rpms/policycoreutils/devel .cvsignore, 1.96, 1.97 policycoreutils-rhat.patch, 1.154, 1.155 policycoreutils.spec, 1.223, 1.224 sources, 1.100, 1.101
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jan 25 16:07:55 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13208
Modified Files:
.cvsignore policycoreutils-rhat.patch policycoreutils.spec
sources
Log Message:
* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.9-10
* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.9-2
- Fix genhomedircon to work on MLS policy
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- .cvsignore 19 Jan 2006 21:14:38 -0000 1.96
+++ .cvsignore 25 Jan 2006 16:07:46 -0000 1.97
@@ -82,3 +82,5 @@
policycoreutils-1.29.7.tgz
policycoreutils-1.29.8.tgz
policycoreutils-1.29.9.tgz
+policycoreutils-1.29.10.tgz
+policycoreutils-1.29.11.tgz
policycoreutils-rhat.patch:
scripts/chcat | 2
semanage/semanage | 149 ++++++++++++----------------------------------------
semanage/semanage.8 | 26 ++++-----
3 files changed, 49 insertions(+), 128 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -r1.154 -r1.155
--- policycoreutils-rhat.patch 19 Jan 2006 22:25:24 -0000 1.154
+++ policycoreutils-rhat.patch 25 Jan 2006 16:07:46 -0000 1.155
@@ -1,69 +1,337 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-1.29.9/scripts/chcat.8
---- nsapolicycoreutils/scripts/chcat.8 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.9/scripts/chcat.8 2006-01-19 17:23:42.000000000 -0500
-@@ -27,6 +27,11 @@
- Change/Remove the security CATEGORY for each FILE/USER.
- .PP
- Use +/- to add/remove categories from a FILE/USER.
-+.PP
-+.B
-+Note:
-+When removing a category you must specify '--' on the command line before using the -Category syntax. This tells the shell that you have finished entering options.
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.10/scripts/chcat
+--- nsapolicycoreutils/scripts/chcat 2006-01-19 16:00:44.000000000 -0500
++++ policycoreutils-1.29.10/scripts/chcat 2006-01-20 17:17:02.000000000 -0500
+@@ -356,7 +356,7 @@
+
+ if list_ind==0 and len(cmds) < 1:
+ usage()
+- except:
++ except ValueError, e:
+ usage()
+
+ if delete_ind:
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.10/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage 2006-01-20 10:37:37.000000000 -0500
++++ policycoreutils-1.29.10/semanage/semanage 2006-01-20 15:17:56.000000000 -0500
+@@ -30,28 +30,27 @@
+
+ def usage(message = ""):
+ print '\
+-semanage {login|user|port|interface|fcontext} -l\n\
++semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
+ semanage login -{a|d|m} [-sr] login_name\n\
+ semanage user -{a|d|m} [-LrR] selinux_name\n\
+-semanage port -{a|d|m} -p protocol [-t] port_number\n\
++semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
+ semanage interface -{a|d|m} [-tr] interface_spec\n\
+-semanage translation -{a|d|m} [-T] level\n\
+ semanage fcontext -{a|d|m} [-frst] file_spec\n\
++semanage translation -{a|d|m} [-T] level\n\
+ -a, --add Add a OBJECT record NAME\n\
+ -d, --delete Delete a OBJECT record NAME\n\
+ -f, --ftype File Type of OBJECT \n\
+ -h, --help display this message\n\
+ -l, --list List the OBJECTS\n\
+ -L, --level Default SELinux Level\n\
+- -n, --noheading Do not print heading when listing OBJECTS\n\
+ -m, --modify Modify a OBJECT record NAME\n\
+- -P, --proto Port protocol\n\
++ -n, --noheading Do not print heading when listing OBJECTS\n\
