From 25d0a63649ccbc00278f506a51a9d40d7230ac71 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7ppc64bebuilder0 Date: Sun, 16 Dec 2018 15:09:04 +0100 Subject: [PATCH] policycoreutils patch update Signed-off-by: basebuilder_pel7ppc64bebuilder0 --- SOURCES/policycoreutils-rhel.patch | 76 +++++++++++++++--------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/SOURCES/policycoreutils-rhel.patch b/SOURCES/policycoreutils-rhel.patch index 059307ca..f453d082 100644 --- a/SOURCES/policycoreutils-rhel.patch +++ b/SOURCES/policycoreutils-rhel.patch @@ -2723,7 +2723,7 @@ index 5c29eb9..401be3f 100755 fi [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon @@ -242,7 +248,12 @@ then - echo "${p1}" >> $TEMPFCFILE + echo "${p1}" >> $TEMPFCFILE logit "skipping the directory ${p}" done -FC=$TEMPFCFILE @@ -3646,7 +3646,7 @@ index 3b0b108..c49f0d6 100644 import audit + #test if audit module is enabled + audit.audit_close(audit.audit_open()) - + class logger: def __init__(self): @@ -3699,7 +3699,7 @@ index 3b0b108..c49f0d6 100644 @@ -384,8 +412,13 @@ class moduleRecords(semanageRecords): raise ValueError(_("Could not disable module %s") % m) self.commit() - + + # Obsolete - "add()" does the same while allowing the user to set priority def modify(self, file): - rc = semanage_module_update_file(self.sh, file) @@ -3710,13 +3710,13 @@ index 3b0b108..c49f0d6 100644 + rc = semanage_module_install_file(self.sh, file) if rc >= 0: self.commit() - + @@ -557,7 +590,6 @@ class loginRecords(semanageRecords): - + semanage_seuser_key_free(k) semanage_seuser_free(u) - self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) - + def add(self, name, sename, serange): try: @@ -565,7 +597,6 @@ class loginRecords(semanageRecords): @@ -3725,14 +3725,14 @@ index 3b0b108..c49f0d6 100644 except ValueError, error: - self.mylog.commit(0) raise error - + def __modify(self, name, sename="", serange=""): @@ -617,7 +648,6 @@ class loginRecords(semanageRecords): - + semanage_seuser_key_free(k) semanage_seuser_free(u) - self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) - + def modify(self, name, sename="", serange=""): try: @@ -625,7 +655,6 @@ class loginRecords(semanageRecords): @@ -3741,12 +3741,12 @@ index 3b0b108..c49f0d6 100644 except ValueError, error: - self.mylog.commit(0) raise error - + def __delete(self, name): @@ -658,8 +687,6 @@ class loginRecords(semanageRecords): rec, self.sename, self.serange = selinux.getseuserbyname("__default__") range, (rc, serole) = userrec.get(self.sename) - + - self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) - def delete(self, name): @@ -3754,11 +3754,11 @@ index 3b0b108..c49f0d6 100644 self.begin() @@ -667,7 +694,6 @@ class loginRecords(semanageRecords): self.commit() - + except ValueError, error: - self.mylog.commit(0) raise error - + def deleteall(self): @@ -681,7 +707,6 @@ class loginRecords(semanageRecords): self.__delete(semanage_seuser_get_name(u)) @@ -3766,7 +3766,7 @@ index 3b0b108..c49f0d6 100644 except ValueError, error: - self.mylog.commit(0) raise error - + def get_all_logins(self): @@ -1109,6 +1134,8 @@ class portRecords(semanageRecords): semanage_port_key_free(k) @@ -7385,7 +7385,7 @@ index 6db390c..34d34eb 100644 +++ policycoreutils-2.5/semodule/semodule.8 @@ -3,7 +3,7 @@ semodule \- Manage SELinux policy modules. - + .SH SYNOPSIS -.B semodule [options]... MODE [MODES]... +.B semodule [option]... MODE... @@ -7395,7 +7395,7 @@ index 6db390c..34d34eb 100644 @@ -15,7 +15,7 @@ any other transaction. semodule acts on module packages created by semodule_package. Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way. - + -.SH "OPTIONS" +.SH "MODES" .TP @@ -7502,13 +7502,13 @@ index bcfaa2b..d053493 100644 --- policycoreutils-2.5/semodule/semodule.c +++ policycoreutils-2.5/semodule/semodule.c @@ -120,26 +120,26 @@ static void create_signal_handlers(void) - + static void usage(char *progname) { - printf("usage: %s [options]... MODE [MODES]...\n", progname); + printf("usage: %s [option]... MODE...\n", progname); - printf("Manage SELinux policy modules.\n"); - printf("MODES:\n"); + printf("Manage SELinux policy modules.\n"); + printf("MODES:\n"); printf(" -R, --reload reload policy\n"); printf(" -B, --build build and reload policy\n"); + printf(" -D,--disable_dontaudit Remove dontaudits from policy\n"); @@ -7520,19 +7520,19 @@ index bcfaa2b..d053493 100644 printf(" KIND: standard list highest priority, enabled modules\n"); printf(" full list all modules\n"); printf(" -X,--priority=PRIORITY set priority for following operations (1-999)\n"); - printf(" -e,--enable=MODULE_NAME enable module\n"); - printf(" -d,--disable=MODULE_NAME disable module\n"); - printf(" -E,--extract=MODULE_NAME extract module\n"); + printf(" -e,--enable=MODULE_NAME enable module\n"); + printf(" -d,--disable=MODULE_NAME disable module\n"); + printf(" -E,--extract=MODULE_NAME extract module\n"); - printf("Other options:\n"); + printf("Options:\n"); - printf(" -s,--store name of the store to operate on\n"); - printf(" -N,-n,--noreload do not reload policy after commit\n"); - printf(" -h,--help print this message and quit\n"); - printf(" -v,--verbose be verbose\n"); + printf(" -s,--store name of the store to operate on\n"); + printf(" -N,-n,--noreload do not reload policy after commit\n"); + printf(" -h,--help print this message and quit\n"); + printf(" -v,--verbose be verbose\n"); - printf(" -D,--disable_dontaudit Remove dontaudits from policy\n"); - printf(" -P,--preserve_tunables Preserve tunables in policy\n"); - printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); - printf(" -p,--path use an alternate path for the policy root\n"); + printf(" -P,--preserve_tunables Preserve tunables in policy\n"); + printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); + printf(" -p,--path use an alternate path for the policy root\n"); @@ -209,7 +209,7 @@ static void parse_command_line(int argc, char **argv) no_reload = 0; priority = 400; @@ -7642,9 +7642,9 @@ index bbb6844..ceb5c9b 100644 * Copyright (C) 2003-2008 Tresys Technology, LLC * @@ -52,6 +54,13 @@ - + #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" - + +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 +#endif @@ -7654,7 +7654,7 @@ index bbb6844..ceb5c9b 100644 + enum input { - TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS + TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS @@ -94,7 +103,6 @@ static PyObject* get_sens(const char *name, const apol_policy_t * policydb) { PyObject *dict = NULL; @@ -8294,9 +8294,9 @@ index 7900586..09d2b24 100644 +++ policycoreutils-2.5/sepolicy/sepolicy.8 @@ -22,14 +22,15 @@ Query SELinux policy to see if domains can communicate with each other .br - + .B generate --.br +-.br .br Generate SELinux Policy module template -.B gui @@ -8309,7 +8309,7 @@ index 7900586..09d2b24 100644 -.B sepolicy-generate(8) +.B sepolicy-gui(8) .br - + .B interface diff --git policycoreutils-2.5/sepolicy/sepolicy.py policycoreutils-2.5/sepolicy/sepolicy.py index 7d57f6e..4a162c3 100755 @@ -8346,7 +8346,7 @@ index 7d57f6e..4a162c3 100755 usage_dict = {' --newtype': ('-t [TYPES [TYPES ...]]',), ' --customize': ('-d DOMAIN', '-a ADMIN_DOMAIN', "[ -w WRITEPATHS ]",), ' --admin_user': ('[-r TRANSITION_ROLE ]', "[ -w WRITEPATHS ]",), ' --application': ('COMMAND', "[ -w WRITEPATHS ]",), ' --cgi': ('COMMAND', "[ -w WRITEPATHS ]",), ' --confined_admin': ('-a ADMIN_DOMAIN', "[ -w WRITEPATHS ]",), ' --dbus': ('COMMAND', "[ -w WRITEPATHS ]",), ' --desktop_user': ('', "[ -w WRITEPATHS ]",), ' --inetd': ('COMMAND', "[ -w WRITEPATHS ]",), ' --init': ('COMMAND', "[ -w WRITEPATHS ]",), ' --sandbox': ("[ -w WRITEPATHS ]",), ' --term_user': ("[ -w WRITEPATHS ]",), ' --x_user': ("[ -w WRITEPATHS ]",)} @@ -55,8 +59,6 @@ class CheckPath(argparse.Action): class CheckType(argparse.Action): - + def __call__(self, parser, namespace, values, option_string=None): - domains = sepolicy.get_all_domains() - @@ -8355,7 +8355,7 @@ index 7d57f6e..4a162c3 100755 else: @@ -98,7 +100,7 @@ class CheckDomain(argparse.Action): domains = sepolicy.get_all_domains() - + if isinstance(values, str): - if values not in domains: + if sepolicy.get_real_type_name(values) not in domains: @@ -8364,7 +8364,7 @@ index 7d57f6e..4a162c3 100755 else: @@ -107,7 +109,7 @@ class CheckDomain(argparse.Action): newval = [] - + for v in values: - if v not in domains: + if sepolicy.get_real_type_name(v) not in domains: