On 12/13/2016 08:55 PM, Parker, Michael D. wrote:
> I am getting the following messages during the last update concerning
> SELinux packages...I do a pretty much vanilla install here and have not
> modified any SELinux functionality...should I be concerned?
>
This is most likely a problem in cont
Hi.
selinux.restorecon(path, recursive=True) uses matchpathcon() to get a
label for a file and when the label is defined as <>,it throws a
backtrace with error:
"OSError: [Errno 2] No such file or directory"
It creates a problem for scripts which tries to relabel whole directory tree
when there
estorecon
status, context = matchpathcon(path, mode)
FileNotFoundError: [Errno 2] No such file or directory
Signed-off-by: Petr Lautrbach
---
libselinux/src/selinuxswig_python.i | 42 +++--
1 file changed, 17 insertions(+), 25 deletions(-)
diff --git a/libselinu
Signed-off-by: Petr Lautrbach
---
libselinux/src/selinuxswig.i | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libselinux/src/selinuxswig.i b/libselinux/src/selinuxswig.i
index c1e4ef7..687c43b 100644
--- a/libselinux/src/selinuxswig.i
+++ b/libselinux/src/selinuxswig.i
@@ -9,6 +9,7
On 01/09/2017 07:51 PM, Stephen Smalley wrote:
> On Mon, 2017-01-09 at 19:46 +0100, Guido Trentalancia wrote:
>> Hello,
>>
>> the patch has been motivated by the fact that libsemanage currently
>> searches for the user "system_u" in the passwd file and reports "user
>> system_u not in passwd file"
e store meaning it is managed
>> @@ -650,13 +650,13 @@ int semanage_store_access_check(void)
>> * write access necessary if the lock file does not exist
>> */
>> path = semanage_files[SEMANAGE_READ_LOCK];
>> -if (access(path, R_OK) != 0) {
>> +if (
self.add_dir("/var/lib/%s" % self.name)
>
> if os.path.isfile("/etc/rc.d/init.d/%s" % self.name):
> -self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name)
> +self.set_init_script(r"/etc/rc\.d/init\.d/%s" % self.name)
>
> # we don't want to have subdir in the .fc policy file
> # if we already specify labeling for parent dir
>
--
Petr Lautrbach
signature.asc
Description: OpenPGP digital signature
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Hi,
this is set of sepolicy fixes we use in Fedora.
There are basically 2 groups of patches:
1. fixes which was pushed to Fedora few years ago and probably have not been
sent upstream
[PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS
[PATCH 02/19] sepolicy: Fix spelling mistakes
From: Dan Walsh
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/manpage.py | 13 +
1 file changed, 13 insertions(+)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index 1af4295c..3ebdfeb7 100755
--- a/python/sepolicy/sepolicy
From: Dan Walsh
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/manpage.py | 45 +
1 file changed, 45 insertions(+)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index bd5a64ac..b268680a 100755
--- a
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/manpage.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index 3ebdfeb7..bd5a64ac 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b
From: Dan Walsh
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/manpage.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index b268680a..4cebb299 100755
--- a/python/sepolicy/sepolicy
ckages/sepolicy/gui.py", line 670, in
lockdown_init
self.enable_unconfined_button.set_active(not
self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'
Signed-off-by: Petr Lautrbach
---
dbus/selinux_server.py | 4 ++--
gui/polgengui.
Fixes:
(sepolicy:2183): Gtk-WARNING **: Could not load image 'images/booleans.png':
Failed to open file
'/usr/lib64/python3.4/site-packages/sepolicy/images/booleans.png': No such file
or directory
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/sepolicy.
