rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.381, 1.382 policycoreutils.spec, 1.544, 1.545
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Aug 6 22:12:10 UTC 2008
- Previous message (by thread): rpms/eclipse/devel eclipse-pde.build-add-package-build.patch, 1.7, 1.8 eclipse-pdebuild.sh, 1.4, 1.5 eclipse.spec, 1.576, 1.577 sources, 1.64, 1.65
- Next message (by thread): rpms/perl-Net-Ping-External/devel import.log, NONE, 1.1 perl-Net-Ping-External.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9622
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Aug 6 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-2
- Allow multiple transactions in one semanage command
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.381
retrieving revision 1.382
diff -u -r1.381 -r1.382
--- policycoreutils-rhat.patch 5 Aug 2008 14:32:31 -0000 1.381
+++ policycoreutils-rhat.patch 6 Aug 2008 22:11:40 -0000 1.382
@@ -1,54 +1,1169 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.53/Makefile
+diff -b -B --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.54/Makefile
--- nsapolicycoreutils/Makefile 2008-08-05 09:58:35.000000000 -0400
-+++ policycoreutils-2.0.53/Makefile 2008-08-01 07:34:03.000000000 -0400
++++ policycoreutils-2.0.54/Makefile 2008-08-06 18:05:28.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.53/restorecond/restorecond.conf
+diff -b -B --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.54/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2008-08-05 09:58:27.000000000 -0400
-+++ policycoreutils-2.0.53/restorecond/restorecond.conf 2008-08-01 10:54:17.000000000 -0400
++++ policycoreutils-2.0.54/restorecond/restorecond.conf 2008-08-06 18:05:28.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/services
/etc/resolv.conf
/etc/samba/secrets.tdb
/etc/mtab
-diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.53/semanage/semanage
+diff -b -B --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.54/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-08-05 09:58:26.000000000 -0400
-+++ policycoreutils-2.0.53/semanage/semanage 2008-08-05 10:13:48.000000000 -0400
-@@ -45,11 +45,11 @@
++++ policycoreutils-2.0.54/semanage/semanage 2008-08-06 18:05:28.000000000 -0400
+@@ -20,7 +20,7 @@
+ # 02111-1307 USA
+ #
+ #
+-import os, sys, getopt
++import sys, getopt
+ import seobject
+ import selinux
+ PROGNAME="policycoreutils"
+@@ -43,7 +43,9 @@
+ if __name__ == '__main__':
+
def usage(message = ""):
- print _("""
+- print _("""
++ raise ValueError(_("""
++semanage [ -S store ] -i [ input_file | - ]
++
semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
--semanage login -{a|d|m} [-sr] login_name | %groupname
--semanage user -{a|d|m} [-LrRP] selinux_name
-+semanage login -{a|d|m} [-srF] login_name | login_file
-+semanage user -{a|d|m} [-LrRPF] selinux_name | user_file
- semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
- semanage interface -{a|d|m} [-tr] interface_spec
--semanage fcontext -{a|d|m} [-frst] file_spec
-+semanage fcontext -{a|d|m} [-frstF] file_spec | fcontext_file
- semanage translation -{a|d|m} [-T] level
- semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
- semanage permissive -{d|a} type
-@@ -103,15 +103,15 @@
- valid_option={}
- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
- valid_option["login"] = []
-- valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
-+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range', "-F", "--file"]
- valid_option["user"] = []
-- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
-+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix', "-F", "--file"]
- valid_option["port"] = []
- valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
- valid_option["interface"] = []
- valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
- valid_option["fcontext"] = []
-- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
-+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range', "-F", "--file"]
- valid_option["translation"] = []
- valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
- valid_option["boolean"] = []
