Ted Toth writes:
On Fri, Sep 21, 2018 at 7:21 AM Ted Toth
wrote:
On Fri, Sep 21, 2018 at 3:58 AM Petr Lautrbach
wrote:
Ted Toth writes:
> I have something very much like the following in an fc file:
> /usr/lib64/python2\.(6|7)/site-packages/xyz/paste --
> ge
Ted Toth writes:
I have something very much like the following in an fc file:
/usr/lib64/python2\.(6|7)/site-packages/xyz/paste --
gen_context(system_u:object_r:jxyz_exec_t,s0)
and I use the same file on el6 and el7. On el6 the file is
labeled as
specified in the python2.6 directory.
dontaudit rules were accidentally dropped during rewrite to SETools 4 API in
97d5f6a2
Fixes:
>>> import sepolicy
>>> sepolicy.search(['dontaudit'])
[]
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/__init__.py | 2 ++
1 file changed, 2 insertions(+)
diff --git
On Mon, Jun 18, 2018 at 04:06:11PM -0400, Stephen Smalley wrote:
> On 06/18/2018 03:24 PM, Petr Lautrbach wrote:
> > Hello,
> >
> > libselinux sets selinut_mnt and has_selinux_config only in its constructor
> > and
> > is_selinux_enabled() and others just us
Hello,
libselinux sets selinut_mnt and has_selinux_config only in its constructor and
is_selinux_enabled() and others just use selinux_mnt to check if SELinux is
enabled. But it doesn't work correctly when you use chroot() to a directory
without /proc
and /sys/fs/selinux mounted as it was
On Tue, May 15, 2018 at 05:03:42PM -0400, Paul Moore wrote:
> From: Paul Moore
>
> If expand-check is non-zero in semanage.conf the policy load will likely fail,
> try to provide a more helpful error to users running the tests.
>
> Signed-off-by: Paul Moore
On Mon, May 07, 2018 at 09:58:28AM -0400, Stephen Smalley wrote:
> On 05/04/2018 04:12 PM, Petr Lautrbach wrote:
> > On Fri, May 04, 2018 at 01:58:08PM -0400, Stephen Smalley wrote:
> >> On 05/04/2018 07:51 AM, Petr Lautrbach wrote:
> >>> From:
On Fri, May 04, 2018 at 01:58:08PM -0400, Stephen Smalley wrote:
> On 05/04/2018 07:51 AM, Petr Lautrbach wrote:
> > From: Vit Mojzis <vmoj...@redhat.com>
> >
> > self.store is always a string (actual store name or "") because of
> > semanageRecord
From: Vit Mojzis
self.store is always a string (actual store name or "") because of
semanageRecords.__init__. Fix check for not defined store.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1559174#c3
Signed-off-by: Vit Mojzis
---
On Fri, May 04, 2018 at 03:16:43PM +0200, Dominick Grift wrote:
> On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote:
> > On 05/04/2018 08:19 AM, Dominick Grift wrote:
> > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> > >> Hi,
> > >>
> > >> If you have
On Mon, Apr 23, 2018 at 04:21:22PM +, Joe Kirwin wrote:
> Petr, Daniel,
>
> Have you had time to verify this issue yet?
> Any comments to add?
>
I consider this as the expected behavior.
It's defined as "Substitute target path with sourcepath when generating default
label." It means that
On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote:
> On 04/20/2018 08:31 AM, Petr Lautrbach wrote:
> > On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
> >> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
>
> python/sepolicy: Initialize policy.ports as a dict in generate.py
> libsepol: cil: show an error when cil_expr_to_string() fails
> libsemanage: silence clang static analyzer report
> libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
> libsepol: do not
On Thu, Apr 12, 2018 at 01:22:40PM -0400, Stephen Smalley wrote:
> On 04/12/2018 11:07 AM, Stephen Smalley wrote:
> > On 04/12/2018 06:26 AM, Vit Mojzis wrote:
> >> Commit 8702a865e08b5660561e194a83e4a363061edc03 causes file mode of
> >> seusers and users_extra to change based on the value defined
On Fri, Mar 09, 2018 at 04:39:44PM +0100, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs.
> Replace access() calls (mostly tests for file existence) by stat().