Fixes python3 problem:
>>> print("Failed to retrieve rpm info for %s") % package
Failed to retrieve rpm info for %s
Traceback (most recent call last):
File "", line 1, in
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'
Si
Fixes:
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 1447, in
stripsort
return cmp(val1, val2)
NameError: name 'cmp' is not defined
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/gui.py | 10 -
From: Miroslav Grepl
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/templates/executable.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py
b/python/sepolicy/sepolicy/templates/executable.py
index 456a7ca8
lf._mcs_types()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 927, in
_mcs_types
attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
TypeError: 'generator' object is not subscriptable
Signed-off-by: Petr Lautrbach
---
python/s
From: Miroslav Grepl
Signed-off-by: Dan Walsh
---
python/sepolicy/sepolicy/templates/executable.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py
b/python/sepolicy/sepolicy/templates/executable.py
index 0db6b9cc..4cc5bf
From: Dan Walsh
Signed-off-by: Dan Walsh
---
python/sepolicy/sepolicy-generate.8 | 2 +-
python/sepolicy/sepolicy/templates/executable.py | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy-generate.8
b/python/sepolicy/sepolicy-generate.8
"attributes" used to be there when sepolicy.info() used setools3
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/__init__.py | 1 +
python/sepolicy/sepolicy/manpage.py | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/__in
line 651, in
call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError:
TypeError: 'dbus.String' does not support the buffer interface
Signed-off-by: Petr Lautrbach
---
dbus/selinux_server.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --g
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/gui.py | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 7f84b6f9..007c94a7 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python
in
populate_system_policy
types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path,
os.walk(selinux_path)))[0]
TypeError: 'map' object is not subscriptable
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/gui.py | 3 +--
1 file changed, 1 insertion(+), 2 delet
e ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'a' is not a valid RBACRuletype
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init_
filter() changed it's behavior among python 2 and python 3
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/__init__.py | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py
b/python/sepolicy/sepolicy/__init__.py
From: Dan Walsh
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/templates/executable.py | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py
b/python/sepolicy/sepolicy/templates/executable.py
fcb5d5c removed ../include from CFLAGS from libsepol/utils/Makefile so
that a build tool can't find sepol/sepol.h when libsepol is built on a
system without sepol.h in standard paths.
Fixes:
chkcon.c:1:10: fatal error: sepol/sepol.h: No such file or directory
#include
Signed-off-by:
The patch is wrong, please disregard.
I'm not sure about the right fix in order not to break gentoo use case.
I'd just revert fcb5d5c change in libsepol/utils/Makefile for now.
On 05/04/2017 04:08 PM, Petr Lautrbach wrote:
> fcb5d5c removed ../include from CFLAGS from libsepol/u
On 05/04/2017 07:50 PM, Dominick Grift wrote:
> On Thu, May 04, 2017 at 07:42:40PM +0200, Dominick Grift wrote:
>> On Thu, May 04, 2017 at 11:50:15AM -0400, Paul Moore wrote:
>>> On Wed, May 3, 2017 at 12:51 PM, Dominick Grift
>>> wrote:
On Wed, May 03, 2017 at 12:14:16PM -0400, Stephen Smal
directory
#include
$ make CFLAGS="" LDFLAGS=""
...
make -C utils
make[1]: Entering directory '/root/selinux/libsepol/utils'
cc -I../includechkcon.c -lsepol -o chkcon
/usr/bin/ld: cannot find -lsepol
collect2: error: ld returned 1 exit status
Signed-off-by: Petr L
Dne 4.5.2017 v 22:49 Stephen Smalley napsal(a):
> On Thu, 2017-05-04 at 16:22 +0200, Petr Lautrbach wrote:
>> The patch is wrong, please disregard.
>>
>> I'm not sure about the right fix in order not to break gentoo use
>> case.
>> I'd just revert fcb5d5
Dne 4.5.2017 v 23:12 Christian Göttsche via Selinux napsal(a):
> Add command line tool selinuxenforced to determine the current SELinux
> enforced via exit code.
> Useful for script usage or monitoring.
Could the following script do the work?
case $(getenforce) in
"Permissive") exit 1
;;
"E
For the motivation see
https://marc.info/?l=selinux&m=149435307518336&w=2
I've restarted building of Fedora packages based on latest SELinux
userspace code in Fedora COPR. Packages are built using the
https://gitlab.com/bachradsusi/selinux-rpm project.
There is a new selinux.spec [1] file whi
On 05/25/2017 07:44 AM, Dominick Grift wrote:
On Wed, May 24, 2017 at 04:40:55PM -0400, Stephen Smalley wrote:
On Wed, 2017-05-24 at 16:53 +0200, Dominick Grift wrote:
On Wed, May 24, 2017 at 04:33:16PM +0200, Dominick Grift wrote:
On Wed, May 24, 2017 at 04:22:08PM +0200, Petr Lautrbach
Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and spaces
in indentation what makes python3.6 unhappy.
Signed-off-by: Petr Lautrbach
---
libsemanage/utils/semanage_migrate_store | 4 ++--
python/semanage/seobject.py | 6 +++---
2 files changed, 5 insertions(+), 5
On Fri, May 26, 2017 at 10:36:59AM -0400, Stephen Smalley wrote:
> On Fri, 2017-05-26 at 16:09 +0200, Petr Lautrbach wrote:
> > Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and
> > spaces
> > in indentation what makes python3.6 unhappy.
