rpms/policycoreutils/devel .cvsignore, 1.180, 1.181 policycoreutils-po.patch, 1.33, 1.34 policycoreutils-rhat.patch, 1.368, 1.369 policycoreutils-sepolgen.patch, 1.12, 1.13 policycoreutils.spec, 1.531, 1.532 sources, 1.185, 1.186
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jun 30 15:53:11 UTC 2008
- Previous message (by thread): rpms/system-config-printer/devel pycups-1.9.40.tar.bz2.sig, NONE, 1.1 .cvsignore, 1.176, 1.177 sources, 1.182, 1.183 system-config-printer.spec, 1.200, 1.201 pycups-1.9.39.tar.bz2.sig, 1.1, NONE
- Next message (by thread): [pkgdb] freehoo was added for rayvd
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6148
Modified Files:
.cvsignore policycoreutils-po.patch policycoreutils-rhat.patch
policycoreutils-sepolgen.patch policycoreutils.spec sources
Log Message:
* Mon Jun 30 2008 Dan Walsh <dwalsh at redhat.com> 2.0.50-1
- Update to upstream
* Fix audit2allow generation of role-type rules from Karl MacMillan.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -r1.180 -r1.181
--- .cvsignore 16 May 2008 15:16:20 -0000 1.180
+++ .cvsignore 30 Jun 2008 15:52:24 -0000 1.181
@@ -179,3 +179,5 @@
policycoreutils-2.0.46.tgz
policycoreutils-2.0.47.tgz
policycoreutils-2.0.49.tgz
+policycoreutils-2.0.50.tgz
+sepolgen-1.0.12.tgz
policycoreutils-po.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.33 -r 1.34 policycoreutils-po.patch
Index: policycoreutils-po.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-po.patch,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- policycoreutils-po.patch 27 Jun 2008 11:03:38 -0000 1.33
+++ policycoreutils-po.patch 30 Jun 2008 15:52:24 -0000 1.34
@@ -1,304689 +1,361 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/.cvsignore policycoreutils-2.0.49/po/.cvsignore
---- nsapolicycoreutils/po/.cvsignore 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.49/po/.cvsignore 2008-06-23 07:03:37.000000000 -0400
-@@ -0,0 +1,16 @@
-+*.gmo
-+*.mo
-+*.pot
-+.intltool-merge-cache
-+Makefile
-+Makefile.in
-+Makefile.in.in
-+POTFILES
-+cat-id-tbl.c
-+messages
-+missing
-+notexist
-+po2tbl.sed
-+po2tbl.sed.in
-+stamp-cat-id
-+stamp-it
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/Makefile policycoreutils-2.0.49/po/Makefile
---- nsapolicycoreutils/po/Makefile 2008-06-12 23:25:23.000000000 -0400
-+++ policycoreutils-2.0.49/po/Makefile 2008-06-23 07:03:37.000000000 -0400
-@@ -23,20 +23,61 @@
- POFILES = $(wildcard *.po)
- MOFILES = $(patsubst %.po,%.mo,$(POFILES))
- POTFILES = \
-- ../load_policy/load_policy.c \
-- ../newrole/newrole.c \
-+ ../run_init/open_init_pty.c \
- ../run_init/run_init.c \
-+ ../semodule_link/semodule_link.c \
-+ ../audit2allow/audit2allow \
-+ ../semanage/seobject.py \
-+ ../setsebool/setsebool.c \
-+ ../newrole/newrole.c \
-+ ../load_policy/load_policy.c \
-+ ../sestatus/sestatus.c \
-+ ../semodule/semodule.c \
- ../setfiles/setfiles.c \
-- ../scripts/genhomedircon \
-+ ../semodule_package/semodule_package.c \
-+ ../semodule_deps/semodule_deps.c \
-+ ../semodule_expand/semodule_expand.c \
- ../scripts/chcat \
-- ../semanage/semanage \
-- ../semanage/seobject.py \
-- ../audit2allow/audit2allow \
-- ../audit2allow/avc.py \
-+ ../scripts/fixfiles \
-+ ../restorecond/stringslist.c \
-+ ../restorecond/restorecond.h \
-+ ../restorecond/utmpwatcher.h \
-+ ../restorecond/stringslist.h \
-+ ../restorecond/restorecond.c \
-+ ../restorecond/utmpwatcher.c \
-+ ../gui/booleansPage.py \
-+ ../gui/fcontextPage.py \
-+ ../gui/loginsPage.py \
