From a13ffa5b36a9b39d475d8b0dc1ca080218cbe9ca Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 05 2015 13:24:18 +0000 Subject: import policycoreutils-2.2.5-15.el7 --- diff --git a/SOURCES/0001-Make-selinux-policy-build-working-also-on-another-arch.patch b/SOURCES/0001-Make-selinux-policy-build-working-also-on-another-arch.patch index 8515551..17228ed 100644 --- a/SOURCES/0001-Make-selinux-policy-build-working-also-on-another-arch.patch +++ b/SOURCES/0001-Make-selinux-policy-build-working-also-on-another-arch.patch @@ -1,4 +1,4 @@ -From ebe08cf927d75a7546d649fcaa73e1af5996150b Mon Sep 17 00:00:00 2001 +From af90a0d65e013c59e0589d348d67ec26adb0cf66 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Fri, 13 Jun 2014 08:21:26 +0200 Subject: [PATCH] Make selinux-policy build working also on another @@ -69,5 +69,5 @@ index 1765b1c..ecb4461 100755
-- -2.0.4 +2.0.0 diff --git a/SOURCES/0002-semanage-man-page-1084390.patch b/SOURCES/0002-semanage-man-page-1084390.patch new file mode 100644 index 0000000..f05a762 --- /dev/null +++ b/SOURCES/0002-semanage-man-page-1084390.patch @@ -0,0 +1,30 @@ +From d9d9d7825ccf519b79878277669d4d311a686bb6 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Mon, 29 Sep 2014 09:45:21 +0200 +Subject: [PATCH 1/5] Fix semanage man page to talk about semanage-* (8) man + pages. + +--- + policycoreutils/semanage/semanage.8 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8 +index fd27cf2..5d09d92 100644 +--- a/policycoreutils/semanage/semanage.8 ++++ b/policycoreutils/semanage/semanage.8 +@@ -51,9 +51,9 @@ to SELinux user identities (which controls the initial security context + assigned to Linux users when they login and bounds their authorized role set) + as well as security context mappings for various kinds of objects, such + as network ports, interfaces, and nodes (hosts) as well as the file +-context mapping. See the EXAMPLES section below for some examples +-of common usage. Note that the semanage login command deals with the +-mapping from Linux usernames (logins) to SELinux user identities, ++context mapping. See the EXAMPLES section of semanage-* (8) man pages ++for some examples of common usage. Note that the semanage login command ++deals with the mapping from Linux usernames (logins) to SELinux user identities, + while the semanage user command deals with the mapping from SELinux + user identities to authorized role sets. In most cases, only the + former mapping needs to be adjusted by the administrator; the latter +-- +2.1.0 + diff --git a/SOURCES/0003-sandbox-x-1112811.patch b/SOURCES/0003-sandbox-x-1112811.patch new file mode 100644 index 0000000..e5b24af --- /dev/null +++ b/SOURCES/0003-sandbox-x-1112811.patch @@ -0,0 +1,55 @@ +From c2b8a3b20ab807133c0c78b58f23cb0ac415f20a Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Mon, 14 Apr 2014 09:25:01 -0700 +Subject: [PATCH 2/5] Update XDG_RUNTIME_DIR directory + +--- + policycoreutils/sandbox/seunshare.