powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

policycoreutils patch update 

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 5 years ago
parent
ce7a691b61
commit
25d0a63649
1 changed files with 38 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 76
      SOURCES/policycoreutils-rhel.patch

76
SOURCES/policycoreutils-rhel.patch
Unescape View File

@ -2723,7 +2723,7 @@ index 5c29eb9..401be3f 100755 @@ -2723,7 +2723,7 @@ index 5c29eb9..401be3f 100755
fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -242,7 +248,12 @@ then
echo "${p1}" >> $TEMPFCFILE
echo "${p1}" >> $TEMPFCFILE
logit "skipping the directory ${p}"
done
-FC=$TEMPFCFILE
@ -3646,7 +3646,7 @@ index 3b0b108..c49f0d6 100644 @@ -3646,7 +3646,7 @@ index 3b0b108..c49f0d6 100644
import audit
+ #test if audit module is enabled
+ audit.audit_close(audit.audit_open())

class logger:
def __init__(self):
@ -3699,7 +3699,7 @@ index 3b0b108..c49f0d6 100644 @@ -3699,7 +3699,7 @@ index 3b0b108..c49f0d6 100644
@@ -384,8 +412,13 @@ class moduleRecords(semanageRecords):
raise ValueError(_("Could not disable module %s") % m)
self.commit()

+ # Obsolete - "add()" does the same while allowing the user to set priority
def modify(self, file):
- rc = semanage_module_update_file(self.sh, file)
@ -3710,13 +3710,13 @@ index 3b0b108..c49f0d6 100644 @@ -3710,13 +3710,13 @@ index 3b0b108..c49f0d6 100644
+ rc = semanage_module_install_file(self.sh, file)
if rc >= 0:
self.commit()

@@ -557,7 +590,6 @@ class loginRecords(semanageRecords):

semanage_seuser_key_free(k)
semanage_seuser_free(u)
- self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)

def add(self, name, sename, serange):
try:
@@ -565,7 +597,6 @@ class loginRecords(semanageRecords):
@ -3725,14 +3725,14 @@ index 3b0b108..c49f0d6 100644 @@ -3725,14 +3725,14 @@ index 3b0b108..c49f0d6 100644
except ValueError, error:
- self.mylog.commit(0)
raise error

def __modify(self, name, sename="", serange=""):
@@ -617,7 +648,6 @@ class loginRecords(semanageRecords):

semanage_seuser_key_free(k)
semanage_seuser_free(u)
- self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)

def modify(self, name, sename="", serange=""):
try:
@@ -625,7 +655,6 @@ class loginRecords(semanageRecords):
@ -3741,12 +3741,12 @@ index 3b0b108..c49f0d6 100644 @@ -3741,12 +3741,12 @@ index 3b0b108..c49f0d6 100644
except ValueError, error:
- self.mylog.commit(0)
raise error

def __delete(self, name):
@@ -658,8 +687,6 @@ class loginRecords(semanageRecords):
rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
range, (rc, serole) = userrec.get(self.sename)

- self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
-
def delete(self, name):
@ -3754,11 +3754,11 @@ index 3b0b108..c49f0d6 100644 @@ -3754,11 +3754,11 @@ index 3b0b108..c49f0d6 100644
self.begin()
@@ -667,7 +694,6 @@ class loginRecords(semanageRecords):
self.commit()

except ValueError, error:
- self.mylog.commit(0)
raise error

def deleteall(self):
@@ -681,7 +707,6 @@ class loginRecords(semanageRecords):
self.__delete(semanage_seuser_get_name(u))
@ -3766,7 +3766,7 @@ index 3b0b108..c49f0d6 100644 @@ -3766,7 +3766,7 @@ index 3b0b108..c49f0d6 100644
except ValueError, error:
- self.mylog.commit(0)
raise error

def get_all_logins(self):
@@ -1109,6 +1134,8 @@ class portRecords(semanageRecords):
semanage_port_key_free(k)
@ -7385,7 +7385,7 @@ index 6db390c..34d34eb 100644 @@ -7385,7 +7385,7 @@ index 6db390c..34d34eb 100644
+++ policycoreutils-2.5/semodule/semodule.8
@@ -3,7 +3,7 @@
semodule \- Manage SELinux policy modules.

.SH SYNOPSIS
-.B semodule [options]... MODE [MODES]...
+.B semodule [option]... MODE...
@ -7395,7 +7395,7 @@ index 6db390c..34d34eb 100644 @@ -7395,7 +7395,7 @@ index 6db390c..34d34eb 100644
@@ -15,7 +15,7 @@ any other transaction. semodule acts on module packages created
by semodule_package. Conventionally, these files have a .pp suffix
(policy package), although this is not mandated in any way.

