When "sepolicy manpage" generates descriptions for file type, it uses a
mispelled _ra_content_t suffix for prettyprinting, which results in an
unwanted double-space on the line.
For example sepolicy manpage -d httpd_t produces:
.EX
.P
.B httpd_apcupsd_cgi_ra_content_t
.EE
- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you
want to treat the files as httpd apcupsd cgi read/append content.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
When running "sepolicy manpage" on a system without file_contexts.local,
the command fails with:
FileNotFoundError: [Errno 2] No such file or directory:
'//etc/selinux/refpolicy/contexts/files/file_contexts.local'
Verify that the file exists before using it.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Commit c624c4abaaf3 ("sepolicy: Fix syntax errors in 'manpage -w'")
missed an occurence of print statement. While at it, fix self.os_version
test.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
SETools4 and Python 3 versions of map() and filter() uses iterators to
generates query results and these iterators can't be imply re-used. It
makes manpage and transitions operations really slow as they do lot of queries.
This patch changes it in the way that it caches results in lists for all
types, allow rules and transitions first and use cached results to
filter them using Python's filter() function.
Before:
$ time sepolicy manpage -d httpd_t sshd_t init_t
real 0m53.486s
user 0m53.171s
sys 0m0.054s
After:
$ time sepolicy manpage -d httpd_t sshd_t init_t
real 0m10.532s
user 0m10.368s
sys 0m0.114s
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes:
File "python/sepolicy/sepolicy/manpage.py", line 373, in _gen_css
print("%s has been created") % style_css
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
As reported by Nicolas Iooss, there are still some inconsistencies
in the definitions and usage of Makefile variables related to bin
and sbin directories. Since we need to still support non-usrmerge
systems, we cannot completely synchronize them, but we can eliminate
unnecessary differences, remove unused variables, and drop the
USRSBINDIR variables.
Before:
$ find . -name Makefile -exec cat {} + |grep '^[A-Z_]*BINDIR' |sort -u
BINDIR=$(PREFIX)/bin
BINDIR ?= $(PREFIX)/bin
BINDIR ?= $(PREFIX)/sbin
SBINDIR ?= $(DESTDIR)/sbin
SBINDIR ?= $(PREFIX)/sbin
USRSBINDIR ?= $(PREFIX)/sbin
After:
$ find . -name Makefile -exec cat {} + | grep '^[A-Z_]*BINDIR' | sort -u
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(DESTDIR)/sbin
SBINDIR ?= $(PREFIX)/sbin
This does not change the actual install location of any file.
It does drop the legacy symlink from /usr/sbin/load_policy to
/sbin/load_policy; packagers can create that separately if
desired.
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Fixes:
$ sepolicy network -d httpd_t
httpd_t: tcp name_connect
Traceback (most recent call last):
File /usr/bin/sepolicy, line 699, in <module>
args.func(args)
File /usr/bin/sepolicy, line 319, in network
_print_net(d, tcp, name_connect)
File /usr/bin/sepolicy, line 276, in _print_net
port_strings.sort(numcmp)
TypeError: must use keyword argument for key function
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes:
Verify sepolicy interface -c -i works ... Traceback (most recent call last):
File "/usr/bin/sepolicy", line 699, in <module>
args.func(args)
File "/usr/bin/sepolicy", line 508, in interface
print_interfaces(args.interfaces, args)
File "/usr/bin/sepolicy", line 492, in print_interfaces
interface_compile_test(i)
File "/usr/lib/python3.6/site-packages/sepolicy/interface.py", line 226, in interface_compile_test
fd.write(generate_compile_te(interface, idict))
File "/usr/lib/python3.6/site-packages/sepolicy/interface.py", line 184, in generate_compile_te
from templates import test_module
ModuleNotFoundError: No module named 'templates'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes:
$ sepolicy manpage -a
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 699, in <module>
args.func(args)
File "/usr/bin/sepolicy", line 359, in manpage
m = ManPage(domain, path, args.root, args.source_files, args.web)
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 408, in __init__
self.__gen_man_page()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 495, in __gen_man_page
self._entrypoints()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 903, in _entrypoints
if len(entrypoints) > 1:
TypeError: object of type 'map' has no len()
$ sepolicy manpage -a
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 699, in <module>
args.func(args)
File "/usr/bin/sepolicy", line 359, in manpage
m = ManPage(domain, path, args.root, args.source_files, args.web)
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 408, in __init__
self.__gen_man_page()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 497, in __gen_man_page
self._mcs_types()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 927, in _mcs_types
attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
TypeError: 'generator' object is not subscriptable
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
This fixes a problem introduced in 18410c86 where ruletype is specified
as a string not a list.
