* Current upstreamable patch set from Fedora
@ 2013-11-08 13:17 Dan Walsh
2013-11-08 13:17 ` [PATCH 01/08] Call proper dbus function Dan Walsh
` (6 more replies)
0 siblings, 7 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux
[PATCH 01/08] Call proper dbus function
[PATCH 02/08] Only return writeable files that are enabled
[PATCH 03/08] Add domain to short list of domains, when -t and -d
[PATCH 04/08] Fix up desktop files to match current standards
[PATCH 05/08] Add support to return sesitivities and cats for python
[PATCH 06/08] Update po
[PATCH 07/08] Cleanup whitespace
[PATCH 08/08] Add message to tell user to install sandbox policy
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 01/08] Call proper dbus function
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 13:17 ` [PATCH 02/08] Only return writeable files that are enabled Dan Walsh
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/sepolicy/sepolicy/gui.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py
index 0123e6c..94ddb72 100644
--- a/policycoreutils/sepolicy/sepolicy/gui.py
+++ b/policycoreutils/sepolicy/sepolicy/gui.py
@@ -2727,7 +2727,7 @@ class SELinuxGui():
if not active and not exists:
return
try:
- self.dbus.relabel_on_boots(active)
+ self.dbus.relabel_on_boot(active)
except dbus.exceptions.DBusException, e:
self.error(e)
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 02/08] Only return writeable files that are enabled
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
2013-11-08 13:17 ` [PATCH 01/08] Call proper dbus function Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 13:17 ` [PATCH 03/08] Add domain to short list of domains, when -t and -d used together Dan Walsh
` (4 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/sepolicy/sepolicy/__init__.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index fd95c16..679725d 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -141,6 +141,9 @@ def get_writable_files(setype):
for i in permlist:
if i['target'] in attributes:
continue
+ if "enabled" in i:
+ if not i["enabled"]:
+ continue
if i['target'].endswith("_t"):
if i['target'] not in file_types:
continue
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 03/08] Add domain to short list of domains, when -t and -d used together
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
2013-11-08 13:17 ` [PATCH 01/08] Call proper dbus function Dan Walsh
2013-11-08 13:17 ` [PATCH 02/08] Only return writeable files that are enabled Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 13:17 ` [PATCH 04/08] Fix up desktop files to match current standards Dan Walsh
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/sepolicy/sepolicy/gui.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py
index 94ddb72..5ca87b9 100644
--- a/policycoreutils/sepolicy/sepolicy/gui.py
+++ b/policycoreutils/sepolicy/sepolicy/gui.py
@@ -484,6 +484,8 @@ class SELinuxGui():
path = None
if test:
domains = [ "httpd_t", "abrt_t" ]
+ if app and app not in domains:
+ domains.append(app)
else:
domains = sepolicy_domains
loading_gui.show()
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 04/08] Fix up desktop files to match current standards
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
` (2 preceding siblings ...)