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c +index 97f3920..596a43e 100644 +--- a/policycoreutils/sandbox/seunshare.c ++++ b/policycoreutils/sandbox/seunshare.c +@@ -964,6 +964,7 @@ int main(int argc, char **argv) { + if (child == 0) { + char *display = NULL; + char *LANG = NULL; ++ char *RUNTIME_DIR = NULL; + int rc = -1; + char *resolved_path = NULL; + +@@ -1014,6 +1015,13 @@ int main(int argc, char **argv) { + } + } + ++ if ((RUNTIME_DIR = getenv("XDG_RUNTIME_DIR")) != NULL) { ++ if ((RUNTIME_DIR = strdup(RUNTIME_DIR)) == NULL) { ++ perror(_("Out of memory")); ++ goto childerr; ++ } ++ } ++ + if ((rc = clearenv()) != 0) { + perror(_("Failed to clear environment")); + goto childerr; +@@ -1022,6 +1030,8 @@ int main(int argc, char **argv) { + rc |= setenv("DISPLAY", display, 1); + if (LANG) + rc |= setenv("LANG", LANG, 1); ++ if (RUNTIME_DIR) ++ rc |= setenv("XDG_RUNTIME_DIR", RUNTIME_DIR, 1); + rc |= setenv("HOME", pwd->pw_dir, 1); + rc |= setenv("SHELL", pwd->pw_shell, 1); + rc |= setenv("USER", pwd->pw_name, 1); +@@ -1049,6 +1059,7 @@ childerr: + free(resolved_path); + free(display); + free(LANG); ++ free(RUNTIME_DIR); + exit(-1); + } + +-- +2.1.0 + diff --git a/SOURCES/0004-sepolicy-interface-1075023.patch b/SOURCES/0004-sepolicy-interface-1075023.patch new file mode 100644 index 0000000..cc12cf3 --- /dev/null +++ b/SOURCES/0004-sepolicy-interface-1075023.patch @@ -0,0 +1,112 @@ +From ef95e893d5afb70bd8fb44348972b42607674cfe Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Tue, 18 Mar 2014 09:26:38 -0400 +Subject: [PATCH 3/5] Add ability to list the actual active modules + +--- + policycoreutils/sepolicy/sepolicy/__init__.py | 19 +++++++++++++++ + policycoreutils/sepolicy/sepolicy/interface.py | 32 +++++++++++++++++--------- + 2 files changed, 40 insertions(+), 11 deletions(-) + +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py +index e3943c0..f7f05cb 100644 +--- a/policycoreutils/sepolicy/sepolicy/__init__.py ++++ b/policycoreutils/sepolicy/sepolicy/__init__.py +@@ -137,6 +137,25 @@ def get_all_modules(): + + return all_modules + ++def get_all_modules_from_mod_lst(): ++ mod_lst_path = ["/usr/share/selinux/targeted/base.lst","/usr/share/selinux/targeted/modules-base.lst","/usr/share/selinux/targeted/modules-contrib.lst"] ++ all_modules = [] ++ mod_temp = [] ++ for i in mod_lst_path: ++ try: ++ fd = open(i,"r") ++ modules = fd.readlines() ++ fd.close() ++ modules = modules[0].split(" ")[:-1] ++ for m in modules: ++ mod_temp.append(m[:-3]) ++ all_modules.extend(mod_temp) ++ mod_temp = [] ++ except: ++ all_modules = [] ++ ++ return all_modules ++ + def get_file_types(setype): + flist=[] + mpaths={} +diff --git a/policycoreutils/sepolicy/sepolicy/interface.py b/policycoreutils/sepolicy/sepolicy/interface.py +index 63cff9b..b17f6af 100644 +--- a/policycoreutils/sepolicy/sepolicy/interface.py ++++ b/policycoreutils/sepolicy/sepolicy/interface.py +@@ -119,12 +119,20 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"): + global interface_dict + import os + import xml.etree.ElementTree ++ from sepolicy import get_all_modules, get_all_modules_from_mod_lst + if interface_dict: + return interface_dict + ++ active_modules = [] + interface_dict = {} + param_list = [] + ++ if get_all_modules_from_mod_lst(): ++ active_modules = get_all_modules_from_mod_lst() ++ else: ++ print((_("Using only non-base modules."))) ++ active_modules = get_all_modules() ++ + xml_path = """ + + +@@ -142,16 +150,17 @@ def get_interface_dict(path="/usr/share/selinux/devel/policy.xml"): + tree = xml.etree.ElementTree.fromstring(xml_path) + for l in tree.findall("layer"): + for m in l.findall("module"): +- for i in m.getiterator('interface'): +- for e in i.findall("param"): +- param_list.append(e.get('name')) +- interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"] +- param_list = [] +- for i in m.getiterator('template'): +- for e in