I checked and it looks like append has been a 1 for permission weighting since
the very beginning. But that makes no sense - append lets you write to files.
So this should be a 10.
I changed all instances of append but, honestly, I'm not clear on many of them.
I did verify that if you open a file with O_APPEND and then write to that file
you only need append - you don't need write. Here is my test program:
int main(int argc, char** argv) {
int fd = open("test_file", O_APPEND | O_CREAT | O_WRONLY, S_IRWXU | S_IRWXG);
char buf[256];
ssize_t b = write(fd, buf, 256);
printf("%zd\n", b);
}
Running this in a domain with no permissions shows that we need:
allow lprog user_home_dir_t:file { append create open };
Which is what I expected - but this being wrong for so long made me question
my understanding of how this worked.
"setup.py build_qhc" invokes qcollectiongenerator on qhc/apol.qhcp,
which produces two files:
- apol.qhc, a Qt Help Collection file
- apol.qch, a Qt Compressed Help file
As apol.qhc is merely a set of metadata with a relative link to
apol.qch, Qt Assistant requires both files in order to display Apol
help.
Make "setup.py build_qhc" build both files in setoolsgui/apol/.
Moreover '*.qch' needs to be added to package_data in order to install
apol.qch.
Fixes: https://github.com/TresysTechnology/setools/issues/165
* Search for libsepol in /usr/local
* Support filename transition and range transitions rules in the new hashtable storage of libsepol
* Fix off-by-one bug in traversing hashtables and minor compile fixes under Fedora 25.
* Remove debugging.
* The policy_define.c that uses hashtables was not setting the otype for filetrans_rules. This
appears intentional (the hashtable is just being filled out to detect duplicates based on the comments),
but for qpol was causing problems.
With Python 3, the values in a set are randomly organised. Therefore the
representation of the set of permissions of an allow/dontaudit/...
statement is not stable across execution.
Sort the permissions when converting them as strings.
