policycoreutils patch update

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
2018-12-16 15:09:04 +01:00 · 2018-12-16 15:09:04 +01:00 · 25d0a63649
parent ce7a691b61
commit 25d0a63649
1 changed files with 38 additions and 38 deletions
--- a/SOURCES/policycoreutils-rhel.patch
+++ b/SOURCES/policycoreutils-rhel.patch
@ -2723,7 +2723,7 @@ index 5c29eb9..401be3f 100755
 fi
 [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -242,7 +248,12 @@ then
-		echo "${p1}" >> $TEMPFCFILE
+ 		echo "${p1}" >> $TEMPFCFILE
 		logit "skipping the directory ${p}"
 	done
 -FC=$TEMPFCFILE
@ -3646,7 +3646,7 @@ index 3b0b108..c49f0d6 100644
     import audit
 +    #test if audit module is enabled
 +    audit.audit_close(audit.audit_open())
-
+ 
     class logger:
 
         def __init__(self):
@ -3699,7 +3699,7 @@ index 3b0b108..c49f0d6 100644
@@ -384,8 +412,13 @@ class moduleRecords(semanageRecords):
                     raise ValueError(_("Could not disable module %s") % m)
         self.commit()
-
+ 
 +    # Obsolete - "add()" does the same while allowing the user to set priority
     def modify(self, file):
 -        rc = semanage_module_update_file(self.sh, file)
@ -3710,13 +3710,13 @@ index 3b0b108..c49f0d6 100644
 +        rc = semanage_module_install_file(self.sh, file)
         if rc >= 0:
             self.commit()
-
+ 
@@ -557,7 +590,6 @@ class loginRecords(semanageRecords):
-
+ 
         semanage_seuser_key_free(k)
         semanage_seuser_free(u)
 -        self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
-
+ 
     def add(self, name, sename, serange):
         try:
@@ -565,7 +597,6 @@ class loginRecords(semanageRecords):
@ -3725,14 +3725,14 @@ index 3b0b108..c49f0d6 100644
         except ValueError, error:
 -            self.mylog.commit(0)
             raise error
-
+ 
     def __modify(self, name, sename="", serange=""):
@@ -617,7 +648,6 @@ class loginRecords(semanageRecords):
-
+ 
         semanage_seuser_key_free(k)
         semanage_seuser_free(u)
 -        self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
-
+ 
     def modify(self, name, sename="", serange=""):
         try:
@@ -625,7 +655,6 @@ class loginRecords(semanageRecords):
@ -3741,12 +3741,12 @@ index 3b0b108..c49f0d6 100644
         except ValueError, error:
 -            self.mylog.commit(0)
             raise error
-
+ 
     def __delete(self, name):
@@ -658,8 +687,6 @@ class loginRecords(semanageRecords):
         rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
         range, (rc, serole) = userrec.get(self.sename)
-
+ 
 -        self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
 -
     def delete(self, name):
@ -3754,11 +3754,11 @@ index 3b0b108..c49f0d6 100644
             self.begin()
@@ -667,7 +694,6 @@ class loginRecords(semanageRecords):
             self.commit()
-
+ 
         except ValueError, error:
 -            self.mylog.commit(0)
             raise error
-
+ 
     def deleteall(self):
@@ -681,7 +707,6 @@ class loginRecords(semanageRecords):
                 self.__delete(semanage_seuser_get_name(u))
@ -3766,7 +3766,7 @@ index 3b0b108..c49f0d6 100644
         except ValueError, error:
 -            self.mylog.commit(0)
             raise error
-
+ 
     def get_all_logins(self):
@@ -1109,6 +1134,8 @@ class portRecords(semanageRecords):
         semanage_port_key_free(k)
@ -7385,7 +7385,7 @@ index 6db390c..34d34eb 100644
 +++ policycoreutils-2.5/semodule/semodule.8
@@ -3,7 +3,7 @@
 semodule \- Manage SELinux policy modules.
-
+ 
 .SH SYNOPSIS
 -.B semodule [options]... MODE [MODES]...
 +.B semodule [option]... MODE...
@ -7395,7 +7395,7 @@ index 6db390c..34d34eb 100644
@@ -15,7 +15,7 @@ any other transaction.  semodule acts on module packages created
 by semodule_package.  Conventionally, these files have a .pp suffix
 (policy package), although this is not mandated in any way.