i.findall("param"): +- param_list.append(e.get('name')) +- interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"] +- param_list = [] ++ if m.get("name") in active_modules: ++ for i in m.getiterator('interface'): ++ for e in i.findall("param"): ++ param_list.append(e.get('name')) ++ interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"interface"] ++ param_list = [] ++ for i in m.getiterator('template'): ++ for e in i.findall("param"): ++ param_list.append(e.get('name')) ++ interface_dict[(i.get("name"))] = [param_list,(i.find('summary').text),"template"] ++ param_list = [] + except IOError as e: + pass + return interface_dict +@@ -196,13 +205,14 @@ def get_xml_file(if_file): + + def interface_compile_test(interface, path = "/usr/share/selinux/devel/policy.xml"): + exclude_interfaces = ["userdom","kernel","corenet","files", "dev"] ++ exclude_interface_name = ["selinux_genbool"] + exclude_interface_type = ["template"] + + import subprocess, os + policy_files = {'pp':"compiletest.pp", 'te':"compiletest.te", 'fc':"compiletest.fc", 'if':"compiletest.if"} + idict = get_interface_dict(path) + +- if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type): ++ if not (interface in exclude_interface_name or interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type): + print((_("Compiling %s interface" % interface))) + try: + fd = open(policy_files['te'], "w") +-- +2.1.0 + diff --git a/SOURCES/0005-fixfiles-exclude-dirs-1082676.patch b/SOURCES/0005-fixfiles-exclude-dirs-1082676.patch new file mode 100644 index 0000000..3abd55d --- /dev/null +++ b/SOURCES/0005-fixfiles-exclude-dirs-1082676.patch @@ -0,0 +1,47 @@ +From 0d571e36878fb42fc9e024bc52a6fa439d707d2c Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 16 May 2014 15:14:37 +0200 +Subject: [PATCH 4/5] Make fixfiles_exclude_dirs working if there is a + substituion for the given directory + +--- + policycoreutils/scripts/fixfiles | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles +index 5c29eb9..df4298a 100755 +--- a/policycoreutils/scripts/fixfiles ++++ b/policycoreutils/scripts/fixfiles +@@ -137,6 +137,9 @@ else + FC=/etc/security/selinux/file_contexts + fi + ++FC_SUB_DIST=${FC}.subs_dist ++FC_SUB=${FC}.subs ++ + # + # Log to either syslog or a LOGFILE + # +@@ -243,6 +246,10 @@ then + logit "skipping the directory ${p}" + done + FC=$TEMPFCFILE ++/bin/cp -p ${TEMPFCFILE} ${TEMPFCFILE}.subs_dist &>/dev/null || exit ++/bin/cp -p ${FC_SUB_DIST} ${TEMPFCFILE}.subs_dist &>/dev/null || exit ++/bin/cp -p ${TEMPFCFILE} ${TEMPFCFILE}.subs &>/dev/null || exit ++/bin/cp -p ${FC_SUB} ${TEMPFCFILE}.subs &>/dev/null || exit + fi + if [ ! -z "$RPMFILES" ]; then + for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do +@@ -264,7 +271,7 @@ if [ ${OPTION} != "Relabel" ]; then + return + fi + echo "Cleaning up labels on /tmp" +-rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE ++rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE ${TEMPFCFILE}.subs_dist ${TEMPFCFILE}.subs + + UNDEFINED=`get_undefined_type` || exit $? + UNLABELED=`get_unlabeled_type` || exit $? +-- +2.1.0 + diff --git a/SOURCES/0006-restorecon-1082956.patch b/SOURCES/0006-restorecon-1082956.patch new file mode 100644 index 0000000..3008694 --- /dev/null +++ b/SOURCES/0006-restorecon-1082956.patch @@ -0,0 +1,27 @@ +From 68ebd4f452f4fe8f290eef6674cdd4687104abe3 Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Thu, 7 Aug 2014 09:08:12 -0400 +Subject: [PATCH 5/5] If the user attempts to restorecon the label of a file + that does not exist, do not report this as an error + +--- + policycoreutils/setfiles/restore.