rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.384, 1.385 policycoreutils.spec, 1.547, 1.548
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Aug 8 21:05:25 UTC 2008
- Previous message (by thread): rpms/ipsec-tools/devel ipsec-tools-0.7.1-purge.patch, NONE, 1.1 ipsec-tools.spec, 1.57, 1.58
- Next message (by thread): rpms/anaconda/devel .cvsignore, 1.558, 1.559 anaconda.spec, 1.700, 1.701 sources, 1.692, 1.693
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18600
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Thu Aug 7 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-5
- Fixes for multiple transactions
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.384
retrieving revision 1.385
diff -u -r1.384 -r1.385
--- policycoreutils-rhat.patch 7 Aug 2008 20:04:12 -0000 1.384
+++ policycoreutils-rhat.patch 8 Aug 2008 21:04:55 -0000 1.385
@@ -328,7 +328,7 @@
- sys.exit(0)
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.54/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-08-05 09:58:26.000000000 -0400
-+++ policycoreutils-2.0.54/semanage/seobject.py 2008-08-07 10:57:22.000000000 -0400
++++ policycoreutils-2.0.54/semanage/seobject.py 2008-08-08 17:02:42.000000000 -0400
@@ -26,7 +26,6 @@
PROGNAME="policycoreutils"
import sepolgen.module as module
@@ -412,11 +412,11 @@
+ else:
+ self.sh=get_handle(store)
+ self.transaction = False
-+
-+ def deleteall(self):
-+ raise ValueError(_("Not yet implemented"))
- rc = semanage_connect(self.sh)
++ def deleteall(self):
++ raise ValueError(_("Not yet implemented"))
++
+ def begin(self):
+ if self.transaction:
+ return
@@ -512,32 +512,95 @@
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -387,7 +387,6 @@
+@@ -387,153 +387,145 @@
if sename == "":
sename = "user_u"
- try:
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-@@ -425,115 +424,108 @@
- if rc < 0:
- raise ValueError(_("Could not set SELinux user for %s") % name)
+- (rc,k) = semanage_seuser_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError(_("Could not create a key for %s") % name)
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % name)
+
+- (rc,exists) = semanage_seuser_exists(self.sh, k)
+- if rc < 0:
+- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
+- if exists:
+- raise ValueError(_("Login mapping for %s is already defined") % name)
+- if name[0] == '%':
+- try:
+- grp.getgrnam(name[1:])
+- except:
+- raise ValueError(_("Linux Group %s does not exist") % name[1:])
+- else:
+- try:
+- pwd.getpwnam(name)
+- except:
+- raise ValueError(_("Linux User %s does not exist") % name)
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
++ if rc < 0:
++ raise ValueError(_("Could not check if login mapping for %s is defined") % name)
++ if exists:
++ raise ValueError(_("Login mapping for %s is already defined") % name)
++ if name[0] == '%':
++ try:
++ grp.getgrnam(name[1:])
++ except:
++ raise ValueError(_("Linux Group %s does not exist") % name[1:])
++ else:
++ try:
++ pwd.getpwnam(name)
++ except:
++ raise ValueError(_("Linux User %s does not exist") % name)
+
+- (rc,u) = semanage_seuser_create(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not create login mapping for %s") % name)
++ (rc,u) = semanage_seuser_create(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not create login mapping for %s") % name)
+
+- rc = semanage_seuser_set_name(self.sh, u, name)
+- if rc < 0:
+- raise ValueError(_("Could not set name for %s") % name)
++ rc = semanage_seuser_set_name(self.sh, u, name)
++ if rc < 0:
++ raise ValueError(_("Could not set name for %s") % name)
+
+- if serange != "":
+- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
+- if rc < 0:
+- raise ValueError(_("Could not set MLS range for %s") % name)
++ if serange != "":
++ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
++ if rc < 0:
++ raise ValueError(_("Could not set MLS range for %s") % name)
+
+- rc = semanage_seuser_set_sename(self.sh, u, sename)
+- if rc < 0:
+- raise ValueError(_("Could not set SELinux user for %s") % name)
++ rc = semanage_seuser_set_sename(self.sh, u, sename)
++ if rc < 0:
++ raise ValueError(_("Could not set SELinux user for %s") % name)
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