+ semanage login -{a|d|m} [-sr] login_name | %groupname
+ semanage user -{a|d|m} [-LrRP] selinux_name
+@@ -59,6 +61,7 @@
+ -a, --add Add a OBJECT record NAME
+ -d, --delete Delete a OBJECT record NAME
+ -m, --modify Modify a OBJECT record NAME
++ -i, --input Input multiple semange commands in a transaction
+ -l, --list List the OBJECTS
+ -C, --locallist List OBJECTS local customizations
+ -D, --deleteall Remove all OBJECTS local customizations
+@@ -89,9 +92,8 @@
+ -s, --seuser SELinux User Name
+ -t, --type SELinux Type for the object
+ -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
+-""")
+- print message
+- sys.exit(1)
++%s
++""") % message)
+
+ def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+@@ -120,12 +122,42 @@
+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ return valid_option
+
+- #
+- #
+- #
+- try:
+- input = sys.stdin
+- output = sys.stdout
++ def mkargv(line):
++ dquote = "\""
++ squote = "\'"
++ l = line.split()
++ ret = []
++ i = 0
++ while i < len(l):
++ if dquote in l[i]:
++ quote = [ l[i].strip(dquote) ]
++ i = i + 1
++ while i < len(l) and dquote not in l[i]:
++ quote.append(l[i])
++ i = i + 1
++
++ quote.append(l[i].strip(dquote))
++ ret.append(" ".join(quote))
++ i = i + 1
++ continue
++ if squote in l[i]:
++ quote = [ l[i].strip(squote) ]
++ i = i + 1
++ while i < len(l) and squote not in l[i]:
++ quote.append(l[i])
++ i = i + 1
++
++ quote.append(l[i].strip(squote))
++ ret.append(" ".join(quote))
++ i = i + 1
++ continue
++
++ ret.append(l[i])
++ i = i + 1
++
++ return ret
++
++ def process_args(argv):
+ serange = ""
+ port = ""
+ proto = ""
+@@ -146,24 +178,23 @@
+ locallist = False
+ use_file = False
+ store = ""
+- if len(sys.argv) < 3:
+- usage(_("Requires 2 or more arguments"))
+
+- object = sys.argv[1]
++ object = argv[0]
+ option_dict=get_options()
+ if object not in option_dict.keys():
+ usage(_("%s not defined") % object)
+
+- args = sys.argv[2:]
++ args = argv[1:]
+
+ gopts, cmds = getopt.getopt(args,
+- '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:',
++ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
+ 'deleteall',
+ 'ftype=',
+ 'file',
+ 'help',
++ 'input=',
+ 'list',
+ 'modify',
+ 'noheading',
+@@ -187,16 +218,16 @@
+ for o,a in gopts:
+ if o == "-a" or o == "--add":
+ if modify or delete:
+- usage()
++ raise ValueError(_("%s bad option") % o)
+ add = True
+
+ if o == "-d" or o == "--delete":
+ if modify or add:
+- usage()
++ raise ValueError(_("%s bad option") % o)
+ delete = True
+ if o == "-D" or o == "--deleteall":
+ if modify:
+- usage()
++ raise ValueError(_("%s bad option") % o)
+ deleteall = True
+ if o == "-f" or o == "--ftype":
+ ftype=a
+@@ -205,7 +236,7 @@
+ use_file = True
+
+ if o == "-h" or o == "--help":
+- usage()
++ raise ValueError(_("%s bad option") % o)
+
+ if o == "-n" or o == "--noheading":
+ heading = False
+@@ -215,7 +246,7 @@
+
+ if o == "-m"or o == "--modify":
+ if delete or add:
+- usage()
++ raise ValueError(_("%s bad option") % o)
+ modify = True
+
+ if o == "-S" or o == '--store':
+@@ -223,7 +254,7 @@
+
+ if o == "-r" or o == '--range':
+ if is_mls_enabled == 0:
+- errorExit(_("range not supported on Non MLS machines"))
++ raise ValueError(_("range not supported on Non MLS machines"))
+ serange = a
+
+ if o == "-l" or o == "--list":
+@@ -231,7 +262,7 @@
+
+ if o == "-L" or o == '--level':
+ if is_mls_enabled == 0:
+- errorExit(_("range not supported on Non MLS machines"))
++ raise ValueError(_("range not supported on Non MLS machines"))
+ selevel = a
+
+ if o == "-p" or o == '--proto':
+@@ -286,14 +317,14 @@
+ OBJECT.list(heading, locallist, use_file)
+ else:
+ OBJECT.list(heading, locallist)
+- sys.exit(0);
++ return
+
+ if deleteall:
+ OBJECT.deleteall()
+- sys.exit(0);
++ return
+
+ if len(cmds) != 1:
+- usage()
++ raise ValueError(_("%s bad option") % o)
+
+ target = cmds[0]
+
+@@ -305,10 +336,7 @@
+ OBJECT.add(target, setrans)
+
+ if object == "user":
+- rlist = []
+- if not use_file:
+- rlist = roles.split()
+- OBJECT.add(target, rlist, selevel, serange, prefix)
++ OBJECT.add(target, roles.split(), selevel, serange, prefix)
+
