rpms/policycoreutils/devel policycoreutils-gui.patch, 1.87, 1.88 policycoreutils.spec, 1.610, 1.611
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Jun 4 19:32:02 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21642
Modified Files:
policycoreutils-gui.patch policycoreutils.spec
Log Message:
* Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 2.0.63-5
- Add sepolgen executable
policycoreutils-gui.patch:
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -p -r1.87 -r1.88
--- policycoreutils-gui.patch 22 May 2009 21:10:16 -0000 1.87
+++ policycoreutils-gui.patch 4 Jun 2009 19:31:31 -0000 1.88
@@ -2165,10 +2165,11 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.63/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.63/gui/Makefile 2009-05-22 17:07:21.000000000 -0400
-@@ -0,0 +1,38 @@
++++ policycoreutils-2.0.63/gui/Makefile 2009-06-04 15:18:28.000000000 -0400
+@@ -0,0 +1,41 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
++BINDIR ?= $(PREFIX)/bin
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
+
+TARGETS= \
@@ -2193,9 +2194,11 @@ diff --exclude-from=exclude -N -u -r nsa
+
+install: all
+ -mkdir -p $(SHAREDIR)/templates
++ -mkdir -p $(BINDIR)
+ install -m 755 system-config-selinux.py $(SHAREDIR)
+ install -m 755 polgengui.py $(SHAREDIR)
+ install -m 755 polgen.py $(SHAREDIR)
++ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen)
+ install -m 755 lockdown.py $(SHAREDIR)
+ install -m 644 $(TARGETS) $(SHAREDIR)
+ install -m 644 templates/*.py $(SHAREDIR)/templates/
@@ -6412,8 +6415,8 @@ diff --exclude-from=exclude -N -u -r nsa
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.63/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.63/gui/polgen.py 2009-05-22 17:02:43.000000000 -0400
-@@ -0,0 +1,1152 @@
++++ policycoreutils-2.0.63/gui/polgen.py 2009-06-04 15:19:33.000000000 -0400
+@@ -0,0 +1,1177 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2007, 2008, 2009 Red Hat
@@ -6609,6 +6612,13 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.ports = ports.get_all()
+
+ self.symbols = {}
++ self.symbols["openlog"] = "set_use_kerberos(True)"
++ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
++ self.symbols["openlog"] = "set_use_syslog(True)"
++ self.symbols["krb"] = "set_use_kerberos(True)"
++ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
++ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
++ self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)"
+ self.symbols["__syslog_chk"] = "set_use_syslog(True)"
+ self.symbols["getpwnam"] = "set_use_uid(True)"
+ self.symbols["getpwuid"] = "set_use_uid(True)"
@@ -6721,6 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.use_tmp = False
+ self.use_uid = False
+ self.use_syslog = False
++ self.use_kerberos = False
++ self.manage_krb5_rcache = False
+ self.use_pam = False
+ self.use_dbus = False
+ self.use_audit = False
@@ -6810,6 +6822,18 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ self.use_syslog = val
+
++ def set_use_kerberos(self, val):
++ if val != True and val != False:
++ raise ValueError(_("use_kerberos must be a boolean value "))
++
++ self.use_kerberos = val
++
++ def set_manage_krb5_rcache(self, val):
++ if val != True and val != False:
++ raise ValueError(_("manage_krb5_rcache must be a boolean value "))
++
++ self.manage_krb5_rcache = val
++
+ def set_use_pam(self, val):
+ self.use_pam = val == True
+
@@ -6849,6 +6873,18 @@ diff --exclude-from=exclude -N -u -r nsa
+ else:
+ return ""
+
++ def generate_kerberos_rules(self):
++ if self.use_kerberos:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
++ else:
++ return ""
++
++ def generate_manage_krb5_rcache_rules(self):
++ if self.use_manage_krb5_rcache:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules)
++ else:
++ return ""
++
+ def generate_pam_rules(self):
+ newte =""
+ if self.use_pam:
@@ -7252,6 +7288,8 @@ diff --exclude-from=exclude -N -u -r nsa
+ newte += self.generate_roles_rules()
+ newte += self.generate_transition_rules()
+ newte += self.generate_admin_rules()
++ newte += self.generate_kerberos_rules()
++ newte += self.generate_manage_krb5_rcache_rules()
+ return newte
+
+ def generate_fc(self):
@@ -7489,7 +7527,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ return rec
+
+def gen_symbols(cmd):
-+ fd = os.popen("nm /usr/lib/debug%s.debug | grep U" % cmd)
++ fd = os.popen("nm -D %s | grep U" % cmd)
+ rec = fd.read().split()
+ fd.close()
+ return rec
@@ -7498,7 +7536,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ print _("""
+%s
+
-+polgen [ -m ] [ -t type ] command
++polgen [ -m ] [ -t type ] executable
+valid Types:
+""") % msg
+ keys=poltype.keys()
@@ -7549,16 +7587,6 @@ diff --exclude-from=exclude -N -u -r nsa
+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
+
+ symbols = gen_symbols(cmd)
-+ if len(symbols) == 0:
-+ print """
-+%s attempts to scan the debuginfo file for symbols to generate
-+additional policy rules, which is missing for %s
-+
-+debuginfo-install RPMPACKAGE
-+
-+Will install %s with symbols. Then rerun this tool tool generate additional
-+rules.
-+""" % (sys.argv[0], cmd, cmd)
+ for s in symbols:
+ for b in mypolicy.symbols:
+ if s.startswith(b):
@@ -12212,8 +12240,8 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.63/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.63/gui/templates/executable.py 2009-05-22 16:56:01.000000000 -0400
-@@ -0,0 +1,363 @@
++++ policycoreutils-2.0.63/gui/templates/executable.py 2009-06-03 16:47:15.000000000 -0400
+@@ -0,0 +1,376 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12380,6 +12408,19 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
++te_kerberos_rules="""
++optional_policy(`
++ kerberos_use(TEMPLATETYPE_t)
++')
++"""
++
++te_manage_krb5_rcache_rules="""
++optional_policy(`
++ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
++ kerberos_manage_host_rcache(TEMPLATETYPE_t)
++')
++"""
++
+te_audit_rules="""
+logging_send_audit_msgs(TEMPLATETYPE_t)
+"""
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.610
retrieving revision 1.611
diff -u -p -r1.610 -r1.611
--- policycoreutils.spec 1 Jun 2009 10:43:33 -0000 1.610
+++ policycoreutils.spec 4 Jun 2009 19:31:31 -0000 1.611
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.63
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -162,6 +162,7 @@ system-config-selinux is a utility for m
%defattr(-,root,root)
%{_bindir}/system-config-selinux
%{_bindir}/selinux-polgengui
+%{_bindir}/sepolgen
%{_datadir}/applications/fedora-system-config-selinux.desktop
%{_datadir}/applications/fedora-selinux-polgengui.desktop
%dir %{_datadir}/system-config-selinux
@@ -226,6 +227,9 @@ else
fi
%changelog
+* Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 2.0.63-5
+- Add sepolgen executable
+
* Mon Jun 1 2009 Dan Walsh <dwalsh at redhat.com> 2.0.63-4
- Fix Sandbox option handling
- Fix fixfiles handling of btrfs
More information about the fedora-extras-commits
mailing list