The tests currently just executed "audit2allow" which meant search in
$PATH. They should instead test the one in the pwd. The files in the
repo are not executable so prefix with "python" also.
Signed-off-by: Jason Zaman <jason@perfinion.com>
Commit b43991f913 broke audit2why because
boolean_desc was imported indirectly via seobject. Use it directly from
sepolicy instead.
$ cd policycoreutils/audit2allow
$ make test
test_audit2why (__main__.Audit2allowTests)
Verify audit2why works ... Traceback (most recent call last):
File "/bin/audit2why", line 365, in <module>
app.main()
File "/bin/audit2why", line 353, in main
self.__output()
File "/bin/audit2why", line 295, in __output
return self.__output_audit2why()
File "/bin/audit2why", line 263, in __output_audit2why
print("\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0]))
AttributeError: 'module' object has no attribute 'boolean_desc'
FAIL
Signed-off-by: Jason Zaman <jason@perfinion.com>
audit2why is supposed to be a symlink to audit2allow. There are instead
2 files in the repo so the makefile has not been replacing audit2why.
Signed-off-by: Jason Zaman <jason@perfinion.com>
When a user has invalid locales set, audit2allow and audit2why fail with
a traceback. This could be safely ignored as it will stay with 'C'
locale.
Fixes:
Traceback (most recent call last):
File "policycoreutils/audit2allow/audit2allow", line 35, in <module>
locale.setlocale(locale.LC_ALL, '')
File "/usr/lib64/python2.7/locale.py", line 579, in setlocale
return _setlocale(category, locale)
locale.Error: unsupported locale setting
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Constraint rules in output need to be commented in order to make a policy
compilable.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
Patch-by: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
When trying to get policycoreutils working in python3, I kept running
into TabErrors:
Traceback (most recent call last):
File "/usr/lib/python-exec/python3.3/semanage", line 27, in <module>
import seobject
File "/usr/lib64/python3.3/site-packages/seobject.py", line 154
context = "%s%s" % (filler, raw)
^
TabError: inconsistent use of tabs and spaces in indentation
Python3 is a lot stricter than python2 regarding whitespace and looks like
previous commits mixed the two. When fixing this, I took the chance to fix
other PEP8 style issues at the same time.
This commit was made using:
$ file $(find . -type f) | grep -i python | sed 's/:.*$//' > pyfiles
$ autopep8 --in-place --ignore=E501,E265 $(cat pyfiles)
The ignore E501 is long lines since there are many that would be wrapped
otherwise, and E265 is block comments that start with ## instead of just #.
Signed-off-by: Jason Zaman <jason@perfinion.com>
- replace print statement with print function
- use reserved word `as` in try-except
- replace deprecated assert_() method with assertTrue() in unit tests
Signed-off-by: Michal Srb <msrb@redhat.com>
This fixes the build with "make PYTHON=python2" on systems where python
is python3.
For PYLIBVER and PYTHONLIBDIR definitions, I tested Python 2.5, 2.6, 2.7,
3.3 and 3.4. For each of them, these commands print the expected result:
python -c 'import sys;print("python%d.%d" % sys.version_info[0:2])'"
python -c "from distutils.sysconfig import *;print(get_python_lib(1))"
Acked-by: Steve Lawrence <slawrence@tresys.com>
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file. It is more likely that you are examining the running policy.
This is purely personal preference. Most of the Makefiles use $() for
Makefile variables, but a couple of places use ${}. Since this obscured
some later Makefile changes I figured I'd just make them all the same up
front.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
module names must begin with a letter, optionally followed by letters,
numbers, "-", "_", "."\n' some of these were being denied.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This patch adds support to actually use the new sepolgen-ifgen attr
helper. We included the helper which generates attribute information
but this patch makes use of it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
Add a --policy option to audit2allow to make it use an
alternate use specified policy instead of the running
policy.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
SELinux pythons applications should not allow the user to change the
sys.path
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
On 03/08/2010 11:11 AM, Karl MacMillan wrote:
> Accidentally sent this straight to Josh.
>
> Karl
>
> On Thu, Mar 4, 2010 at 4:46 PM, Karl MacMillan<karlwmacmillan@gmail.com> wrote:
>
>> I meant this - I don't want to pass around a boolean flag when we have
>> a flag for rule type. This allows cleanly adding support for, say,
>> generating both allow rules and auditallow rules at the same time.
>>
>>
<snip>
Ok this one only adds a flag to the policygenerator to tell it to
generate dontaudit rules.
No passing of args.
Acked-by: Karl MacMillan <karlwmacmillan@gmail.com>
Email: dwalsh@redhat.com
Subject: policycoreutils audit2allow patch
Date: Fri, 07 Nov 2008 09:36:44 -0500
audit2why can throw a runtime exception and typo in man page.
Signed-off-by: Joshua Brindle <method@manicmethod.com>