>
> Fixes:
ks good to me. Thanks!
https://github.com/SELinuxProject/selinux/pull/86
Acked-by: Petr Lautrbach <plaut...@redhat.com>
> ---
> v2: add plat_specific=1
>
> .travis.yml | 5 +
> libselinux/src/Makefile | 10 +-
> libsemanage/src/Makefile |
On Fri, Mar 09, 2018 at 03:39:13PM +0100, Petr Lautrbach wrote:
> On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote:
> > On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> > >> On Thu, M
On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote:
> On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> >>
On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote:
> > On 03/06/2018 04:19 PM, Stephen Smalley wrote:
> >> On 03/05/2018 05:16 PM, Nicolas Iooss wrote:
> >>> libselinux and libsemanage Makefiles invoke
Fixes:
/usr/share/system-config-selinux/polgengui.py:679: PyGIDeprecationWarning:
Deprecated, please use stop_emission_by_name.
entry.emit_stop_by_name("insert_text")
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
This is based on the set of patches related to polg
On Thu, Feb 22, 2018 at 04:31:46PM +0100, Petr Lautrbach wrote:
> On Sun, Feb 18, 2018 at 07:20:02PM +0100, Nicolas Iooss wrote:
> > On Sun, Feb 18, 2018 at 7:09 PM, Nicolas Iooss <nicolas.io...@m4x.org>
> > wrote:
> > > On Wed, Feb 14, 2018 at 10:53 AM, Petr
On Sun, Feb 18, 2018 at 07:20:02PM +0100, Nicolas Iooss wrote:
> On Sun, Feb 18, 2018 at 7:09 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
> > On Wed, Feb 14, 2018 at 10:53 AM, Petr Lautrbach <plaut...@redhat.com>
> > wrote:
> >> Hi,
> >>
> >
si/SELinuxProject-selinux/python/sepolicy/sepolicy/generate.py",
line 468, in set_use_syslog
if not isinstance(val, types.BooleanType):
AttributeError: module 'types' has no attribute 'BooleanType'
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/generat
age_next():
File "/usr/share/system-config-selinux/polgengui.py", line 701, in
on_in_net_page_next
generate.verify_ports(self.in_tcp_entry.get_text())
NameError: global name 'generate' is not defined
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
gui/polgengui.py |
map() returns an iterator in python3, list in python2
Fixes:
File "/usr/lib/python3.6/site-packages/sepolicy/generate.py", line 114, in
get_all_users
users.remove("system_u")
AttributeError: 'map' object has no attribute 'remove'
Signed-off-by: Petr Lautrbach <plaut...@
Hi,
The following set of patches update polgengui.py, rename polgen.glade to
polgen.ui, convert it to new format, and fix some other sepolicy Python 3
related issues.
Thanks,
Petr
On Thu, Jan 25, 2018 at 01:58:46PM -0800, Nicolas Iooss wrote:
> Hi,
> I sent a few hours ago these two patches on the mailing list, by as the first
> one seems to be blocked somewhere (I have only received back the second one),
> I am publishing them on Github too, as a Pull Request.
>
> These
On Tue, Jan 23, 2018 at 08:34:09PM +0100, Marcus Folkesson wrote:
> On Mon, Jan 22, 2018 at 09:50:36PM +0100, Nicolas Iooss wrote:
> > On 19/01/18 13:07, Marcus Folkesson wrote:
> > > Hi Nicolas!
> > >
> > > On Wed, Jan 17, 2018 at 11:12:56PM +0100, Nicolas Iooss wrote:
> > >> On Tue, Jan 16,
On Sun, Jan 21, 2018 at 10:46:11PM +0100, Marcus Folkesson wrote:
> Signed-off-by: Marcus Folkesson
> ---
> python/audit2allow/Makefile | 17 ++---
> python/chcat/Makefile | 8
> python/semanage/Makefile |
On Wed, Jan 17, 2018 at 11:43:58AM +0100, Marcus Folkesson wrote:
> Hi,
>
> On Wed, Jan 17, 2018 at 11:11:35AM +0100, Petr Lautrbach wrote:
> > On Tue, Jan 16, 2018 at 09:23:21PM +0100, Marcus Folkesson wrote:
> > > Signed-off-by: Marcus Folkesson <
On Tue, Jan 16, 2018 at 09:23:21PM +0100, Marcus Folkesson wrote:
> Signed-off-by: Marcus Folkesson
> ---
> python/audit2allow/Makefile | 10 --
> python/chcat/Makefile | 8
> python/semanage/Makefile | 13
On Mon, Jan 15, 2018 at 07:46:27AM -0800, William Roberts wrote:
> On Sun, Jan 14, 2018 at 7:34 AM, Richard Haines
> wrote:
> > Add new option to semanage.conf that allows the tmp build files
> > to be kept for debugging when building policy.