-
+ 
 -.SH "OPTIONS"
 +.SH "MODES"
 .TP
@ -7502,13 +7502,13 @@ index bcfaa2b..d053493 100644
 --- policycoreutils-2.5/semodule/semodule.c
 +++ policycoreutils-2.5/semodule/semodule.c
@@ -120,26 +120,26 @@ static void create_signal_handlers(void)
-
+ 
 static void usage(char *progname)
 {
 -	printf("usage:  %s [options]... MODE [MODES]...\n", progname);
 +	printf("usage:  %s [option]... MODE...\n", progname);
-	printf("Manage SELinux policy modules.\n");
-	printf("MODES:\n");
+ 	printf("Manage SELinux policy modules.\n");
+ 	printf("MODES:\n");
 	printf("  -R, --reload		    reload policy\n");
 	printf("  -B, --build		    build and reload policy\n");
 +	printf("  -D,--disable_dontaudit    Remove dontaudits from policy\n");
@ -7520,19 +7520,19 @@ index bcfaa2b..d053493 100644
 	printf("     KIND:  standard  list highest priority, enabled modules\n");
 	printf("            full      list all modules\n");
 	printf("  -X,--priority=PRIORITY    set priority for following operations (1-999)\n");
-	printf("  -e,--enable=MODULE_NAME   enable module\n");
-	printf("  -d,--disable=MODULE_NAME  disable module\n");
-	printf("  -E,--extract=MODULE_NAME  extract module\n");
+ 	printf("  -e,--enable=MODULE_NAME   enable module\n");
+ 	printf("  -d,--disable=MODULE_NAME  disable module\n");
+ 	printf("  -E,--extract=MODULE_NAME  extract module\n");
 -	printf("Other options:\n");
 +	printf("Options:\n");
-	printf("  -s,--store	   name of the store to operate on\n");
-	printf("  -N,-n,--noreload do not reload policy after commit\n");
-	printf("  -h,--help        print this message and quit\n");
-	printf("  -v,--verbose     be verbose\n");
+ 	printf("  -s,--store	   name of the store to operate on\n");
+ 	printf("  -N,-n,--noreload do not reload policy after commit\n");
+ 	printf("  -h,--help        print this message and quit\n");
+ 	printf("  -v,--verbose     be verbose\n");
 -	printf("  -D,--disable_dontaudit	Remove dontaudits from policy\n");
-	printf("  -P,--preserve_tunables	Preserve tunables in policy\n");
-	printf("  -C,--ignore-module-cache	Rebuild CIL modules compiled from HLL files\n");
-	printf("  -p,--path        use an alternate path for the policy root\n");
+ 	printf("  -P,--preserve_tunables	Preserve tunables in policy\n");
+ 	printf("  -C,--ignore-module-cache	Rebuild CIL modules compiled from HLL files\n");
+ 	printf("  -p,--path        use an alternate path for the policy root\n");
@@ -209,7 +209,7 @@ static void parse_command_line(int argc, char **argv)
 	no_reload = 0;
 	priority = 400;
@ -7642,9 +7642,9 @@ index bbb6844..ceb5c9b 100644
  *  Copyright (C) 2003-2008 Tresys Technology, LLC
  *
@@ -52,6 +54,13 @@
-
+ 
 #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
-
+ 
 +#ifndef IPPROTO_DCCP
 +#define IPPROTO_DCCP 33
 +#endif
@ -7654,7 +7654,7 @@ index bbb6844..ceb5c9b 100644
 +
 enum input
 {
-	TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS
+ 	TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS
@@ -94,7 +103,6 @@ static PyObject* get_sens(const char *name, const apol_policy_t * policydb)
 {
 	PyObject *dict = NULL;
@ -8294,9 +8294,9 @@ index 7900586..09d2b24 100644
 +++ policycoreutils-2.5/sepolicy/sepolicy.8
@@ -22,14 +22,15 @@ Query SELinux policy to see if domains can communicate with each other
 .br
-
+ 
 .B    generate
-.br
+-.br 
 .br
 Generate SELinux Policy module template
 -.B    gui
@ -8309,7 +8309,7 @@ index 7900586..09d2b24 100644
 -.B sepolicy-generate(8)
 +.B sepolicy-gui(8)
 .br
-
+ 
 .B    interface
 diff --git policycoreutils-2.5/sepolicy/sepolicy.py policycoreutils-2.5/sepolicy/sepolicy.py
 index 7d57f6e..4a162c3 100755
@ -8346,7 +8346,7 @@ index 7d57f6e..4a162c3 100755
 usage_dict = {' --newtype': ('-t [TYPES [TYPES ...]]',), ' --customize': ('-d DOMAIN', '-a  ADMIN_DOMAIN', "[ -w WRITEPATHS ]",), ' --admin_user': ('[-r TRANSITION_ROLE ]', "[ -w WRITEPATHS ]",), ' --application': ('COMMAND', "[ -w WRITEPATHS ]",), ' --cgi': ('COMMAND', "[ -w WRITEPATHS ]",), ' --confined_admin': ('-a  ADMIN_DOMAIN', "[ -w WRITEPATHS ]",), ' --dbus': ('COMMAND', "[ -w WRITEPATHS ]",), ' --desktop_user': ('', "[ -w WRITEPATHS ]",), ' --inetd': ('COMMAND', "[ -w WRITEPATHS ]",), ' --init': ('COMMAND', "[ -w WRITEPATHS ]",), ' --sandbox': ("[ -w WRITEPATHS ]",), ' --term_user': ("[ -w WRITEPATHS ]",), ' --x_user': ("[ -w WRITEPATHS ]",)}
@@ -55,8 +59,6 @@ class CheckPath(argparse.Action):
 class CheckType(argparse.Action):
-
+ 
     def __call__(self, parser, namespace, values, option_string=None):
 -        domains = sepolicy.get_all_domains()
 -
@ -8355,7 +8355,7 @@ index 7d57f6e..4a162c3 100755
         else:
@@ -98,7 +100,7 @@ class CheckDomain(argparse.Action):
         domains = sepolicy.get_all_domains()
-
+ 
         if isinstance(values, str):
 -            if values not in domains:
 +            if sepolicy.get_real_type_name(values) not in domains:
@ -8364,7 +8364,7 @@ index 7d57f6e..4a162c3 100755
         else:
@@ -107,7 +109,7 @@ class CheckDomain(argparse.Action):
                 newval = []
-
+ 
             for v in values:
 -                if v not in domains:
 +                if sepolicy.get_real_type_name(v) not in domains: