Re: file context not being set on el7

Ted Toth writes: On Fri, Sep 21, 2018 at 7:21 AM Ted Toth wrote: On Fri, Sep 21, 2018 at 3:58 AM Petr Lautrbach wrote: Ted Toth writes: > I have something very much like the following in an fc file: > /usr/lib64/python2\.(6|7)/site-packages/xyz/paste -- > ge

Re: file context not being set on el7

Ted Toth writes: I have something very much like the following in an fc file: /usr/lib64/python2\.(6|7)/site-packages/xyz/paste -- gen_context(system_u:object_r:jxyz_exec_t,s0) and I use the same file on el6 and el7. On el6 the file is labeled as specified in the python2.6 directory.

[PATCH] python/sepolicy: search() for dontaudit rules as well

dontaudit rules were accidentally dropped during rewrite to SETools 4 API in 97d5f6a2 Fixes: >>> import sepolicy >>> sepolicy.search(['dontaudit']) [] Signed-off-by: Petr Lautrbach --- python/sepolicy/sepolicy/__init__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git

Re: is_selinux_enabled() after chroot()

On Mon, Jun 18, 2018 at 04:06:11PM -0400, Stephen Smalley wrote: > On 06/18/2018 03:24 PM, Petr Lautrbach wrote: > > Hello, > > > > libselinux sets selinut_mnt and has_selinux_config only in its constructor > > and > > is_selinux_enabled() and others just us

is_selinux_enabled() after chroot()

Hello, libselinux sets selinut_mnt and has_selinux_config only in its constructor and is_selinux_enabled() and others just use selinux_mnt to check if SELinux is enabled. But it doesn't work correctly when you use chroot() to a directory without /proc and /sys/fs/selinux mounted as it was

Re: [RFC PATCH] selinux-testsuite: check the "expand-check" setting in semanage.conf

On Tue, May 15, 2018 at 05:03:42PM -0400, Paul Moore wrote: > From: Paul Moore > > If expand-check is non-zero in semanage.conf the policy load will likely fail, > try to provide a more helpful error to users running the tests. > > Signed-off-by: Paul Moore

Re: [PATCH] python/semanage/seobject.py: Fix undefined store check

On Mon, May 07, 2018 at 09:58:28AM -0400, Stephen Smalley wrote: > On 05/04/2018 04:12 PM, Petr Lautrbach wrote: > > On Fri, May 04, 2018 at 01:58:08PM -0400, Stephen Smalley wrote: > >> On 05/04/2018 07:51 AM, Petr Lautrbach wrote: > >>> From:

Re: [PATCH] python/semanage/seobject.py: Fix undefined store check

On Fri, May 04, 2018 at 01:58:08PM -0400, Stephen Smalley wrote: > On 05/04/2018 07:51 AM, Petr Lautrbach wrote: > > From: Vit Mojzis <vmoj...@redhat.com> > > > > self.store is always a string (actual store name or "") because of > > semanageRecord

[PATCH] python/semanage/seobject.py: Fix undefined store check

From: Vit Mojzis self.store is always a string (actual store name or "") because of semanageRecords.__init__. Fix check for not defined store. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1559174#c3 Signed-off-by: Vit Mojzis ---

Re: Last call for selinux userspace 2.8 release

On Fri, May 04, 2018 at 03:16:43PM +0200, Dominick Grift wrote: > On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote: > > On 05/04/2018 08:19 AM, Dominick Grift wrote: > > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > > >> Hi, > > >> > > >> If you have

Re: Alias path subbing results in unexpected policy labelling

On Mon, Apr 23, 2018 at 04:21:22PM +, Joe Kirwin wrote: > Petr, Daniel, > > Have you had time to verify this issue yet? > Any comments to add? > I consider this as the expected behavior. It's defined as "Substitute target path with sourcepath when generating default label." It means that

Re: ANN: SELinux userspace 2.8-rc1 release candidate

On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote: > On 04/20/2018 08:31 AM, Petr Lautrbach wrote: > > On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote: > >> A 2.8-rc1 release candidate for the SELinux userspace is now available at: >

Re: ANN: SELinux userspace 2.8-rc1 release candidate

> python/sepolicy: Initialize policy.ports as a dict in generate.py > libsepol: cil: show an error when cil_expr_to_string() fails > libsemanage: silence clang static analyzer report > libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR > libsepol: do not

Re: [PATCH] libsemanage: do not change file mode of seusers and users_extra

On Thu, Apr 12, 2018 at 01:22:40PM -0400, Stephen Smalley wrote: > On 04/12/2018 11:07 AM, Stephen Smalley wrote: > > On 04/12/2018 06:26 AM, Vit Mojzis wrote: > >> Commit 8702a865e08b5660561e194a83e4a363061edc03 causes file mode of > >> seusers and users_extra to change based on the value defined

Re: [PATCH] libsemanage: replace access() checks to make setuid programs work

On Fri, Mar 09, 2018 at 04:39:44PM +0100, Vit Mojzis wrote: > access() uses real UID instead of effective UID which causes false > negative checks in setuid programs. > Replace access() calls (mostly tests for file existence) by stat(). > > Fixes:

Re: [PATCH v2 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

ks good to me. Thanks! https://github.com/SELinuxProject/selinux/pull/86 Acked-by: Petr Lautrbach <plaut...@redhat.com> > --- > v2: add plat_specific=1 > > .travis.yml | 5 + > libselinux/src/Makefile | 10 +- > libsemanage/src/Makefile |

Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

On Fri, Mar 09, 2018 at 03:39:13PM +0100, Petr Lautrbach wrote: > On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote: > > On 03/09/2018 07:25 AM, Petr Lautrbach wrote: > > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: > > >> On Thu, M

Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote: > On 03/09/2018 07:25 AM, Petr Lautrbach wrote: > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: > >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote: > >>

Re: [PATCH 1/1] libselinux, libsemanage: Replace PYSITEDIR with PYTHONLIBDIR

On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote: > On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote: > > On 03/06/2018 04:19 PM, Stephen Smalley wrote: > >> On 03/05/2018 05:16 PM, Nicolas Iooss wrote: > >>> libselinux and libsemanage Makefiles invoke

[PATCH] gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name

Fixes: /usr/share/system-config-selinux/polgengui.py:679: PyGIDeprecationWarning: Deprecated, please use stop_emission_by_name. entry.emit_stop_by_name("insert_text") Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- This is based on the set of patches related to polg

Re: Update selinux-sepolgengui to be compatible with Gtk3, Python 3

On Thu, Feb 22, 2018 at 04:31:46PM +0100, Petr Lautrbach wrote: > On Sun, Feb 18, 2018 at 07:20:02PM +0100, Nicolas Iooss wrote: > > On Sun, Feb 18, 2018 at 7:09 PM, Nicolas Iooss <nicolas.io...@m4x.org> > > wrote: > > > On Wed, Feb 14, 2018 at 10:53 AM, Petr

Re: Update selinux-sepolgengui to be compatible with Gtk3, Python 3

On Sun, Feb 18, 2018 at 07:20:02PM +0100, Nicolas Iooss wrote: > On Sun, Feb 18, 2018 at 7:09 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote: > > On Wed, Feb 14, 2018 at 10:53 AM, Petr Lautrbach <plaut...@redhat.com> > > wrote: > >> Hi, > >> > >

[PATCH 4/4] python/sepolicy: Do not use types.BooleanType

si/SELinuxProject-selinux/python/sepolicy/sepolicy/generate.py", line 468, in set_use_syslog if not isinstance(val, types.BooleanType): AttributeError: module 'types' has no attribute 'BooleanType' Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/generat

[PATCH 1/4] gui/polgengui.py: Fix sepolicy.generate import in polgengui.py

age_next(): File "/usr/share/system-config-selinux/polgengui.py", line 701, in on_in_net_page_next generate.verify_ports(self.in_tcp_entry.get_text()) NameError: global name 'generate' is not defined Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- gui/polgengui.py |

[PATCH 3/4] python/sepolicy: Use list instead of map

map() returns an iterator in python3, list in python2 Fixes: File "/usr/lib/python3.6/site-packages/sepolicy/generate.py", line 114, in get_all_users users.remove("system_u") AttributeError: 'map' object has no attribute 'remove' Signed-off-by: Petr Lautrbach <plaut...@

Update selinux-sepolgengui to be compatible with Gtk3, Python 3

Hi, The following set of patches update polgengui.py, rename polgen.glade to polgen.ui, convert it to new format, and fix some other sepolicy Python 3 related issues. Thanks, Petr