2013-11-08 13:17 ` [PATCH 03/08] Add domain to short list of domains, when -t and -d used together Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 13:17 ` [PATCH 05/08] Add support to return sesitivities and cats for python bindings Dan Walsh
` (2 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Encoding is depracated
Keywords is depracated
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/gui/selinux-polgengui.desktop | 1 -
policycoreutils/gui/system-config-selinux.desktop | 1 -
policycoreutils/restorecond/restorecond.desktop | 1 -
3 files changed, 3 deletions(-)
diff --git a/policycoreutils/gui/selinux-polgengui.desktop b/policycoreutils/gui/selinux-polgengui.desktop
index 0c2f399..bbcb18f 100644
--- a/policycoreutils/gui/selinux-polgengui.desktop
+++ b/policycoreutils/gui/selinux-polgengui.desktop
@@ -64,4 +64,3 @@ Type=Application
Terminal=false
Categories=System;Security;
X-Desktop-File-Install-Version=0.2
-Keywords=policy;security;selinux;avc;permission;mac;
diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop
index 8822ce2..befdb23 100644
--- a/policycoreutils/gui/system-config-selinux.desktop
+++ b/policycoreutils/gui/system-config-selinux.desktop
@@ -64,4 +64,3 @@ Type=Application
Terminal=false
Categories=System;Security;
X-Desktop-File-Install-Version=0.2
-Keywords=policy;security;selinux;avc;permission;mac;
diff --git a/policycoreutils/restorecond/restorecond.desktop b/policycoreutils/restorecond/restorecond.desktop
index 89201e1..af72868 100644
--- a/policycoreutils/restorecond/restorecond.desktop
+++ b/policycoreutils/restorecond/restorecond.desktop
@@ -2,7 +2,6 @@
Name=File Context maintainer
Exec=/usr/sbin/restorecond -u
Comment=Fix file context in owned by the user
-Encoding=UTF-8
Type=Application
StartupNotify=false
X-GNOME-Autostart-enabled=false
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 05/08] Add support to return sesitivities and cats for python bindings.
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
` (3 preceding siblings ...)
2013-11-08 13:17 ` [PATCH 04/08] Fix up desktop files to match current standards Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 13:17 ` [PATCH 07/08] Cleanup whitespace Dan Walsh
2013-11-08 13:17 ` [PATCH 08/08] Add message to tell user to install sandbox policy package Dan Walsh
6 siblings, 0 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/sepolicy/info.c | 300 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 290 insertions(+), 10 deletions(-)
diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
index cd1026a..b353f2c 100644
--- a/policycoreutils/sepolicy/info.c
+++ b/policycoreutils/sepolicy/info.c
@@ -54,13 +54,13 @@
enum input
{
- TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS
+ TYPE, ATTRIBUTE, ROLE, USER, PORT, BOOLEAN, CLASS, SENS, CATS
};
static int py_insert_long(PyObject *dict, const char *name, int value)
{
int rt;
- PyObject *obj = PyInt_FromLong(value);
+ PyObject *obj = PyLong_FromLong(value);
if (!obj) return -1;
rt = PyDict_SetItemString(dict, name, obj);
Py_DECREF(obj);
@@ -78,9 +78,287 @@ static int py_insert_bool(PyObject *dict, const char *name, int value)
}
/**
+ * Get a policy's MLS sensitivities.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular sensitivity; otherwise
+ * the function gets statistics about all of the policy's
+ * sensitivities.
+ *
+ * @param name Reference to a sensitivity's name; if NULL,
+ * all sensitivities will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_sens(const char *name, const apol_policy_t * policydb)
+{
+ PyObject *dict = NULL;
+ int error = 0;
+ int rt = 0;
+ size_t i;
+ char *tmp = NULL;
+ const char *lvl_name = NULL;
+ apol_level_query_t *query = NULL;
+ apol_vector_t *v = NULL;
+ const qpol_level_t *level = NULL;
+ apol_mls_level_t *ap_mls_lvl = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+
+ query = apol_level_query_create();
+ if (!query)
+ goto cleanup;
+ if (apol_level_query_set_sens(policydb, query, name))
+ goto cleanup;
+ if (apol_level_get_by_query(policydb, query, &v))
+ goto cleanup;
+
+ dict = PyDict_New();
+ if (!dict) goto err;
+ for (i = 0; i < apol_vector_get_size(v); i++) {
+ level = apol_vector_get_element(v, i);
+ if (qpol_level_get_name(q, level, &lvl_name))
+ goto err;
+ ap_mls_lvl = (apol_mls_level_t *) apol_mls_level_create_from_qpol_level_datum(policydb, level);
+ tmp = apol_mls_level_render(policydb, ap_mls_lvl);
+ apol_mls_level_destroy(&ap_mls_lvl);
+ if (!tmp)
+ goto cleanup;
+ if (py_insert_string(dict, lvl_name, tmp))
+ goto err;
+ free(tmp); tmp = NULL;
+ if (rt) goto err;
+ }
+
+ if (name && !apol_vector_get_size(v)) {
+ goto cleanup;
+ }
+
+ goto cleanup;
+err:
+ error = errno;
+ PyErr_SetString(PyExc_RuntimeError,strerror(error));
+ py_decref(dict); dict = NULL;
+cleanup:
+ free(tmp);
+ apol_level_query_destroy(&query);
+ apol_vector_destroy(&v);
+ errno = error;
+ return dict;
+}
+
+/**
+ * Compare two qpol_cat_datum_t objects.