++ -p, --proto Port protocol\n\
+ -r, --range MLS/MCS Security Range\n\
+ -R, --roles SELinux Roles (Separate by spaces)\n\
+ -s, --seuser SELinux user name\n\
+ -t, --type SELinux Type for the object\n\
+ -T, --trans SELinux Level Translation\n\
+- -v, --verbose verbose output\n\
+ '
+ print message
+ sys.exit(1)
+@@ -62,35 +61,29 @@
+ sys.stderr.flush()
+ sys.exit(1)
+
+- def unwanted_ftype():
+- if ftype != "":
+- sys.stderr.write("ftype not used\n");
+- def unwanted_selevel():
+- if selevel != "":
+- sys.stderr.write("level not used\n");
+- def unwanted_proto():
+- if proto != "":
+- sys.stderr.write("proto not used\n");
+- def unwanted_roles():
+- if roles != "":
+- sys.stderr.write("role not used\n");
+- def unwanted_serange():
+- if serange != "":
+- sys.stderr.write("range not used\n");
+- def unwanted_seuser():
+- if seuser != "":
+- sys.stderr.write("seuser not used\n");
+- def unwanted_setype():
+- if setype != "":
+- sys.stderr.write("type not used\n");
+- def unwanted_setrans():
+- if setrans != "":
+- sys.stderr.write("trans not used\n");
++ def get_options():
++ valid_option={}
++ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
++ valid_option["login"] = []
++ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
++ valid_option["user"] = []
++ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ]
++ valid_option["port"] = []
++ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range']
++ valid_option["port"] = []
++ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ]
++ valid_option["interface"] = []
++ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
++ valid_option["fcontext"] = []
++ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
++ valid_option["translation"] = []
++ valid_option["fcontext"] += valid_everyone + [ '-T', '--trans' ]
++ return valid_option
++
+ #
+ #
+ #
+ try:
+- objectlist = ("login", "user", "port", "interface", "fcontext", "translation")
+ input = sys.stdin
+ output = sys.stdout
+ serange = ""
+@@ -112,12 +105,14 @@
+ usage("Requires 2 or more arguments")
+
+ object = sys.argv[1]
+- if object not in objectlist:
++ option_dict=get_options()
++ if object not in option_dict.keys():
+ usage("%s not defined" % object)
+
+ args = sys.argv[2:]
+
+ gopts, cmds = getopt.getopt(args,
+- 'adf:lhmnp:P:s:R:L:r:t:vT:',
++ 'adf:lhmnp:s:R:L:r:t:vT:',
+ ['add',
+ 'delete',
+ 'ftype=',
+@@ -125,16 +120,18 @@
+ 'list',
+ 'modify',
+ 'noheading',
+- 'port=',
+ 'proto=',
+ 'seuser=',
+ 'range=',
+ 'level=',
+ 'roles=',
+ 'type=',
+- 'trans=',
+- 'verbose'
++ 'trans='
+ ])
++ for o, a in gopts:
++ if o not in option_dict[object]:
++ sys.stderr.write("%s not valid for %s objects\n" % ( o, object) );
++
+ for o,a in gopts:
+ if o == "-a" or o == "--add":
+ if modify or delete:
+@@ -167,11 +164,11 @@
+ if o == "-L" or o == '--level':
+ selevel = a
+
+- if o == "-P" or o == '--proto':
++ if o == "-p" or o == '--proto':
+ proto = a
+
+ if o == "-R" or o == '--roles':
+- roles = roles + " " + a
++ roles = a
+
+ if o == "-s" or o == "--seuser":
+ seuser = a
+@@ -185,91 +182,25 @@
+ if o == "-v" or o == "--verbose":
+ verbose = 1
+
+-# Note in this section I intentionally leave the unwanted_*() functions for
+-# variabled which are wanted commented out and don't delete those lines. This
+-# will make it easier to modify the code when the list of wanted variables
+-# changes.