Re: [SELinuxProject/selinux] gui: remove selinux-sepolgengui (#77)

On Thu, Jan 25, 2018 at 01:58:46PM -0800, Nicolas Iooss wrote: > Hi, > I sent a few hours ago these two patches on the mailing list, by as the first > one seems to be blocked somewhere (I have only received back the second one), > I am publishing them on Github too, as a Pull Request. > > These

Re: [PATCH v2 02/14] libselinux: build: follow standard semantics for DESTDIR and PREFIX

On Tue, Jan 23, 2018 at 08:34:09PM +0100, Marcus Folkesson wrote: > On Mon, Jan 22, 2018 at 09:50:36PM +0100, Nicolas Iooss wrote: > > On 19/01/18 13:07, Marcus Folkesson wrote: > > > Hi Nicolas! > > > > > > On Wed, Jan 17, 2018 at 11:12:56PM +0100, Nicolas Iooss wrote: > > >> On Tue, Jan 16,

Re: [PATCH v3 08/14] python: build: follow standard semantics for DESTDIR and PREFIX

On Sun, Jan 21, 2018 at 10:46:11PM +0100, Marcus Folkesson wrote: > Signed-off-by: Marcus Folkesson > --- > python/audit2allow/Makefile | 17 ++--- > python/chcat/Makefile | 8 > python/semanage/Makefile |

Re: [PATCH v2 08/14] python: build: follow standard semantics for DESTDIR and PREFIX

On Wed, Jan 17, 2018 at 11:43:58AM +0100, Marcus Folkesson wrote: > Hi, > > On Wed, Jan 17, 2018 at 11:11:35AM +0100, Petr Lautrbach wrote: > > On Tue, Jan 16, 2018 at 09:23:21PM +0100, Marcus Folkesson wrote: > > > Signed-off-by: Marcus Folkesson <

Re: [PATCH v2 08/14] python: build: follow standard semantics for DESTDIR and PREFIX

On Tue, Jan 16, 2018 at 09:23:21PM +0100, Marcus Folkesson wrote: > Signed-off-by: Marcus Folkesson > --- > python/audit2allow/Makefile | 10 -- > python/chcat/Makefile | 8 > python/semanage/Makefile | 13

Re: [PATCH] libsemanage: Allow tmp files to be kept if a compile fails

On Mon, Jan 15, 2018 at 07:46:27AM -0800, William Roberts wrote: > On Sun, Jan 14, 2018 at 7:34 AM, Richard Haines > wrote: > > Add new option to semanage.conf that allows the tmp build files > > to be kept for debugging when building policy. > > How do people

Re: Re: selabel_lookup() with MEDIA backend issue

On Tue, Jan 09, 2018 at 12:24:12PM -0500, Stephen Smalley wrote: > On Tue, 2018-01-09 at 16:56 +, Richard Haines wrote: > > On Tue, 2018-01-09 at 10:11 -0500, Stephen Smalley wrote: > > > On Mon, 2018-01-08 at 16:10 +0100, Vit Mojzis wrote: > > > > Hi all, > > > > there seems to be a

[PATCH] python/semanage: bring semanageRecords.set_reload back

It's used by third parties, e.g. Ansible modules Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527745 Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/semanage/seobject.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/python/semanage/seobject.py b/python/se

[PATCH] python/semanage: make seobject.py backward compatible

;/usr/share/system-config-selinux/booleansPage.py", line 142, in __init__ self.load(self.filter) File "/usr/share/system-config-selinux/booleansPage.py", line 212, in load self.booleans = seobject.booleanRecords() TypeError: __init__() missing 1 required positional argumen

[PATCH v2] libsemanage: Use umask(0077) for fopen() write operations

/modules/400/permissive_sshd_t/cil -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext drwx--. /var/lib/selinux/targeted/active/modules/disabled -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote Signed-off-by: Petr Lautrbach <plaut...@redhat.

Re: [PATCH] python/sepolicy: Fix sepolicy manpage.

On Wed, Nov 15, 2017 at 02:25:53PM +0100, Lukas Vrabec wrote: > Arguments generate and gui was mixed together and information didn't make > sense. This fix split gui and generate sections. > > Signed-off-by: Lukas Vrabec Applied, thanks. > --- > python/sepolicy/sepolicy.8

[PATCH] libsemanage: Use umask(0077) for fopen() write operations

/modules/400/permissive_sshd_t/cil -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext drwx--. /var/lib/selinux/targeted/active/modules/disabled -rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote Signed-off-by: Petr Lautrbach <plaut...@redhat.

