rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.137, 1.138 policycoreutils.spec, 1.204, 1.205
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Dec 27 15:08:34 UTC 2005
- Previous message (by thread): rpms/ruby/devel ruby.spec,1.50,1.51
- Next message (by thread): rpms/glibc/devel .cvsignore, 1.125, 1.126 glibc-fedora.patch, 1.116, 1.117 glibc.spec, 1.194, 1.195 sources, 1.147, 1.148 glibc-ldconfig.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11087
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Tue Dec 27 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-9
- Fixes for semanage, patch from Ivan and added a test script
policycoreutils-rhat.patch:
scripts/chcat | 119 +++++++++++++--------
scripts/chcat.8 | 6 +
scripts/genhomedircon | 238 +++++++++++++++++++++++--------------------
scripts/selisteners | 37 ++++++
scripts/tests/chcat_test | 43 +++++++
scripts/tests/setrans.conf | 23 ++++
semanage/semanage | 176 ++++++++++++++++---------------
semanage/tests/semanage_test | 67 ++++++++++++
8 files changed, 471 insertions(+), 238 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.137
retrieving revision 1.138
diff -u -r1.137 -r1.138
--- policycoreutils-rhat.patch 24 Dec 2005 17:02:36 -0000 1.137
+++ policycoreutils-rhat.patch 27 Dec 2005 15:08:31 -0000 1.138
@@ -228,7 +228,7 @@
chcon(1), selinux(8)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
-+++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-23 19:35:20.000000000 -0500
++++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-27 08:54:19.000000000 -0500
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/python
@@ -555,7 +555,7 @@
else:
homedirs.append(homedir)
-@@ -333,7 +359,7 @@
+@@ -333,7 +359,3 @@
except getopt.error, error:
errorExit("Options Error %s " % error)
@@ -563,10 +563,6 @@
- errorExit("ValueError %s" % error)
-except IndexError, error:
- errorExit("IndexError")
-+#except ValueError, error:
-+# errorExit("ValueError %s" % error)
-+#except IndexError, error:
-+# errorExit("IndexError %s" % error)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners policycoreutils-1.29.2/scripts/selisteners
--- nsapolicycoreutils/scripts/selisteners 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/selisteners 2005-12-22 16:29:28.000000000 -0500
@@ -684,8 +680,28 @@
+s0:c3=NDA_Yoyodyne
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500
-+++ policycoreutils-1.29.2/semanage/semanage 2005-12-24 07:16:12.000000000 -0500
-@@ -35,7 +35,7 @@
++++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 10:04:46.000000000 -0500
+@@ -24,22 +24,27 @@
+ from semanage import *;
+ class loginRecords:
+ def __init__(self):
+- self.sh=semanage_handle_create()
+- self.semanaged=semanage_is_managed(self.sh)
++ self.sh = semanage_handle_create()
++ self.semanaged = semanage_is_managed(self.sh)
+ if self.semanaged:
+ semanage_connect(self.sh)
+
+ def add(self, name, sename, serange):
+- (rc,k)=semanage_seuser_key_create(self.sh, name)
+- (rc,exists)= semanage_seuser_exists(self.sh, k)
++ if serange == "":
++ serange = "s0"
++ if sename == "":
++ sename = "user_u"
++
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
if exists:
raise ValueError("SELinux User %s mapping already defined" % name)
try:
@@ -694,3 +710,419 @@
except:
raise ValueError("Linux User %s does not exist" % name)
+- (rc,u)= semanage_seuser_create(self.sh)
++ (rc,u) = semanage_seuser_create(self.sh)
+ semanage_seuser_set_name(self.sh, u, name)
+ semanage_seuser_set_mlsrange(self.sh, u, serange)
+ semanage_seuser_set_sename(self.sh, u, sename)
+@@ -48,12 +53,13 @@
+ if semanage_commit(self.sh) != 0:
+ raise ValueError("Failed to add SELinux user mapping")
+
+- def modify(self, name, sename="", serange=""):
+- (rc,k)=semanage_seuser_key_create(self.sh, name)
+- (rc,u)= semanage_seuser_query(self.sh, k)
+- if rc !=0 :
++ def modify(self, name, sename = "", serange = ""):
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
++ if not exists:
+ raise ValueError("SELinux user %s mapping is not defined." % name)
+- if sename == "" and serange=="":