-+ ../gui/mappingsPage.py \
-+ ../gui/modulesPage.py \
-+ ../gui/polgen.glade \
-+ ../gui/polgengui.py \
-+ ../gui/polgen.py \
-+ ../gui/portsPage.py \
-+ ../gui/selinux.tbl \
-+ ../gui/semanagePage.py \
-+ ../gui/statusPage.py \
-+ ../gui/system-config-selinux.glade \
-+ ../gui/system-config-selinux.py \
-+ ../gui/translationsPage.py \
-+ ../gui/usersPage.py \
-+ ../gui/templates/executable.py \
-+ ../gui/templates/__init__.py \
-+ ../gui/templates/network.py \
-+ ../gui/templates/rw.py \
-+ ../gui/templates/script.py \
-+ ../gui/templates/semodule.py \
-+ ../gui/templates/tmp.py \
-+ ../gui/templates/user.py \
-+ ../gui/templates/var_lib.py \
-+ ../gui/templates/var_log.py \
-+ ../gui/templates/var_run.py \
-+ ../gui/templates/var_spool.py \
-+ ../secon/secon.c \
-
- #default:: clean
-
--all:: $(MOFILES)
-+all:: update-po $(MOFILES)
-
- $(POTFILE): $(POTFILES)
- $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-@@ -64,8 +105,6 @@
- @rm -fv *mo *~ .depend
- @rm -rf tmp
-
--indent:
--
- install: $(MOFILES)
- @for n in $(MOFILES); do \
- l=`basename $$n .mo`; \
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/POTFILES policycoreutils-2.0.49/po/POTFILES
---- nsapolicycoreutils/po/POTFILES 2008-06-12 23:25:24.000000000 -0400
-+++ policycoreutils-2.0.49/po/POTFILES 2008-06-23 07:03:37.000000000 -0400
-@@ -1,10 +1,54 @@
-- ../load_policy/load_policy.c \
-- ../newrole/newrole.c \
-+ ../run_init/open_init_pty.c \
- ../run_init/run_init.c \
-- ../setfiles/setfiles.c \
-- ../scripts/genhomedircon \
-- ../scripts/chcat \
-- ../semanage/semanage \
-- ../semanage/seobject.py \
-+ ../semodule_link/semodule_link.c \
- ../audit2allow/audit2allow \
-- ../audit2allow/avc.py
-+ ../semanage/seobject.py \
-+ ../restorecon/restorecon.c \
-+ ../setsebool/setsebool.c \
-+ ../newrole/newrole.c \
-+ ../load_policy/load_policy.c \
-+ ../sestatus/sestatus.c \
-+ ../semodule/semodule.c \
-+ ../setfiles/setfiles.c \
-+ ../semodule_package/semodule_package.c \
-+ ../semodule_deps/semodule_deps.c \
-+ ../semodule_expand/semodule_expand.c \
-+ ../scripts/genhomedircon \
-+ ../scripts/chcat \
-+ ../scripts/fixfiles \
-+ ../restorecond/stringslist.c \
-+ ../restorecond/restorecond.h \
-+ ../restorecond/utmpwatcher.h \
-+ ../restorecond/stringslist.h \
-+ ../restorecond/restorecond.c \
-+ ../restorecond/utmpwatcher.c \
-+ ../gui/booleansPage.py \
-+ ../gui/fcontextPage.py \
-+ ../gui/loginsPage.py \
-+ ../gui/mappingsPage.py \
-+ ../gui/modulesPage.py \
-+ ../gui/polgen.glade \
-+ ../gui/polgengui.py \
-+ ../gui/polgen.py \
-+ ../gui/portsPage.py \
-+ ../gui/selinux.tbl \
-+ ../gui/semanagePage.py \
-+ ../gui/statusPage.py \
-+ ../gui/system-config-selinux.glade \
-+ ../gui/system-config-selinux.py \
-+ ../gui/translationsPage.py \
-+ ../gui/usersPage.py \
-+ ../gui/templates/executable.py \
-+ ../gui/templates/__init__.py \
-+ ../gui/templates/network.py \
-+ ../gui/templates/rw.py \
-+ ../gui/templates/script.py \
-+ ../gui/templates/semodule.py \
-+ ../gui/templates/tmp.py \
-+ ../gui/templates/user.py \
-+ ../gui/templates/var_lib.py \
-+ ../gui/templates/var_log.py \
-+ ../gui/templates/var_run.py \
-+ ../gui/templates/var_spool.py \
-+ ../secon/secon.c \
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/POTFILES.in policycoreutils-2.0.49/po/POTFILES.in
---- nsapolicycoreutils/po/POTFILES.in 2008-06-12 23:25:23.000000000 -0400
-+++ policycoreutils-2.0.49/po/POTFILES.in 2008-06-23 07:03:37.000000000 -0400
-@@ -2,9 +2,7 @@
- run_init/run_init.c