Re: [PATCH] python/semanage: Update Infiniband code to work on python3

On Tue, Nov 14, 2017 at 09:33:54AM +0100, Petr Lautrbach wrote: > On Mon, Nov 13, 2017 at 09:56:26AM +0100, Vit Mojzis wrote: > > Update Infiniband "port" and "key" listing and export to work on > > python3. > > {}.keys() does not support .sort() oper

Re: [PATCH] python/semanage: Update Infiniband code to work on python3

On Mon, Nov 13, 2017 at 09:56:26AM +0100, Vit Mojzis wrote: > Update Infiniband "port" and "key" listing and export to work on > python3. > {}.keys() does not support .sort() operation on Py3. > > Signed-off-by: Vit Mojzis Both patches look good to me. I'll merge them

Re: [PATCH] python/semanage: Do not try to reload policy when SELinux is disabled

First two patches do a little cleanup and try to re factorize the code used for seobject object initialization. The 3rd patch changes the behavior in order to call semanage_set_reload() only if -N is used.

[PATCH 2/3] python/semanage: Don't use global setup variable

In order to do that we need to propagate args into seobject objects and use args.store to get a store name. Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/semanage/semanage| 40 +++-- python/semanage/seobject.p

[PATCH 3/3] python/semanage: Enforce noreload only if it's requested by -N option

policy: load_policy returned error code 2. (No such file or directory). FileNotFoundError: [Errno 2] No such file or directory Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/semanage/semanage| 15 +-- python/semanage/seobject.py | 11 ++- 2 files changed,

[PATCH 1/3] python/semanage: drop *_ini functions

Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/semanage/semanage | 74 +--- 1 file changed, 14 insertions(+), 60 deletions(-) diff --git a/python/semanage/semanage b/python/semanage/semanage index 313537c5..8acfc855 100644 --- a/

Re: [PATCH] python/semanage: Do not try to reload policy when SELinux is disabled

On Thu, Nov 02, 2017 at 10:48:31AM -0400, Stephen Smalley wrote: > On Thu, 2017-11-02 at 15:17 +0100, Petr Lautrbach wrote: > > On Thu, Nov 02, 2017 at 09:52:25AM -0400, Stephen Smalley wrote: > > > On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote: > > > > When

Re: [PATCH] python/semanage: Do not try to reload policy when SELinux is disabled

On Thu, Nov 02, 2017 at 09:52:25AM -0400, Stephen Smalley wrote: > On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote: > > When SELinux is disabled, semanage without -N fails with a quite > > complicated > > error message when it tries to reload a new policy. Since re

[PATCH] python/semanage: Do not try to reload policy when SELinux is disabled

policy/policy.31: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory). FileNotFoundError: [Errno 2] No such file or directory Signed-off-by: Petr Lautrbach

Value of file_contexts.bin after the move to pcre2

On Fri, Oct 13, 2017 at 03:31:39PM -0400, Stephen Smalley wrote: > We still need to revisit the value proposition of file_contexts.bin > after the move to pcre2, given the large increase in file size and the > runtime overhead. We can add -r to the sefcontext_compile args via > semanage.conf, but

[PATCH 1/4] sepolicy: Fix minor typo in 'transition -s' test

Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/test_sepolicy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/test_sepolicy.py b/python/sepolicy/test_sepolicy.py index 304e56f6..6d60d6f6 100644 --- a/python/sepolicy/test_sepol

[PATCH 2/4] sepolicy: Fix syntax errors in 'manpage -w'

Fixes: File "python/sepolicy/sepolicy/manpage.py", line 373, in _gen_css print("%s has been created") % style_css TypeError: unsupported operand type(s) for %: 'NoneType' and 'str' Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/m

[PATCH 4/4] sepolicy: File labels used to be sorted in a man page

Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/manpage.py | 1 + 1 file changed, 1 insertion(+) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index 6df6f431..4d846364 100755 --- a/python/sepolicy/sepolicy/manp

[PATCH 3/4] sepolicy: Make manpage and transition faster

user0m10.368s sys 0m0.114s Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/__init__.py | 62 -- python/sepolicy/sepolicy/manpage.py| 29 python/sepolicy/sepolicy/transition.py | 8 +++-- 3 files c

