rpms/policycoreutils/F-11 policycoreutils-rhat.patch, 1.415, 1.416 policycoreutils.spec, 1.602, 1.603
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Apr 16 18:56:05 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1632
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Thu Apr 16 2009 Dan Walsh <dwalsh at redhat.com> 2.0.62-11
- Add semanage module support
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-11/policycoreutils-rhat.patch,v
retrieving revision 1.415
retrieving revision 1.416
diff -u -r1.415 -r1.416
--- policycoreutils-rhat.patch 14 Apr 2009 13:40:09 -0000 1.415
+++ policycoreutils-rhat.patch 16 Apr 2009 18:56:02 -0000 1.416
@@ -160,8 +160,15 @@
fi
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/semanage/semanage 2009-04-08 21:39:50.000000000 -0400
-@@ -50,7 +50,7 @@
++++ policycoreutils-2.0.62/semanage/semanage 2009-04-16 14:46:41.000000000 -0400
+@@ -44,16 +44,17 @@
+ text = _("""
+ semanage [ -S store ] -i [ input_file | - ]
+
+-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
++semanage {module,boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+ semanage login -{a|d|m} [-sr] login_name | %groupname
+ semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
@@ -169,8 +176,21 @@
+semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
- semanage permissive -{d|a} type
-@@ -84,6 +84,7 @@
+-semanage permissive -{d|a} type
++semanage permissive -{a|d} type
++semanage module -{a|d|} module
+
+ Primary Options:
+
+@@ -68,6 +69,7 @@
+ -h, --help Display this message
+ -n, --noheading Do not print heading when listing OBJECTS
+ -S, --store Select and alternate SELinux store to manage
++ --dontaudit Turn on or off dontaudit rules
+
+ Object-specific Options (see above):
+
+@@ -84,6 +86,7 @@
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
@@ -178,7 +198,7 @@
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
-@@ -115,7 +116,7 @@
+@@ -115,11 +118,14 @@
valid_option["node"] = []
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
valid_option["fcontext"] = []
@@ -187,15 +207,25 @@
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
-@@ -192,6 +193,7 @@
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
++ valid_option["module"] = []
++ valid_option["module"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '--dontaudit']
++
+ valid_option["permissive"] = []
+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ return valid_option
+@@ -192,7 +198,10 @@
locallist = False
use_file = False
store = ""
+ equil=""
++ dontaudit = ""
++
object = argv[0]
option_dict=get_options()
-@@ -201,10 +203,11 @@
+ if object not in option_dict.keys():
+@@ -201,10 +210,12 @@
args = argv[1:]
gopts, cmds = getopt.getopt(args,
@@ -204,21 +234,69 @@
['add',
'delete',
'deleteall',
++ 'dontaudit=',
+ 'equil=',
'ftype=',
'file',
'help',
-@@ -248,6 +251,9 @@
+@@ -241,16 +252,24 @@
+ if modify or add:
+ raise ValueError(_("%s bad option") % o)
+ delete = True
++
+ if o == "-D" or o == "--deleteall":
+ if modify:
+ raise ValueError(_("%s bad option") % o)
+ deleteall = True
++
if o == "-f" or o == "--ftype":
- ftype=a
-
-+ if o == "-e" or o == "--equil":
-+ equil=a
+- ftype=a
++ ftype = a
+
++ if o == "-e" or o == "--equil":
++ equil = a
+
if o == "-F" or o == "--file":
use_file = True
-@@ -366,7 +372,10 @@
++ if o == "--dontaudit":
++ dontaudit = a
++
+ if o == "-h" or o == "--help":
+ raise ValueError(_("%s bad option") % o)
+
+@@ -323,6 +342,9 @@
+
+ if object == "boolean":
+ OBJECT = seobject.booleanRecords(store)
++
++ if object == "module":
++ OBJECT = seobject.moduleRecords(store)
