Constraint rules in output need to be commented in order to make a policy
compilable.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
Patch-by: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
By default in Python3 hash uses random seed as salt, this leads to
different order in output from functions which rely on hash as are
dicts and sets. Tests in sepolgen relied on the frozen order.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
Replace usage of print statement with print function.
Use `in` instead of `has_key` when checking for key in dict.
When using `raise` add text (if any) as parameter of exception function.
Add Python3 imports of moved modules.
Replace `map` with list comprehension.
Use reserved word `as` in try-except when catching exception.
Replace `ifilter` function with `filter`.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
xrange function is gone in Python3 and instead range is
xrange by default. Also it doesnt seem to be important
to have xrange used in tests on Python2.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
In Python3 all strings are by default Unicode and both Unicode and String
types are removed from types module. We introduce separate
variables `bytes_type` and `string_type` to reflect Python3 understanding
of strings, on Python2 `bytes_type` refers to <str> and `string_type` to
<unicode>, on Python3 `bytes_type` are <bytes> and `string_type` <str>.
As all strings are Unicodes by default on Python3 we encode them to
bytes when needed as late as possible.
Also other attributes were replaced with their equivalents from
builtins which are available for both Python3 and Python2.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
In Python3 the __cmp__ function is removed, and rich
comparison should be used instead.
Also the cmp function is gone in Python3 therefore it is
reimplemented in util.py and used if running on Python3.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
sha256 hash operates with bytes and in Python3 all strings are unicode
by default, we must encode the data before hashing to ensure they
are bytes in Python3
Signed-off-by: Robert Kuska <rkuska@redhat.com>
Since Python 2.4 .sort() as well as the new sorted() function
take a key parameter which should be a function that returns
a sorting key.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
In Python 3, special function attributes have been
renamed for consistency with other attributes.
__code__ attribute is also present in py2.7 and py2.6
Signed-off-by: Robert Kuska <rkuska@redhat.com>
Python 3 changes the syntax for imports from within a package,
requiring you to use the relative import syntax,
saying from . import mymodule instead of the just import mymodule.
Signed-off-by: Robert Kuska <rkuska@redhat.com>
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
This fixes the build with "make PYTHON=python2" on systems where python
is python3.
For PYLIBVER and PYTHONLIBDIR definitions, I tested Python 2.5, 2.6, 2.7,
3.3 and 3.4. For each of them, these commands print the expected result:
python -c 'import sys;print("python%d.%d" % sys.version_info[0:2])'"
python -c "from distutils.sysconfig import *;print(get_python_lib(1))"
Acked-by: Steve Lawrence <slawrence@tresys.com>
The addition of this rule caused interface vectors to be less accurate.
The grammar looks correct without the rule, so remove it.
Reverted hunk from commit 17cc87e56b
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Help the administrator/policy developer to see what parts of the label are different.
For example if you get a constraint violation and the role of the source and target
differ, audit2allow will suggest this might be the problem.
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version. Switching to 2-component versions.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
audit2allow was generating rules which would not compile. We can only
do one per line, not tons of types at one time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Return low quality matches as well as high quality matches. Sometimes
we just want the crap with the sugar.
Signed-off-by: Eric Paris <eparis@redhat.com>
Filenames can have a +, so we should be able to parse and handle those
files.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>