[PATCH] mcstrans: Allow overriding libsepol.a location during build

Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- mcstrans/src/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile index 709e1e02..3f4a89c3 100644 --- a/mcstrans/src/Makefile +++ b/mcstrans/src/Makefile @@ -4,

Re: [PATCH] Use DESTDIR only in install targets

On 06/21/2017 09:51 PM, Stephen Smalley wrote: Hmm...seems like we're still using DESTDIR for more than just install. So either the patch or the patch description isn't quite right. The original usage of make DESTDIR in selinux was to support building and installing to a private directory, so we

[PATCH] Use DESTDIR only in install targets

https://www.gnu.org/prep/standards/html_node/DESTDIR.html DESTDIR should be supported only in the install* and uninstall* targets, as those are the only targets where it is useful. Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- checkpolicy/Makefile

Re: ANN: SELinux userspace 2.7-rc2 release

On 06/20/2017 04:22 PM, Jason Zaman wrote: On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote: On 06/20/2017 02:14 PM, Stephen Smalley wrote: On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: On 06/18/2017 09:46 AM, Jason Zaman wrote: On Sun, Jun 18, 2017 at 03:32:33PM

Re: ANN: SELinux userspace 2.7-rc2 release

On 06/20/2017 03:28 PM, Petr Lautrbach wrote: On 06/20/2017 02:14 PM, Stephen Smalley wrote: On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: On 06/18/2017 09:46 AM, Jason Zaman wrote: On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: There is a bug that needs to be fixed

Re: ANN: SELinux userspace 2.7-rc2 release

On 06/20/2017 02:14 PM, Stephen Smalley wrote: On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote: On 06/18/2017 09:46 AM, Jason Zaman wrote: On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: There is a bug that needs to be fixed before the final release: https

Re: ANN: SELinux userspace 2.7-rc2 release

On 06/18/2017 09:46 AM, Jason Zaman wrote: On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote: There is a bug that needs to be fixed before the final release: https://bugs.gentoo.org/show_bug.cgi?id=621762 I think the fix is just add override in utils/Makefile to the LDLIBS and

[PATCH 2/2] sepolicy: Fix sorting of port_strings in python 3

port_strings.sort(numcmp) TypeError: must use keyword argument for key function Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy.py | 18 ++ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/python/sepolicy/sepolicy.py b/python/se

[PATCH 1/2] sepolicy/interface: Use relative python 3 imports

", line 184, in generate_compile_te from templates import test_module ModuleNotFoundError: No module named 'templates' Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/interface.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/

[no subject]

The following patches fix sepolicy python3 issues found by `make test` in python/sepolicy

Re: [PATCH] Fix recently introduced TabError's

On Fri, May 26, 2017 at 04:09:51PM +0200, Petr Lautrbach wrote: > Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and spaces > in indentation what makes python3.6 unhappy. > There's another python3 problem with using "print ". I'll resend another patch which will i

[PATCH] Fix recently introduced TabError's

Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and spaces in indentation what makes python3.6 unhappy. Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- libsemanage/utils/semanage_migrate_store | 4 ++-- python/semanage/seobject.py | 6 +++--- 2 files chan

Re: Fedora COPR repositories with builds of latest code

On 05/25/2017 07:44 AM, Dominick Grift wrote: On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote: On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote: On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote: On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach

Fedora COPR repositories with builds of latest code

For the motivation see https://marc.info/?l=selinux=149435307518336=2 I've restarted building of Fedora packages based on latest SELinux userspace code in Fedora COPR. Packages are built using the https://gitlab.com/bachradsusi/selinux-rpm project. There is a new selinux.spec [1] file which

Re: [PATCH 1/1] libselinux: add selinuxenforced tool

Dne 4.5.2017 v 23:12 Christian Göttsche via Selinux napsal(a): > Add command line tool selinuxenforced to determine the current SELinux > enforced via exit code. > Useful for script usage or monitoring. Could the following script do the work? case $(getenforce) in "Permissive") exit 1 ;;

Re: [PATCH] libsepol: Add INCLUDEDIR to utils/Makefile

Dne 4.5.2017 v 22:49 Stephen Smalley napsal(a): > On Thu, 2017-05-04 at 16:22 +0200, Petr Lautrbach wrote: >> The patch is wrong, please disregard. >> >> I'm not sure about the right fix in order not to break gentoo use >> case. >> I'd just revert fcb5d5c change i

