transaction(self.sh)
-- semanage_user_del_local(self.sh, k)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Login User %s not defined" % name)
-+ raise ValueError("SELinux user %s is not defined" % name)
-+
-+ (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_user_del_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Failed to delete SELinux user %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to delete SELinux user %s" % name)
-
- def get_all(self):
- dict={}
-- (status, self.ulist, self.usize) = semanage_user_list(self.sh)
-+ (rc, self.ulist, self.usize) = semanage_user_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list SELinux users")
-+
- for idx in range(self.usize):
- u = semanage_user_by_idx(self.ulist, idx)
- name = semanage_user_get_name(u)
-- (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
-+ (rc, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
-+ if rc < 0:
-+ raise ValueError("Could not list roles for user %s" % name)
-+
- roles = ""
-
- if rlist_size:
-@@ -219,13 +336,13 @@
-
- def list(self, heading=1):
- if heading:
-- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
-- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
-+ print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
-+ print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
- dict=self.get_all()
- keys=dict.keys()
- keys.sort()
- for k in keys:
-- print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2])
-+ print "%-15s %-10s %-30s %s" % (k, translate(dict[k][0]), translate(dict[k][1]), dict[k][2])
-
- class portRecords(semanageRecords):
- def __init__(self):
-@@ -258,6 +375,8 @@
- def add(self, port, proto, serange, type):
- if serange == "":
- serange="s0"
-+ else:
-+ serange=untranslate(serange)
-
- if type == "":
- raise ValueError("Type is required")
-@@ -278,62 +397,97 @@
+- raise ValueError("Failed to add port %s/%s" % (proto, port))
++ raise ValueError("Failed to modify port %s/%s" % (proto, port))
+
+ rc = semanage_commit(self.sh)
if rc < 0:
- raise ValueError("Could not create context for %s/%s" % (proto, port))
-
-- semanage_context_set_user(self.sh, con, "system_u")
-- semanage_context_set_role(self.sh, con, "object_r")
-- semanage_context_set_type(self.sh, con, type)
-- semanage_context_set_mls(self.sh, con, serange)
-- semanage_begin_transaction(self.sh)
-+ rc = semanage_context_set_user(self.sh, con, "system_u")
-+ if rc < 0:
-+ raise ValueError("Could not set user in port context for %s/%s" % (proto, port))
-+
-+ rc = semanage_context_set_role(self.sh, con, "object_r")
-+ if rc < 0:
-+ raise ValueError("Could not set role in port context for %s/%s" % (proto, port))
-+
-+ rc = semanage_context_set_type(self.sh, con, type)
-+ if rc < 0:
-+ raise ValueError("Could not set type in port context for %s/%s" % (proto, port))
-+
-+ rc = semanage_context_set_mls(self.sh, con, serange)
-+ if rc < 0:
-+ raise ValueError("Could not set mls fields in port context for %s/%s" % (proto, port))
-+
- semanage_port_set_con(p, con)
-- semanage_port_modify_local(self.sh, k, p)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add port")
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_port_modify_local(self.sh, k, p)
-+ if rc < 0:
-+ raise ValueError("Failed to add port %s/%s" % (proto, port))
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add port %s/%s" % (proto, port))
+- raise ValueError("Failed to add port %s/%s" % (proto, port))
++ raise ValueError("Failed to modify port %s/%s" % (proto, port))
def modify(self, port, proto, serange, setype):
if serange == "" and setype == "":
-- raise ValueError("Requires, setype or serange")
-+ raise ValueError("Requires setype or serange")
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
+@@ -458,7 +458,7 @@
- (rc,exists) = semanage_port_exists(self.sh, k)
-- if exists:
-- (rc,p) = semanage_port_query(self.sh, k)
-- else:
-- raise ValueError("port %s/%s is not defined." % (proto,port))
--
-+ if not exists:
-+ raise ValueError("Port %s/%s is not defined" % (proto,port))
-+
-+ (rc,p) = semanage_port_query(self.sh, k)
+ rc = semanage_commit(self.sh)
if rc < 0:
-- raise ValueError("Could not query port for %s/%s" % (proto, port))
-+ raise ValueError("Could not query port %s/%s" % (proto, port))
-
- con = semanage_port_get_con(p)
-- if rc < 0:
-- raise ValueError("Could not get port context for %s/%s" % (proto, port))
-
- if serange != "":
-- semanage_context_set_mls(self.sh, con, serange)
-+ semanage_context_set_mls(self.sh, con, untranslate(serange))