+ if object == "port":
+ OBJECT.add(target, proto, serange, setype)
+@@ -321,7 +349,7 @@
+ if object == "permissive":
+ OBJECT.add(target)
+
+- sys.exit(0);
++ return
+
+ if modify:
+ if object == "boolean":
+@@ -346,7 +374,7 @@
+ if object == "fcontext":
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+
+- sys.exit(0);
++ return
+
+ if delete:
+ if object == "port":
+@@ -358,16 +386,69 @@
+ else:
+ OBJECT.delete(target)
+
+- sys.exit(0);
+- usage()
++ return
++
++ raise ValueError(_("Invalid command") % " ".join(argv))
++
++ #
++ #
++ #
++ try:
++ input = None
++ store = ""
++
++ if len(sys.argv) < 3:
++ usage(_("Requires 2 or more arguments"))
++
++ gopts, cmds = getopt.getopt(sys.argv[1:],
++ '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
++ ['add',
++ 'delete',
++ 'deleteall',
++ 'ftype=',
++ 'file',
++ 'help',
++ 'input=',
++ 'list',
++ 'modify',
++ 'noheading',
++ 'localist',
++ 'off',
++ 'on',
++ 'proto=',
++ 'seuser=',
++ 'store=',
++ 'range=',
++ 'level=',
++ 'roles=',
++ 'type=',
++ 'trans=',
++ 'prefix='
++ ])
++ for o, a in gopts:
++ if o == "-S" or o == '--store':
++ store = a
++ if o == "-i" or o == '--input':
++ input = a
++
++ if input != None:
++ if input == "-":
++ fd = sys.stdin
++ else:
++ fd = open(input, 'r')
++ trans = seobject.semanageRecords(store)
++ trans.begin()
++ for l in fd.readlines():
++ process_args(mkargv(l))
++ trans.commit()
++ else:
++ process_args(sys.argv[1:])
+
+ except getopt.error, error:
+- errorExit(_("Options Error %s ") % error.msg)
++ usage(_("Options Error %s ") % error.msg)
+ except ValueError, error:
+ errorExit(error.args[0])
+ except KeyError, error:
+ errorExit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
+ errorExit(error.args[1])
+- except KeyboardInterrupt, error:
+- sys.exit(0)
+diff -b -B --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.54/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2008-08-05 09:58:26.000000000 -0400
++++ policycoreutils-2.0.54/semanage/seobject.py 2008-08-06 18:07:21.000000000 -0400
+@@ -26,7 +26,6 @@
+ PROGNAME="policycoreutils"
+ import sepolgen.module as module
+
+-import commands
+ import gettext
+ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+ gettext.textdomain(PROGNAME)
+@@ -40,6 +39,33 @@
+
+ import syslog
+
++handle = None
++
++def get_handle(store):
++ global handle
++
++ handle = semanage_handle_create()
++ if not handle:
++ raise ValueError(_("Could not create semanage handle"))
++
++ if store != "":
++ semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
++
++ if not semanage_is_managed(handle):
++ semanage_handle_destroy(handle)
++ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
++
++ rc = semanage_access_check(handle)
++ if rc < SEMANAGE_CAN_READ:
++ semanage_handle_destroy(handle)
++ raise ValueError(_("Cannot read policy store."))
++
++ rc = semanage_connect(handle)
++ if rc < 0:
++ semanage_handle_destroy(handle)
++ raise ValueError(_("Could not establish semanage connection"))
++ return handle
++
+ file_types = {}
+ file_types[""] = SEMANAGE_FCONTEXT_ALL;
+ file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
+@@ -90,8 +116,6 @@
+
+ mylog = logger()
+
+-import sys, os
+-import re
+ import xml.etree.ElementTree
+
+ booleans_dict={}
+@@ -249,31 +273,36 @@
+ os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
+
+-class permissiveRecords:
++class semanageRecords:
+ def __init__(self, store):
+- self.store = store
+- self.sh = semanage_handle_create()
+- if not self.sh:
+- raise ValueError(_("Could not create semanage handle"))
+-
+- if store != "":
+- semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
++ global handle
+
+- self.semanaged = semanage_is_managed(self.sh)
+-
+- if not self.semanaged:
+- semanage_handle_destroy(self.sh)
+- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
++ if handle != None:
++ self.transaction = True
++ self.sh = handle
++ else:
++ self.sh=get_handle(store)
++ self.transaction = False
+
+- rc = semanage_access_check(self.sh)
+- if rc < SEMANAGE_CAN_READ:
+- semanage_handle_destroy(self.sh)
+- raise ValueError(_("Cannot read policy store."))