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c +index 2a7cfa3..10933e4 100644 +--- a/policycoreutils/setfiles/restore.c ++++ b/policycoreutils/setfiles/restore.c +@@ -160,6 +160,9 @@ static int restore(FTSENT *ftsent, int recurse) + /* Get the current context of the file. */ + ret = lgetfilecon_raw(ftsent->fts_accpath, &curcon); + if (ret < 0) { ++ if (errno == ENOENT) { ++ goto out; ++ } + if (errno == ENODATA) { + curcon = NULL; + } else { +-- +2.1.0 + diff --git a/SOURCES/0007-semanage-man-subpages-s-STORE-to-S-STORE.patch b/SOURCES/0007-semanage-man-subpages-s-STORE-to-S-STORE.patch new file mode 100644 index 0000000..8f64b55 --- /dev/null +++ b/SOURCES/0007-semanage-man-subpages-s-STORE-to-S-STORE.patch @@ -0,0 +1,109 @@ +From 07feb4a90ecfa181d449698d4a6c90574205b1f9 Mon Sep 17 00:00:00 2001 +From: Jan Chaloupka +Date: Tue, 26 Aug 2014 08:59:33 +0200 +Subject: [PATCH 7/8] semanage man subpages -s STORE to -S STORE + +--- + policycoreutils/semanage/semanage-boolean.8 | 2 +- + policycoreutils/semanage/semanage-fcontext.8 | 2 +- + policycoreutils/semanage/semanage-interface.8 | 2 +- + policycoreutils/semanage/semanage-login.8 | 2 +- + policycoreutils/semanage/semanage-node.8 | 2 +- + policycoreutils/semanage/semanage-port.8 | 2 +- + policycoreutils/semanage/semanage-user.8 | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/policycoreutils/semanage/semanage-boolean.8 b/policycoreutils/semanage/semanage-boolean.8 +index 4195d50..fe1adec 100644 +--- a/policycoreutils/semanage/semanage-boolean.8 ++++ b/policycoreutils/semanage/semanage-boolean.8 +@@ -2,7 +2,7 @@ + .SH "NAME" + semanage boolean\- SELinux Policy Management boolean tool + .SH "SYNOPSIS" +-.B semanage boolean [\-h] [\-n] [\-N] [\-s STORE] [ \-\-extract | \-\-deleteall | \-\-list [\-C] | \-\-modify ( \-\-on | \-\-off ) boolean ] ++.B semanage boolean [\-h] [\-n] [\-N] [\-S STORE] [ \-\-extract | \-\-deleteall | \-\-list [\-C] | \-\-modify ( \-\-on | \-\-off ) boolean ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of +diff --git a/policycoreutils/semanage/semanage-fcontext.8 b/policycoreutils/semanage/semanage-fcontext.8 +index 7369af7..974e926 100644 +--- a/policycoreutils/semanage/semanage-fcontext.8 ++++ b/policycoreutils/semanage/semanage-fcontext.8 +@@ -3,7 +3,7 @@ + semanage fcontext\- SELinux Policy Management file context tool + + .SH "SYNOPSIS" +-.B semanage fcontext [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) | \-\-delete ( \-t TYPE \-f FTYPE | \-e EQUAL ) FILE_SPEC ) | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) ] ++.B semanage fcontext [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) | \-\-delete ( \-t TYPE \-f FTYPE | \-e EQUAL ) FILE_SPEC ) | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of +diff --git a/policycoreutils/semanage/semanage-interface.8 b/policycoreutils/semanage/semanage-interface.8 +index c9dd59c..e8e7133 100644 +--- a/policycoreutils/semanage/semanage-interface.8 ++++ b/policycoreutils/semanage/semanage-interface.8 +@@ -2,7 +2,7 @@ + .SH "NAME" + .B semanage interface\- SELinux Policy Management network interface tool + .SH "SYNOPSIS" +-.B semanage interface [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-t TYPE \-r RANGE interface | \-\-delete interface | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-r RANGE interface ] ++.B semanage interface [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-t TYPE \-r RANGE interface | \-\-delete interface | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-r RANGE interface ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of +diff --git a/policycoreutils/semanage/semanage-login.8 b/policycoreutils/semanage/semanage-login.8 +index 78a0ecb..c638184 100644 +--- a/policycoreutils/semanage/semanage-login.8 ++++ b/policycoreutils/semanage/semanage-login.8 +@@ -2,7 +2,7 @@ + .SH "NAME" + .B semanage login\- SELinux Policy Management linux user to SELinux User mapping tool + .SH "SYNOPSIS" +-.B semanage login [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-s SEUSER \-r RANGE LOGIN | \-\-delete LOGIN | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-s SEUSER \-r RANGE LOGIN ] ++.B semanage login [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-s SEUSER \-r RANGE LOGIN | \-\-delete LOGIN | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-s SEUSER \-r RANGE LOGIN ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of +diff --git a/policycoreutils/semanage/semanage-node.8 b/policycoreutils/semanage/semanage-node.8 +index 75c2d30..f50bbe7 100644 +--- a/policycoreutils/semanage/semanage-node.8 ++++ b/policycoreutils/semanage/semanage-node.8 +@@ -2,7 +2,7 @@ + .SH "NAME" + .B semanage node\- SELinux Policy Management node mapping tool + .SH "SYNOPSIS" +-.B semanage node [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-M NETMASK \-p PROTOCOL \-t TYPE \-r RANGE node | \-\-delete \-M NETMASK \-p PROTOCOL node | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-M NETMASK \-p PROTOCOL \-t TYPE \-r RANGE node ] ++.B semanage node [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-M NETMASK \-p PROTOCOL \-t TYPE \-r RANGE node | \-\-delete \-M NETMASK \-p PROTOCOL node | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-M NETMASK \-p PROTOCOL \-t TYPE \-r RANGE node ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of +diff --git a/policycoreutils/semanage/semanage-port.8 b/policycoreutils/semanage/semanage-port.8 +index cd0a1b4..7024ab9 100644 +--- a/policycoreutils/semanage/semanage-port.8 ++++ b/policycoreutils/semanage/semanage-port.8 +@@ -2,7 +2,7 @@ + .SH "NAME" + .B semanage port\- SELinux Policy Management port mapping tool + .SH "SYNOPSIS" +-.B semanage port [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range | \-\-delete \-p PROTOCOL port_name | port_range | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range ] ++.B semanage port [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range | \-\-delete \-p PROTOCOL port_name | port_range | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage port controls the port number to port type defitions. +diff --git a/policycoreutils/semanage/semanage-user.8 b/policycoreutils/semanage/semanage-user.8 +index 7259ea9..c437a78 100644 +--- a/policycoreutils/semanage/semanage-user.8 ++++ b/policycoreutils/semanage/semanage-user.8 +@@ -2,7 +2,7 @@ + .SH "NAME" + .B semanage user\- SELinux Policy Management SELinux User mapping tool + .SH "SYNOPSIS" +-.B semanage user [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ] ++.