+ if object == "login":
+- if not delete:
+- unwanted_ftype()
+- unwanted_selevel()
+- unwanted_proto()
+- unwanted_roles()
+-# unwanted_serange()
+-# unwanted_seuser()
+- unwanted_setype()
+- unwanted_setrans()
+ OBJECT = seobject.loginRecords()
+
+ if object == "user":
+- if not delete:
+- unwanted_ftype()
+-# unwanted_selevel()
+- unwanted_proto()
+-# unwanted_roles()
+-# unwanted_serange()
+- unwanted_seuser()
+- unwanted_setype()
+- unwanted_setrans()
+ OBJECT = seobject.seluserRecords()
+
+ if object == "port":
+- if not delete:
+- unwanted_ftype()
+- unwanted_selevel()
+-# unwanted_proto()
+- unwanted_roles()
+- unwanted_serange()
+- unwanted_seuser()
+-# unwanted_setype()
+- unwanted_setrans()
+ OBJECT = seobject.portRecords()
+
+ if object == "interface":
+- if not delete:
+- unwanted_ftype()
+- unwanted_selevel()
+- unwanted_proto()
+- unwanted_roles()
+-# unwanted_serange()
+- unwanted_seuser()
+-# unwanted_setype()
+- unwanted_setrans()
+ OBJECT = seobject.interfaceRecords()
+
+ if object == "fcontext":
+- if not delete:
+-# unwanted_ftype()
+- unwanted_selevel()
+- unwanted_proto()
+- unwanted_roles()
+-# unwanted_serange()
+-# unwanted_seuser()
+-# unwanted_setype()
+- unwanted_setrans()
+ OBJECT = seobject.fcontextRecords()
+
+ if object == "translation":
+- if not delete:
+- unwanted_ftype()
+- unwanted_selevel()
+- unwanted_proto()
+- unwanted_roles()
+- unwanted_serange()
+- unwanted_seuser()
+- unwanted_setype()
+-# unwanted_setrans()
+ OBJECT = seobject.setransRecords()
+
+ if list:
+- unwanted_ftype()
+- unwanted_selevel()
+- unwanted_proto()
+- unwanted_roles()
+- unwanted_serange()
+- unwanted_seuser()
+- unwanted_setype()
+- unwanted_setrans()
+ OBJECT.list(heading)
+ sys.exit(0);
+
+@@ -324,16 +255,6 @@
+ sys.exit(0);
+
+ if delete:
+- if object != "fcontext":
+- unwanted_ftype()
+- unwanted_selevel()
+- if object == "port":
+- unwanted_proto()
+- unwanted_roles()
+- unwanted_serange()
+- unwanted_seuser()
+- unwanted_setype()
+- unwanted_setrans()
+ if object == "port":
+ OBJECT.delete(target, proto)
+
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.10/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8 2006-01-20 10:37:37.000000000 -0500
++++ policycoreutils-1.29.10/semanage/semanage.8 2006-01-20 15:10:15.000000000 -0500
+@@ -3,19 +3,19 @@
+ semanage \- SELinux Policy Management tool
+
+ .SH "SYNOPSIS"
+-.B semanage {login|user|port|interface|fcontext} \-l [\-n]
++.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n]
+ .br
+ .B semanage login \-{a|d|m} [\-sr] login_name
+ .br
+ .B semanage user \-{a|d|m} [\-LrR] selinux_name
+ .br
+-.B semanage port \-{a|d|m} \-p protocol [\-t] port_number
++.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range
+ .br
+ .B semanage interface \-{a|d|m} [\-tr] interface_spec
+ .br
+-.B semanage translation \-{a|d|m} [\-T] level
+-.br
+ .B semanage fcontext \-{a|d|m} [\-frst] file_spec
++.br
++.B semanage translation \-{a|d|m} [\-T] level
+ .P
+
+ This tool is used to configure SELinux policy
+@@ -35,34 +35,34 @@
+ .I \-d, \-\-delete
+ Delete a OBJECT record NAME
+ .TP
+-.I \-h, \-\-help
+-display this message
+-.TP
+ .I \-f, \-\-ftype
+ File Type. This is used with fcontext.
+ Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
+ .TP
++.I \-h, \-\-help
++display this message
++.TP
+ .I \-l, \-\-list
+ List the OBJECTS
+ .TP
+-.I \-n, \-\-noheading
+-Do not print heading when listing OBJECTS
+-.TP
+ .I \-L, \-\-level
+ Default SELinux Level for SELinux use. (s0)
+ .TP
+ .I \-m, \-\-modify
+ Modify a OBJECT record NAME
+ .TP
++.I \-n, \-\-noheading
++Do not print heading when listing OBJECTS.
++.TP
+ .I \-p, \-\-proto
+ Protocol for the specified port (tcp|udp).
+ .TP
+-.I \-R, \-\-role
+-SELinux Roles (Separate by spaces)
+-.TP
+ .I \-r, \-\-range
+ MLS/MCS Security Range
+ .TP
++.I \-R, \-\-role
++SELinux Roles. You must inclose multiple roles within quotes, separate by spaces.
++.TP
+ .I \-s, \-\-seuser
+ SELinux user name
.TP
- \fB\-d\fR
- delete the category from each FILE/USER.
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.9/scripts/genhomedircon
---- nsapolicycoreutils/scripts/genhomedircon 2006-01-18 11:12:43.000000000 -0500
-+++ policycoreutils-1.29.9/scripts/genhomedircon 2006-01-19 17:23:54.000000000 -0500
-@@ -199,10 +199,11 @@
- sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
- return
- prefs = {}
-+ prefs["seuser"] = seuser
- prefs["role"] = role
- prefs["home"] = home
-- udict[seuser] = prefs
--
-+ udict[user] = prefs
-+
- def getUsers(self):
- udict = {}
- if self.semanaged:
-@@ -233,14 +234,14 @@
-
- return udict
-
-- def getHomeDirContext(self, user, home, role):
-+ def getHomeDirContext(self, user, seuser, home, role):
- ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
- fd=open(self.getHomeDirTemplate(), 'r')
- for i in fd.read().split('\n'):
- if i.startswith("HOME_DIR") == 1:
- i=i.replace("HOME_DIR", home)
- i=i.replace("ROLE", role)
-- i=i.replace("system_u", user)
-+ i=i.replace("system_u", seuser)
- ret = ret+i+"\n"
- fd.close()
- return ret
-@@ -265,8 +266,8 @@
- ret=""
- # Fill in HOME and ROLE for users that are defined
- for u in users.keys():
-- ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"])
-- ret += self.getUserContext (u, u, users[u]["role"])
-+ ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["role"])
-+ ret += self.getUserContext (u, users[u]["seuser"], users[u]["role"])
- return ret+"\n"
-
- def checkExists(self, home):
-@@ -309,7 +310,7 @@
- def genoutput(self):
- ret= self.heading()
- for h in self.getHomeDirs():
-- ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user")
-+ ret += self.getHomeDirContext ("user_u", "user_u" , h+'/[^/]*', "user")
- ret += self.getHomeRootContext(h)
- ret += self.getUserContext(".*", "user_u", "user") + "\n"
- ret += self.genHomeDirContext()
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- policycoreutils.spec 19 Jan 2006 22:25:24 -0000 1.223
+++ policycoreutils.spec 25 Jan 2006 16:07:46 -0000 1.224
@@ -3,8 +3,8 @@
%define libselinuxver 1.29.6-1
Summary: SELinux policy core utilities.
Name: policycoreutils
-Version: 1.29.9
-Release: 2
+Version: 1.29.10
+Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -97,6 +97,7 @@
%{_libdir}/python2.4/site-packages/seobject.py*
%changelog
+* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.9-10
* Thu Jan 19 2006 Dan Walsh <dwalsh at redhat.com> 1.29.9-2
- Fix genhomedircon to work on MLS policy
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/sources,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- sources 19 Jan 2006 21:14:38 -0000 1.100
+++ sources 25 Jan 2006 16:07:46 -0000 1.101
@@ -1 +1 @@
-f9a8e2b1f33895ef25ad9eeb52dec04e policycoreutils-1.29.9.tgz
+51372837f3abaffa294b289c3acc89c4 policycoreutils-1.29.11.tgz
More information about the fedora-cvs-commits
mailing list