* [PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS separated domains
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 02/19] sepolicy: Fix spelling mistakes in commands in generated manpages Petr Lautrbach
` (17 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 1af4295c..3ebdfeb7 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -504,6 +504,7 @@ class ManPage:
self._booleans()
self._port_types()
+ self._mcs_types()
self._writes()
self._footer()
@@ -527,6 +528,7 @@ class ManPage:
self._header()
self._entrypoints()
self._process_types()
+ self._mcs_types()
self._booleans()
self._nsswitch_domain()
self._port_types()
@@ -923,6 +925,17 @@ All executeables with the default executable label, usually stored in /usr/bin a
self.fd.write("""
%s""" % ", ".join(paths))
+ def _mcs_types(self):
+ attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
+ if "mcs_constrained_type" not in attributes:
+ return
+ self.fd.write ("""
+.SH "MCS Constrained"
+The SELinux process type %(type)s_t is an MCS (Multi Category Security) constrained type. Sometimes this separation is referred to as sVirt. These types are usually used for securing multi-tenant environments, such as virtualization, containers or separation of users. The tools used to launch MCS types, pick out a different MCS label for each process group.
+
+For example one process might be launched with %(type)s_t:s0:c1,c2, and another process launched with %(type)s_t:s0:c3,c4. The SELinux kernel only allows these processes can only write to content with a matching MCS label, or a MCS Label of s0. A process running with the MCS level of s0:c1,c2 is not allowed to write to content with the MCS label of s0:c3,c4
+""" % {'type': self.domainname})
+
def _writes(self):
permlist = sepolicy.search([sepolicy.ALLOW], {'source': self.type, 'permlist': ['open', 'write'], 'class': 'file'})
if permlist is None or len(permlist) == 0:
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 02/19] sepolicy: Fix spelling mistakes in commands in generated manpages
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
2017-05-03 10:30 ` [PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS separated domains Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 03/19] sepolicy: Add manpages for typealiased types Petr Lautrbach
` (16 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 3ebdfeb7..bd5a64ac 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -1172,7 +1172,7 @@ Three things can happen when %(type)s attempts to execute a program.
Execute the following to see the types that the SELinux user %(type)s can execute without transitioning:
-.B search -A -s %(type)s -c file -p execute_no_trans
+.B sesearch -A -s %(type)s -c file -p execute_no_trans
.TP
@@ -1180,7 +1180,7 @@ Execute the following to see the types that the SELinux user %(type)s can execut
Execute the following to see the types that the SELinux user %(type)s can execute and transition:
-.B $ search -A -s %(type)s -c process -p transition
+.B $ sesearch -A -s %(type)s -c process -p transition
""" % {'user': self.domainname, 'type': self.type})
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 03/19] sepolicy: Add manpages for typealiased types
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
2017-05-03 10:30 ` [PATCH 01/19] policycoreutils/sepolicy: Add documentation for MCS separated domains Petr Lautrbach
2017-05-03 10:30 ` [PATCH 02/19] sepolicy: Fix spelling mistakes in commands in generated manpages Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 04/19] sepolicy: Move svirt man page out of libvirt into its own Petr Lautrbach
` (15 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 45 +++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index bd5a64ac..b268680a 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -30,6 +30,13 @@ import sepolicy
import os
import time
+typealias_types = {
+"antivirus_t":("amavis_t", "clamd_t", "clamscan_t", "freshclam_t"),
+"cluster_t":("rgmanager_t", "corosync_t", "aisexec_t", "pacemaker_t"),
+"svirt_t":("qemu_t"),
+"httpd_t":("phpfpm_t"),
+}
+
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt", "svirt", "svirt_tcg", "svirt_lxc_t", "svirt_lxc_net_t"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
equiv_dirs = ["/var"]
@@ -523,6 +530,16 @@ class ManPage:
self._get_ptypes()
for domain_type in self.ptypes:
+ try:
+ if typealias_types[domain_type]:
+ fd = self.fd
+ man_page_path = self.man_page_path
+ for t in typealias_types[domain_type]:
+ self._typealias_gen_man(t)
+ self.fd = fd
+ self.man_page_path = man_page_path
+ except KeyError:
+ continue;
self.attributes[domain_type] = sepolicy.info(sepolicy.TYPE, ("%s") % domain_type)[0]["attributes"]
self._header()
@@ -542,6 +559,34 @@ class ManPage:
if f.startswith(self.short_name) or f.startswith(self.domainname):
self.ptypes.append(f)
+ def _typealias_gen_man(self, t):
+ self.man_page_path = "%s/%s_selinux.8" % (self.path, t[:-2])
+ self.ports = []
+ self.booltext = ""
+ self.fd = open(self.man_page_path, 'w')
+ self._typealias(t[:-2])
+ self._footer()
+ self.fd.close()
+
+ def _typealias(self,typealias):
+ self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
+ % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
+ self.fd.write(r"""
+.SH "NAME"
+%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
+.SH "DESCRIPTION"
+
+%(typealias)s_t SELinux domain type is now associated with %(domainname)s domain type (%(domainname)s_t).