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ] + + .SH "DESCRIPTION" + semanage is used to configure certain elements of +-- +2.1.0 + diff --git a/SOURCES/0008-fix-semanage-help-message-to-S-STORE.patch b/SOURCES/0008-fix-semanage-help-message-to-S-STORE.patch new file mode 100644 index 0000000..1773483 --- /dev/null +++ b/SOURCES/0008-fix-semanage-help-message-to-S-STORE.patch @@ -0,0 +1,49 @@ +From b057efd48e5000ba75a7f84230a74c9d8e298a2b Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Fri, 17 Oct 2014 15:52:03 +0200 +Subject: [PATCH 8/8] fix semanage help message to [-S STORE] + +--- + policycoreutils/semanage/semanage | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage +index e3e3a71..27d0571 100644 +--- a/policycoreutils/semanage/semanage ++++ b/policycoreutils/semanage/semanage +@@ -48,25 +48,25 @@ except IOError: + builtins.__dict__['_'] = str + + # define custom usages for selected main actions +-usage_login = "semanage login [-h] [-n] [-N] [-s STORE] [" ++usage_login = "semanage login [-h] [-n] [-N] [-S STORE] [" + usage_login_dict = {' --add':('-s SEUSER','-r RANGE','LOGIN',),' --modify':('-s SEUSER','-r RANGE','LOGIN',),' --delete':('LOGIN',), ' --list':('-C',),' --extract':('',), ' --deleteall':('',)} + +-usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-s STORE] [" ++usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] [" + usage_fcontext_dict = {' --add':('(','-t TYPE','-f FTYPE','-r RANGE','-s SEUSER', '|','-e EQUAL', ')','FILE_SPEC',')' ,),' --delete':('(','-t TYPE','-f FTYPE','|','-e EQUAL',')','FILE_SPEC', ')',),' --modify':('(','-t TYPE','-f FTYPE','-r RANGE','-s SEUSER','|','-e EQUAL',')','FILE_SPEC )',),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} + +-usage_user = "semanage user [-h] [-n] [-N] [-s STORE] [" ++usage_user = "semanage user [-h] [-n] [-N] [-S STORE] [" + usage_user_dict = {' --add':('(','-L LEVEL','-R ROLES','-r RANGE','-s SEUSER','selinux_name'')'),' --delete':('selinux_name',),' --modify':('(','-L LEVEL','-R ROLES','-r RANGE','-s SEUSER','selinux_name',')'),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} + +-usage_port = "semanage port [-h] [-n] [-N] [-s STORE] [" ++usage_port = "semanage port [-h] [-n] [-N] [-S STORE] [" + usage_port_dict = {' --add':('-t TYPE','-p PROTOCOL','-r RANGE','(','port_name','|','port_range',')'),' --modify':('-t TYPE','-p PROTOCOL','-r RANGE','(','port_name','|','port_range',')'), ' --delete':('-p PROTOCOL','(','port_name','|','port_range',')'),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} + +-usage_node = "semanage node [-h] [-n] [-N] [-s STORE] [" ++usage_node = "semanage node [-h] [-n] [-N] [-S STORE] [" + usage_node_dict = {' --add':('-M NETMASK','-p PROTOCOL','-t TYPE','-r RANGE','node'),' --modify':('-M NETMASK','-p PROTOCOL','-t TYPE','-r RANGE','node'), ' --delete':('-M NETMASK','-p PROTOCOL','node'),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} + +-usage_interface = "semanage interface [-h] [-n] [-N] [-s STORE] [" ++usage_interface = "semanage interface [-h] [-n] [-N] [-S STORE] [" + usage_interface_dict = {' --add':('-t TYPE','-r RANGE','interface'),' --modify':('-t TYPE','-r RANGE','interface'), ' --delete':('interface',),' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} + +-usage_boolean = "semanage boolean [-h] [-n] [-N] [-s STORE] [" ++usage_boolean = "semanage boolean [-h] [-n] [-N] [-S STORE] [" + usage_boolean_dict = {' --modify':('(','--on','|','--off',')','boolean'), ' --list':('-C',), ' --extract':('',), ' --deleteall':('',)} + + import sepolicy +-- +2.1.0 + diff --git a/SOURCES/0009-Fix-sepolicy.search-to-get-good-results-everytime.patch b/SOURCES/0009-Fix-sepolicy.search-to-get-good-results-everytime.patch