++ def deleteall(self):
++ raise ValueError(_("Not yet implemented"))
+
+- rc = semanage_connect(self.sh)
++ def begin(self):
++ if self.transaction:
++ return
++ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+- semanage_handle_destroy(self.sh)
+- raise ValueError(_("Could not establish semanage connection"))
++ raise ValueError(_("Could not start semanage transaction"))
++ def commit(self):
++ if self.transaction:
++ return
++ rc = semanage_commit(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not commit semanage transaction"))
++
++class permissiveRecords(semanageRecords):
++ def __init__(self, store):
++ semanageRecords.__init__(self, store)
+
+ def get_all(self):
+ l = []
+@@ -321,9 +350,9 @@
+ rc = semanage_module_install(self.sh, data, len(data));
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not set permissive domain %s (commit failed)") % name)
++
++ self.commit()
++
+ for root, dirs, files in os.walk("tmp", topdown=False):
+ for name in files:
+ os.remove(os.path.join(root, name))
+@@ -335,9 +364,8 @@
+ rc = semanage_module_remove(self.sh, "permissive_%s" % n)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name)
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name)
++
++ self.commit()
+
+ def deleteall(self):
+ l = self.get_all()
+@@ -345,39 +373,11 @@
+ all = " ".join(l)
+ self.delete(all)
+
+-class semanageRecords:
+- def __init__(self, store):
+- self.sh = semanage_handle_create()
+- if not self.sh:
+- raise ValueError(_("Could not create semanage handle"))
+-
+- if store != "":
+- semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
+-
+- self.semanaged = semanage_is_managed(self.sh)
+-
+- if not self.semanaged:
+- semanage_handle_destroy(self.sh)
+- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
+-
+- rc = semanage_access_check(self.sh)
+- if rc < SEMANAGE_CAN_READ:
+- semanage_handle_destroy(self.sh)
+- raise ValueError(_("Cannot read policy store."))
+-
+- rc = semanage_connect(self.sh)
+- if rc < 0:
+- semanage_handle_destroy(self.sh)
+- raise ValueError(_("Could not establish semanage connection"))
+- def deleteall(self):
+- raise ValueError(_("Not yet implemented"))
+-
+-
+ class loginRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+- def add(self, name, sename, serange):
++ def __add(self, name, sename, serange):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -387,7 +387,6 @@
+ if sename == "":
+ sename = "user_u"
+
+- try:
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+@@ -425,30 +424,26 @@
+ if rc < 0:
+ raise ValueError(_("Could not set SELinux user for %s") % name)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_seuser_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not add login mapping for %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not add login mapping for %s") % name)
++ semanage_seuser_key_free(k)
++ semanage_seuser_free(u)
++
++ def add(self, name, sename, serange):
++ try:
++ self.begin()
++ self.__add(name, sename, serange)
++ self.commit()
+
+ except ValueError, error:
+ mylog.log(0, _("add SELinux user mapping"), name, sename, "", serange);
+ raise error
+
+ mylog.log(1, _("add SELinux user mapping"), name, sename, "", serange);
+- semanage_seuser_key_free(k)
+- semanage_seuser_free(u)
+
+- def modify(self, name, sename = "", serange = ""):
+- oldsename = ""
+- oldserange = ""
+- try:
++ def __modify(self, name, sename = "", serange = ""):
+ if sename == "" and serange == "":
+ raise ValueError(_("Requires seuser or serange"))
+
+@@ -477,28 +472,27 @@
+ else:
+ sename = oldsename
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_seuser_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not modify login mapping for %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify login mapping for %s") % name)
+-
+- except ValueError, error:
+- mylog.log(0,"modify selinux user mapping", name, sename,"", serange, oldsename, "", oldserange);
+- raise error
+-
+- mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
+ semanage_seuser_key_free(k)
+ semanage_seuser_free(u)
+
+- def delete(self, name):
++ mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
++
++
++ def modify(self, name, sename = "", serange = ""):
+ try:
++ self.begin()
++ self.__modify(name, sename, serange)
++ self.commit()
++
++ except ValueError, error:
++ mylog.log(0,"modify selinux user mapping", name, sename,"", serange, "", "", "");
++ raise error
++
++ def __delete(self, name):
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+@@ -515,12 +509,7 @@
+ if not exists:
+ raise ValueError(_("Login mapping for %s is defined in policy, cannot be deleted") % name)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_seuser_del_local(self.sh, k)
+-
+ if rc < 0:
+ raise ValueError(_("Could not delete login mapping for %s") % name)
+
+@@ -524,16 +513,19 @@