-.SH "OPTIONS"
+.SH "MODES"
.TP
@ -7502,13 +7502,13 @@ index bcfaa2b..d053493 100644 @@ -7502,13 +7502,13 @@ index bcfaa2b..d053493 100644
--- policycoreutils-2.5/semodule/semodule.c
+++ policycoreutils-2.5/semodule/semodule.c
@@ -120,26 +120,26 @@ static void create_signal_handlers(void)

static void usage(char *progname)
{
- printf("usage: %s [options]... MODE [MODES]...\n", progname);
+ printf("usage: %s [option]... MODE...\n", progname);
printf("Manage SELinux policy modules.\n");
printf("MODES:\n");
printf("Manage SELinux policy modules.\n");
printf("MODES:\n");
printf(" -R, --reload reload policy\n");
printf(" -B, --build build and reload policy\n");
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
@ -7520,19 +7520,19 @@ index bcfaa2b..d053493 100644 @@ -7520,19 +7520,19 @@ index bcfaa2b..d053493 100644
printf(" KIND: standard list highest priority, enabled modules\n");
printf(" full list all modules\n");
printf(" -X,--priority=PRIORITY set priority for following operations (1-999)\n");
printf(" -e,--enable=MODULE_NAME enable module\n");
printf(" -d,--disable=MODULE_NAME disable module\n");
printf(" -E,--extract=MODULE_NAME extract module\n");
printf(" -e,--enable=MODULE_NAME enable module\n");
printf(" -d,--disable=MODULE_NAME disable module\n");
printf(" -E,--extract=MODULE_NAME extract module\n");
- printf("Other options:\n");
+ printf("Options:\n");
printf(" -s,--store name of the store to operate on\n");
printf(" -N,-n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
printf(" -v,--verbose be verbose\n");
printf(" -s,--store name of the store to operate on\n");
printf(" -N,-n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
printf(" -v,--verbose be verbose\n");
- printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
printf(" -P,--preserve_tunables Preserve tunables in policy\n");
printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n");
printf(" -p,--path use an alternate path for the policy root\n");
printf(" -P,--preserve_tunables Preserve tunables in policy\n");
printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n");
printf(" -p,--path use an alternate path for the policy root\n");
@@ -209,7 +209,7 @@ static void parse_command_line(int argc, char **argv)
no_reload = 0;
priority = 400;
@ -7642,9 +7642,9 @@ index bbb6844..ceb5c9b 100644 @@ -7642,9 +7642,9 @@ index bbb6844..ceb5c9b 100644
* Copyright (C) 2003-2008 Tresys Technology, LLC
*
@@ -52,6 +54,13 @@

#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"

+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
@ -7654,7 +7654,7 @@ index bbb6844..ceb5c9b 100644 @@ -7654,7 +7654,7 @@ index bbb6844..ceb5c9b 100644
+
enum input
{
TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS
TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS
@@ -94,7 +103,6 @@ static PyObject* get_sens(const char *name, const apol_policy_t * policydb)
{
PyObject *dict = NULL;
@ -8294,9 +8294,9 @@ index 7900586..09d2b24 100644 @@ -8294,9 +8294,9 @@ index 7900586..09d2b24 100644
+++ policycoreutils-2.5/sepolicy/sepolicy.8
@@ -22,14 +22,15 @@ Query SELinux policy to see if domains can communicate with each other
.br

.B generate
-.br
-.br
.br
Generate SELinux Policy module template
-.B gui
@ -8309,7 +8309,7 @@ index 7900586..09d2b24 100644 @@ -8309,7 +8309,7 @@ index 7900586..09d2b24 100644
-.B sepolicy-generate(8)
+.B sepolicy-gui(8)
.br

.B interface
diff --git policycoreutils-2.5/sepolicy/sepolicy.py policycoreutils-2.5/sepolicy/sepolicy.py
index 7d57f6e..4a162c3 100755
@ -8346,7 +8346,7 @@ index 7d57f6e..4a162c3 100755 @@ -8346,7 +8346,7 @@ index 7d57f6e..4a162c3 100755
usage_dict = {' --newtype': ('-t [TYPES [TYPES ...]]',), ' --customize': ('-d DOMAIN', '-a ADMIN_DOMAIN', "[ -w WRITEPATHS ]",), ' --admin_user': ('[-r TRANSITION_ROLE ]', "[ -w WRITEPATHS ]",), ' --application': ('COMMAND', "[ -w WRITEPATHS ]",), ' --cgi': ('COMMAND', "[ -w WRITEPATHS ]",), ' --confined_admin': ('-a ADMIN_DOMAIN', "[ -w WRITEPATHS ]",), ' --dbus': ('COMMAND', "[ -w WRITEPATHS ]",), ' --desktop_user': ('', "[ -w WRITEPATHS ]",), ' --inetd': ('COMMAND', "[ -w WRITEPATHS ]",), ' --init': ('COMMAND', "[ -w WRITEPATHS ]",), ' --sandbox': ("[ -w WRITEPATHS ]",), ' --term_user': ("[ -w WRITEPATHS ]",), ' --x_user': ("[ -w WRITEPATHS ]",)}
@@ -55,8 +59,6 @@ class CheckPath(argparse.Action):
class CheckType(argparse.Action):

def __call__(self, parser, namespace, values, option_string=None):
- domains = sepolicy.get_all_domains()
-
@ -8355,7 +8355,7 @@ index 7d57f6e..4a162c3 100755 @@ -8355,7 +8355,7 @@ index 7d57f6e..4a162c3 100755
else:
@@ -98,7 +100,7 @@ class CheckDomain(argparse.Action):
domains = sepolicy.get_all_domains()

if isinstance(values, str):
- if values not in domains:
+ if sepolicy.get_real_type_name(values) not in domains:
@ -8364,7 +8364,7 @@ index 7d57f6e..4a162c3 100755 @@ -8364,7 +8364,7 @@ index 7d57f6e..4a162c3 100755
else:
@@ -107,7 +109,7 @@ class CheckDomain(argparse.Action):
newval = []

for v in values:
- if v not in domains:
+ if sepolicy.get_real_type_name(v) not in domains:

Write Preview
Loading…
Cancel
Save