+""" % {'typealias':typealias, 'domainname':self.domainname})
+
+ self.fd.write(r"""
+Please see
+
+.B %(domainname)s_selinux
+
+man page for more details.
+""" % {'domainname':self.domainname})
+
def _header(self):
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
% {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 04/19] sepolicy: Move svirt man page out of libvirt into its own
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (2 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 03/19] sepolicy: Add manpages for typealiased types Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 05/19] policycoreutils/sepolicy: boolean.png is in help/ Petr Lautrbach
` (14 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index b268680a..4cebb299 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -37,7 +37,7 @@ typealias_types = {
"httpd_t":("phpfpm_t"),
}
-equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt", "svirt", "svirt_tcg", "svirt_lxc_t", "svirt_lxc_net_t"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
+equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
equiv_dirs = ["/var"]
modules_dict = None
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 05/19] policycoreutils/sepolicy: boolean.png is in help/
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (3 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 04/19] sepolicy: Move svirt man page out of libvirt into its own Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 06/19] Fix up generation of application policy Petr Lautrbach
` (13 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
Fixes:
(sepolicy:2183): Gtk-WARNING **: Could not load image 'images/booleans.png': Failed to open file '/usr/lib64/python3.4/site-packages/sepolicy/images/booleans.png': No such file or directory
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/sepolicy.glade | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/sepolicy.glade b/python/sepolicy/sepolicy/sepolicy.glade
index e7d96f98..8f6ad650 100644
--- a/python/sepolicy/sepolicy/sepolicy.glade
+++ b/python/sepolicy/sepolicy/sepolicy.glade
@@ -1043,7 +1043,7 @@
<object class="GtkImage" id="help_image">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="pixbuf">images/booleans.png</property>
+ <property name="pixbuf">help/booleans.png</property>
</object>
<packing>
<property name="expand">False</property>
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 06/19] Fix up generation of application policy
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (4 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 05/19] policycoreutils/sepolicy: boolean.png is in help/ Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 07/19] sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin Petr Lautrbach
` (12 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
python/sepolicy/sepolicy-generate.8 | 2 +-
python/sepolicy/sepolicy/templates/executable.py | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy-generate.8 b/python/sepolicy/sepolicy-generate.8
index 2e674568..0c5f998f 100644
--- a/python/sepolicy/sepolicy-generate.8
+++ b/python/sepolicy/sepolicy-generate.8
@@ -13,7 +13,7 @@ Common options
Confined Applications
.br
-.B sepolicy generate \-\-application [\-n NAME] command [\-w WRITE_PATH ]
+.B sepolicy generate \-\-application [\-n NAME] [\-u USER ]command [\-w WRITE_PATH ]
.br
.B sepolicy generate \-\-cgi [\-n NAME] command [\-w WRITE_PATH ]
.br
diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py
index 4b9534d3..0db6b9cc 100644
--- a/python/sepolicy/sepolicy/templates/executable.py
+++ b/python/sepolicy/sepolicy/templates/executable.py
@@ -86,6 +86,7 @@ roleattribute system_r TEMPLATETYPE_roles;
type TEMPLATETYPE_t;
type TEMPLATETYPE_exec_t;
application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
+role TEMPLATETYPE_roles types TEMPLATETYPE_t;
permissive TEMPLATETYPE_t;
"""
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 07/19] sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (5 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 06/19] Fix up generation of application policy Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 08/19] sepolicy: We should be creating _exec interfaces when we create the domtrans interface Petr Lautrbach
` (11 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
---
python/sepolicy/sepolicy/templates/executable.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py
index 0db6b9cc..4cc5bfa4 100644
--- a/python/sepolicy/sepolicy/templates/executable.py
+++ b/python/sepolicy/sepolicy/templates/executable.py
@@ -419,8 +419,12 @@ interface(`TEMPLATETYPE_admin',`
if_middle_admin="""
')
- allow $1 TEMPLATETYPE_t:process { ptrace signal_perms };
+ allow $1 TEMPLATETYPE_t:process { signal_perms };
ps_process_pattern($1, TEMPLATETYPE_t)
+
+ tunable_policy(`deny_ptrace',`',`
+ allow $1 TEMPLATETYPE_t:process ptrace;
+ ')
"""
if_initscript_admin_types="""
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 08/19] sepolicy: We should be creating _exec interfaces when we create the domtrans interface
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (6 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 07/19] sepolicy: ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 09/19] Fix typo in executable.py template Petr Lautrbach
` (10 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Dan Walsh <dwalsh@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/templates/executable.py | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py
index 4cc5bfa4..456a7ca8 100644
--- a/python/sepolicy/sepolicy/templates/executable.py
+++ b/python/sepolicy/sepolicy/templates/executable.py
@@ -220,7 +220,7 @@ if_program_rules="""
########################################
## <summary>
-## Execute TEMPLATE in the TEMPLATETYPE domin.