+ * This function is meant to be passed to apol_vector_compare
+ * as the callback for performing comparisons.
+ *
+ * @param datum1 Reference to a qpol_type_datum_t object
+ * @param datum2 Reference to a qpol_type_datum_t object
+ * @param data Reference to a policy
+ * @return Greater than 0 if the first argument is less than the second argument,
+ * less than 0 if the first argument is greater than the second argument,
+ * 0 if the arguments are equal
+ */
+static int qpol_cat_datum_compare(const void *datum1, const void *datum2, void *data)
+{
+ const qpol_cat_t *cat_datum1 = NULL, *cat_datum2 = NULL;
+ apol_policy_t *policydb = NULL;
+ qpol_policy_t *q;
+ uint32_t val1, val2;
+
+ policydb = (apol_policy_t *) data;
+ q = apol_policy_get_qpol(policydb);
+ assert(policydb);
+
+ if (!datum1 || !datum2)
+ goto exit_err;
+ cat_datum1 = datum1;
+ cat_datum2 = datum2;
+
+ if (qpol_cat_get_value(q, cat_datum1, &val1))
+ goto exit_err;
+ if (qpol_cat_get_value(q, cat_datum2, &val2))
+ goto exit_err;
+
+ return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1);
+
+ exit_err:
+ assert(0);
+ return 0;
+}
+
+/**
+ * Compare two qpol_level_datum_t objects.
+ * This function is meant to be passed to apol_vector_compare
+ * as the callback for performing comparisons.
+ *
+ * @param datum1 Reference to a qpol_level_datum_t object
+ * @param datum2 Reference to a qpol_level_datum_t object
+ * @param data Reference to a policy
+ * @return Greater than 0 if the first argument is less than the second argument,
+ * less than 0 if the first argument is greater than the second argument,
+ * 0 if the arguments are equal
+ */
+static int qpol_level_datum_compare(const void *datum1, const void *datum2, void *data)
+{
+ const qpol_level_t *lvl_datum1 = NULL, *lvl_datum2 = NULL;
+ apol_policy_t *policydb = NULL;
+ qpol_policy_t *q;
+ uint32_t val1, val2;
+
+ policydb = (apol_policy_t *) data;
+ assert(policydb);
+ q = apol_policy_get_qpol(policydb);
+
+ if (!datum1 || !datum2)
+ goto exit_err;
+ lvl_datum1 = datum1;
+ lvl_datum2 = datum2;
+
+ if (qpol_level_get_value(q, lvl_datum1, &val1))
+ goto exit_err;
+ if (qpol_level_get_value(q, lvl_datum2, &val2))
+ goto exit_err;
+
+ return (val1 > val2) ? 1 : ((val1 == val2) ? 0 : -1);
+
+ exit_err:
+ assert(0);
+ return 0;
+}
+
+/**
+ * Gets a textual representation of a MLS category and
+ * all of that category's sensitivies.