>
> How do people
On Tue, Jan 09, 2018 at 12:24:12PM -0500, Stephen Smalley wrote:
> On Tue, 2018-01-09 at 16:56 +, Richard Haines wrote:
> > On Tue, 2018-01-09 at 10:11 -0500, Stephen Smalley wrote:
> > > On Mon, 2018-01-08 at 16:10 +0100, Vit Mojzis wrote:
> > > > Hi all,
> > > > there seems to be a
It's used by third parties, e.g. Ansible modules
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527745
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/semanage/seobject.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/python/semanage/seobject.py b/python/se
;/usr/share/system-config-selinux/booleansPage.py", line 142, in __init__
self.load(self.filter)
File "/usr/share/system-config-selinux/booleansPage.py", line 212, in load
self.booleans = seobject.booleanRecords()
TypeError: __init__() missing 1 required positional argumen
/modules/400/permissive_sshd_t/cil
-rw-rw-rw-.
/var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext
drwx--. /var/lib/selinux/targeted/active/modules/disabled
-rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote
Signed-off-by: Petr Lautrbach <plaut...@redhat.
On Wed, Nov 15, 2017 at 02:25:53PM +0100, Lukas Vrabec wrote:
> Arguments generate and gui was mixed together and information didn't make
> sense. This fix split gui and generate sections.
>
> Signed-off-by: Lukas Vrabec
Applied, thanks.
> ---
> python/sepolicy/sepolicy.8
/modules/400/permissive_sshd_t/cil
-rw-rw-rw-.
/var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext
drwx--. /var/lib/selinux/targeted/active/modules/disabled
-rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote
Signed-off-by: Petr Lautrbach <plaut...@redhat.
On Tue, Nov 14, 2017 at 09:33:54AM +0100, Petr Lautrbach wrote:
> On Mon, Nov 13, 2017 at 09:56:26AM +0100, Vit Mojzis wrote:
> > Update Infiniband "port" and "key" listing and export to work on
> > python3.
> > {}.keys() does not support .sort() oper
On Mon, Nov 13, 2017 at 09:56:26AM +0100, Vit Mojzis wrote:
> Update Infiniband "port" and "key" listing and export to work on
> python3.
> {}.keys() does not support .sort() operation on Py3.
>
> Signed-off-by: Vit Mojzis
Both patches look good to me. I'll merge them
First two patches do a little cleanup and try to re factorize the code
used for seobject object initialization.
The 3rd patch changes the behavior in order to call
semanage_set_reload() only if -N is used.
In order to do that we need to propagate args into seobject objects and
use args.store to get a store name.
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/semanage/semanage| 40 +++--
python/semanage/seobject.p
policy: load_policy returned error code 2. (No such
file or directory).
FileNotFoundError: [Errno 2] No such file or directory
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/semanage/semanage| 15 +--
python/semanage/seobject.py | 11 ++-
2 files changed,
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/semanage/semanage | 74 +---
1 file changed, 14 insertions(+), 60 deletions(-)
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 313537c5..8acfc855 100644
--- a/
On Thu, Nov 02, 2017 at 10:48:31AM -0400, Stephen Smalley wrote:
> On Thu, 2017-11-02 at 15:17 +0100, Petr Lautrbach wrote:
> > On Thu, Nov 02, 2017 at 09:52:25AM -0400, Stephen Smalley wrote:
> > > On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote:
> > > > When
On Thu, Nov 02, 2017 at 09:52:25AM -0400, Stephen Smalley wrote:
> On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote:
> > When SELinux is disabled, semanage without -N fails with a quite
> > complicated
> > error message when it tries to reload a new policy. Since re
policy/policy.31:
No such file or directory
/sbin/load_policy: Can't load policy: No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such
file or directory).
FileNotFoundError: [Errno 2] No such file or directory
Signed-off-by: Petr Lautrbach
On Fri, Oct 13, 2017 at 03:31:39PM -0400, Stephen Smalley wrote:
> We still need to revisit the value proposition of file_contexts.bin
> after the move to pcre2, given the large increase in file size and the
> runtime overhead. We can add -r to the sefcontext_compile args via
> semanage.conf, but
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/test_sepolicy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/test_sepolicy.py b/python/sepolicy/test_sepolicy.py
index 304e56f6..6d60d6f6 100644
--- a/python/sepolicy/test_sepol
Fixes:
File "python/sepolicy/sepolicy/manpage.py", line 373, in _gen_css
print("%s has been created") % style_css
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/m
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index 6df6f431..4d846364 100755
--- a/python/sepolicy/sepolicy/manp
user0m10.368s
sys 0m0.114s
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 62 --
python/sepolicy/sepolicy/manpage.py| 29
python/sepolicy/sepolicy/transition.py | 8 +++--
3 files c
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
mcstrans/src/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..3f4a89c3 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -4,
On 06/21/2017 09:51 PM, Stephen Smalley wrote:
Hmm...seems like we're still using DESTDIR for more than just install.