>
> Thanks, appli
On Fri, May 26, 2017 at 04:09:51PM +0200, Petr Lautrbach wrote:
> Commits a3d2c7a 6a7a5aa introduced inconsistent use of tabs and spaces
> in indentation what makes python3.6 unhappy.
>
There's another python3 problem with using "print ". I'll resend another
patch wh
The following patches fix sepolicy python3 issues found by
`make test` in python/sepolicy
port_strings.sort(numcmp)
TypeError: must use keyword argument for key function
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy.py | 18 ++
1 file changed, 6 insertions(+), 12 deletions(-)
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index
", line 184, in
generate_compile_te
from templates import test_module
ModuleNotFoundError: No module named 'templates'
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/interface.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/se
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
There is a bug that needs to be fixed before the final release:
https://bugs.gentoo.org/show_bug.cgi?id=621762
I think the fix is just add override in utils/Makefile to the LDLIBS and
LDFLAGS
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
There is a bug that needs to be fixed before the final release:
https
On 06/20/2017 03:28 PM, Petr Lautrbach wrote:
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM +0800, Jason Zaman wrote:
There is a bug that needs to be fixed
On 06/20/2017 04:22 PM, Jason Zaman wrote:
On Tue, Jun 20, 2017 at 03:28:44PM +0200, Petr Lautrbach wrote:
On 06/20/2017 02:14 PM, Stephen Smalley wrote:
On Tue, 2017-06-20 at 12:54 +0200, Petr Lautrbach wrote:
On 06/18/2017 09:46 AM, Jason Zaman wrote:
On Sun, Jun 18, 2017 at 03:32:33PM
https://www.gnu.org/prep/standards/html_node/DESTDIR.html
DESTDIR should be supported only in the install* and uninstall*
targets, as those are the only targets where it is useful.
Signed-off-by: Petr Lautrbach
---
checkpolicy/Makefile | 20 +++
checkpolicy/test
On 06/21/2017 09:51 PM, Stephen Smalley wrote:
Hmm...seems like we're still using DESTDIR for more than just install.
So either the patch or the patch description isn't quite right.
The original usage of make DESTDIR in selinux was to support building
and installing to a private directory, so we
Signed-off-by: Petr Lautrbach
---
mcstrans/src/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 709e1e02..3f4a89c3 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -4,6 +4,7 @@ LIBDIR ?= $(PREFIX
0m10.532s
user0m10.368s
sys 0m0.114s
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/__init__.py | 62 --
python/sepolicy/sepolicy/manpage.py| 29
python/sepolicy/sepolicy/transition.py | 8 +++--
3 files changed, 73 inserti
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/manpage.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/python/sepolicy/sepolicy/manpage.py
b/python/sepolicy/sepolicy/manpage.py
index 6df6f431..4d846364 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy
Fixes:
File "python/sepolicy/sepolicy/manpage.py", line 373, in _gen_css
print("%s has been created") % style_css
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/manpage.p
Signed-off-by: Petr Lautrbach
---
python/sepolicy/test_sepolicy.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/test_sepolicy.py b/python/sepolicy/test_sepolicy.py
index 304e56f6..6d60d6f6 100644
--- a/python/sepolicy/test_sepolicy.py
+++ b/python/sepolicy
When libselinux is built using USE_PCRE2 libselinux.pc needs to require
libpcre2-8 instead of libpcre.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1487521
Signed-off-by: Petr Lautrbach
---
libselinux/Makefile | 11 ++-
libselinux/src/Makefile | 2
On Fri, Oct 13, 2017 at 03:31:39PM -0400, Stephen Smalley wrote:
> We still need to revisit the value proposition of file_contexts.bin
> after the move to pcre2, given the large increase in file size and the
> runtime overhead. We can add -r to the sefcontext_compile args via
> semanage.conf, but
/targeted/policy/policy.31:
No such file or directory
/sbin/load_policy: Can't load policy: No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such
file or directory).