+
+ if object == "translation":
+ OBJECT = seobject.setransRecords()
+@@ -341,6 +363,13 @@
+ OBJECT.deleteall()
+ return
+
++ if dontaudit != "":
++ if object == "module":
++ OBJECT.dontaudit(dontaudit)
++ else:
++ raise ValueError(_("%s bad option") % o)
++ return
++
+ if len(cmds) != 1:
+ raise ValueError(_("%s bad option") % o)
+
+@@ -362,11 +391,17 @@
+ if object == "interface":
+ OBJECT.add(target, serange, setype)
+
++ if object == "module":
++ OBJECT.add(target)
++
+ if object == "node":
OBJECT.add(target, mask, proto, serange, setype)
if object == "fcontext":
@@ -230,7 +308,17 @@
if object == "permissive":
OBJECT.add(target)
-@@ -396,7 +405,10 @@
+@@ -386,6 +421,9 @@
+ rlist = roles.split()
+ OBJECT.modify(target, rlist, selevel, serange, prefix)
+
++ if object == "module":
++ OBJECT.modify(target)
++
+ if object == "port":
+ OBJECT.modify(target, proto, serange, setype)
+
+@@ -396,7 +434,10 @@
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
@@ -242,7 +330,7 @@
return
-@@ -405,7 +417,7 @@
+@@ -405,7 +446,7 @@
OBJECT.delete(target, proto)
elif object == "fcontext":
@@ -251,7 +339,7 @@
elif object == "node":
OBJECT.delete(target, mask, proto)
-@@ -464,10 +476,10 @@
+@@ -464,10 +505,10 @@
else:
fd = open(input, 'r')
trans = seobject.semanageRecords(store)
@@ -264,9 +352,21 @@
else:
process_args(sys.argv[1:])
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.62/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.62/semanage/semanage.8 2009-04-16 13:51:38.000000000 -0400
+@@ -21,6 +21,8 @@
+ .br
+ .B semanage permissive \-{a|d} type
+ .br
++.B semanage module \-{a|d} policy_package
++.br
+ .B semanage translation \-{a|d|m} [\-T] level
+ .P
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-11-14 17:10:15.000000000 -0500
-+++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-11 08:13:02.000000000 -0400
++++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-16 14:46:58.000000000 -0400
@@ -21,16 +21,16 @@
#
#
@@ -386,7 +486,7 @@
def begin(self):
if self.transaction:
return
-@@ -303,6 +309,12 @@
+@@ -303,6 +309,55 @@
if rc < 0:
raise ValueError(_("Could not commit semanage transaction"))
@@ -396,10 +496,53 @@
+ self.transaction = False
+ self.commit()
+
++class moduleRecords(semanageRecords):
++ def __init__(self, store):
++ semanageRecords.__init__(self, store)
++
++ def get_all(self):
++ l = []
++ (rc, mlist, number) = semanage_module_list(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list SELinux modules"))
++
++ for i in range(number):
++ mod = semanage_module_list_nth(mlist, i)
++ name = semanage_module_get_name(mod)
++ l.append(name)
++ return l
++
++ def dontaudit(self, dontaudit = 0):
++ self.begin()
++ rc = semanage_set_disable_dontaudit(self.sh, int(dontaudit))
++ self.commit()
++ rc = semanage_reload_policy(self.sh)
++
++ def list(self, heading = 1, locallist = 0):
++ if heading:
++ print "\n%-25s\n" % (_("Modules"))
++ for t in self.get_all():
++ print t
++
++ def add(self, modules):
++ import glob
++ for m in modules.split():
++ rc = semanage_module_install_file(self.sh, m);
++ if rc >= 0:
++ self.commit()
++
++ def delete(self, modules):
++ for m in modules.split():
++ rc = semanage_module_remove(self.sh, m)
++ if rc < 0:
++ raise ValueError(_("Could not remove module %s (remove failed)") % name)
++
++ self.commit()
++
class permissiveRecords(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
-@@ -320,7 +332,7 @@
+@@ -320,7 +375,7 @@
l.append(name.split("permissive_")[1])
return l
@@ -408,7 +551,7 @@
if heading:
print "\n%-25s\n" % (_("Permissive Types"))
