From 6d19aa7c9d7c02b95c52726955b623ff62f4aa60 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 11 2007 02:59:47 +0000 Subject: * Mon Dec 10 2007 Dan Walsh 2.0.33-1 - Upgrade from NSA * Drop verbose output on fixfiles -C from Dan Walsh. * Fix argument handling in fixfiles from Dan Walsh. * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh. - Fix handling of final screen in polgengui --- diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index a189f00..deab4f1 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -234,7 +234,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.32/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.32/gui/fcontextPage.py 2007-12-02 20:29:16.000000000 -0500 ++++ policycoreutils-2.0.32/gui/fcontextPage.py 2007-12-10 15:18:39.000000000 -0500 @@ -0,0 +1,217 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -406,7 +406,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + fspec=store.get_value(iter, SPEC_COL) + ftype=store.get_value(iter, FTYPE_COL) + self.wait() -+ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' %s" % (ftype, fspec)) ++ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' '%s'" % (ftype, fspec)) + self.ready() + + if rc != 0: @@ -3957,8 +3957,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.32/gui/polgengui.py --- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.32/gui/polgengui.py 2007-12-02 20:29:16.000000000 -0500 -@@ -0,0 +1,590 @@ ++++ policycoreutils-2.0.32/gui/polgengui.py 2007-12-10 21:40:50.000000000 -0500 +@@ -0,0 +1,598 @@ +#!/usr/bin/python -E +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux @@ -4072,9 +4072,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + COMMON_APPS_PAGE = 9 + FILES_PAGE = 10 + BOOLEAN_PAGE = 11 -+ GEN_POLICY_PAGE = 12 -+ GEN_USER_POLICY_PAGE = 13 -+ FINISH_PAGE = 14 ++ SELECT_DIR_PAGE = 12 ++ GEN_POLICY_PAGE = 13 ++ GEN_USER_POLICY_PAGE = 14 + + def __init__(self): + self.xml = xml @@ -4101,12 +4101,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + + self.notebook = xml.get_widget ("notebook1") + self.pages={} ++ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ] + for i in polgen.USERS: -+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE] -+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE] ++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] ++ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] + for i in polgen.APPLICATIONS: -+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE ] -+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE ] ++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE] ++ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE] + + self.current_page = 0 + self.back_button.set_sensitive(0) @@ -4230,18 +4231,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + if self.pages[type][self.current_page] == self.APP_PAGE: + if self.on_name_page_next(): + return ++ ++ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE: ++ outputdir = self.output_entry.get_text() ++ if not os.path.isdir(outputdir): ++ self.error(_("%s must be a directory") % outputdir ) ++ return False + -+ if self.pages[type][self.current_page] == self.FINISH_PAGE: ++ if self.pages[type][self.current_page] in self.finish_page: + self.generate_policy() + else: + self.current_page = self.current_page + 1 + self.notebook.set_current_page(self.pages[type][self.current_page]) -+ if self.pages[type][self.current_page] == self.FINISH_PAGE: ++ if self.pages[type][self.current_page] in self.finish_page: + self.forward_button.set_label(gtk.STOCK_APPLY) + + def back(self,arg): + type = self.get_type() -+ if self.pages[type][self.current_page] == self.FINISH_PAGE: ++ if self.pages[type][self.current_page] in self.finish_page: + self.forward_button.set_label(gtk.STOCK_GO_FORWARD) + + self.current_page = self.current_page - 1 @@ -4303,6 +4310,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + return polgen.RUSER + + def generate_policy(self, *args): ++ outputdir = self.output_entry.get_text() + try: + my_policy=polgen.policy(self.get_name(), self.get_type()) + my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text()) @@ -4354,7 +4362,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + my_policy.add_dir(self.store.get_value(iter, 0)) + iter= self.store.iter_next(iter) + -+ self.info(my_policy.generate(self.output_entry.get_text())) ++ self.info(my_policy.generate(outputdir)) + return False + except ValueError, e: + self.error(e.message) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 0cc35dd..105c604 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.31/audit2why/audit2why.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.32/audit2why/audit2why.c --- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.31/audit2why/audit2why.c 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.32/audit2why/audit2why.c 2007-12-02 20:29:15.000000000 -0500 @@ -137,6 +137,8 @@ /* Process the audit messages. */ while (getline(&buffer, &len, stdin) > 0) { @@ -97,18 +97,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if (!tclass) { fprintf(stderr, "Invalid %s%s on line %u, skipping...\n", -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.31/Makefile +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.32/Makefile --- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400 -+++ policycoreutils-2.0.31/Makefile 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.32/Makefile 2007-12-02 20:29:15.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui all install relabel clean indent: @for subdir in $(SUBDIRS); do \ -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.31/restorecond/restorecond.c +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.32/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400 -+++ policycoreutils-2.0.31/restorecond/restorecond.c 2007-11-02 15:54:42.000000000 -0400 ++++ policycoreutils-2.0.32/restorecond/restorecond.c 2007-12-02 20:29:15.000000000 -0500 @@ -210,9 +210,10 @@ } @@ -135,9 +135,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po } free(scontext); close(fd); -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.31/scripts/chcat +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.32/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2007-08-23 16:52:26.000000000 -0400 -+++ policycoreutils-2.0.31/scripts/chcat 2007-11-19 13:11:19.000000000 -0500 ++++ policycoreutils-2.0.32/scripts/chcat 2007-12-02 20:29:15.000000000 -0500 @@ -25,10 +25,6 @@ import commands, sys, os, pwd, string, getopt, selinux import seobject @@ -149,83 +149,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po try: gettext.install('policycoreutils') -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.31/scripts/fixfiles ---- nsapolicycoreutils/scripts/fixfiles 2007-08-23 16:52:26.000000000 -0400 -+++ policycoreutils-2.0.31/scripts/fixfiles 2007-11-16 16:30:21.000000000 -0500 -@@ -92,7 +92,7 @@ - ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \ - \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \ - done 2> /dev/null | \ -- ${RESTORECON} $2 -v -f - -+ ${RESTORECON} $2 -f - - rm -f ${TEMPFILE} ${PREFCTEMPFILE} - fi - } -@@ -189,21 +189,27 @@ - case "$i" in - f) - fullFlag=1 -+ shift 1 - ;; - R) - RPMFILES=$OPTARG -+ shift 2 - ;; - o) - OUTFILES=$OPTARG -+ shift 2 - ;; - l) - LOGFILE=$OPTARG -+ shift 2 - ;; - C) - PREFC=$OPTARG -+ shift 2 - ;; - F) - FORCEFLAG="-F" -+ shift 1 - ;; - *) - usage -@@ -211,10 +217,8 @@ - esac - done - -- - # Check for the command --eval command=\$${OPTIND} --let OPTIND=$OPTIND+1 -+command=$1 - if [ -z $command ]; then - usage - fi -@@ -223,17 +227,15 @@ - # check if they specified both DIRS and RPMFILES - # - -+shift 1 - if [ ! -z "$RPMFILES" ]; then -- if [ $OPTIND -le $# ]; then -+ if [ $# -gt 0 ]; then - usage - fi - else -- while [ $OPTIND -le $# ]; do -- eval DIR=\$${OPTIND} -- DIRS="$DIRS $DIR" -- let OPTIND=$OPTIND+1 -- done -+ DIRS=$* - fi -+ - # - # Make sure they specified one of the three valid commands - # -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.31/semanage/semanage +diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.32/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400 -+++ policycoreutils-2.0.31/semanage/semanage 2007-11-19 13:10:07.000000000 -0500 ++++ policycoreutils-2.0.32/semanage/semanage 2007-12-02 20:29:15.000000000 -0500 @@ -1,5 +1,5 @@ #! /usr/bin/python -E -# Copyright (C) 2005 Red Hat @@ -292,141 +218,3 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po if object == "login": OBJECT = seobject.loginRecords(store) -diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 2007-10-07 21:46:43.000000000 -0400 -+++ policycoreutils-2.0.31/semanage/seobject.py 2007-11-19 17:35:04.000000000 -0500 -@@ -1,5 +1,5 @@ - #! /usr/bin/python -E --# Copyright (C) 2005 Red Hat -+# Copyright (C) 2005, 2006, 2007 Red Hat - # see file 'COPYING' for use and warranty information - # - # semanage is a tool for managing SELinux configuration files -@@ -88,6 +88,35 @@ - - mylog = logger() - -+import sys, os -+import re -+import xml.etree.ElementTree -+ -+booleans_dict={} -+try: -+ tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml") -+ for l in tree.findall("layer"): -+ for m in l.findall("module"): -+ for b in m.findall("tunable"): -+ desc = b.find("desc").find("p").text.strip("\n") -+ desc = re.sub("\n", " ", desc) -+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc) -+ for b in m.findall("bool"): -+ desc = b.find("desc").find("p").text.strip("\n") -+ desc = re.sub("\n", " ", desc) -+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc) -+ for i in tree.findall("bool"): -+ desc = i.find("desc").find("p").text.strip("\n") -+ desc = re.sub("\n", " ", desc) -+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc) -+ for i in tree.findall("tunable"): -+ desc = i.find("desc").find("p").text.strip("\n") -+ desc = re.sub("\n", " ", desc) -+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc) -+except IOError, e: -+ #print _("Failed to translate booleans.\n%s") % e -+ pass -+ - def validate_level(raw): - sensitivity = "s[0-9]*" - category = "c[0-9]*" -@@ -139,7 +168,7 @@ - translations = fd.readlines() - fd.close() - except IOError, e: -- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) ) -+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) ) - - self.ddict = {} - self.comments = [] -@@ -236,9 +265,6 @@ - if rc < 0: - semanage_handle_destroy(self.sh) - raise ValueError(_("Could not establish semanage connection")) -- def deleteall(self): -- raise ValueError(_("Not yet implemented")) -- - - class loginRecords(semanageRecords): - def __init__(self, store = ""): -@@ -1095,7 +1121,13 @@ - - return con - -+ def validate(self, target): -+ if target == "" or target.find("\n") >= 0: -+ raise ValueError(_("Invalid file specification")) -+ - def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): -+ self.validate(target) -+ - if is_mls_enabled == 1: - serange = untranslate(serange) - -@@ -1154,6 +1186,7 @@ - def modify(self, target, setype, ftype, serange, seuser): - if serange == "" and setype == "" and seuser == "": - raise ValueError(_("Requires setype, serange or seuser")) -+ self.validate(target) - - (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) - if rc < 0: -@@ -1304,6 +1337,7 @@ - print "%-50s %-18s <>" % (fcon[0], fcon[1]) - - class booleanRecords(semanageRecords): -+ - def __init__(self, store = ""): - semanageRecords.__init__(self, store) - -@@ -1328,11 +1362,14 @@ - if value != "": - nvalue = int(value) - semanage_bool_set_value(b, nvalue) -+ else: -+ raise ValueError(_("You must specify a value")) - - rc = semanage_begin_transaction(self.sh) - if rc < 0: - raise ValueError(_("Could not start semanage transaction")) - -+ rc = semanage_bool_set_active(self.sh, k, b) - rc = semanage_bool_modify_local(self.sh, k, b) - if rc < 0: - raise ValueError(_("Could not modify boolean %s") % name) -@@ -1416,11 +1453,25 @@ - - return ddict - -+ def get_desc(self, boolean): -+ if boolean in booleans_dict: -+ return _(booleans_dict[boolean][2]) -+ else: -+ return boolean -+ -+ def get_category(self, boolean): -+ if boolean in booleans_dict: -+ return _(booleans_dict[boolean][0]) -+ else: -+ return _("unknown") -+ - def list(self, heading = 1, locallist = 0): -+ on_off = (_("off"),_("on")) - if heading: -- print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") ) -+ print "%-40s %s\n" % (_("SELinux boolean"), _("Description")) - ddict = self.get_all(locallist) - keys = ddict.keys() - for k in keys: - if ddict[k]: -- print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2]) -+ print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k)) -+ diff --git a/policycoreutils.spec b/policycoreutils.spec index d3d4ce0..d81dba7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -5,8 +5,8 @@ %define sepolgenver 1.0.10 Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.0.32 -Release: 2%{?dist} +Version: 2.0.33 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -207,6 +207,13 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Mon Dec 10 2007 Dan Walsh 2.0.33-1 +- Upgrade from NSA + * Drop verbose output on fixfiles -C from Dan Walsh. + * Fix argument handling in fixfiles from Dan Walsh. + * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh. +- Fix handling of final screen in polgengui + * Sun Dec 2 2007 Dan Walsh 2.0.32-2 - Fix handling of disable selinux button in gui diff --git a/sources b/sources index 1217ded..66628ea 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ eddb3e34fb982d752aa8cbed7b98f3d2 sepolgen-1.0.10.tgz -1e400f1a84e8c9467ab895efc5935797 policycoreutils-2.0.32.tgz +b877db4ee4b2474df1da952c8d0a3e1c policycoreutils-2.0.33.tgz