- semodule_link/semodule_link.c
- audit2allow/audit2allow
--audit2allow/avc.py
- semanage/seobject.py
--restorecon/restorecon.c
- setsebool/setsebool.c
- newrole/newrole.c
- load_policy/load_policy.c
-@@ -14,8 +12,6 @@
- semodule_package/semodule_package.c
- semodule_deps/semodule_deps.c
- semodule_expand/semodule_expand.c
--audit2why/audit2why.c
--scripts/genhomedircon
- scripts/chcat
- scripts/fixfiles
- restorecond/stringslist.c
-@@ -24,16 +20,32 @@
[...304659 lines suppressed...]
++semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
++semanage login -{a|d|m} [-sr] login_name
++semanage user -{a|d|m} [-LrRP] selinux_name
++semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
++semanage interface -{a|d|m} [-tr] interface_spec
++semanage fcontext -{a|d|m} [-frst] file_spec
++semanage translation -{a|d|m} [-T] level
++semanage boolean -{d|m} boolean
++semanage permissive -{d|a} type
++
++Primary Options:
++
++ -a, --add Add a OBJECT record NAME
++ -d, --delete Delete a OBJECT record NAME
++ -m, --modify Modify a OBJECT record NAME
++ -l, --list List the OBJECTS
++ -C, --locallist List OBJECTS local customizations
++ -D, --deleteall Remove all OBJECTS local customizations
++
++ -h, --help Display this message
++ -n, --noheading Do not print heading when listing OBJECTS
++ -S, --store Select and alternate SELinux store to manage
++
++Object-specific Options (see above):
++
++ -f, --ftype File Type of OBJECT
++ "" (all files)
++ -- (regular file)
++ -d (directory)
++ -c (character device)
++ -b (block device)
++ -s (socket)
++ -l (symbolic link)
++ -p (named pipe)
++
++ -p, --proto Port protocol (tcp or udp)
++ -P, --prefix Prefix for home directory labeling
++ -L, --level Default SELinux Level (MLS/MCS Systems only)
++ -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
++ -T, --trans SELinux Level Translation (MLS/MCS Systems only)
++
++ -s, --seuser SELinux User Name
++ -t, --type SELinux Type for the object
++ -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
++""")
+ print message
+ sys.exit(1)
+
+@@ -112,6 +115,8 @@
+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
+ valid_option["boolean"] = []
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
++ valid_option["permissive"] = []
++ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ return valid_option
+
+ #
+@@ -266,6 +271,9 @@
+ if object == "translation":
+ OBJECT = seobject.setransRecords()
+
++ if object == "permissive":
++ OBJECT = seobject.permissiveRecords(store)
++
+ if list:
+ OBJECT.list(heading, locallist)
+ sys.exit(0);
+@@ -302,6 +310,9 @@
+
+ if object == "fcontext":
+ OBJECT.add(target, setype, ftype, serange, seuser)
++ if object == "permissive":
++ OBJECT.add(target)
++
+ sys.exit(0);
+
+ if modify:
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8
+--- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400
++++ policycoreutils-2.0.50/semanage/semanage.8 2008-06-30 11:49:38.000000000 -0400
+@@ -17,6 +17,8 @@
+ .br
+ .B semanage fcontext \-{a|d|m} [\-frst] file_spec
+ .br
++.B semanage permissive \-{a|d} type
++.br
+ .B semanage translation \-{a|d|m} [\-T] level
+ .P
+
+@@ -101,10 +103,11 @@
+ $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
+ # Allow Apache to listen on port 81
+ $ semanage port -a -t http_port_t -p tcp 81
++# Change apache to a permissive domain
++$ semanage permissive -a http_t
+ .fi
+
+ .SH "AUTHOR"
+ This man page was written by Daniel Walsh <dwalsh at redhat.com> and
+ Russell Coker <rcoker at redhat.com>.