for t in self.get_all():
-@@ -328,6 +340,7 @@
+@@ -328,6 +383,7 @@
def add(self, type):
@@ -416,7 +559,7 @@
name = "permissive_%s" % type
dirname = "/var/lib/selinux"
os.chdir(dirname)
-@@ -341,7 +354,7 @@
+@@ -341,7 +397,7 @@
permissive %s;
""" % (name, type, type)
@@ -425,7 +568,7 @@
fd.write(modtxt)
fd.close()
mc = module.ModuleCompiler()
-@@ -351,16 +364,19 @@
+@@ -351,16 +407,19 @@
fd.close()
rc = semanage_module_install(self.sh, data, len(data));
@@ -450,7 +593,7 @@
def delete(self, name):
for n in name.split():
-@@ -390,11 +406,11 @@
+@@ -390,11 +449,11 @@
if sename == "":
sename = "user_u"
@@ -464,7 +607,7 @@
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
-@@ -410,7 +426,7 @@
+@@ -410,7 +469,7 @@
except:
raise ValueError(_("Linux User %s does not exist") % name)
@@ -473,7 +616,7 @@
if rc < 0:
raise ValueError(_("Could not create login mapping for %s") % name)
-@@ -450,17 +466,17 @@
+@@ -450,17 +509,17 @@
if sename == "" and serange == "":
raise ValueError(_("Requires seuser or serange"))
@@ -494,7 +637,7 @@
if rc < 0:
raise ValueError(_("Could not query seuser for %s") % name)
-@@ -483,7 +499,7 @@
+@@ -483,7 +542,7 @@
semanage_seuser_key_free(k)
semanage_seuser_free(u)
@@ -503,7 +646,7 @@
def modify(self, name, sename = "", serange = ""):
try:
-@@ -492,21 +508,21 @@
+@@ -492,21 +551,21 @@
self.commit()
except ValueError, error:
@@ -529,7 +672,7 @@
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if not exists:
-@@ -525,10 +541,10 @@
+@@ -525,10 +584,10 @@
self.commit()
except ValueError, error:
@@ -542,7 +685,7 @@
def get_all(self, locallist = 0):
ddict = {}
-@@ -578,17 +594,17 @@
+@@ -578,17 +637,17 @@
if len(roles) < 1:
raise ValueError(_("You must add at least one role for %s") % name)
@@ -563,7 +706,7 @@
if rc < 0:
raise ValueError(_("Could not create SELinux user for %s") % name)
-@@ -612,7 +628,7 @@
+@@ -612,7 +671,7 @@
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -572,7 +715,7 @@
if rc < 0:
raise ValueError(_("Could not extract key for %s") % name)
-@@ -645,17 +661,17 @@
+@@ -645,17 +704,17 @@
else:
raise ValueError(_("Requires prefix or roles"))
@@ -593,7 +736,7 @@
if rc < 0:
raise ValueError(_("Could not query user for %s") % name)
-@@ -703,17 +719,17 @@
+@@ -703,17 +762,17 @@
raise error
def __delete(self, name):
@@ -614,7 +757,7 @@
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if not exists:
-@@ -795,7 +811,7 @@
+@@ -795,7 +854,7 @@
low = int(ports[0])
high = int(ports[1])
@@ -623,7 +766,7 @@
if rc < 0:
raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
return ( k, proto_d, low, high )
-@@ -812,13 +828,13 @@
+@@ -812,13 +871,13 @@
( k, proto_d, low, high ) = self.__genkey(port, proto)
@@ -639,7 +782,7 @@
if rc < 0:
raise ValueError(_("Could not create port for %s/%s") % (proto, port))
-@@ -871,13 +887,13 @@
+@@ -871,13 +930,13 @@
( k, proto_d, low, high ) = self.__genkey(port, proto)
@@ -655,7 +798,7 @@
if rc < 0:
raise ValueError(_("Could not query port %s/%s") % (proto, port))
-@@ -926,13 +942,13 @@
+@@ -926,13 +985,13 @@
def __delete(self, port, proto):
( k, proto_d, low, high ) = self.__genkey(port, proto)
@@ -671,7 +814,7 @@
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if not exists:
-@@ -1038,17 +1054,17 @@
+@@ -1038,17 +1097,17 @@
if ctype == "":
raise ValueError(_("SELinux Type is required"))
@@ -692,7 +835,7 @@
if rc < 0:
raise ValueError(_("Could not create addr for %s") % addr)
-@@ -1113,17 +1129,17 @@
+@@ -1113,17 +1172,17 @@
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
@@ -713,7 +856,7 @@
if rc < 0:
raise ValueError(_("Could not query addr %s") % addr)