[PATCH] libsepol/utils: Fix build without system sepol.h

lude $ make CFLAGS="" LDFLAGS="" ... make -C utils make[1]: Entering directory '/root/selinux/libsepol/utils' cc -I../includechkcon.c -lsepol -o chkcon /usr/bin/ld: cannot find -lsepol collect2: error: ld returned 1 exit status Signed-off-by: Petr Lautrbach <plaut...@r

[PATCH] libsepol: Add INCLUDEDIR to utils/Makefile

fcb5d5c removed ../include from CFLAGS from libsepol/utils/Makefile so that a build tool can't find sepol/sepol.h when libsepol is built on a system without sepol.h in standard paths. Fixes: chkcon.c:1:10: fatal error: sepol/sepol.h: No such file or directory #include Signed-off-by: Petr

[PATCH 15/19] dbus: Use text streams in selinux_server.py

line 651, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError: TypeError: 'dbus.String' does not support the buffer interface Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- dbus/selinux_server.py | 6 +++--- 1 file changed, 3 insertions(+), 3 del

[PATCH 19/19] sepolicy/gui: Update text strings to use better gettext templates

Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/gui.py | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py index 7f84b6f9..007c94a7 100644 --- a/python/sepolicy/se

[PATCH 16/19] sepolicy: setools.*Query wants a list in ruletype

e ValueError("%r is not a valid %s" % (value, cls.__name__)) ValueError: 'a' is not a valid RBACRuletype Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/s

[PATCH 11/19] sepolicy: Don't return filter(), use [ ] notation instead

filter() changed it's behavior among python 2 and python 3 Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/__init__.py | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/se

[PATCH 08/19] sepolicy: We should be creating _exec interfaces when we create the domtrans interface

From: Dan Walsh <dwa...@redhat.com> Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/templates/executable.py | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/templates/executable.

[PATCH 09/19] Fix typo in executable.py template.

From: Miroslav Grepl <mgr...@redhat.com> Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/templates/executable.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepol

[PATCH 17/19] sepolicy: Fix several issues in 'sepolicy manpage -a'

pes() File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 927, in _mcs_types attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"] TypeError: 'generator' object is not subscriptable Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- pyth

[PATCH 07/19] sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin

From: Miroslav Grepl Signed-off-by: Dan Walsh --- python/sepolicy/sepolicy/templates/executable.py | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/templates/executable.py

[PATCH 06/19] Fix up generation of application policy

From: Dan Walsh Signed-off-by: Dan Walsh --- python/sepolicy/sepolicy-generate.8 | 2 +- python/sepolicy/sepolicy/templates/executable.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy-generate.8

[PATCH 18/19] sepolicy: info() should provide attributes for a TYPE

"attributes" used to be there when sepolicy.info() used setools3 Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/__init__.py | 1 + python/sepolicy/sepolicy/manpage.py | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a

[PATCH 10/19] sepolicy: Adapt to new the semodule list output

olicy/gui.py", line 670, in lockdown_init self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) KeyError: 'unconfined' Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- dbus/selinux_server.py | 4 ++-- gui/polgen

[PATCH 05/19] policycoreutils/sepolicy: boolean.png is in help/

Fixes: (sepolicy:2183): Gtk-WARNING **: Could not load image 'images/booleans.png': Failed to open file '/usr/lib64/python3.4/site-packages/sepolicy/images/booleans.png': No such file or directory Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/sepolicy

[PATCH 14/19] policycoreutils/sepolicy: Define our own cmp()

Fixes: Traceback (most recent call last): File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 1447, in stripsort return cmp(val1, val2) NameError: name 'cmp' is not defined Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/gui.py |

[PATCH 02/19] sepolicy: Fix spelling mistakes in commands in generated manpages

Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/manpage.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index 3ebdfeb7..bd5a64ac 100755 --- a/python/se

[PATCH 04/19] sepolicy: Move svirt man page out of libvirt into its own

From: Dan Walsh <dwa...@redhat.com> Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/manpage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index b26868

[PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS separated domains

From: Dan Walsh <dwa...@redhat.com> Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/manpage.py | 13 + 1 file changed, 13 insertions(+) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index 1af429