+ Examples by Thomas Bleher <ThomasBleher at gmx.de>.
+-
+diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400
++++ policycoreutils-2.0.50/semanage/seobject.py 2008-06-30 11:49:38.000000000 -0400
+@@ -1,5 +1,5 @@
+ #! /usr/bin/python -E
+-# Copyright (C) 2005, 2006, 2007 Red Hat
++# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
+ # see file 'COPYING' for use and warranty information
+ #
+ # semanage is a tool for managing SELinux configuration files
+@@ -24,7 +24,9 @@
+ import pwd, string, selinux, tempfile, os, re, sys
+ from semanage import *;
+ PROGNAME="policycoreutils"
++import sepolgen.module as module
+
++import commands
+ import gettext
+ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+ gettext.textdomain(PROGNAME)
+@@ -246,7 +248,67 @@
+ os.close(fd)
+ os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
+-
++
++class permissiveRecords:
++ def __init__(self, store):
++ self.store = store
++
++ def get_all(self):
++ rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
++ l = []
++ for i in out.split():
++ if i.startswith("permissive_"):
++ l.append(i.split("permissive_")[1])
++ return l
++
++ def list(self,heading = 1, locallist = 0):
++ if heading:
++ print "\n%-25s\n" % (_("Permissive Types"))
++ for t in self.get_all():
++ print t
++
++
++ def add(self, type):
++ name = "permissive_%s" % type
++ dirname = "/var/lib/selinux"
++ os.chdir(dirname)
++ filename = "%s.te" % name
++ modtxt = """
++module %s 1.0;
++
++require {
++ type %s;
++}
++
++permissive %s;
++""" % (name, type, type)
++ fd = open(filename,'w')
++ fd.write(modtxt)
++ fd.close()
++ mc = module.ModuleCompiler()
++ mc.create_module_package(filename, 1)
++ rc, out = commands.getstatusoutput("semodule -i permissive_%s.pp" % type);
++ for root, dirs, files in os.walk("top", topdown=False):
++ for name in files:
++ os.remove(os.path.join(root, name))
++ for name in dirs:
++ os.rmdir(os.path.join(root, name))
++
++ if rc != 0:
++ raise ValueError(out)
++
++
++ def delete(self, name):
++ rc, out = commands.getstatusoutput("semodule -r permissive_%s" % name );
++ if rc != 0:
++ raise ValueError(out)
++
++ def deleteall(self):
++ l = self.get_all()
++ if len(l) > 0:
++ all = " permissive_".join(l)
++ self.delete(all)
++
+ class semanageRecords:
+ def __init__(self, store):
+ self.sh = semanage_handle_create()
+@@ -464,7 +526,7 @@
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self, store)
+
+- def add(self, name, roles, selevel, serange, prefix):
++ def add(self, name, roles, selevel, serange, prefix = "user"):
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.368
retrieving revision 1.369
diff -u -r1.368 -r1.369
--- policycoreutils-rhat.patch 23 Jun 2008 11:09:58 -0000 1.368
+++ policycoreutils-rhat.patch 30 Jun 2008 15:52:24 -0000 1.369
@@ -1,56 +1,21 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.49/Makefile
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
-+++ policycoreutils-2.0.49/Makefile 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/Makefile 2008-06-27 07:21:06.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.49/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/audit2allow/audit2allow 2008-06-23 07:03:50.000000000 -0400
-@@ -152,12 +152,13 @@
-
- def __process_input(self):
- if self.__options.type:
-- avcfilter = audit.TypeFilter(self.__options.type)
-+ avcfilter = audit.AVCTypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(avcfilter)
-- self.__selinux_errs = self.__parser.to_role(avcfilter)
-+ csfilter = audit.ComputeSidTypeFilter(self.__options.type)
-+ self.__role_types = self.__parser.to_role(csfilter)
- else:
- self.__avs = self.__parser.to_access()
-- self.__selinux_errs = self.__parser.to_role()
-+ self.__role_types = self.__parser.to_role()
-
- def __load_interface_info(self):
- # Load interface info file
-@@ -310,6 +311,7 @@
-
- # Generate the policy
- g.add_access(self.__avs)
-+ g.add_role_types(self.__role_types)
-
- # Output
- writer = output.ModuleWriter()
-@@ -328,12 +330,6 @@
- fd = sys.stdout
- writer.write(g.get_module(), fd)
-
-- if len(self.__selinux_errs) > 0:
-- fd.write("\n=========== ROLES ===============\n")
--
-- for role in self.__selinux_errs:
-- fd.write(role.output())
--
- def main(self):
- try:
- self.__parse_options()
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.49/VERSION
+--- nsapolicycoreutils/VERSION 2008-06-30 11:12:04.000000000 -0400
++++ policycoreutils-2.0.49/VERSION 2008-05-16 10:55:40.000000000 -0400
+@@ -1 +1 @@
+-2.0.50
++2.0.49
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.49/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/restorecond/restorecond.c 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/restorecond/restorecond.c 2008-06-27 07:21:06.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -79,7 +44,7 @@
close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.49/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/restorecond/restorecond.init 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/restorecond/restorecond.init 2008-06-27 07:21:06.000000000 -0400