+ *
+ * @param type_datum Reference to sepol type_datum
+ * @param policydb Reference to a policy
+ */
+static PyObject* get_cat_sens(const qpol_cat_t * cat_datum, const apol_policy_t * policydb)
+{
+ const char *cat_name, *lvl_name;
+ apol_level_query_t *query = NULL;
+ apol_vector_t *v = NULL;
+ const qpol_level_t *lvl_datum = NULL;
+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
+ size_t i, n_sens = 0;
+ int error = 0;
+ PyObject *list = NULL;
+ PyObject *dict = PyDict_New();
+ if (!dict) goto err;
+ if (!cat_datum || !policydb)
+ goto err;
+
+ /* get category name for apol query */
+ if (qpol_cat_get_name(q, cat_datum, &cat_name))
+ goto cleanup;
+
+ query = apol_level_query_create();
+ if (!query)
+ goto err;
+ if (apol_level_query_set_cat(policydb, query, cat_name))
+ goto err;
+ if (apol_level_get_by_query(policydb, query, &v))
+ goto err;
+ apol_vector_sort(v, &qpol_level_datum_compare, (void *)policydb);
+ dict = PyDict_New();
+ if (!dict) goto err;
+ if (py_insert_string(dict, "name", cat_name))
+ goto err;
+ n_sens = apol_vector_get_size(v);
+ list = PyList_New(0);
+ if (!list) goto err;
+ for (i = 0; i < n_sens; i++) {
+ lvl_datum = (qpol_level_t *) apol_vector_get_element(v, i);
+ if (!lvl_datum)
+ goto err;
+ if (qpol_level_get_name(q, lvl_datum, &lvl_name))
+ goto err;
+ if (py_append_string(list, lvl_name))
+ goto err;
+ }
+ if (py_insert_obj(dict, "level", list))
+ goto err;
+ Py_DECREF(list);
+
+ goto cleanup;
+err:
+ error = errno;
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ py_decref(list); list = NULL;
+ py_decref(dict); dict = NULL;
+cleanup:
+ apol_level_query_destroy(&query);
+ apol_vector_destroy(&v);
+ errno = error;
+ return dict;
+}
+
+/**
+ * Prints statistics regarding a policy's MLS categories.
+ * If this function is given a name, it will attempt to
+ * get statistics about a particular category; otherwise
+ * the function gets statistics about all of the policy's
+ * categories.
+ *
+ * @param name Reference to a MLS category's name; if NULL,
+ * all categories will be considered
+ * @param policydb Reference to a policy
+ *
+ * @return 0 on success, < 0 on error.
+ */
+static PyObject* get_cats(const char *name, const apol_policy_t * policydb)
+{
+ PyObject *obj = NULL;
+ apol_cat_query_t *query = NULL;
+ apol_vector_t *v = NULL;
+ const qpol_cat_t *cat_datum = NULL;
+ size_t i, n_cats;
+ int error = 0;
+ int rt;
+ PyObject *list = PyList_New(0);
+ if (!list) goto err;
+
+ query = apol_cat_query_create();
+ if (!query)
+ goto err;
+ if (apol_cat_query_set_cat(policydb, query, name))
+ goto err;
+ if (apol_cat_get_by_query(policydb, query, &v))
+ goto err;
+ n_cats = apol_vector_get_size(v);
+ apol_vector_sort(v, &qpol_cat_datum_compare, (void *)policydb);
+
+ for (i = 0; i < n_cats; i++) {
+ cat_datum = apol_vector_get_element(v, i);
+ if (!cat_datum)
+ goto err;
+ obj = get_cat_sens(cat_datum, policydb);
+ if (!obj)
+ goto err;
+ rt = py_append_obj(list, obj);
+ Py_DECREF(obj);
+ if (rt) goto err;
+ }
+
+ if (name && !n_cats) {
+ goto err;
+ }
+
+ goto cleanup;
+err:
+ error = errno;
+ PyErr_SetString(PyExc_RuntimeError,strerror(errno));
+ py_decref(list); list = NULL;
+cleanup:
+ apol_cat_query_destroy(&query);
+ apol_vector_destroy(&v);
+ errno = error;
+ return list;
+}
+
+/**
* Get the alias of a type.