FileNotFoundError: [Errno 2] No such file or directory
Signed-o
On Thu, Nov 02, 2017 at 09:52:25AM -0400, Stephen Smalley wrote:
> On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote:
> > When SELinux is disabled, semanage without -N fails with a quite
> > complicated
> > error message when it tries to reload a new policy. Since re
On Thu, Nov 02, 2017 at 10:48:31AM -0400, Stephen Smalley wrote:
> On Thu, 2017-11-02 at 15:17 +0100, Petr Lautrbach wrote:
> > On Thu, Nov 02, 2017 at 09:52:25AM -0400, Stephen Smalley wrote:
> > > On Thu, 2017-11-02 at 14:19 +0100, Petr Lautrbach wrote:
> > > > When
Signed-off-by: Petr Lautrbach
---
python/semanage/semanage | 74 +---
1 file changed, 14 insertions(+), 60 deletions(-)
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 313537c5..8acfc855 100644
--- a/python/semanage/semanage
ge_reload_policy: load_policy returned error code 2. (No such
file or directory).
FileNotFoundError: [Errno 2] No such file or directory
Signed-off-by: Petr Lautrbach
---
python/semanage/semanage| 15 +--
python/semanage/seobject.py | 11 ++-
2 files changed, 7 insertions(
In order to do that we need to propagate args into seobject objects and
use args.store to get a store name.
Signed-off-by: Petr Lautrbach
---
python/semanage/semanage| 40 +++--
python/semanage/seobject.py | 62 +++--
2 files
First two patches do a little cleanup and try to re factorize the code
used for seobject object initialization.
The 3rd patch changes the behavior in order to call
semanage_set_reload() only if -N is used.
On Mon, Nov 13, 2017 at 09:56:26AM +0100, Vit Mojzis wrote:
> Update Infiniband "port" and "key" listing and export to work on
> python3.
> {}.keys() does not support .sort() operation on Py3.
>
> Signed-off-by: Vit Mojzis
Both patches look good to me. I'll merge them tomorrow if there's no
othe
On Tue, Nov 14, 2017 at 09:33:54AM +0100, Petr Lautrbach wrote:
> On Mon, Nov 13, 2017 at 09:56:26AM +0100, Vit Mojzis wrote:
> > Update Infiniband "port" and "key" listing and export to work on
> > python3.
> > {}.keys() does not support .sort() oper
ctive/modules/400/permissive_sshd_t/cil
-rw-rw-rw-.
/var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext
drwx--. /var/lib/selinux/targeted/active/modules/disabled
-rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote
Signed-off-by: Petr Lautrbach
---
libsemanag
On Wed, Nov 15, 2017 at 02:25:53PM +0100, Lukas Vrabec wrote:
> Arguments generate and gui was mixed together and information didn't make
> sense. This fix split gui and generate sections.
>
> Signed-off-by: Lukas Vrabec
Applied, thanks.
> ---
> python/sepolicy/sepolicy.8 | 7 ---
> 1 fil
ctive/modules/400/permissive_sshd_t/cil
-rw-rw-rw-.
/var/lib/selinux/targeted/active/modules/400/permissive_sshd_t/lang_ext
drwx--. /var/lib/selinux/targeted/active/modules/disabled
-rw-rw-rw-. /var/lib/selinux/targeted/active/modules/disabled/zosremote
Signed-off-by: Petr Lautrbach
---
libsemanag
;/usr/share/system-config-selinux/booleansPage.py", line 142, in __init__
self.load(self.filter)
File "/usr/share/system-config-selinux/booleansPage.py", line 212, in load
self.booleans = seobject.booleanRecords()
TypeError: __init__() missing 1 required positional argumen
It's used by third parties, e.g. Ansible modules
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1527745
Signed-off-by: Petr Lautrbach
---
python/semanage/seobject.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
On Tue, Jan 09, 2018 at 12:24:12PM -0500, Stephen Smalley wrote:
> On Tue, 2018-01-09 at 16:56 +, Richard Haines wrote:
> > On Tue, 2018-01-09 at 10:11 -0500, Stephen Smalley wrote:
> > > On Mon, 2018-01-08 at 16:10 +0100, Vit Mojzis wrote:
> > > > Hi all,
> > > > there seems to be a discrepanc
On Mon, Jan 15, 2018 at 07:46:27AM -0800, William Roberts wrote:
> On Sun, Jan 14, 2018 at 7:34 AM, Richard Haines
> wrote:
> > Add new option to semanage.conf that allows the tmp build files
> > to be kept for debugging when building policy.
>
> How do people know where the tmp files are, does s
On Tue, Jan 16, 2018 at 09:23:21PM +0100, Marcus Folkesson wrote:
> Signed-off-by: Marcus Folkesson
> ---
> python/audit2allow/Makefile | 10 --
> python/chcat/Makefile | 8
> python/semanage/Makefile | 13 ++---
> python/sepolgen/s
On Wed, Jan 17, 2018 at 11:43:58AM +0100, Marcus Folkesson wrote:
> Hi,
>
> On Wed, Jan 17, 2018 at 11:11:35AM +0100, Petr Lautrbach wrote:
> > On Tue, Jan 16, 2018 at 09:23:21PM +0100, Marcus Folkesson wrote:
> > > Signed-off-by: Marcus Folkesson
> > > ---
&
On Sun, Jan 21, 2018 at 10:46:11PM +0100, Marcus Folkesson wrote:
> Signed-off-by: Marcus Folkesson
> ---
> python/audit2allow/Makefile | 17 ++---
> python/chcat/Makefile | 8
> python/semanage/Makefile | 11 +--
> python/sepol
On Tue, Jan 23, 2018 at 08:34:09PM +0100, Marcus Folkesson wrote:
> On Mon, Jan 22, 2018 at 09:50:36PM +0100, Nicolas Iooss wrote:
> > On 19/01/18 13:07, Marcus Folkesson wrote:
> > > Hi Nicolas!
> > >
> > > On Wed, Jan 17, 2018 at 11:12:56PM +0100, Nicolas Iooss wrote:
> > >> On Tue, Jan 16, 2018
On Thu, Jan 25, 2018 at 01:58:46PM -0800, Nicolas Iooss wrote:
> Hi,
> I sent a few hours ago these two patches on the mailing list, by as the first
> one seems to be blocked somewhere (I have only received back the second one),
> I am publishing them on Github too, as a Pull Request.
>
> These
Hi,
The following set of patches update polgengui.py, rename polgen.glade to
polgen.ui, convert it to new format, and fix some other sepolicy Python 3
related issues.
Thanks,
Petr
d
if self.on_in_net_page_next():
File "/usr/share/system-config-selinux/polgengui.py", line 701, in
on_in_net_page_next
generate.verify_ports(self.in_tcp_entry.get_text())
NameError: global name 'generate' is not defined
Signed-off-by: Petr Lautrbach
---
gui/p
map() returns an iterator in python3, list in python2
Fixes:
File "/usr/lib/python3.6/site-packages/sepolicy/generate.py", line 114, in
get_all_users
users.remove("system_u")
AttributeError: 'map' object has no attribute 'remove'
Signed-off-by: Petr
si/SELinuxProject-selinux/python/sepolicy/sepolicy/generate.py",
line 468, in set_use_syslog
if not isinstance(val, types.BooleanType):
AttributeError: module 'types' has no attribute 'BooleanType'
Signed-off-by: Petr Lautrbach
---
python/sepolicy/sepolicy/generate.p
On Sun, Feb 18, 2018 at 07:20:02PM +0100, Nicolas Iooss wrote:
> On Sun, Feb 18, 2018 at 7:09 PM, Nicolas Iooss wrote:
> > On Wed, Feb 14, 2018 at 10:53 AM, Petr Lautrbach
> > wrote:
> >> Hi,
> >>
> >> The following set of patches update polgengui
On Thu, Feb 22, 2018 at 04:31:46PM +0100, Petr Lautrbach wrote:
> On Sun, Feb 18, 2018 at 07:20:02PM +0100, Nicolas Iooss wrote:
> > On Sun, Feb 18, 2018 at 7:09 PM, Nicolas Iooss
> > wrote:
> > > On Wed, Feb 14, 2018 at 10:53 AM, Petr Lautrbach
> > > wr
Fixes:
/usr/share/system-config-selinux/polgengui.py:679: PyGIDeprecationWarning:
Deprecated, please use stop_emission_by_name.
entry.emit_stop_by_name("insert_text")
Signed-off-by: Petr Lautrbach
---
This is based on the set of patches related to polgengui.py:
https://marc.info/
On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote:
> > On 03/06/2018 04:19 PM, Stephen Smalley wrote:
> >> On 03/05/2018 05:16 PM, Nicolas Iooss wrote:
> >>> libselinux and libsemanage Makefiles invoke site.getsitepackages() in
>
On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote:
> On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> >> On Thu, Mar 8, 2018 at 8:34 PM, Stephen Smalley wrote:
> >>> On 03/06/2018 0
On Fri, Mar 09, 2018 at 03:39:13PM +0100, Petr Lautrbach wrote:
> On Fri, Mar 09, 2018 at 08:55:11AM -0500, Stephen Smalley wrote:
> > On 03/09/2018 07:25 AM, Petr Lautrbach wrote:
> > > On Thu, Mar 08, 2018 at 10:19:26PM +0100, Nicolas Iooss wrote:
> > >> On Thu, M
On Fri, Mar 09, 2018 at 10:51:20AM -0500, Stephen Smalley wrote:
> On 03/09/2018 10:39 AM, Vit Mojzis wrote:
> > access() uses real UID instead of effective UID which causes false
> > negative checks in setuid programs.