So either the patch or the patch description isn't quite right.
The original usage of make DESTDIR in selinux was to support building
and installing to a private directory, so we
https://www.gnu.org/prep/standards/html_node/DESTDIR.html
DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful.
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
checkpolicy/Makefile
On 06/20/2017 04:22 PM, Jason Zaman wrote:
On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote:
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM
On 06/20/2017 03:28 PM, Petr Lautrbach wrote:
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
There is a bug that needs to be fixed
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
There is a bug that needs to be fixed before the final release:
https
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
There is a bug that needs to be fixed before the final release:
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
port_strings.sort(numcmp)
TypeError: must use keyword argument for key function
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy.py | 18 ++
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/python/sepolicy/sepolicy.py b/python/se
", line 184, in
generate_compile_te
from templates import test_module
ModuleNotFoundError: No module named 'templates'
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/interface.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/
The following patches fix sepolicy python3 issues found by
`make test` in python/sepolicy
On Fri, May 26, 2017 at 04:09:51PM +0200, Petr Lautrbach wrote:
> Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and spaces
> in indentation what makes python3.6 unhappy.
>
There's another python3 problem with using "print ". I'll resend another
patch which will i
Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and spaces
in indentation what makes python3.6 unhappy.
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
libsemanage/utils/semanage_migrate_store | 4 ++--
python/semanage/seobject.py | 6 +++---
2 files chan
On 05/25/2017 07:44 AM, Dominick Grift wrote:
On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach
For the motivation see
https://marc.info/?l=selinux=149435307518336=2
I've restarted building of Fedora packages based on latest SELinux
userspace code in Fedora COPR. Packages are built using the
https://gitlab.com/bachradsusi/selinux-rpm project.
There is a new selinux.spec [1] file which
Dne 4.5.2017 v 23:12 Christian Göttsche via Selinux napsal(a):
> Add command line tool selinuxenforced to determine the current SELinux
> enforced via exit code.
> Useful for script usage or monitoring.
Could the following script do the work?
case $(getenforce) in
"Permissive") exit 1
;;
Dne 4.5.2017 v 22:49 Stephen Smalley napsal(a):
> On Thu, 2017-05-04 at 16:22 +0200, Petr Lautrbach wrote:
>> The patch is wrong, please disregard.
>>
>> I'm not sure about the right fix in order not to break gentoo use
>> case.
>> I'd just revert fcb5d5c change i
lude
$ make CFLAGS="" LDFLAGS=""
...
make -C utils
make[1]: Entering directory '/root/selinux/libsepol/utils'
cc -I../includechkcon.c -lsepol -o chkcon
/usr/bin/ld: cannot find -lsepol
collect2: error: ld returned 1 exit status
Signed-off-by: Petr Lautrbach <plaut...@r
fcb5d5c removed ../include from CFLAGS from libsepol/utils/Makefile so
that a build tool can't find sepol/sepol.h when libsepol is built on a
system without sepol.h in standard paths.
Fixes:
chkcon.c:1:10: fatal error: sepol/sepol.h: No such file or directory
#include
Signed-off-by: Petr
line 651, in
call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError:
TypeError: 'dbus.String' does not support the buffer interface
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
dbus/selinux_server.py | 6 +++---
1 file changed, 3 insertions(+), 3 del
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/gui.py | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 7f84b6f9..007c94a7 100644
--- a/python/sepolicy/se
e ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'a' is not a valid RBACRuletype
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/s
filter() changed it's behavior among python 2 and python 3
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py
b/python/se
From: Dan Walsh <dwa...@redhat.com>
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/templates/executable.py | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.