+ if rc < 0:
+ raise ValueError(_("Could not delete login mapping for %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete login mapping for %s") % name)
++ semanage_seuser_key_free(k)
++
++ def delete(self, name):
++ try:
++ self.begin()
++ self.__delete(name)
++ self.commit()
+
+ except ValueError, error:
+ mylog.log(0,"delete SELinux user mapping", name);
+ raise error
+
+ mylog.log(1,"delete SELinux user mapping", name);
+- semanage_seuser_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+@@ -568,7 +560,7 @@
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+- def add(self, name, roles, selevel, serange, prefix):
++ def __add(self, name, roles, selevel, serange, prefix):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -580,8 +572,9 @@
+ else:
+ selevel = untranslate(selevel)
+
+- seroles = " ".join(roles)
+- try:
++ if len(roles) < 1:
++ raise ValueError(_("You must add at least one role for %s") % name)
++
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+@@ -620,31 +613,29 @@
+ if rc < 0:
+ raise ValueError(_("Could not extract key for %s") % name)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_user_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not add SELinux user %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not add SELinux user %s") % name)
++ semanage_user_key_free(k)
++ semanage_user_free(u)
+
++ def add(self, name, roles, selevel, serange, prefix):
++ seroles = " ".join(roles)
++ try:
++ self.begin()
++ self.__add( name, roles, selevel, serange, prefix)
++ self.commit()
+ except ValueError, error:
+ mylog.log(0,"add SELinux user record", name, name, seroles, serange)
+ raise error
+
+ mylog.log(1,"add SELinux user record", name, name, seroles, serange)
+- semanage_user_key_free(k)
+- semanage_user_free(u)
+
+- def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
++ def __modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ oldroles = ""
+ oldserange = ""
+ newroles = string.join(roles, ' ');
+- try:
+ if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
+ if is_mls_enabled == 1:
+ raise ValueError(_("Requires prefix, roles, level or range"))
+@@ -688,29 +677,27 @@
+ if r not in rlist:
+ semanage_user_add_role(self.sh, u, r)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_user_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not modify SELinux user %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify SELinux user %s") % name)
+-
+- except ValueError, error:
+- mylog.log(0,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
+- raise error
++ semanage_user_key_free(k)
++ semanage_user_free(u)
+
+ mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
+
+- semanage_user_key_free(k)
+- semanage_user_free(u)
+
+- def delete(self, name):
++ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ try:
++ self.begin()
++ self.__modify(name, roles, selevel, serange, prefix)
++ self.commit()
++
++ except ValueError, error:
++ mylog.log(0,"modify SELinux user record", name, "", " ".join(roles), serange, "", "", "")
++ raise error
++
++ def __delete(self, name):
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+@@ -727,23 +714,23 @@
+ if not exists:
+ raise ValueError(_("SELinux user %s is defined in policy, cannot be deleted") % name)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_user_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete SELinux user %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete SELinux user %s") % name)
++ semanage_user_key_free(k)
++
++ def delete(self, name):
++ try:
++ self.begin()
++ self.__delete(name)
++ self.commit()
++
+ except ValueError, error:
+ mylog.log(0,"delete SELinux user record", name)
+ raise error
+
+ mylog.log(1,"delete SELinux user record", name)
+- semanage_user_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+@@ -808,7 +795,7 @@
+ raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
+ return ( k, proto_d, low, high )
+
+- def add(self, port, proto, serange, type):
++ def __add(self, port, proto, serange, type):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -857,23 +844,20 @@
+ if rc < 0:
+ raise ValueError(_("Could not set port context for %s/%s") % (proto, port))
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_port_modify_local(self.sh, k, p)
+ if rc < 0:
+ raise ValueError(_("Could not add port %s/%s") % (proto, port))
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not add port %s/%s") % (proto, port))
+-
+ semanage_context_free(con)
+ semanage_port_key_free(k)
+ semanage_port_free(p)
+
+- def modify(self, port, proto, serange, setype):
++ def add(self, port, proto, serange, type):
++ self.begin()
++ self.__add(port, proto, serange, type)
++ self.commit()
++
++ def __modify(self, port, proto, serange, setype):
+ if serange == "" and setype == "":
+ if is_mls_enabled == 1:
