rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.346, 1.347 policycoreutils.spec, 1.495, 1.496
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jan 15 16:34:50 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31647
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Tue Jan 15 2008 Dan Walsh <dwalsh at redhat.com> 2.0.35-2
- Add descriptions of booleans to audit2allow
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.346
retrieving revision 1.347
diff -u -r1.346 -r1.347
--- policycoreutils-rhat.patch 11 Jan 2008 18:33:08 -0000 1.346
+++ policycoreutils-rhat.patch 15 Jan 2008 16:34:45 -0000 1.347
@@ -1,7 +1,15 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.35/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.35/audit2allow/audit2allow 2008-01-11 11:17:46.000000000 -0500
-@@ -60,7 +60,10 @@
++++ policycoreutils-2.0.35/audit2allow/audit2allow 2008-01-15 11:32:58.000000000 -0500
+@@ -19,7 +19,6 @@
+ #
+
+ import sys
+-import tempfile
+
+ import sepolgen.audit as audit
+ import sepolgen.policygen as policygen
+@@ -60,7 +59,10 @@
parser.add_option("-o", "--output", dest="output",
help="append output to <filename>, conflicts with -M")
parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
@@ -13,7 +21,7 @@
parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
default=False, help="explain generated output")
parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
-@@ -72,6 +75,9 @@
+@@ -72,6 +74,9 @@
parser.add_option("--debug", dest="debug", action="store_true", default=False,
help="leave generated modules for -M")
@@ -23,31 +31,36 @@
options, args = parser.parse_args()
# Make -d, -a, and -i conflict
-@@ -149,8 +155,10 @@
+@@ -147,10 +152,12 @@
+
+ def __process_input(self):
if self.__options.type:
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
-+ self.__selinux_errs = self.__parser.to_role(filter)
+- filter = audit.TypeFilter(self.__options.type)
+- self.__avs = self.__parser.to_access(filter)
++ avcfilter = audit.TypeFilter(self.__options.type)
++ self.__avs = self.__parser.to_access(avcfilter)
++ self.__selinux_errs = self.__parser.to_role(avcfilter)
else:
self.__avs = self.__parser.to_access()
+ self.__selinux_errs = self.__parser.to_role()
def __load_interface_info(self):
# Load interface info file
-@@ -210,7 +218,71 @@
+@@ -210,7 +217,74 @@
sys.stdout.write((_("To make this policy package active, execute:" +\
"\n\nsemodule -i %s\n\n") % packagename))
+ def __output_audit2why(self):
+ import selinux
+ import selinux.audit2why as audit2why
++ import seobject
+ audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
+ for i in self.__parser.avc_msgs:
+ rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
+ if rc >= 0:
+ print "%s\n\tWas caused by:" % i.message
+ if rc == audit2why.NOPOLICY:
-+ raise "Must call policy_init first"
++ raise RuntimeError("Must call policy_init first")
+ if rc == audit2why.BADTCON:
+ print "Invalid Target Context %s\n" % i.tcontext
+ continue
@@ -61,7 +74,7 @@
+ print "Invalid permission %s\n" % i.accesses
+ continue
+ if rc == audit2why. BADCOMPUTE:
-+ raise "Error during access vector computation"
++ raise RuntimeError("Error during access vector computation")
+ if rc == audit2why.ALLOW:
+ print "\t\tUnknown - would be allowed by active policy\n",
+ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -71,12 +84,14 @@
+ if len(bools) > 1:
+ print "\tOne of the following booleans being set incorrectly."
+ for b in bools:
-+ print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
-+ print "\t# setsebool -P %s %d" % (b[0], b[1])
++ print "\n\tBoolean %s is %d." % (b[0], not b[1])
++ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
++ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
+ else:
-+ print "\tThe boolean %s set incorrectly. Allow access by executing:" % bools[0][0]
-+ print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-+
++ print "\tThe boolean %s set incorrectly. " % (bools[0][0])
++ print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
++ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
++ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
+ continue
+
+ if rc == audit2why.TERULE:
@@ -106,7 +121,7 @@
g = policygen.PolicyGenerator()
if self.__options.module:
-@@ -251,6 +323,12 @@
+@@ -251,6 +325,12 @@
fd = sys.stdout
writer.write(g.get_module(), fd)
@@ -831,3 +846,31 @@
if object == "login":
OBJECT = seobject.loginRecords(store)
+diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.35/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
++++ policycoreutils-2.0.35/semanage/seobject.py 2008-01-15 11:31:49.000000000 -0500
+@@ -117,6 +117,12 @@
+ #print _("Failed to translate booleans.\n%s") % e
+ pass
+
++def boolean_desc(boolean):
++ if boolean in booleans_dict:
++ return _(booleans_dict[boolean][2])
++ else:
++ return boolean
++
+ def validate_level(raw):
+ sensitivity = "s[0-9]*"
+ category = "c[0-9]*"
+@@ -1456,10 +1462,7 @@
+ return ddict
+
+ def get_desc(self, boolean):
+- if boolean in booleans_dict:
+- return _(booleans_dict[boolean][2])
+- else:
+- return boolean
++ return boolean_desc(boolean)
+
+ def get_category(self, boolean):
+ if boolean in booleans_dict:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.495
retrieving revision 1.496
diff -u -r1.495 -r1.496
--- policycoreutils.spec 11 Jan 2008 18:33:08 -0000 1.495
+++ policycoreutils.spec 15 Jan 2008 16:34:45 -0000 1.496
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.35
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -193,6 +193,9 @@
fi
%changelog
+* Tue Jan 15 2008 Dan Walsh <dwalsh at redhat.com> 2.0.35-2
+- Add descriptions of booleans to audit2allow
+
* Fri Jan 11 2008 Dan Walsh <dwalsh at redhat.com> 2.0.35-1
- Update to upstream
* Merged support for non-interactive newrole command invocation from Tim Reed.
More information about the fedora-extras-commits
mailing list