-@@ -1160,17 +1176,17 @@
+@@ -1160,17 +1219,17 @@
else:
raise ValueError(_("Unknown or missing protocol"))
@@ -734,7 +877,7 @@
if rc < 0:
raise ValueError(_("Could not check if addr %s is defined") % addr)
if not exists:
-@@ -1240,17 +1256,17 @@
+@@ -1240,17 +1299,17 @@
if ctype == "":
raise ValueError(_("SELinux Type is required"))
@@ -755,7 +898,7 @@
if rc < 0:
raise ValueError(_("Could not create interface for %s") % interface)
-@@ -1301,17 +1317,17 @@
+@@ -1301,17 +1360,17 @@
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
@@ -776,7 +919,7 @@
if rc < 0:
raise ValueError(_("Could not query interface %s") % interface)
-@@ -1335,17 +1351,17 @@
+@@ -1335,17 +1394,17 @@
self.commit()
def __delete(self, interface):
@@ -797,7 +940,7 @@
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if not exists:
-@@ -1393,6 +1409,45 @@
+@@ -1393,6 +1452,45 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -843,7 +986,7 @@
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1429,23 +1484,23 @@
+@@ -1429,23 +1527,23 @@
if type == "":
raise ValueError(_("SELinux Type is required"))
@@ -871,7 +1014,7 @@
if rc < 0:
raise ValueError(_("Could not create file context for %s") % target)
-@@ -1486,21 +1541,21 @@
+@@ -1486,21 +1584,21 @@
raise ValueError(_("Requires setype, serange or seuser"))
self.validate(target)
@@ -898,7 +1041,7 @@
if rc < 0:
raise ValueError(_("Could not query file context for %s") % target)
-@@ -1550,7 +1605,7 @@
+@@ -1550,7 +1648,7 @@
target = semanage_fcontext_get_expr(fcontext)
ftype = semanage_fcontext_get_type(fcontext)
ftype_str = semanage_fcontext_get_type_str(ftype)
@@ -907,7 +1050,7 @@
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1558,19 +1613,26 @@
+@@ -1558,19 +1656,26 @@
if rc < 0:
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -938,7 +1081,7 @@
if rc < 0:
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
-@@ -1617,11 +1679,11 @@
+@@ -1617,11 +1722,11 @@
return ddict
def list(self, heading = 1, locallist = 0 ):
@@ -952,7 +1095,7 @@
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1630,11 +1692,17 @@
+@@ -1630,11 +1735,17 @@
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -971,7 +1114,7 @@
self.dict["TRUE"] = 1
self.dict["FALSE"] = 0
self.dict["ON"] = 1
-@@ -1643,16 +1711,16 @@
+@@ -1643,16 +1754,16 @@
self.dict["0"] = 0
def __mod(self, name, value):
@@ -991,7 +1134,7 @@
if rc < 0:
raise ValueError(_("Could not query file context %s") % name)
-@@ -1670,7 +1738,7 @@
+@@ -1670,7 +1781,7 @@
semanage_bool_key_free(k)
semanage_bool_free(b)
@@ -1000,7 +1143,7 @@
self.begin()
-@@ -1694,16 +1762,16 @@
+@@ -1694,16 +1805,16 @@
def __delete(self, name):
@@ -1020,7 +1163,7 @@
if rc < 0:
raise ValueError(_("Could not check if boolean %s is defined") % name)
if not exists:
-@@ -1762,7 +1830,7 @@
+@@ -1762,7 +1873,7 @@
return _("unknown")
def list(self, heading = True, locallist = False, use_file = False):
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-11/policycoreutils.spec,v
retrieving revision 1.602
retrieving revision 1.603
diff -u -r1.602 -r1.603
--- policycoreutils.spec 14 Apr 2009 13:40:12 -0000 1.602
+++ policycoreutils.spec 16 Apr 2009 18:56:04 -0000 1.603
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.62
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -221,6 +221,9 @@
fi
%changelog
+* Thu Apr 16 2009 Dan Walsh <dwalsh at redhat.com> 2.0.62-11
+- Add semanage module support
+
* Tue Apr 14 2009 Dan Walsh <dwalsh at redhat.com> 2.0.62-10
- Do not print \n, if count < 1000;
More information about the fedora-extras-commits
mailing list