+ raise ValueError(_("Requires setype or serange"))
+@@ -899,29 +883,24 @@
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_port_modify_local(self.sh, k, p)
+ if rc < 0:
+ raise ValueError(_("Could not modify port %s/%s") % (proto, port))
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify port %s/%s") % (proto, port))
+-
+ semanage_port_key_free(k)
+ semanage_port_free(p)
+
++ def modify(self, port, proto, serange, setype):
++ self.begin()
++ self.__modify(port, proto, serange, setype)
++ self.commit()
++
+ def deleteall(self):
+ (rc, plist) = semanage_port_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the ports"))
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
++ self.begin()
+
+ for port in plist:
+ proto = semanage_port_get_proto(port)
+@@ -938,11 +917,9 @@
+ raise ValueError(_("Could not delete the port %s") % port_str)
+ semanage_port_key_free(k)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete the %s") % port_str)
++ self.commit()
+
+- def delete(self, port, proto):
++ def __delete(self, port, proto):
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+ (rc,exists) = semanage_port_exists(self.sh, k)
+ if rc < 0:
+@@ -956,20 +933,17 @@
+ if not exists:
+ raise ValueError(_("Port %s/%s is defined in policy, cannot be deleted") % (proto, port))
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_port_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete port %s/%s") % (proto, port))
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete port %s/%s") % (proto, port))
+-
+ semanage_port_key_free(k)
+
++ def delete(self, port, proto):
++ self.begin()
++ self.__delete(port, proto)
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+@@ -1035,7 +1009,7 @@
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+- def add(self, interface, serange, ctype):
++ def __add(self, interface, serange, ctype):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+@@ -1089,23 +1063,20 @@
+ if rc < 0:
+ raise ValueError(_("Could not set message context for %s") % interface)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_iface_modify_local(self.sh, k, iface)
+ if rc < 0:
+ raise ValueError(_("Could not add interface %s") % interface)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not add interface %s") % interface)
+-
+ semanage_context_free(con)
+ semanage_iface_key_free(k)
+ semanage_iface_free(iface)
+
+- def modify(self, interface, serange, setype):
++ def add(self, interface, serange, ctype):
++ self.begin()
++ self.__add(interface, serange, ctype)
++ self.commit()
++
++ def __modify(self, interface, serange, setype):
+ if serange == "" and setype == "":
+ raise ValueError(_("Requires setype or serange"))
+
+@@ -1130,22 +1101,19 @@
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_iface_modify_local(self.sh, k, iface)
+ if rc < 0:
+ raise ValueError(_("Could not modify interface %s") % interface)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify interface %s") % interface)
+-
+ semanage_iface_key_free(k)
+ semanage_iface_free(iface)
+
+- def delete(self, interface):
++ def modify(self, interface, serange, setype):
++ self.begin()
++ self.__modify(interface, serange, setype)
++ self.commit()
++
++ def __delete(self, interface):
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") % interface)
+@@ -1162,20 +1130,17 @@
+ if not exists:
+ raise ValueError(_("Interface %s is defined in policy, cannot be deleted") % interface)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_iface_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete interface %s") % interface)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete interface %s") % interface)
+-
+ semanage_iface_key_free(k)
+
++ def delete(self, interface):
++ self.begin()
++ self.__delete(interface)
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
+@@ -1234,7 +1199,7 @@
+ if target == "" or target.find("\n") >= 0:
+ raise ValueError(_("Invalid file specification"))
+
+- def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
++ def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ self.validate(target)
+
+ if is_mls_enabled == 1:
+@@ -1275,24 +1240,22 @@
+
+ semanage_fcontext_set_type(fcontext, file_types[ftype])
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_fcontext_modify_local(self.sh, k, fcontext)
+ if rc < 0:
+ raise ValueError(_("Could not add file context for %s") % target)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not add file context for %s") % target)
+-
+ if type != "<<none>>":
+ semanage_context_free(con)
+ semanage_fcontext_key_free(k)
+ semanage_fcontext_free(fcontext)
+
+- def modify(self, target, setype, ftype, serange, seuser):
++
++ def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
++ self.begin()
++ self.__add(target, type, ftype, serange, seuser)
++ self.commit()
++