- if setype != "":
- semanage_context_set_type(self.sh, con, setype)
-- semanage_begin_transaction(self.sh)
-- semanage_port_modify_local(self.sh, k, p)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add port")
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_port_modify_local(self.sh, k, p)
-+ if rc < 0:
+- raise ValueError("Failed to add port %s/%s" % (proto, port))
+ raise ValueError("Failed to modify port %s/%s" % (proto, port))
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add port %s/%s" % (proto, port))
def delete(self, port, proto):
( k, proto_d, low, high ) = self.__genkey(port, proto)
- (rc,exists) = semanage_port_exists(self.sh, k)
- if not exists:
-- raise ValueError("port %s/%s is not defined." % (proto,port))
-- else:
-- (rc,exists) = semanage_port_exists_local(self.sh, k)
-- if not exists:
-- raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
--
-- semanage_begin_transaction(self.sh)
-- semanage_port_del_local(self.sh, k)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Port %s/%s not defined" % (proto,port))
-+ raise ValueError("Port %s/%s is not defined" % (proto, port))
-+
-+ (rc,exists) = semanage_port_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("Port %s/%s is defined in policy, cannot be deleted" % (proto, port))
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_port_del_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Could not delete port %s/%s" % (proto, port))
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not delete port %s/%s" % (proto, port))
-
- def get_all(self):
- dict={}
-- (status, self.plist, self.psize) = semanage_port_list(self.sh)
-+ (rc, self.plist, self.psize) = semanage_port_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list ports")
-+
+@@ -491,22 +491,44 @@
for idx in range(self.psize):
u = semanage_port_by_idx(self.plist, idx)
con = semanage_port_get_con(u)
-@@ -369,89 +523,130 @@
- def add(self, interface, serange, type):
- if serange == "":
- serange="s0"
-+ else:
-+ serange=untranslate(serange)
-
- if type == "":
- raise ValueError("SELinux Type is required")
-
- (rc,k) = semanage_iface_key_create(self.sh, interface)
- if rc < 0:
-- raise ValueError("Can't create key for %s" % interface)
-+ raise ValueError("Could not create key for %s" % interface)
-+
- (rc,exists) = semanage_iface_exists(self.sh, k)
- if exists:
- raise ValueError("Interface %s already defined" % interface)
-
- (rc,iface) = semanage_iface_create(self.sh)
- if rc < 0:
-- raise ValueError("Could not create interface for %s" % (interface))
-+ raise ValueError("Could not create interface for %s" % interface)
-
- rc = semanage_iface_set_name(self.sh, iface, interface)
- (rc, con) = semanage_context_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create context for %s" % interface)
-
-- semanage_context_set_user(self.sh, con, "system_u")
-- semanage_context_set_role(self.sh, con, "object_r")
-- semanage_context_set_type(self.sh, con, type)
-- semanage_context_set_mls(self.sh, con, serange)
-- semanage_begin_transaction(self.sh)
-+ rc = semanage_context_set_user(self.sh, con, "system_u")
-+ if rc < 0:
-+ raise ValueError("Could not set user in interface context for %s" % interface)
-+
-+ rc = semanage_context_set_role(self.sh, con, "object_r")
-+ if rc < 0:
-+ raise ValueError("Could not set role in interface context for %s" % interface)
-+
-+ rc = semanage_context_set_type(self.sh, con, type)
-+ if rc < 0:
-+ raise ValueError("Could not set type in interface context for %s" % interface)
-+
-+ rc = semanage_context_set_mls(self.sh, con, serange)
-+ if rc < 0:
-+ raise ValueError("Could not set mls fields in interface context for %s" % interface)
-+
-+ (rc, con2) = semanage_context_clone(self.sh, con)
-+ if rc < 0:
-+ raise ValueError("Could not clone interface context for %s" % interface)
-+
- semanage_iface_set_ifcon(iface, con)
-- semanage_iface_set_msgcon(iface, con)
-- semanage_iface_add_local(self.sh, k, iface)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add interface")
-+ semanage_iface_set_msgcon(iface, con2)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_iface_modify_local(self.sh, k, iface)
-+ if rc < 0:
-+ raise ValueError("Failed to add interface %s" % interface)
+- name = semanage_context_get_type(con)
++ type = semanage_context_get_type(con)
++ if type == "reserved_port_t":
++ continue
++ level = semanage_context_get_mls(con)
+ proto=semanage_port_get_proto_str(u)
+ low=semanage_port_get_low(u)
+ high = semanage_port_get_high(u)