++ (rc,u) = semanage_seuser_query(self.sh, k)
++ if sename == "" and serange == "":
+ raise ValueError("Requires, seuser or serange")
+ if serange != "":
+ semanage_seuser_set_mlsrange(self.sh, u, serange)
+@@ -66,9 +72,9 @@
+
+
+ def delete(self, name):
+- (rc,k)=semanage_seuser_key_create(self.sh, name)
+- (rc,exists)= semanage_seuser_exists(self.sh, k)
+- if rc !=0 :
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
++ if not exists:
+ raise ValueError("SELinux user %s mapping is not defined." % name)
+ semanage_begin_transaction(self.sh)
+ semanage_seuser_del(self.sh, k)
+@@ -79,25 +85,29 @@
+ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
+ (status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
+ for idx in range(self.usize):
+- u=semanage_seuser_by_idx(self.ulist, idx)
+- name=semanage_seuser_get_name(u)
++ u = semanage_seuser_by_idx(self.ulist, idx)
++ name = semanage_seuser_get_name(u)
+
+ print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+
+ class seluserRecords:
+ def __init__(self):
+- roles=[]
+- self.sh=semanage_handle_create()
+- self.semanaged=semanage_is_managed(self.sh)
++ roles = []
++ self.sh = semanage_handle_create()
++ self.semanaged = semanage_is_managed(self.sh)
+ if self.semanaged:
+ semanage_connect(self.sh)
+
+ def add(self, name, roles, selevel, serange):
+- (rc,k)=semanage_user_key_create(self.sh, name)
+- (rc,exists)= semanage_user_exists(self.sh, k)
++ if serange == "":
++ serange = "s0"
++ if selevel == "":
++ selevel = "s0"
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ (rc,exists) = semanage_user_exists(self.sh, k)
+ if exists:
+ raise ValueError("Seuser %s already defined" % name)
+- (rc,u)= semanage_user_create(self.sh)
++ (rc,u) = semanage_user_create(self.sh)
+ semanage_user_set_name(self.sh, u, name)
+ for r in roles:
+ semanage_user_add_role(self.sh, u, r)
+@@ -109,17 +119,13 @@
+ if semanage_commit(self.sh) != 0:
+ raise ValueError("Failed to add SELinux user")
+
+- self.dict[name]=seluser(name, roles, selevel, serange)
+-
+- def modify(self, name, roles=[], selevel="", serange=""):
+- (rc,k)=semanage_user_key_create(self.sh, name)
+- (rc,exists)= semanage_user_exists(self.sh, k)
++ def modify(self, name, roles = [], selevel = "", serange = ""):
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ (rc,exists) = semanage_user_exists(self.sh, k)
+ if not exists:
+ raise ValueError("user %s is not defined" % name)
+- (rc,u)= semanage_user_query(self.sh, k)
+- if rc !=0 :
+- raise ValueError("User %s is not defined." % name)
+- if len(roles) == 0 and serange=="" and selevel=="":
++ (rc,u) = semanage_user_query(self.sh, k)
++ if len(roles) == 0 and serange == "" and selevel == "":
+ raise ValueError("Requires, roles, level or range")
+ if serange != "":
+ semanage_user_set_mlsrange(self.sh, u, serange)
+@@ -127,17 +133,15 @@
+ semanage_user_set_mlslevel(self.sh, u, selevel)
+ if len(roles) != 0:
+ for r in roles:
+- print r
+ semanage_user_add_role(self.sh, u, r)
+ semanage_begin_transaction(self.sh)
+ semanage_user_modify_local(self.sh, k, u)
+ if semanage_commit(self.sh) != 0:
+ raise ValueError("Failed to modify SELinux user")
+-
+
+ def delete(self, name):
+- (rc,k)=semanage_user_key_create(self.sh, name)
+- (rc,exists)= semanage_user_exists(self.sh, k)
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ (rc,exists) = semanage_user_exists(self.sh, k)
+ if not exists:
+ raise ValueError("user %s is not defined" % name)
+ semanage_begin_transaction(self.sh)
+@@ -150,31 +154,30 @@
+ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
+ (status, self.ulist, self.usize) = semanage_user_list(self.sh)
+ for idx in range(self.usize):
+- u=semanage_user_by_idx(self.ulist, idx)
+- name=semanage_user_get_name(u)
++ u = semanage_user_by_idx(self.ulist, idx)
++ name = semanage_user_get_name(u)
+ (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
+- roles=""
++ roles = ""
+
+ if rlist_size:
+- roles+=char_by_idx(rlist, 0)
++ roles += char_by_idx(rlist, 0)
+ for ridx in range (1,rlist_size):
+- roles+=" " + char_by_idx(rlist, ridx)
++ roles += " " + char_by_idx(rlist, ridx)