++ def __modify(self, target, setype, ftype, serange, seuser):
+ if serange == "" and setype == "" and seuser == "":
+ raise ValueError(_("Requires setype, serange or seuser"))
+ self.validate(target)
+@@ -1333,29 +1296,25 @@
+ if rc < 0:
+ raise ValueError(_("Could not set file context for %s") % target)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_fcontext_modify_local(self.sh, k, fcontext)
+ if rc < 0:
+ raise ValueError(_("Could not modify file context for %s") % target)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify file context for %s") % target)
+-
+ semanage_fcontext_key_free(k)
+ semanage_fcontext_free(fcontext)
+
++ def modify(self, target, setype, ftype, serange, seuser):
++ self.begin()
++ self.__modify(target, setype, ftype, serange, seuser)
++ self.commit()
++
++
+ def deleteall(self):
+ (rc, flist) = semanage_fcontext_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the file contexts"))
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
++ self.begin()
+
+ for fcontext in flist:
+ target = semanage_fcontext_get_expr(fcontext)
+@@ -1370,11 +1329,9 @@
+ raise ValueError(_("Could not delete the file context %s") % target)
+ semanage_fcontext_key_free(k)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete the file context %s") % target)
++ self.commit()
+
+- def delete(self, target, ftype):
++ def __delete(self, target, ftype):
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % target)
+@@ -1391,20 +1348,17 @@
+ else:
+ raise ValueError(_("File context for %s is not defined") % target)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_fcontext_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete file context for %s") % target)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete file context for %s") % target)
+-
+ semanage_fcontext_key_free(k)
+
++ def delete(self, target, ftype):
++ self.begin()
++ self.__delete( target, ftype)
++ self.commit()
++
+ def get_all(self, locallist = 0):
+ l = []
+ if locallist:
+@@ -1486,9 +1440,8 @@
+
+ def modify(self, name, value=None, use_file=False):
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
++ self.begin()
++
+ if use_file:
+ fd = open(name)
+ for b in fd.read().split("\n"):
+@@ -1498,18 +1451,16 @@
+
+ try:
+ boolname, val = b.split("=")
+- except ValueError, e:
++ except ValueError:
+ raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
+ self.__mod(boolname.strip(), val.strip())
+ fd.close()
+ else:
+ self.__mod(name, value)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify boolean %s") % name)
++ self.commit()
+
+- def delete(self, name):
++ def __delete(self, name):
+
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+@@ -1526,42 +1477,30 @@
+ if not exists:
+ raise ValueError(_("Boolean %s is defined in policy, cannot be deleted") % name)
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
+-
+ rc = semanage_bool_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete boolean %s") % name)
+ semanage_bool_key_free(k)
+
++ def delete(self, name):
++ self.begin()
++ self.__delete(name)
++ self.commit()
++
+ def deleteall(self):
+ (rc, self.blist) = semanage_bool_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list booleans"))
+
+- rc = semanage_begin_transaction(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not start semanage transaction"))
++ self.begin()
+
+ for boolean in self.blist:
+ name = semanage_bool_get_name(boolean)
+- (rc,k) = semanage_bool_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError(_("Could not create a key for %s") % name)
++ self.__delete(name)
+
+- rc = semanage_bool_del_local(self.sh, k)
+- if rc < 0:
+- raise ValueError(_("Could not delete boolean %s") % name)
+- semanage_bool_key_free(k)
++ self.commit()
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not delete boolean %s") % name)
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.544
retrieving revision 1.545
diff -u -r1.544 -r1.545
--- policycoreutils.spec 5 Aug 2008 14:18:33 -0000 1.544
+++ policycoreutils.spec 6 Aug 2008 22:11:40 -0000 1.545
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.54
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -192,6 +192,9 @@
fi
%changelog
+* Wed Aug 6 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-2
+- Allow multiple transactions in one semanage command
+
* Tue Aug 5 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-1
- Update to upstream
* Add support for boolean files and group support for seusers from Dan Walsh.
- Previous message (by thread): rpms/eclipse/devel eclipse-pde.build-add-package-build.patch, 1.7, 1.8 eclipse-pdebuild.sh, 1.4, 1.5 eclipse.spec, 1.576, 1.577 sources, 1.64, 1.65
- Next message (by thread): rpms/perl-Net-Ping-External/devel import.log, NONE, 1.1 perl-Net-Ping-External.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list