--
- rc = semanage_seuser_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not add login mapping for %s") % name)
++ rc = semanage_seuser_modify_local(self.sh, k, u)
++ if rc < 0:
++ raise ValueError(_("Could not add login mapping for %s") % name)
-- rc = semanage_commit(self.sh)
+- rc = semanage_seuser_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not add login mapping for %s") % name)
+ semanage_seuser_key_free(k)
+ semanage_seuser_free(u)
-+
+
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not add login mapping for %s") % name)
+ def add(self, name, sename, serange):
+ try:
+ self.begin()
@@ -723,12 +786,6 @@
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
--
-- (rc,exists) = semanage_user_exists(self.sh, k)
-- if rc < 0:
-- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
-- if exists:
-- raise ValueError(_("SELinux user %s is already defined") % name)
+ if len(roles) < 1:
+ raise ValueError(_("You must add at least one role for %s") % name)
+
@@ -736,39 +793,45 @@
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
-- (rc,u) = semanage_user_create(self.sh)
+- (rc,exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
-- raise ValueError(_("Could not create SELinux user for %s") % name)
+- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+- if exists:
+- raise ValueError(_("SELinux user %s is already defined") % name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if exists:
+ raise ValueError(_("SELinux user %s is already defined") % name)
-- rc = semanage_user_set_name(self.sh, u, name)
+- (rc,u) = semanage_user_create(self.sh)
- if rc < 0:
-- raise ValueError(_("Could not set name for %s") % name)
+- raise ValueError(_("Could not create SELinux user for %s") % name)
+ (rc,u) = semanage_user_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create SELinux user for %s") % name)
-- for r in roles:
-- rc = semanage_user_add_role(self.sh, u, r)
-- if rc < 0:
-- raise ValueError(_("Could not add role %s for %s") % (r, name))
+- rc = semanage_user_set_name(self.sh, u, name)
+- if rc < 0:
+- raise ValueError(_("Could not set name for %s") % name)
+ rc = semanage_user_set_name(self.sh, u, name)
+ if rc < 0:
+ raise ValueError(_("Could not set name for %s") % name)
-- if is_mls_enabled == 1:
-- rc = semanage_user_set_mlsrange(self.sh, u, serange)
+- for r in roles:
+- rc = semanage_user_add_role(self.sh, u, r)
- if rc < 0:
-- raise ValueError(_("Could not set MLS range for %s") % name)
+- raise ValueError(_("Could not add role %s for %s") % (r, name))
+ for r in roles:
+ rc = semanage_user_add_role(self.sh, u, r)
+ if rc < 0:
+ raise ValueError(_("Could not add role %s for %s") % (r, name))
+- if is_mls_enabled == 1:
+- rc = semanage_user_set_mlsrange(self.sh, u, serange)
+- if rc < 0:
+- raise ValueError(_("Could not set MLS range for %s") % name)
+-
- rc = semanage_user_set_mlslevel(self.sh, u, selevel)
- if rc < 0:
- raise ValueError(_("Could not set MLS level for %s") % name)
@@ -843,33 +906,58 @@
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-+ (rc,k) = semanage_user_key_create(self.sh, name)
-+ if rc < 0:
-+ raise ValueError(_("Could not create a key for %s") % name)
-
+-
- (rc,exists) = semanage_user_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if SELinux user %s is defined") % name)
- if not exists:
- raise ValueError(_("SELinux user %s is not defined") % name)
+-
+- (rc,u) = semanage_user_query(self.sh, k)
+- if rc < 0:
+- raise ValueError(_("Could not query user for %s") % name)
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % name)
+
+- oldserange = semanage_user_get_mlsrange(u)
+- (rc, rlist) = semanage_user_get_roles(self.sh, u)
+- if rc >= 0:
+- oldroles = string.join(rlist, ' ');
+- newroles = newroles + ' ' + oldroles;
+-
+-
+- if serange != "":
+- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
+- if selevel != "":
+- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+-
+- if prefix != "":
+- semanage_user_set_prefix(self.sh, u, prefix)
+-
+- if len(roles) != 0:
+- for r in rlist:
+- if r not in roles:
+- semanage_user_del_role(u, r)
+- for r in roles:
+- if r not in rlist:
+- semanage_user_add_role(self.sh, u, r)
