rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.150, 1.151 policycoreutils.spec, 1.219, 1.220
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jan 18 22:06:30 UTC 2006
- Previous message (by thread): rpms/xpdf/devel xpdf.spec,1.70,1.71
- Next message (by thread): rpms/kernel/devel patch-2.6.16-rc1-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.328, 1.329 kernel-2.6.spec, 1.1860, 1.1861 sources, 1.270, 1.271 upstream, 1.246, 1.247 linux-2.6-net-nip6_fmt.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24544
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Jan 18 2006 Dan Walsh <dwalsh at redhat.com> 1.29.8-3
- Add management of translation file to semaange and seobject
policycoreutils-rhat.patch:
scripts/chcat | 18 ++++--
semanage/semanage | 26 ++++++++--
semanage/semanage.8 | 7 ++
semanage/seobject.py | 129 +++++++++++++++++++++++++++++++++++++++++++++-----
setsebool/setsebool.c | 7 +-
5 files changed, 160 insertions(+), 27 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.150
retrieving revision 1.151
diff -u -r1.150 -r1.151
--- policycoreutils-rhat.patch 18 Jan 2006 18:55:09 -0000 1.150
+++ policycoreutils-rhat.patch 18 Jan 2006 22:06:19 -0000 1.151
@@ -43,10 +43,245 @@
sys.exit(listusercats(cmds))
else:
if len(cmds) > 0:
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.8/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage 2006-01-18 11:12:43.000000000 -0500
++++ policycoreutils-1.29.8/semanage/semanage 2006-01-18 17:02:47.000000000 -0500
+@@ -30,11 +30,12 @@
+
+ def usage(message = ""):
+ print '\
+-semanage user [-admLRr] SELINUX_USER\n\
++semanage fcontext [-admhfrst] INTERFACE\n\
++semanage interface [-admtr] INTERFACE\n\
+ semanage login [-admsr] LOGIN_NAME\n\
+ semanage port [-admtpr] PORT | PORTRANGE\n\
+-semanage interface [-admtr] INTERFACE\n\
+-semanage fcontext [-admhfrst] INTERFACE\n\
++semanage translation [-adm] LEVEL\n\
++semanage user [-admLRr] SELINUX_USER\n\
+ -a, --add Add a OBJECT record NAME\n\
+ -d, --delete Delete a OBJECT record NAME\n\
+ -f, --ftype File Type of OBJECT \n\
+@@ -47,6 +48,7 @@
+ -R, --roles SELinux Roles (Separate by spaces)\n\
+ -s, --seuser SELinux user name\n\
+ -t, --type SELinux Type for the object\n\
++ -T, --trans SELinux Level Translation\n\
+ -v, --verbose verbose output\n\
+ '
+ print message
+@@ -62,7 +64,7 @@
+ #
+ #
+ try:
+- objectlist = ("login", "user", "port", "interface", "fcontext")
++ objectlist = ("login", "user", "port", "interface", "fcontext", "translation")
+ input = sys.stdin
+ output = sys.stdout
+ serange = ""
+@@ -71,6 +73,7 @@
+ selevel = ""
+ setype = ""
+ ftype = ""
++ setrans = ""
+ roles = ""
+ seuser = ""
+ heading=1
+@@ -88,7 +91,7 @@
+
+ args = sys.argv[2:]
+ gopts, cmds = getopt.getopt(args,
+- 'adf:lhmnp:P:s:R:L:r:t:v',
++ 'adf:lhmnp:P:s:R:L:r:t:vT:',
+ ['add',
+ 'delete',
+ 'ftype=',
+@@ -103,6 +106,7 @@
+ 'level=',
+ 'roles=',
+ 'type=',
++ 'trans=',
+ 'verbose'
+ ])
+ for o,a in gopts:
+@@ -149,6 +153,9 @@
+ if o == "-t" or o == "--type":
+ setype = a
+
++ if o == "-T" or o == "--trans":
++ setrans = a
++
+ if o == "-v" or o == "--verbose":
+ verbose = 1
+
+@@ -167,6 +174,9 @@
+ if object == "fcontext":
+ OBJECT = seobject.fcontextRecords()
+
++ if object == "translation":
++ OBJECT = seobject.setransRecords()
++
+ if list:
+ OBJECT.list(heading)
+ sys.exit(0);
+@@ -180,6 +190,9 @@
+ if object == "login":
+ OBJECT.add(target, seuser, serange)
+
++ if object == "translation":
++ OBJECT.add(target, setrans)
++
+ if object == "user":
+ rlist = roles.split()
+ if len(rlist) == 0:
+@@ -200,6 +213,9 @@
+ if object == "login":
+ OBJECT.modify(target, seuser, serange)
+
++ if object == "translation":
++ OBJECT.modify(target, setrans)
++
+ if object == "user":
+ rlist = roles.split()
+ OBJECT.modify(target, rlist, selevel, serange)
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.8/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8 2006-01-18 11:12:43.000000000 -0500
++++ policycoreutils-1.29.8/semanage/semanage.8 2006-01-18 17:04:31.000000000 -0500
+@@ -13,6 +13,8 @@
+ .br
+ .B semanage interface \-{a|d|m} [\-tr] interface_spec
+ .br
++.B semanage translation \-{a|d|m} [\-T] level
++.br
+ .B semanage fcontext \-{a|d|m} [\-frst] file_spec
+ .P
+
+@@ -23,7 +25,7 @@
+ .BR semanage
+ program.
+ .br
+-This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces.
++This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces and MLS/MCS Translations.
+
+ .SH "OPTIONS"
+ .TP
+@@ -64,6 +66,9 @@
+ .I \-t, \-\-type
+ SELinux Type for the object
+ .TP
++.I \-T, \-\-trans
++SELinux Translation
++.TP
+ .I \-v, \-\-verbose
+ verbose output
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.8/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.8/semanage/seobject.py 2006-01-18 13:26:43.000000000 -0500
-@@ -421,11 +421,11 @@
++++ policycoreutils-1.29.8/semanage/seobject.py 2006-01-18 17:03:01.000000000 -0500
+@@ -21,9 +21,18 @@
+ #
+ #
+
+-import pwd, string, selinux
++import pwd, string, selinux, tempfile, os, re
+ from semanage import *;
+
++def validate_level(raw):
++ sensitivity="s([0-9]|1[0-5])"
++ category="c(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])"
++ range=category + "(\." + category +")?"
++ categories = range + "(\," + range + ")*"
++ sensitivity + "(:categies)?"
++ reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
++ return re.search("^" + reg +"$",raw)
++
+ def translate(raw, prepend=1):
+ if prepend == 1:
+ context="a:b:c:%s" % raw
+@@ -54,6 +63,82 @@
+ else:
+ return raw
+
++class setransRecords:
++ def __init__(self):
++ self.filename=selinux.selinux_translations_path()
++ fd=open(self.filename, "r")
++ translations=fd.read().split('\n')
++ fd.close()
++ self.dict={}
++ self.comments=[]
++ for r in translations:
++ if len(r) == 0:
++ continue
++ i=r.strip()
++ if i== "" or i[0] == "#":
++ self.comments.append(r)
++ continue
++ i=i.split("=")
++ if len(i) != 2:
++ self.comments.append(r)
++ continue
++ self.dict[i[0]] = i[1]
++
++ def get_all(self):
++ return self.dict
++
++ def out(self):
++ rec=""
++ for c in self.comments:
++ rec+=c +"\n"
++ keys=self.dict.keys()
++ keys.sort()
++ for k in keys:
++ rec += "%s=%s\n" % (k, self.dict[k])
++ return rec
++
++ def list(self,heading=1):
++ if heading:
++ print "\n%-25s %s\n" % ("Level", "Translation")
++ keys=self.dict.keys()
++ keys.sort()
++ for k in keys:
++ print "%-25s %s" % (k, self.dict[k])
++
++ def add(self, raw, trans):
++ if trans.find(" ") >= 0:
++ raise ValueError("Translations can not contain spaces '%s' " % trans)
++
++ if validate_level(raw) == None:
++ raise ValueError("Invalid Level '%s' " % raw)
++
++ if self.dict.has_key(raw):
++ raise ValueError("%s already defined in translations" % raw)
++ else:
++ self.dict[raw]=trans
++ self.save()
++
++ def modify(self, raw, trans):
++ if trans.find(" ") >= 0:
++
++ raise ValueError("Translations can not contain spaces '%s' " % trans)
++ if self.dict.has_key(raw):
++ self.dict[raw]=trans
++ else:
++ raise ValueError("%s not defined in translations" % raw)
++ self.save()
++
++ def delete(self, raw):
++ self.dict.pop(raw)
++ self.save()
++
++ def save(self):
++ newfilename = tempfile.mktemp('', self.filename)
++ fd=open(newfilename, "w")
++ fd.write(self.out())
++ fd.close()
++ os.rename(newfilename, self.filename)
++
+ class semanageRecords:
+ def __init__(self):
+ self.sh = semanage_handle_create()
+@@ -421,11 +506,11 @@
rc = semanage_port_modify_local(self.sh, k, p)
if rc < 0:
@@ -60,7 +295,7 @@
def modify(self, port, proto, serange, setype):
if serange == "" and setype == "":
-@@ -458,7 +458,7 @@
+@@ -458,7 +543,7 @@
rc = semanage_commit(self.sh)
if rc < 0:
@@ -69,7 +304,7 @@
def delete(self, port, proto):
( k, proto_d, low, high ) = self.__genkey(port, proto)
-@@ -491,22 +491,44 @@
+@@ -491,22 +576,44 @@
for idx in range(self.psize):
u = semanage_port_by_idx(self.plist, idx)
con = semanage_port_get_con(u)
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.219
retrieving revision 1.220
diff -u -r1.219 -r1.220
--- policycoreutils.spec 18 Jan 2006 18:55:10 -0000 1.219
+++ policycoreutils.spec 18 Jan 2006 22:06:24 -0000 1.220
@@ -4,7 +4,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.8
-Release: 2
+Release: 3
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -97,6 +97,9 @@
%{_libdir}/python2.4/site-packages/seobject.py*
%changelog
+* Wed Jan 18 2006 Dan Walsh <dwalsh at redhat.com> 1.29.8-3
+- Add management of translation file to semaange and seobject
+
* Wed Jan 18 2006 Dan Walsh <dwalsh at redhat.com> 1.29.8-2
- Fix chcat -l -L to work while not root
- Previous message (by thread): rpms/xpdf/devel xpdf.spec,1.70,1.71
- Next message (by thread): rpms/kernel/devel patch-2.6.16-rc1-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.328, 1.329 kernel-2.6.spec, 1.1860, 1.1861 sources, 1.270, 1.271 upstream, 1.246, 1.247 linux-2.6-net-nip6_fmt.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list