+ print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+
+ class portRecords:
+ def __init__(self):
+- self.dict={}
+- self.sh=semanage_handle_create()
+- self.semanaged=semanage_is_managed(self.sh)
++ self.sh = semanage_handle_create()
++ self.semanaged = semanage_is_managed(self.sh)
+ if self.semanaged:
+ semanage_connect(self.sh)
+
+ def add(self, name, type):
+- (rc,k)=semanage_port_key_create(self.sh, name)
+- (rc,exists)= semanage_port_exists(self.sh, k)
++ (rc,k) = semanage_port_key_create(self.sh, name)
++ (rc,exists) = semanage_port_exists(self.sh, k)
+ if exists:
+ raise ValueError("User %s already defined" % name)
+- (rc,u)= semanage_port_create(self.sh)
++ (rc,u) = semanage_port_create(self.sh)
+ semanage_port_set_name(self.sh, u, name)
+ semanage_port_set_mlsrange(self.sh, u, serange)
+ semanage_port_set_sename(self.sh, u, sename)
+@@ -184,11 +187,11 @@
+ raise ValueError("Failed to add port")
+
+ def modify(self, name, type):
+- (rc,k)=semanage_port_key_create(self.sh, name)
+- (rc,u)= semanage_port_query(self.sh, k)
+- if rc !=0 :
++ (rc,k) = semanage_port_key_create(self.sh, name)
++ (rc,u) = semanage_port_query(self.sh, k)
++ if rc != 0 :
+ raise ValueError("User %s is not defined." % name)
+- if sename == "" and serange=="":
++ if sename == "" and serange == "":
+ raise ValueError("Requires, port or serange")
+ if serange != "":
+ semanage_port_set_mlsrange(self.sh, u, serange)
+@@ -200,7 +203,7 @@
+ raise ValueError("Failed to add port")
+
+ def delete(self, name):
+- (rc,k)=semanage_port_key_create(self.sh, name)
++ (rc,k) = semanage_port_key_create(self.sh, name)
+ semanage_begin_transaction(self.sh)
+ semanage_port_del(self.sh, k)
+ if semanage_commit(self.sh) != 0:
+@@ -210,13 +213,13 @@
+ (status, self.plist, self.psize) = semanage_port_list(self.sh)
+ print "%-25s %s\n" % ("SELinux Port Name", "Port Number")
+ for idx in range(self.psize):
+- u=semanage_port_by_idx(self.plist, idx)
+- name=semanage_port_get_name(u)
++ u = semanage_port_by_idx(self.plist, idx)
++ name = semanage_port_get_name(u)
+ print "%20s %d" % ( name, semanage_port_get_number(u))
+
+ if __name__ == '__main__':
+
+- def usage(message=""):
++ def usage(message = ""):
+ print '\
+ semanage user [-admsRrh] SELINUX_USER\n\
+ semanage login [-admsrh] LOGIN_NAME\n\
+@@ -245,26 +248,26 @@
+ #
+ #
+ try:
+- objectlist=("login", "user", "port")
+- input=sys.stdin
+- output=sys.stdout
+- serange="s0"
+- selevel="s0"
+- roles=""
+- seuser=""
+- type=""
+- add=0
+- modify=0
+- delete=0
+- list=0
++ objectlist = ("login", "user", "port")
++ input = sys.stdin
++ output = sys.stdout
++ serange = ""
++ selevel = ""
++ roles = ""
++ seuser = ""
++
++ add = 0
++ modify = 0
++ delete = 0
++ list = 0
+ if len(sys.argv) < 3:
+ usage("Requires 2 or more arguments")
+
+- object=sys.argv[1]
++ object = sys.argv[1]
+ if object not in objectlist:
+ usage("%s not defined" % object)
+
+- args=sys.argv[2:]
++ args = sys.argv[2:]
+ gopts, cmds = getopt.getopt(args,
+ 'adlhms:R:r:t:v',
+ ['add',
+@@ -282,46 +285,46 @@
+ if o == "-a" or o == "--add":
+ if modify or delete:
+ usage()
+- add=1
++ add = 1
+
+ if o == "-d" or o == "--delese":
+ if modify or add:
+ usage()
+- delete=1
++ delete = 1
+ if o == "-h" or o == "--help":
+ usage()
+
+ if o == "-m"or o == "--modify":
+ if delete or add:
+ usage()
+- modify=1
++ modify = 1
+
+ if o == "-r" or o == '--range':
+- serange=a
++ serange = a
+
+ if o == "-R" or o == '--roles':
+- roles=a
++ roles = a
+
+ if o == "-t" or o == "--type":
+- type=a
++ type = a
+
+ if o == "-l" or o == "--list":
+- list=1
++ list = 1
+
+ if o == "-s" or o == "--seuser":
+- seuser=a
++ seuser = a
+
+ if o == "-v" or o == "--verbose":
+- verbose=1
++ verbose = 1
+
+ if object == "login":
+- OBJECT=loginRecords()
++ OBJECT = loginRecords()
+
+ if object == "user":
+- OBJECT=seluserRecords()
++ OBJECT = seluserRecords()
+
+ if object == "port":
+- OBJECT=portRecords()
++ OBJECT = portRecords()
+
+ if list:
+ OBJECT.list()
+@@ -330,21 +333,22 @@
+ if len(cmds) != 1:
+ usage()
+
+- name=cmds[0]
