This will allow users to specify a single port number and see which
portcons apply. This is more in line with user expectations than the
current exact match behavior. Closes#171.
The network property will return an IPv4Network or IPv6Network based on the
nodecon. If the policy has host bits set, the ipaddress module will
simply ignore the host bits, so there may be unexpected results in network
comparisons.
Closes#108
When installing setools with python setup.py install,
setools/policyrep/qpol.py is not copied to the destination directory.
This is because the file is generated in step build_ext and Python files
are copied beforehand (in step build_py).
A simple workaround consists in running "setup.py build_ext" before
building and installing setools. Document this in the README.
Closes: https://github.com/TresysTechnology/setools/issues/173
I checked and it looks like append has been a 1 for permission weighting since
the very beginning. But that makes no sense - append lets you write to files.
So this should be a 10.
I changed all instances of append but, honestly, I'm not clear on many of them.
I did verify that if you open a file with O_APPEND and then write to that file
you only need append - you don't need write. Here is my test program:
int main(int argc, char** argv) {
int fd = open("test_file", O_APPEND | O_CREAT | O_WRONLY, S_IRWXU | S_IRWXG);
char buf[256];
ssize_t b = write(fd, buf, 256);
printf("%zd\n", b);
}
Running this in a domain with no permissions shows that we need:
allow lprog user_home_dir_t:file { append create open };
Which is what I expected - but this being wrong for so long made me question
my understanding of how this worked.
"setup.py build_qhc" invokes qcollectiongenerator on qhc/apol.qhcp,
which produces two files:
- apol.qhc, a Qt Help Collection file
- apol.qch, a Qt Compressed Help file
As apol.qhc is merely a set of metadata with a relative link to
apol.qch, Qt Assistant requires both files in order to display Apol
help.
Make "setup.py build_qhc" build both files in setoolsgui/apol/.
Moreover '*.qch' needs to be added to package_data in order to install
apol.qch.
Fixes: https://github.com/TresysTechnology/setools/issues/165
* Search for libsepol in /usr/local
* Support filename transition and range transitions rules in the new hashtable storage of libsepol
* Fix off-by-one bug in traversing hashtables and minor compile fixes under Fedora 25.
* Remove debugging.
* The policy_define.c that uses hashtables was not setting the otype for filetrans_rules. This
appears intentional (the hashtable is just being filled out to detect duplicates based on the comments),
but for qpol was causing problems.
With Python 3, the values in a set are randomly organised. Therefore the
representation of the set of permissions of an allow/dontaudit/...
statement is not stable across execution.
Sort the permissions when converting them as strings.