+- if (name, proto) not in dict.keys():
+- dict[(name,proto)]=[]
++ dict[(low, high)]=(type, proto, level)
++ return dict
+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add interface %s" % interface)
-
- def modify(self, interface, serange, setype):
- if serange == "" and setype == "":
-- raise ValueError("Requires, setype or serange")
-+ raise ValueError("Requires setype or serange")
-
- (rc,k) = semanage_iface_key_create(self.sh, interface)
- if rc < 0:
-- raise ValueError("Can't creater key for %s" % interface)
-- (rc,exists) = semanage_iface_exists(self.sh, k)
-- if exists:
-- (rc,p) = semanage_iface_query(self.sh, k)
-- else:
-- raise ValueError("interface %s is not defined." % interface)
-+ raise ValueError("Could not create key for %s" % interface)
-
-+ (rc,exists) = semanage_iface_exists(self.sh, k)
-+ if not exists:
-+ raise ValueError("Interface %s is not defined" % interface)
-+
-+ (rc,p) = semanage_iface_query(self.sh, k)
- if rc < 0:
-- raise ValueError("Could not query interface for %s" % interface)
-+ raise ValueError("Could not query interface %s" % interface)
-
- con = semanage_iface_get_ifcon(p)
-- if rc < 0:
-- raise ValueError("Could not get interface context for %s" % interface)
-
- if serange != "":
-- semanage_context_set_mls(self.sh, con, serange)
-+ semanage_context_set_mls(self.sh, con, untranslate(serange))
- if setype != "":
- semanage_context_set_type(self.sh, con, setype)
-
-- semanage_begin_transaction(self.sh)
-- semanage_iface_modify_local(self.sh, k, p)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add interface")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_iface_modify_local(self.sh, k, p)
-+ if rc < 0:
-+ raise ValueError("Failed to modify interface %s" % interface)
-
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add interface %s" % interface)
-+
- def delete(self, interface):
- (rc,k) = semanage_iface_key_create(self.sh, interface)
- if rc < 0:
-- raise ValueError("Can't create key for %s" % interface)
-+ raise ValueError("Could not create key for %s" % interface)
-+
- (rc,exists) = semanage_iface_exists(self.sh, k)
- if not exists:
-- raise ValueError("interface %s is not defined." % interface)
-- else:
-- (rc,exists) = semanage_iface_exists_local(self.sh, k)
-- if not exists:
-- raise ValueError("interface %s is not defined localy, can not be deleted." % interface)
--
-- semanage_begin_transaction(self.sh)
-- semanage_iface_del_local(self.sh, k)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Interface %s not defined" % interface)
-+ raise ValueError("Interface %s is not defined" % interface)
-+
-+ (rc,exists) = semanage_iface_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("Interface %s is defined in policy, cannot be deleted" % interface)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_iface_del_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Failed to delete interface %s" % interface)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to delete interface %s" % interface)
-
- def get_all(self):
- dict={}
-- (status, self.plist, self.psize) = semanage_iface_list(self.sh)
-- if status < 0:
-- raise ValueError("Unable to list interfaces")
-+ (rc, self.plist, self.psize) = semanage_iface_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list interfaces")
-+
- for idx in range(self.psize):
- interface = semanage_iface_by_idx(self.plist, idx)
- con = semanage_iface_get_ifcon(interface)
-@@ -466,7 +661,7 @@
- keys=dict.keys()
- keys.sort()
- for k in keys:
-- print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3])
-+ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], translate(dict[k][3], False))
-
- class fcontextRecords(semanageRecords):
- def __init__(self):
-@@ -495,89 +690,127 @@
-
- if serange == "":
- serange="s0"
-+ else:
-+ serange=untranslate(serange)
-
- if type == "":
- raise ValueError("SELinux Type is required")
-
- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
- if rc < 0:
-- raise ValueError("Can't create key for %s" % target)
-+ raise ValueError("Could not create key for %s" % target)
-+
- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-- print (rc, exists, target)
- if exists:
-- raise ValueError("fcontext %s already defined" % target)
-+ raise ValueError("File context for %s already defined" % target)
-+
- (rc,fcontext) = semanage_fcontext_create(self.sh)
- if rc < 0:
-- raise ValueError("Could not create fcontext for %s" % target)
-+ raise ValueError("Could not create file context for %s" % target)
-
- rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
- (rc, con) = semanage_context_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create context for %s" % target)
-
-- semanage_context_set_user(self.sh, con, seuser)
-- semanage_context_set_role(self.sh, con, "object_r")
-- semanage_context_set_type(self.sh, con, type)
-- semanage_context_set_mls(self.sh, con, serange)
-+ rc = semanage_context_set_user(self.sh, con, seuser)
-+ if rc < 0:
-+ raise ValueError("Could not set user in file context for %s" % target)
-+
-+ rc = semanage_context_set_role(self.sh, con, "object_r")
-+ if rc < 0:
-+ raise ValueError("Could not set role in file context for %s" % target)
-+
-+ rc = semanage_context_set_type(self.sh, con, type)
-+ if rc < 0:
-+ raise ValueError("Could not set type in file context for %s" % target)
-+
-+ rc = semanage_context_set_mls(self.sh, con, serange)
-+ if rc < 0:
-+ raise ValueError("Could not set mls fields in file context for %s" % target)
-+
- semanage_fcontext_set_type(fcontext, self.file_types[ftype])
-- semanage_begin_transaction(self.sh)
- semanage_fcontext_set_con(fcontext, con)
-- semanage_fcontext_add_local(self.sh, k, fcontext)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add fcontext")
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_fcontext_modify_local(self.sh, k, fcontext)
-+ if rc < 0:
-+ raise ValueError("Failed to add file context for %s" % target)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add file context for %s" % target)
-
- def modify(self, target, setype, ftype, serange, seuser):
- if serange == "" and setype == "" and seuser == "":
-- raise ValueError("Requires, setype, serange or seuser")
-+ raise ValueError("Requires setype, serange or seuser")
-
- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
- if rc < 0:
-- raise ValueError("Can't creater key for %s" % target)
-+ raise ValueError("Could not create a key for %s" % target)
-+
- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-- if exists:
-- (rc,p) = semanage_fcontext_query(self.sh, k)
-- else:
-- raise ValueError("fcontext %s is not defined." % target)
-+ if not exists:
-+ raise ValueError("File context for %s is not defined" % target)
-+
-+ (rc,p) = semanage_fcontext_query(self.sh, k)
- if rc < 0:
-- raise ValueError("Could not query fcontext for %s" % target)
-+ raise ValueError("Could not query file context for %s" % target)
-+
- con = semanage_fcontext_get_con(p)
-- if rc < 0:
-- raise ValueError("Could not get fcontext context for %s" % target)
-
- if serange != "":
-- semanage_context_set_mls(self.sh, con, serange)
-+ semanage_context_set_mls(self.sh, con, untranslate(serange))
- if seuser != "":
- semanage_context_set_user(self.sh, con, seuser)
- if setype != "":
- semanage_context_set_type(self.sh, con, setype)
-
-- semanage_begin_transaction(self.sh)
-- semanage_fcontext_modify_local(self.sh, k, p)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add fcontext")
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_fcontext_modify_local(self.sh, k, p)
-+ if rc < 0:
-+ raise ValueError("Failed to modify file context for %s" % target)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to add file context for %s" % target)
-
-- def delete(self, target):
-+ def delete(self, target, ftype):
- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
- if rc < 0:
-- raise ValueError("Can't create key for %s" % target)
-+ raise ValueError("Could not create a key for %s" % target)
-+
- (rc,exists) = semanage_fcontext_exists(self.sh, k)
- if not exists:
-- raise ValueError("fcontext %s is not defined." % target)
-- else:
-- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-- if not exists:
-- raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
--
-- semanage_begin_transaction(self.sh)
-- semanage_fcontext_del_local(self.sh, k)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("fcontext %s not defined" % target)
-+ raise ValueError("File context for %s is not defined" % target)
-+
-+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("File context for %s is defined in policy, cannot be deleted" % target)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_fcontext_del_local(self.sh, k)
++ def get_all_by_type(self):
++ dict={}
++ (rc, self.plist, self.psize) = semanage_port_list(self.sh)
+ if rc < 0:
-+ raise ValueError("Failed to delete file context for %s" % target)
++ raise ValueError("Could not list ports")
+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to delete file context for %s" % target)
-
- def get_all(self):
- dict={}
-- (status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
-- if status < 0:
-- raise ValueError("Unable to list fcontexts")
-+ (rc, self.plist, self.psize) = semanage_fcontext_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list file contexts")
-
- for idx in range(self.psize):
- fcontext = semanage_fcontext_by_idx(self.plist, idx)
-@@ -598,7 +831,7 @@
- keys=dict.keys()
- for k in keys:
- if dict[k]:
-- print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
-+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], translate(dict[k][3],False))
++ for idx in range(self.psize):
++ u = semanage_port_by_idx(self.plist, idx)
++ con = semanage_port_get_con(u)
++ type = semanage_context_get_type(con)
++ if type == "reserved_port_t":
++ continue
++ level = semanage_context_get_mls(con)
++ proto=semanage_port_get_proto_str(u)
++ low=semanage_port_get_low(u)
++ high = semanage_port_get_high(u)
++ if (type, proto) not in dict.keys():
++ dict[(type,proto)]=[]
+ if low == high:
+- dict[(name,proto)].append("%d" % low)
++ dict[(type,proto)].append("%d" % low)
else:
- print "%-50s %-18s <<None>>" % (k[0], k[1])
-
-@@ -606,117 +839,82 @@
- def __init__(self):
- semanageRecords.__init__(self)
-
-- def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
-- if seuser == "":
-- seuser="system_u"
--
-- if serange == "":
-- serange="s0"
--
-- if type == "":
-- raise ValueError("SELinux Type is required")
-+ def modify(self, name, value = ""):
-+ if value == "":
-+ raise ValueError("Requires value")
-
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
-- if rc < 0:
-- raise ValueError("Can't create key for %s" % target)
-- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-- print (rc, exists, target)
-- if exists:
-- raise ValueError("fcontext %s already defined" % target)
-- (rc,fcontext) = semanage_fcontext_create(self.sh)
-- if rc < 0:
-- raise ValueError("Could not create fcontext for %s" % target)
--
-- rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
-- (rc, con) = semanage_context_create(self.sh)
-+ (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
-- raise ValueError("Could not create context for %s" % target)
--
-- semanage_context_set_user(self.sh, con, seuser)
-- semanage_context_set_role(self.sh, con, "object_r")
-- semanage_context_set_type(self.sh, con, type)
-- semanage_context_set_mls(self.sh, con, serange)
-- semanage_fcontext_set_type(fcontext, self.file_types[ftype])
-- semanage_begin_transaction(self.sh)
-- semanage_fcontext_set_con(fcontext, con)
-- semanage_fcontext_add_local(self.sh, k, fcontext)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add fcontext")
-+ raise ValueError("Could not create a key for %s" % name)
-
-- def modify(self, target, setype, ftype, serange, seuser):
-- if serange == "" and setype == "" and seuser == "":
-- raise ValueError("Requires, setype, serange or seuser")
-+ (rc,exists) = semanage_bool_exists(self.sh, k)
-+ if not exists:
-+ raise ValueError("Boolean %s is not defined" % name)
-
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
-+ (rc,b) = semanage_bool_query(self.sh, k)
- if rc < 0:
-- raise ValueError("Can't creater key for %s" % target)
-- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-- if exists:
-- (rc,p) = semanage_fcontext_query(self.sh, k)
-- else:
-- raise ValueError("fcontext %s is not defined." % target)
-+ raise ValueError("Could not query file context %s" % name)
-+
-+ if value != "":
-+ nvalue = string.atoi(value)
-+ semanage_bool_set_value(b, nvalue)
-+
-+ rc = semanage_begin_transaction(self.sh)
- if rc < 0:
-- raise ValueError("Could not query fcontext for %s" % target)
-- con = semanage_fcontext_get_con(p)
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_bool_modify_local(self.sh, k, b)
- if rc < 0:
-- raise ValueError("Could not get fcontext context for %s" % target)
--
-- if serange != "":
-- semanage_context_set_mls(self.sh, con, serange)
-- if seuser != "":
-- semanage_context_set_user(self.sh, con, seuser)
-- if setype != "":
-- semanage_context_set_type(self.sh, con, setype)
-+ raise ValueError("Failed to modify boolean %s" % name)
-
-- semanage_begin_transaction(self.sh)
-- semanage_fcontext_modify_local(self.sh, k, p)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("Failed to add fcontext")
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to modify boolean %s" % name)
-
-- def delete(self, target):
-- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
-+ def delete(self, name):
-+ (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
-- raise ValueError("Can't create key for %s" % target)
-- (rc,exists) = semanage_fcontext_exists(self.sh, k)
-+ raise ValueError("Could not create a key for %s" % name)
-+
-+ (rc,exists) = semanage_bool_exists(self.sh, k)
- if not exists:
-- raise ValueError("fcontext %s is not defined." % target)
-- else:
-- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
-- if not exists:
-- raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
--
-- semanage_begin_transaction(self.sh)
-- semanage_fcontext_del_local(self.sh, k)
-- if semanage_commit(self.sh) < 0:
-- raise ValueError("fcontext %s not defined" % target)
-+ raise ValueError("Boolean %s is not defined" % name)
-+
-+ (rc,exists) = semanage_bool_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("Boolean %s is defined in policy, cannot be deleted" % name)
-+
-+ rc = semanage_begin_transaction(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not start semanage transaction")
-+
-+ rc = semanage_fcontext_del_local(self.sh, k)
-+ if rc < 0:
-+ raise ValueError("Failed to delete boolean %s" % name)
-+
-+ rc = semanage_commit(self.sh)
-+ if rc < 0:
-+ raise ValueError("Failed to delete boolean %s" % name)
-
- def get_all(self):
- dict={}
-- (status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
-- if status < 0:
-- raise ValueError("Unable to list fcontexts")
-+ (rc, self.blist, self.bsize) = semanage_bool_list(self.sh)
-+ if rc < 0:
-+ raise ValueError("Could not list booleans")
-
-- for idx in range(self.psize):
-- fcontext = semanage_fcontext_by_idx(self.plist, idx)
-- expr=semanage_fcontext_get_expr(fcontext)
-- ftype=semanage_fcontext_get_type_str(fcontext)
-- con = semanage_fcontext_get_con(fcontext)
-- if con:
-- dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
-- else:
-- dict[expr, ftype]=con
-+ for idx in range(self.bsize):
-+ boolean = semanage_bool_by_idx(self.blist, idx)
-+ name = semanage_bool_get_name(boolean)
-+ value = semanage_bool_get_value(boolean)
-+ dict[name] = value
-
+- dict[(name,proto)].append("%d-%d" % (low, high))
++ dict[(type,proto)].append("%d-%d" % (low, high))
return dict
-
+
def list(self, heading=1):
if heading:
-- print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
-+ print "%-50s %-18s\n" % ("SELinux boolean", "value")
- dict=self.get_all()
+- print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
+- dict=self.get_all()
++ print "%-30s %-8s %s\n" % ("SELinux Port Type", "Proto", "Port Number")
++ dict=self.get_all_by_type()
keys=dict.keys()
- for k in keys:
- if dict[k]:
-- print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
-- else:
-- print "%-50s %-18s <<None>>" % (k[0], k[1])
--
--
-+ print "%-50s %-18s " % (k[0], dict[k][0])
-Binary files nsapolicycoreutils/semanage/seobject.pyc and policycoreutils-1.29.7/semanage/seobject.pyc differ
+ keys.sort()
+ for i in keys:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -r1.217 -r1.218
--- policycoreutils.spec 14 Jan 2006 13:54:25 -0000 1.217
+++ policycoreutils.spec 18 Jan 2006 17:43:23 -0000 1.218
@@ -1,10 +1,10 @@
%define libsepolver 1.11.9-1
-%define libsemanagever 1.5.14-1
-%define libselinuxver 1.29.5-1
+%define libsemanagever 1.5.15-1
+%define libselinuxver 1.29.6-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.29.7
-Release: 3
+Version: 1.29.8
+Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -97,6 +97,15 @@
%{_libdir}/python2.4/site-packages/seobject.py*
%changelog
+* Wed Jan 18 2006 Dan Walsh <dwalsh at redhat.com> 1.29.8-1
+- Update to match NSA
+ * Merged semanage fixes from Ivan Gyurdiev.
+ * Merged semanage fixes from Russell Coker.
+ * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
+
+* Tue Jan 14 2006 Dan Walsh <dwalsh at redhat.com> 1.29.7-4
+- Update chcat to manage user categories also
+
* Sat Jan 14 2006 Dan Walsh <dwalsh at redhat.com> 1.29.7-3
- Add check for root for semanage, genhomedircon
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- sources 14 Jan 2006 03:51:29 -0000 1.98
+++ sources 18 Jan 2006 17:43:23 -0000 1.99
@@ -1 +1 @@
-4bd38ec2ccaf8cc047dfdcb30876b9fb policycoreutils-1.29.7.tgz
+c40bd665ecbb503adf1a8e8730fed32a policycoreutils-1.29.8.tgz
- Previous message (by thread): rpms/indent/devel indent-2.2.9-explicits.patch, NONE, 1.1 indent.spec, 1.15, 1.16
- Next message (by thread): rpms/glib2/devel .cvsignore, 1.43, 1.44 glib2.spec, 1.73, 1.74 sources, 1.43, 1.44
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list