++ name = cmds[0]
+
+ if add:
+ if object == "login":
+ OBJECT.add(name, seuser, serange)
+
+ if object == "user":
+- rlist=roles.split()
+- print rlist
++ rlist = roles.split()
++ if len(rlist) == 0:
++ raise ValueError("You must specify a role")
++
+ OBJECT.add(name, rlist, selevel, serange)
+
+ if object == "port":
+ OBJECT.add(name, type)
+
+- OBJECT.list()
+ sys.exit(0);
+
+ if modify:
+@@ -352,14 +356,12 @@
+ OBJECT.modify(name, seuser, serange)
+
+ if object == "user":
+- rlist=roles.split()
+- print rlist
++ rlist = roles.split()
+ OBJECT.modify(name, rlist, selevel, serange)
+
+ if object == "port":
+ OBJECT.modify(name, type)
+ sys.exit(0);
+- OBJECT.list()
+ sys.exit(0);
+
+ if delete:
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test
+--- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 10:07:15.000000000 -0500
+@@ -0,0 +1,67 @@
++#!/bin/sh -x
++#
++# This is a test script for the semanage command
++#
++echo "
++
++******************** semanage List Failue test ************************
++"
++semanage -l
++echo "
++
++******************** semanage Mapping test ************************
++"
++echo " * Mapping List test"
++semanage login -l
++echo " * Add mapping exist test"
++semanage login -a root
++echo " * Add new test"
++echo " * Add selinux login to selinux user mapping, username wrong"
++semanage login -a semanage_test1
++userdel -r semanage_test1 2> /dev/null
++useradd semanage_test1
++echo " * Add selinux login to selinux user mapping, Bad SELinux User"
++semanage login -a -s BadUser semanage_test1
++echo " * Add selinux login to selinux user mapping, username correct"
++semanage login -a semanage_test1
++semanage login -l
++userdel -r semanage_test1
++echo " * remove selinux login to selinux user mapping, username wrong"
++semanage login -d semanage_test2
++echo " * remove selinux login to selinux user mapping, username correct"
++semanage login -d semanage_test1
++semanage login -l
++
++echo "
++
++******************** semanage SELinux User test ************************
++"
++echo " * SELinux User List test"
++semanage user -l
++echo " * Add SELinux User exist test: Fail because root exist"
++semanage user -a -R user_r root
++echo " * Add SELinux User exist test: Fail because no role specified"
++semanage user -a -r s0 semanage_test1
++echo " * Add selinux user semanage_test1: Success"
++semanage user -a -R user_r -r s0 semanage_test1
++semanage user -l
++echo " * Modify selinux user semanage_test1 Failue bad range"
++semanage user -m -r BadRange semanage_test1
++echo " * Modify selinux user semanage_test1 Failue bad role"
++semanage user -m -R BadRole semanage_test1
++echo " * Modify selinux user semanage_test1"
++semanage user -m -r s0:c1,c5 semanage_test1
++semanage user -l
++echo " * Delete selinux user semanage_test2: Fail does not exist"
++semanage user -d semanage_test2
++echo " * Delete selinux user semanage_test1"
++semanage user -d semanage_test1
++semanage user -l
++
++#echo "
++#
++#******************** semanage SELinux ports test ************************
++#"
++#semanage port -l
++#semanage port -a httpd_port_t
++#semanage port -d httpd_port_t
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.204
retrieving revision 1.205
diff -u -r1.204 -r1.205
--- policycoreutils.spec 24 Dec 2005 17:02:38 -0000 1.204
+++ policycoreutils.spec 27 Dec 2005 15:08:31 -0000 1.205
@@ -4,7 +4,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.2
-Release: 8
+Release: 9
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -96,6 +96,9 @@
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
+* Tue Dec 27 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-9
+- Fixes for semanage, patch from Ivan and added a test script
+
* Sat Dec 24 2005 Dan Walsh <dwalsh at redhat.com> 1.29.2-8
- Fix getpwnam call
- Previous message (by thread): rpms/ruby/devel ruby.spec,1.50,1.51
- Next message (by thread): rpms/glibc/devel .cvsignore, 1.125, 1.126 glibc-fedora.patch, 1.116, 1.117 glibc.spec, 1.194, 1.195 sources, 1.147, 1.148 glibc-ldconfig.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list