[PATCH 03/19] sepolicy: Add manpages for typealiased types

From: Dan Walsh <dwa...@redhat.com> Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- python/sepolicy/sepolicy/manpage.py | 45 + 1 file changed, 45 insertions(+) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolic

Several sepolicy fixes from Fedora

Hi, this is set of sepolicy fixes we use in Fedora. There are basically 2 groups of patches: 1. fixes which was pushed to Fedora few years ago and probably have not been sent upstream [PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS [PATCH 02/19] sepolicy: Fix spelling

Re: [PATCH] Python 3.6 invalid escape sequence deprecation fixes

self.add_dir("/var/lib/%s" % self.name) > > if os.path.isfile("/etc/rc.d/init.d/%s" % self.name): > -self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name) > +self.set_init_script(r"/etc/rc\.d/init\.d/%s&quo

Re: [PATCH] libsemanage: Perform access check using euid instead of uid

active store meaning it is managed >> @@ -650,13 +650,13 @@ int semanage_store_access_check(void) >> * write access necessary if the lock file does not exist >> */ >> path = semanage_files[SEMANAGE_READ_LOCK]; >> -if (access(path, R_OK) != 0) { >> +

[PATCH 2/2] libselinux: Rewrite restorecon() python method

status, context = matchpathcon(path, mode) FileNotFoundError: [Errno 2] No such file or directory Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- libselinux/src/selinuxswig_python.i | 42 +++-- 1 file changed, 17 insertions(+), 25 deletions(-) di

Rewrite restorecon python method

Hi. selinux.restorecon(path, recursive=True) uses matchpathcon() to get a label for a file and when the label is defined as <>,it throws a backtrace with error: "OSError: [Errno 2] No such file or directory" It creates a problem for scripts which tries to relabel whole directory tree when there

Re: Possible SELinux problem on Fedora 25 Install

On 12/13/2016 08:55 PM, Parker, Michael D. wrote: > I am getting the following messages during the last update concerning > SELinux packages...I do a pretty much vanilla install here and have not > modified any SELinux functionality...should I be concerned? > This is most likely a problem in

Re: [RFC] Split up policycoreutils

On 10/21/2016 07:47 PM, Stephen Smalley wrote: > Hi, > > policycoreutils started life as a small set of utilities that were > necessary or at least widely used in production on a SELinux system. > Over time though it has grown to include many optional components, and > even within a given

Re: [PATCH] libsemanage: use pp module headers as a source for a module name

On Fri, Sep 23, 2016 at 01:37:26PM -0400, James Carter wrote: > On 09/23/2016 12:05 PM, Petr Lautrbach wrote: > > On 09/23/2016 05:31 PM, James Carter wrote: > > > On 09/23/2016 05:23 AM, Petr Lautrbach wrote: > > > > When a user installs a module, the filen

Re: [PATCH] libsemanage: use pp module headers as a source for a module name

On Fri, Sep 23, 2016 at 01:37:26PM -0400, James Carter wrote: > On 09/23/2016 12:05 PM, Petr Lautrbach wrote: > > On 09/23/2016 05:31 PM, James Carter wrote: > > > On 09/23/2016 05:23 AM, Petr Lautrbach wrote: > > > > When a user installs a module, the filen

[PATCH 2/2] sandbox: create a new session for sandboxed processes

It helps to prevent sandboxed processes to inject arbitrary commands into the parent. Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- policycoreutils/sandbox/sandbox | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/policycoreutils/sandbox/san

[PATCH 1/2] sandbox: do not try setup directories without -X or -M

sandbox tried to copy all affected files to the new home or tmp even though -M or -X was not specified and there was no new directory. Fixes: $ sandbox ls ~ /usr/bin/sandbox: [Errno 17] File exists: '/root' Signed-off-by: Petr Lautrbach <plaut...@redhat.com> --- policycoreutils/sandbox/s

Re: [PATCH] libsemanage: use pp module headers as a source for a module name

On 09/23/2016 05:31 PM, James Carter wrote: > On 09/23/2016 05:23 AM, Petr Lautrbach wrote: >> When a user installs a module, the filename is used as the module name. >> This change was introduced with CIL language where a module name is not >> stored in the module itself. It

Re: sandox -X not working with recent Xephyr

-screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do export DISPLAY=:$D cat > ~/seremote << __EOF #!/bin/sh I'm not sure which one is correct. Petr -- Petr Lautrbach ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

  1   2   >