@@ -2,7 +2,7 @@
#
# restorecond: Daemon used to maintain path file context
@@ -91,7 +56,7 @@
# correct security context.
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.49/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/scripts/fixfiles 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/scripts/fixfiles 2008-06-27 07:21:06.000000000 -0400
@@ -138,6 +138,9 @@
fi
LogReadOnly
@@ -123,7 +88,7 @@
if [ $# = 0 ]; then
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.49/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/scripts/fixfiles.8 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/scripts/fixfiles.8 2008-06-27 07:21:06.000000000 -0400
@@ -7,6 +7,8 @@
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
@@ -145,7 +110,7 @@
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.49/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/semanage/semanage 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/semanage/semanage 2008-06-27 07:21:06.000000000 -0400
@@ -43,49 +43,52 @@
if __name__ == '__main__':
@@ -273,7 +238,7 @@
if modify:
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.49/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/semanage/semanage.8 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/semanage/semanage.8 2008-06-27 07:21:06.000000000 -0400
@@ -17,6 +17,8 @@
.br
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
@@ -298,7 +263,7 @@
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.49/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400
-+++ policycoreutils-2.0.49/semanage/seobject.py 2008-06-23 07:03:37.000000000 -0400
++++ policycoreutils-2.0.49/semanage/seobject.py 2008-06-27 07:21:06.000000000 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007 Red Hat
policycoreutils-sepolgen.patch:
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-sepolgen.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policycoreutils-sepolgen.patch 23 Jun 2008 11:09:58 -0000 1.12
+++ policycoreutils-sepolgen.patch 30 Jun 2008 15:52:24 -0000 1.13
@@ -1,195 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/access.py
---- nsasepolgen/src/sepolgen/access.py 2008-06-12 23:25:26.000000000 -0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/access.py 2008-06-23 07:04:21.000000000 -0400
-@@ -295,3 +295,32 @@
- perms[av.obj_class] = s
- s.update(av.perms)
- return perms
-+
-+class RoleTypeSet:
-+ """A non-overlapping set of role type statements.
-+
-+ This clas allows the incremental addition of role type statements and
-+ maintains a non-overlapping list of statements.
-+ """
-+ def __init__(self):
-+ """Initialize an access vector set."""
-+ self.role_types = {}
-+
-+ def __iter__(self):
-+ """Iterate over all of the unique role allows statements in the set."""
-+ for role_type in self.role_types.values():
-+ yield role_type
-+
-+ def __len__(self):
-+ """Return the unique number of role allow statements."""