> > Replace access() calls (mostly tests for file existence) by stat().
> >
>
and
> libsemanage Makefiles use it. And as native code is installed (as part
> of the SWIG wrapper), use "plat_specific=1" in order to use /usr/lib64
> on systems which distinguish /usr/lib64 from /usr/lib.
>
> Signed-off-by: Nicolas Iooss
Looks good to me. Thanks!
On Fri, Mar 09, 2018 at 04:39:44PM +0100, Vit Mojzis wrote:
> access() uses real UID instead of effective UID which causes false
> negative checks in setuid programs.
> Replace access() calls (mostly tests for file existence) by stat().
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=118643
On 09/22/2015 06:20 PM, Stephen Smalley wrote:
> This improves the robustness of programs using selinux_check_access()
> in the face of policy updates that alter the values of the class or
> permissions that they are checking. Otherwise, a policy update can
> trigger false permission denials, as i
t;/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 353, in
__init__
self.hack_check_ifs(ifs)
File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 365, in
hack_check_ifs
params.sort(param_comp)
TypeError: must use keyword argument for ke
call last):
File "/usr/bin/sepolicy", line 647, in
args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'
Signed-off-by: Petr Lautrbach
---
policycoreutils/sepolicy/sepolicy.py | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-
rgs.type)
File "/selinux.git/policycoreutils/semanage/seobject.py", line 479, in delete
for n in name.split():
AttributeError: 'NoneType' object has no attribute 'split'
Signed-off-by: Petr Lautrbach
---
policycoreutils/semanage/semanage | 2 +-
1 file changed, 1 insert
Fixes Python 3 error:
AttributeError: module 'string' has no attribute 'join'
Based on a patch by Tomas Radej
Signed-off-by: Petr Lautrbach
---
policycoreutils/semanage/seobject.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policycoreutils/
: semanage permissive -l
usage: semanage permissive [-h] (-a | -d | -l) [-n] [-N] [-S STORE]
type [type ...]
semanage permissive: error: the following arguments are required: type
Signed-off-by: Petr Lautrbach
---
policycoreutils/semanage/semanage | 16 +
From: Dan Walsh
Return errno EINVAL, to prevent segfault.
Signed-off-by: Petr Lautrbach
---
libselinux/src/avc_sidtab.c | 5 +
libselinux/src/canonicalize_context.c | 5 +
libselinux/src/check_context.c| 5 +
libselinux/src/compute_av.c | 5
From: Dan Walsh
Signed-off-by: Petr Lautrbach
---
libselinux/man/man3/getfscreatecon.3 | 5 +
libselinux/man/man3/getkeycreatecon.3 | 4
libselinux/man/man3/getsockcreatecon.3 | 5 +
3 files changed, 14 insertions(+)
diff --git a/libselinux/man/man3/getfscreatecon.3
b
fined
symbol: rpm_execcon
Signed-off-by: Petr Lautrbach
---
libselinux/include/selinux/selinux.h | 2 ++
libselinux/src/Makefile | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/libselinux/include/selinux/selinux.h
b/libselinux/include/selinux/selinux.h
index 4b
ow that, sorry.
I'll mark this patch as upstream rejected, Fedora downstream only; to
prevent future attempts to re-send it again.
Thanks,
Petr
>
> On 12/09/2015 03:47 PM, Petr Lautrbach wrote:
>> From: Dan Walsh
>>
>> Return errno EINVAL, to prevent se
reserver_port_t was omitted in 'semanage port -l'. There seems to be no
reason for that nowadays therefore we can list it.
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1225806
Signed-off-by: Petr Lautrbach
---
policycoreutils/semanage/seobject.py | 4
1 file changed, 4
ted by upstream
I'm going to push this one to Fedora Rawhide during this week.
Feel free to use and test both sets.
Petr
--
Petr Lautrbach
signature.asc
Description: OpenPGP digital signature
___
Selinux mailing list
Selinux@tycho.nsa.gov
T
1 - 100 of 165 matches
Mail list logo