Fixes:
>>> sepolicy.get_all_role_allows()
Traceback (most recent call last):
File "/usr/lib64/python3.6/site-packages/setools/policyrep/util.py", line 60, in lookup
return cls(value)
File "/usr/lib64/python3.6/enum.py", line 291, in __call__
return cls.__new__(cls, value)
File "/usr/lib64/python3.6/enum.py", line 533, in __new__
return cls._missing_(value)
File "/usr/lib64/python3.6/enum.py", line 546, in _missing_
raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'a' is not a valid RBACRuletype
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes:
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 1447, in stripsort
return cmp(val1, val2)
NameError: name 'cmp' is not defined
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes python3 problem:
>>> print("Failed to retrieve rpm info for %s") % package
Failed to retrieve rpm info for %s
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
map() and filter() changed their return values from list to iterators in
Python 3. This change drops filter() and map() from gui.py to make it
work on Python 2 and 3
Fixes:
Traceback (most recent call last):
File "/bin/sepolicy", line 700, in <module>
args.func(args)
File "/bin/sepolicy", line 326, in gui_run
sepolicy.gui.SELinuxGui(args.domain, args.test)
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 238, in __init__
if self.populate_system_policy() < 2:
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 835, in populate_system_policy
types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0]
TypeError: 'map' object is not subscriptable
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
semodule in policycoreutils-2.4 changed the list format. With this
patch, org.selinux.semodule_list uses 'semodule --list=full' and the
code using this was adapted to the new format.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309
Fixes:
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes:
(sepolicy:2183): Gtk-WARNING **: Could not load image 'images/booleans.png': Failed to open file '/usr/lib64/python3.4/site-packages/sepolicy/images/booleans.png': No such file or directory
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
The toolchain automatically handles them and they break cross compiling.
LDFLAGS should also come before object files, some flags (eg,
-Wl,as-needed) can break things if they are in the wrong place)
Gentoo-Bug: https://bugs.gentoo.org/500674
Signed-off-by: Jason Zaman <jason@perfinion.com>
https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior
A backslash-character pair that is not a valid escape sequence now
generates a DeprecationWarning. Although this will eventually become a
SyntaxError, that will not be for several Python releases.
The problem appears when you use '-W error':
$ python3 -W error -c 'import re; re.findall("[^a-zA-Z0-9_\-\.]", " *%$")'
File "<string>", line 1
SyntaxError: invalid escape sequence \-
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
[ Edited commit message as per suggestion from Petr Lautrbach ]
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
HTMLManPages got domain name by splitting name of selinux manpage
on "_selinux" which doesn't work properly when domain name contains
"_selinux".
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
selinux.security_getenforce() triggers an exception when running tests
on systems without SELinux. In order to skip tests which need SELinux in
enforcing mode, test selinux.is_selinux_enabled() too, like commit
945bc8853b ("sandbox: make test not fail on systems without SELinux").
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Based on 77589dd354218f1f56d1c83747799606fa1b4899 by Dan Walsh.
Speed up gui loading.
Some minor bug fixes.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
sepolicy.get_init_entrypoint() now returns list of Type objects
instead of single string, which caused sepolicy gui to crash.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Aside from typos, change the way markup is applied to a tooltip
in sepolicy/gui so that the text can be translated.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Python code is not platform specific and resides always in
lib (as opposed to lib64 on x64 architectures).
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Radiobutton was always set to "Permissive" and couldn't be switched.
Update radiobutton together with status text in bottom left corner.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