+ (rc,exists) = semanage_user_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if SELinux user %s is defined") % name)
+ if not exists:
+ raise ValueError(_("SELinux user %s is not defined") % name)
-- (rc,u) = semanage_user_query(self.sh, k)
+- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
-- raise ValueError(_("Could not query user for %s") % name)
+- raise ValueError(_("Could not start semanage transaction"))
+ (rc,u) = semanage_user_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query user for %s") % name)
-- oldserange = semanage_user_get_mlsrange(u)
-- (rc, rlist) = semanage_user_get_roles(self.sh, u)
-- if rc >= 0:
-- oldroles = string.join(rlist, ' ');
-- newroles = newroles + ' ' + oldroles;
+- rc = semanage_user_modify_local(self.sh, k, u)
+- if rc < 0:
+- raise ValueError(_("Could not modify SELinux user %s") % name)
+ oldserange = semanage_user_get_mlsrange(u)
+ (rc, rlist) = semanage_user_get_roles(self.sh, u)
+ if rc >= 0:
@@ -893,62 +981,38 @@
+ if r not in rlist:
+ semanage_user_add_role(self.sh, u, r)
+- rc = semanage_commit(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not modify SELinux user %s") % name)
+ rc = semanage_user_modify_local(self.sh, k, u)
+ if rc < 0:
+ raise ValueError(_("Could not modify SELinux user %s") % name)
-- if serange != "":
-- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
-- if selevel != "":
-- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
--
-- if prefix != "":
-- semanage_user_set_prefix(self.sh, u, prefix)
--
-- if len(roles) != 0:
-- for r in rlist:
-- if r not in roles:
-- semanage_user_del_role(u, r)
-- for r in roles:
-- if r not in rlist:
-- semanage_user_add_role(self.sh, u, r)
+- except ValueError, error:
+- mylog.log(0,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
+- raise error
+ semanage_user_key_free(k)
+ semanage_user_free(u)
-+
-+ mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
-
-- rc = semanage_begin_transaction(self.sh)
-- if rc < 0:
-- raise ValueError(_("Could not start semanage transaction"))
-
-- rc = semanage_user_modify_local(self.sh, k, u)
-- if rc < 0:
-- raise ValueError(_("Could not modify SELinux user %s") % name)
--
-- rc = semanage_commit(self.sh)
-- if rc < 0:
-- raise ValueError(_("Could not modify SELinux user %s") % name)
-+ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
-+ try:
-+ self.begin()
-+ self.__modify(name, roles, selevel, serange, prefix)
-+ self.commit()
+
+ mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
- except ValueError, error:
-- mylog.log(0,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
-+ mylog.log(0,"modify SELinux user record", name, "", " ".join(roles), serange, "", "", "")
- raise error
--
-- mylog.log(1,"modify SELinux user record", name, "", newroles, serange, "", oldroles, oldserange)
--
- semanage_user_key_free(k)
- semanage_user_free(u)
- def delete(self, name):
-- try:
++ def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ try:
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
++ self.begin()
++ self.__modify(name, roles, selevel, serange, prefix)
++ self.commit()
++
++ except ValueError, error:
++ mylog.log(0,"modify SELinux user record", name, "", " ".join(roles), serange, "", "", "")
++ raise error
++
+ def __delete(self, name):
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ if rc < 0:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.547
retrieving revision 1.548
diff -u -r1.547 -r1.548
--- policycoreutils.spec 7 Aug 2008 20:04:12 -0000 1.547
+++ policycoreutils.spec 8 Aug 2008 21:04:55 -0000 1.548
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.54
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -192,7 +192,7 @@
fi
%changelog
-* Thu Aug 7 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-4
+* Thu Aug 7 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-5
- Fixes for multiple transactions
* Wed Aug 6 2008 Dan Walsh <dwalsh at redhat.com> 2.0.54-2
- Previous message (by thread): rpms/ipsec-tools/devel ipsec-tools-0.7.1-purge.patch, NONE, 1.1 ipsec-tools.spec, 1.57, 1.58
- Next message (by thread): rpms/anaconda/devel .cvsignore, 1.558, 1.559 anaconda.spec, 1.700, 1.701 sources, 1.692, 1.693
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list