From: Miroslav Grepl <mgr...@redhat.com>
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/templates/executable.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py
b/python/sepol
pes()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 927, in
_mcs_types
attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
TypeError: 'generator' object is not subscriptable
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
pyth
From: Miroslav Grepl
Signed-off-by: Dan Walsh
---
python/sepolicy/sepolicy/templates/executable.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py
From: Dan Walsh
Signed-off-by: Dan Walsh
---
python/sepolicy/sepolicy-generate.8 | 2 +-
python/sepolicy/sepolicy/templates/executable.py | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy-generate.8
"attributes" used to be there when sepolicy.info() used setools3
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 1 +
python/sepolicy/sepolicy/manpage.py | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a
olicy/gui.py", line 670, in
lockdown_init
self.enable_unconfined_button.set_active(not
self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
dbus/selinux_server.py | 4 ++--
gui/polgen
Fixes:
(sepolicy:2183): Gtk-WARNING **: Could not load image 'images/booleans.png':
Failed to open file
'/usr/lib64/python3.4/site-packages/sepolicy/images/booleans.png': No such file
or directory
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/sepolicy
Fixes:
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 1447, in
stripsort
return cmp(val1, val2)
NameError: name 'cmp' is not defined
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/gui.py |
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index 3ebdfeb7..bd5a64ac 100755
--- a/python/se
From: Dan Walsh <dwa...@redhat.com>
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index b26868
From: Dan Walsh <dwa...@redhat.com>
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 13 +
1 file changed, 13 insertions(+)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index 1af429
From: Dan Walsh <dwa...@redhat.com>
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 45 +
1 file changed, 45 insertions(+)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolic
Hi,
this is set of sepolicy fixes we use in Fedora.
There are basically 2 groups of patches:
1. fixes which was pushed to Fedora few years ago and probably have not been
sent upstream
[PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS
[PATCH 02/19] sepolicy: Fix spelling
self.add_dir("/var/lib/%s" % self.name)
>
> if os.path.isfile("/etc/rc.d/init.d/%s" % self.name):
> -self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name)
> +self.set_init_script(r"/etc/rc\.d/init\.d/%s&quo
active store meaning it is managed
>> @@ -650,13 +650,13 @@ int semanage_store_access_check(void)
>> * write access necessary if the lock file does not exist
>> */
>> path = semanage_files[SEMANAGE_READ_LOCK];
>> -if (access(path, R_OK) != 0) {
>> +
status, context = matchpathcon(path, mode)
FileNotFoundError: [Errno 2] No such file or directory
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
libselinux/src/selinuxswig_python.i | 42 +++--
1 file changed, 17 insertions(+), 25 deletions(-)
di
Hi.
selinux.restorecon(path, recursive=True) uses matchpathcon() to get a
label for a file and when the label is defined as <>,it throws a
backtrace with error:
"OSError: [Errno 2] No such file or directory"
It creates a problem for scripts which tries to relabel whole directory tree
when there
On 12/13/2016 08:55 PM, Parker, Michael D. wrote:
> I am getting the following messages during the last update concerning
> SELinux packages...I do a pretty much vanilla install here and have not
> modified any SELinux functionality...should I be concerned?
>
This is most likely a problem in
On 10/21/2016 07:47 PM, Stephen Smalley wrote:
> Hi,
>
> policycoreutils started life as a small set of utilities that were
> necessary or at least widely used in production on a SELinux system.
> Over time though it has grown to include many optional components, and
> even within a given
On Fri, Sep 23, 2016 at 01:37:26PM -0400, James Carter wrote:
> On 09/23/2016 12:05 PM, Petr Lautrbach wrote:
> > On 09/23/2016 05:31 PM, James Carter wrote:
> > > On 09/23/2016 05:23 AM, Petr Lautrbach wrote:
> > > > When a user installs a module, the filen
On Fri, Sep 23, 2016 at 01:37:26PM -0400, James Carter wrote:
> On 09/23/2016 12:05 PM, Petr Lautrbach wrote:
> > On 09/23/2016 05:31 PM, James Carter wrote:
> > > On 09/23/2016 05:23 AM, Petr Lautrbach wrote:
> > > > When a user installs a module, the filen
It helps to prevent sandboxed processes to inject arbitrary commands
into the parent.
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
policycoreutils/sandbox/sandbox | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/policycoreutils/sandbox/san
sandbox tried to copy all affected files to the new home
or tmp even though -M or -X was not specified and there was no new
directory.
Fixes:
$ sandbox ls ~
/usr/bin/sandbox: [Errno 17] File exists: '/root'
Signed-off-by: Petr Lautrbach <plaut...@redhat.com>
---
policycoreutils/sandbox/s
On 09/23/2016 05:31 PM, James Carter wrote:
> On 09/23/2016 05:23 AM, Petr Lautrbach wrote:
>> When a user installs a module, the filename is used as the module name.
>> This change was introduced with CIL language where a module name is not
>> stored in the module itself. It
-screen $SCREENSIZE -dpi $DPI
-nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
cat > ~/seremote << __EOF
#!/bin/sh
I'm not sure which one is correct.
Petr
--
Petr Lautrbach
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
1 - 100 of 131 matches
Mail list logo