new file mode 100644 index 0000000..5d7723e --- /dev/null +++ b/SOURCES/0009-Fix-sepolicy.search-to-get-good-results-everytime.patch @@ -0,0 +1,31 @@ +From b5dbb383f9c02e16dda5850af614d1c6928c2635 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Wed, 20 Aug 2014 15:19:15 +0200 +Subject: [PATCH] Fix sepolicy.search() to get good results everytime. + +--- + policycoreutils/sepolicy/sepolicy/__init__.py | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py +index f7f05cb..28392e4 100644 +--- a/policycoreutils/sepolicy/sepolicy/__init__.py ++++ b/policycoreutils/sepolicy/sepolicy/__init__.py +@@ -50,8 +50,12 @@ def info(setype, name=None): + dict_list = _policy.info(setype, name) + return dict_list + +-def search(types, info = {}): +- seinfo = info ++def search(types, info=None): ++ if info: ++ seinfo = info ++ else: ++ seinfo = {} ++ + valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW] + for setype in types: + if setype not in valid_types: +-- +2.1.0 + diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec index 8c5c5e1..2b2e35b 100644 --- a/SPECS/policycoreutils.spec +++ b/SPECS/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.2.5 -Release: 11%{?dist}.1 +Release: 15%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -23,6 +23,15 @@ Patch2: policycoreutils-matchbox.patch Patch3: policycoreutils-semanage-range.patch Patch4: policycoreutils-run_init.patch Patch5: 0001-Make-selinux-policy-build-working-also-on-another-arch.patch +Patch6: 0002-semanage-man-page-1084390.patch +Patch7: 0003-sandbox-x-1112811.patch +Patch8: 0004-sepolicy-interface-1075023.patch +Patch9: 0005-fixfiles-exclude-dirs-1082676.patch +Patch10: 0006-restorecon-1082956.patch +Patch11: 0007-semanage-man-subpages-s-STORE-to-S-STORE.patch +Patch12: 0008-fix-semanage-help-message-to-S-STORE.patch +Patch13: 0009-Fix-sepolicy.search-to-get-good-results-everytime.patch + Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3 Provides: /sbin/fixfiles @@ -59,6 +68,14 @@ to switch roles. %patch3 -p1 -b .semanage-range %patch4 -p2 -b .run_init %patch5 -p2 -b .build-working +%patch6 -p2 -b .1084390 +%patch7 -p2 -b .1112811 +%patch8 -p2 -b .1075023 +%patch9 -p2 -b .1082676 +%patch10 -p2 -b .1082956 +%patch11 -p2 -b .1085246 +%patch12 -p2 -b .1085246 +%patch13 -p2 -b .1092356 cp %{SOURCE3} gui/ tar xvf %{SOURCE4} @@ -354,9 +371,29 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog -* Fri Aug 29 2014 Miroslav Grepl - 2.2.5-11.el7_0.1 +* Mon Nov 10 2014 Miroslav Grepl 2.2.5-15 +- Fix sepolicy.search() to get good results everytime. +Resolves:#1092356 + +* Mon Oct 20 2014 Petr Lautrbach 2.2.5-14 +- Fix semanage's man pages and help output +Resolves: #1085246 + +* Mon Sep 29 2014 Miroslav Grepl - 2.2.5-13 +- If the user attempts to restorecon the label of a file that does not exist, do not report this as an error +Resolves:#1082956 +- Make fixfiles_exclude_dirs working if there is a substituion for the given directory +Resolves:#1082676 +- Add ability to list the actual active modules +Resolves:#1075023 +- Update XDG_RUNTIME_DIR directory +Resolves:#1112811 +- Fix semanage man page to talk about semanage-* (8) man pages. +Resolves:#1084390 + +* Fri Jun 13 2014 Miroslav Grepl - 2.2.5-12 - Make selinux-policy build working also on another architectures related to sepolicy-manpage generate -Resolves:#1135434 +Resolves:#1103292 * Fri Apr 4 2014 Dan Walsh - 2.2.5-11 - One more time