-+ return len(self.roles)
-+
-+ def add(self, role, type):
-+ if self.role_types.has_key(role):
-+ role_type = self.role_types[role]
-+ else:
-+ role_type = refpolicy.RoleType()
-+ role_type.role = role
-+ self.role_types[role] = role_type
-+
-+ role_type.types.add(type)
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/audit.py
---- nsasepolgen/src/sepolgen/audit.py 2008-06-12 23:25:26.000000000 -0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/audit.py 2008-06-23 07:05:23.000000000 -0400
-@@ -235,20 +235,21 @@
- """
- def __init__(self, message):
- AuditMessage.__init__(self, message)
-- self.type = ""
-- self.role = ""
-+ self.invalid_context = refpolicy.SecurityContext()
-+ self.scontext = refpolicy.SecurityContext()
-+ self.tcontext = refpolicy.SecurityContext()
-+ self.tclass = ""
-
- def from_split_string(self, recs):
- AuditMessage.from_split_string(self, recs)
-- dict={}
-- for i in recs:
-- t = i.split('=')
-- if len(t) < 2:
-- continue
-- dict[t[0]]=t[1]
-+ if len(recs) < 10:
-+ raise ValueError("Split string does not represent a valid compute sid message")
-+
- try:
-- self.role = refpolicy.SecurityContext(dict["scontext"]).role
-- self.type = refpolicy.SecurityContext(dict["tcontext"]).type
-+ self.invalid_context = refpolicy.SecurityContext(recs[5])
-+ self.scontext = refpolicy.SecurityContext(recs[7].split("=")[1])
-+ self.tcontext = refpolicy.SecurityContext(recs[8].split("=")[1])
-+ self.tclass = recs[9].split("=")[1]
- except:
- raise ValueError("Split string does not represent a valid compute sid message")
- def output(self):
-@@ -405,7 +406,7 @@
- self.__post_process()
-
- def to_role(self, role_filter=None):
-- """Return list of SELINUX_ERR messages matching the specified filter
-+ """Return RoleAllowSet statements matching the specified filter
-
- Filter out types that match the filer, or all roles
-
-@@ -416,13 +417,12 @@
- Access vector set representing the denied access in the
- audit logs parsed by this object.
- """
-- roles = []
-- if role_filter:
-- for selinux_err in self.compute_sid_msgs:
-- if role_filter.filter(selinux_err):
-- roles.append(selinux_err)
-- return roles
-- return self.compute_sid_msgs
-+ role_types = access.RoleTypeSet()
-+ for cs in self.compute_sid_msgs:
-+ if not role_filter or role_filter.filter(cs):
-+ role_types.add(cs.invalid_context.role, cs.invalid_context.type)
-+
-+ return role_types
-
- def to_access(self, avc_filter=None, only_denials=True):
- """Convert the audit logs access into a an access vector set.
-@@ -454,7 +454,7 @@
- avc.accesses, avc)
- return av_set
-
--class TypeFilter:
-+class AVCTypeFilter:
- def __init__(self, regex):
- self.regex = re.compile(regex)
-
-@@ -465,4 +465,17 @@
- return True
- return False
-
-+class ComputeSidTypeFilter:
-+ def __init__(self, regex):
-+ self.regex = re.compile(regex)
-+
-+ def filter(self, avc):
-+ if self.regex.match(avc.invalid_context.type):
-+ return True
-+ if self.regex.match(avc.scontext.type):
-+ return True
-+ if self.regex.match(avc.tcontext.type):
-+ return True
-+ return False
-+
-
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/output.py policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/output.py
---- nsasepolgen/src/sepolgen/output.py 2008-06-12 23:25:26.000000000 -0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/output.py 2008-06-23 07:04:31.000000000 -0400
-@@ -101,6 +101,8 @@
- else:
- return id_set_cmp(a.src_types, [b.args[0]])
-
-+def role_type_cmp(a, b):
-+ return cmp(a.role, b.role)
-
- def sort_filter(module):
- """Sort and group the output for readability.
-@@ -146,6 +148,18 @@
-
- c.extend(sep_rules)
-
-+
-+ ras = []
-+ ras.extend(node.role_types())
-+ ras.sort(role_type_cmp)
-+ if len(ras):
-+ comment = refpolicy.Comment()
-+ comment.lines.append("============= ROLES ==============")
-+ c.append(comment)
-+
-+
-+ c.extend(ras)
-+
- # Everything else
- for child in node.children:
- if child not in c:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/policygen.py
---- nsasepolgen/src/sepolgen/policygen.py 2008-06-12 23:25:26.000000000 -0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/policygen.py 2008-06-23 07:04:36.000000000 -0400
-@@ -167,6 +167,13 @@
- if self.gen_requires:
- gen_requires(self.module)
-
-+ def add_role_types(self, role_type_set):
-+ for role_type in role_type_set:
-+ self.module.children.append(role_type)
-+
-+ # Generate the requires
-+ if self.gen_requires:
-+ gen_requires(self.module)
-
- def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
- """Explain why a policy statement was generated.