*
- * @param fp Reference to a file to which to get type information
* @param type_datum Reference to sepol type_datum
* @param policydb Reference to a policy
* attributes
@@ -315,7 +593,7 @@ cleanup:
return list;
}
-static PyObject* get_type( const qpol_type_t * type_datum, const apol_policy_t * policydb) {
+static PyObject* get_type(const qpol_type_t * type_datum, const apol_policy_t * policydb) {
PyObject *obj;
qpol_policy_t *q = apol_policy_get_qpol(policydb);
@@ -370,11 +648,8 @@ cleanup:
* get statistics about a particular boolean; otherwise
* the function gets statistics about all of the policy's booleans.
*
- * @param fp Reference to a file to which to print statistics
* @param name Reference to a boolean's name; if NULL,
* all booleans will be considered
- * @param expand Flag indicating whether to print each
- * boolean's default state
* @param policydb Reference to a policy
*
* @return new reference, or NULL (setting an exception)
@@ -536,11 +811,8 @@ cleanup:
* Prints a textual representation of an object class and possibly
* all of that object class' permissions.
*
- * @param fp Reference to a file to which to print object class information
* @param type_datum Reference to sepol type_datum
* @param policydb Reference to a policy
- * @param expand Flag indicating whether to print each object class'
- * permissions
*/
static PyObject* get_class(const qpol_class_t * class_datum, const apol_policy_t * policydb)
{
@@ -1066,6 +1338,12 @@ PyObject* info( int type, const char *name)
case PORT:
output = get_ports(name, policy);
break;
+ case SENS:
+ output = get_sens(name, policy);
+ break;
+ case CATS:
+ output = get_cats(name, policy);
+ break;
default:
errno = EINVAL;
PyErr_SetString(PyExc_RuntimeError,strerror(errno));
@@ -1098,4 +1376,6 @@ void init_info (PyObject *m) {
PyModule_AddIntConstant(m, "USER", USER);
PyModule_AddIntConstant(m, "CLASS", CLASS);
PyModule_AddIntConstant(m, "BOOLEAN", BOOLEAN);
+ PyModule_AddIntConstant(m, "SENS", SENS);
+ PyModule_AddIntConstant(m, "CATS", CATS);
}
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 07/08] Cleanup whitespace
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
` (4 preceding siblings ...)
2013-11-08 13:17 ` [PATCH 05/08] Add support to return sesitivities and cats for python bindings Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 13:17 ` [PATCH 08/08] Add message to tell user to install sandbox policy package Dan Walsh
6 siblings, 0 replies; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/setsebool/setsebool.8 | 1 -
policycoreutils/setsebool/setsebool.c | 4 ++--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/policycoreutils/setsebool/setsebool.8 b/policycoreutils/setsebool/setsebool.8
index 7338f15..916a58c 100644
--- a/policycoreutils/setsebool/setsebool.8
+++ b/policycoreutils/setsebool/setsebool.8
@@ -20,7 +20,6 @@ the policy file on disk. So they will be persistent across reboots.
If the \-N option is given, the policy on disk is not reloaded into the kernel.
-
If the \-V option is given, verbose error messages will be printed from semanage libraries.
diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c
index 89412d0..b101f08 100644
--- a/policycoreutils/setsebool/setsebool.c
+++ b/policycoreutils/setsebool/setsebool.c
@@ -53,10 +53,10 @@ int main(int argc, char **argv)
permanent = 1;
break;
case 'N':
- reload = 0;
+ reload = 0;
break;
case 'V':
- verbose = 1;
+ verbose = 1;
break;
default:
usage();
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 08/08] Add message to tell user to install sandbox policy package.
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
` (5 preceding siblings ...)
2013-11-08 13:17 ` [PATCH 07/08] Cleanup whitespace Dan Walsh
@ 2013-11-08 13:17 ` Dan Walsh
2013-11-08 21:10 ` Stephen Smalley
6 siblings, 1 reply; 10+ messages in thread
From: Dan Walsh @ 2013-11-08 13:17 UTC (permalink / raw)
To: sds, eparis; +Cc: selinux, Dan Walsh
Sandbox policy is huge do to macro expansion. We do not install this by default
but sandbox command can fail without it installed. This patch prints a message to the
user to install the package.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
policycoreutils/sandbox/sandbox | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
index fb5a24c..3668abe 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -356,7 +356,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
try:
sepolicy.info(sepolicy.TYPE, "sandbox_t")
except RuntimeError:
- raise ValueError(_("Sandbox Policy is currently disabled.\nYou need to enable the policy by executing the following as root\n# semodule -e sandbox"))
+ raise ValueError(_("Sandbox Policy is not currently installed.\nYou need to install the selinux-policy-sandbox package in order to run this command"))
if self.__options.setype:
self.setype = self.__options.setype
--
1.8.4.2
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 08/08] Add message to tell user to install sandbox policy package.
2013-11-08 13:17 ` [PATCH 08/08] Add message to tell user to install sandbox policy package Dan Walsh
@ 2013-11-08 21:10 ` Stephen Smalley
2013-11-08 22:36 ` Daniel J Walsh
0 siblings, 1 reply; 10+ messages in thread
From: Stephen Smalley @ 2013-11-08 21:10 UTC (permalink / raw)
To: Dan Walsh, eparis; +Cc: selinux
On 11/08/2013 08:17 AM, Dan Walsh wrote:
> Sandbox policy is huge do to macro expansion. We do not install this by default
> but sandbox command can fail without it installed. This patch prints a message to the
> user to install the package.
>
> Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Thanks, applied to #next. Did not receive patch 06/08.
patch 01/08 looked like a bug fix that should get pushed as an update, yes?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 08/08] Add message to tell user to install sandbox policy package.
2013-11-08 21:10 ` Stephen Smalley
@ 2013-11-08 22:36 ` Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2013-11-08 22:36 UTC (permalink / raw)
To: Stephen Smalley, eparis; +Cc: selinux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/08/2013 04:10 PM, Stephen Smalley wrote:
> On 11/08/2013 08:17 AM, Dan Walsh wrote:
>> Sandbox policy is huge do to macro expansion. We do not install this by
>> default but sandbox command can fail without it installed. This patch
>> prints a message to the user to install the package.
>>
>> Signed-off-by: Dan Walsh <dwalsh@redhat.com>
>
> Thanks, applied to #next. Did not receive patch 06/08. patch 01/08 looked
> like a bug fix that should get pushed as an update, yes?
>
>
Yes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJ9Z3sACgkQrlYvE4MpobNUlQCgrCVMPpmgZbd53nIogRXYgf9D
i/wAnjVV9AK2RRtJ+XF4ECw6RjH8ukVe
=R2Le
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2013-11-08 22:36 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-08 13:17 Current upstreamable patch set from Fedora Dan Walsh
2013-11-08 13:17 ` [PATCH 01/08] Call proper dbus function Dan Walsh
2013-11-08 13:17 ` [PATCH 02/08] Only return writeable files that are enabled Dan Walsh
2013-11-08 13:17 ` [PATCH 03/08] Add domain to short list of domains, when -t and -d used together Dan Walsh
2013-11-08 13:17 ` [PATCH 04/08] Fix up desktop files to match current standards Dan Walsh
2013-11-08 13:17 ` [PATCH 05/08] Add support to return sesitivities and cats for python bindings Dan Walsh
2013-11-08 13:17 ` [PATCH 07/08] Cleanup whitespace Dan Walsh
2013-11-08 13:17 ` [PATCH 08/08] Add message to tell user to install sandbox policy package Dan Walsh
2013-11-08 21:10 ` Stephen Smalley
2013-11-08 22:36 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.