-@@ -334,8 +341,12 @@
- # can actually figure those out.
- r.types.add(arg)
-
-- r.types.discard("self")
-+ for role_type in node.role_types():
-+ r.roles.add(role_type.role)
-+ r.types.update(role_type.types)
-
-+ r.types.discard("self")
-+
- node.children.insert(0, r)
-
- # FUTURE - this is untested on modules with any sort of
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/refparser.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.49/sepolgen-1.0.12/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py 2008-06-12 23:25:26.000000000 -0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/refparser.py 2008-06-23 07:05:23.000000000 -0400
++++ policycoreutils-2.0.49/sepolgen-1.0.12/src/sepolgen/refparser.py 2008-06-27 07:21:06.000000000 -0400
@@ -919,7 +919,7 @@
def list_headers(root):
modules = []
@@ -199,35 +10,3 @@
for dirpath, dirnames, filenames in os.walk(root):
for name in filenames:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refpolicy.py policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/refpolicy.py
---- nsasepolgen/src/sepolgen/refpolicy.py 2008-06-12 23:25:26.000000000 -0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.11/src/sepolgen/refpolicy.py 2008-06-23 07:04:47.000000000 -0400
-@@ -122,6 +122,12 @@
- def roles(self):
- return itertools.ifilter(lambda x: isinstance(x, Role), walktree(self))
-
-+ def role_allows(self):
-+ return itertools.ifilter(lambda x: isinstance(x, RoleAllow), walktree(self))
-+
-+ def role_types(self):
-+ return itertools.ifilter(lambda x: isinstance(x, RoleType), walktree(self))
-+
- def __str__(self):
- if self.comment:
- return str(self.comment) + "\n" + self.to_string()
-@@ -494,6 +500,15 @@
- return "allow %s %s;" % (self.src_roles.to_comma_str(),
- self.tgt_roles.to_comma_str())
-
-+class RoleType(Leaf):
-+ def __init__(self, parent=None):
-+ Leaf.__init__(self, parent)
-+ self.role = ""
-+ self.types = IdSet()
-+
-+ def to_string(self):
-+ return "role %s types %s;" % (self.role, self.types.to_comma_str())
-+
- class ModuleDeclaration(Leaf):
- def __init__(self, parent=None):
- Leaf.__init__(self, parent)
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.531
retrieving revision 1.532
diff -u -r1.531 -r1.532
--- policycoreutils.spec 27 Jun 2008 11:03:41 -0000 1.531
+++ policycoreutils.spec 30 Jun 2008 15:52:24 -0000 1.532
@@ -2,11 +2,11 @@
%define libsepolver 2.0.19-1
%define libsemanagever 2.0.5-1
%define libselinuxver 2.0.46-5
-%define sepolgenver 1.0.11
+%define sepolgenver 1.0.12
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.49
-Release: 10%{?dist}
+Version: 2.0.50
+Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -191,6 +191,10 @@
fi
%changelog
+* Mon Jun 30 2008 Dan Walsh <dwalsh at redhat.com> 2.0.50-1
+- Update to upstream
+ * Fix audit2allow generation of role-type rules from Karl MacMillan.
+
* Tue Jun 24 2008 Dan Walsh <dwalsh at redhat.com> 2.0.49-10
- Fix spelling of enforcement
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.185
retrieving revision 1.186
diff -u -r1.185 -r1.186
--- sources 16 May 2008 15:16:21 -0000 1.185
+++ sources 30 Jun 2008 15:52:24 -0000 1.186
@@ -1,2 +1,2 @@
-3fed5cd04ee67c0f86e3cc6825261819 sepolgen-1.0.11.tgz
-2a4121369b3d63dddd4cdf8d3fb9ef84 policycoreutils-2.0.49.tgz
+bf55b96652d47bb2838141130f851477 policycoreutils-2.0.50.tgz
+4813a1ed80f19068ed9897165f073e8b sepolgen-1.0.12.tgz
- Previous message (by thread): rpms/system-config-printer/devel pycups-1.9.40.tar.bz2.sig, NONE, 1.1 .cvsignore, 1.176, 1.177 sources, 1.182, 1.183 system-config-printer.spec, 1.200, 1.201 pycups-1.9.39.tar.bz2.sig, 1.1, NONE
- Next message (by thread): [pkgdb] freehoo was added for rayvd
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list