+## Execute TEMPLATETYPE_exec_t in the TEMPLATETYPE domin.
## </summary>
## <param name=\"domain\">
## <summary>
@@ -236,6 +236,25 @@ interface(`TEMPLATETYPE_domtrans',`
corecmd_search_bin($1)
domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
')
+
+######################################
+## <summary>
+## Execute TEMPLATETYPE in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_exec',`
+ gen_require(`
+ type TEMPLATETYPE_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, TEMPLATETYPE_exec_t)
+')
"""
if_user_program_rules="""
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 09/19] Fix typo in executable.py template.
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (7 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 08/19] sepolicy: We should be creating _exec interfaces when we create the domtrans interface Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 10/19] sepolicy: Adapt to new the semodule list output Petr Lautrbach
` (9 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
From: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/templates/executable.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py
index 456a7ca8..f2679938 100644
--- a/python/sepolicy/sepolicy/templates/executable.py
+++ b/python/sepolicy/sepolicy/templates/executable.py
@@ -220,7 +220,7 @@ if_program_rules="""
########################################
## <summary>
-## Execute TEMPLATETYPE_exec_t in the TEMPLATETYPE domin.
+## Execute TEMPLATETYPE_exec_t in the TEMPLATETYPE domain.
## </summary>
## <param name=\"domain\">
## <summary>
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 10/19] sepolicy: Adapt to new the semodule list output
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (8 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 09/19] Fix typo in executable.py template Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 11/19] sepolicy: Don't return filter(), use [ ] notation instead Petr Lautrbach
` (8 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
semodule in policycoreutils-2.4 changed the list format. With this
patch, org.selinux.semodule_list uses 'semodule --list=full' and the
code using this was adapted to the new format.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309
Fixes:
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
dbus/selinux_server.py | 4 ++--
gui/polgengui.py | 2 +-
python/sepolicy/sepolicy/gui.py | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index 8bd1fe5b..aae8b5fa 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -46,13 +46,13 @@ class selinux_server(slip.dbus.service.Object):
return buf
#
- # The semodule_list method will return the output of semodule -l, using the customized polkit,
+ # The semodule_list method will return the output of semodule --list=full, using the customized polkit,
# since this is a readonly behaviour
#
@slip.dbus.polkit.require_auth("org.selinux.semodule_list")
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
def semodule_list(self):
- p = Popen(["/usr/sbin/semodule", "-l"], stdout=PIPE, stderr=PIPE)
+ p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE)
buf = p.stdout.read()
output = p.communicate()
if p.returncode and p.returncode != 0:
diff --git a/gui/polgengui.py b/gui/polgengui.py
index 1d262a95..7460cce2 100644
--- a/gui/polgengui.py
+++ b/gui/polgengui.py
@@ -679,7 +679,7 @@ class childWindow:
entry.set_text("")
return False
if name in self.all_modules:
- if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
+ if self.verify(_("Module %s already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
entry.set_text("")
return False
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index c9dd4c1c..e361aa1c 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -673,9 +673,9 @@ class SELinuxGui():
self.module_dict = {}
for m in self.dbus.semodule_list().split("\n"):
mod = m.split()
- if len(mod) < 2:
+ if len(mod) < 3:
continue
- self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)}
+ self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) }
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"])
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 11/19] sepolicy: Don't return filter(), use [ ] notation instead
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (9 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 10/19] sepolicy: Adapt to new the semodule list output Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 12/19] sepolicy: Simplify policy types detection Petr Lautrbach
` (7 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
filter() changed it's behavior among python 2 and python 3
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 22c72b2f..074d20ef 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -383,7 +383,12 @@ def get_conditionals(src, dest, tclass, perm):
def get_conditionals_format_text(cond):
- enabled = len(filter(lambda x: x['boolean'][0][1], cond)) > 0
+
+ enabled = False
+ for x in cond:
+ if x['boolean'][0][1]:
+ enabled = True
+ break
return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['boolean'][0][0], x['boolean'][0][1]), cond))))
@@ -465,7 +470,7 @@ def find_file(reg):
try:
pat = re.compile(r"%s$" % reg)
- return filter(pat.match, map(lambda x: path + x, os.listdir(path)))
+ return [x for x in map(lambda x: path + x, os.listdir(path)) if pat.match(x)]
except:
return []
@@ -589,7 +594,7 @@ def get_fcdict(fc_path=selinux.selinux_file_context_path()):
def get_transitions_into(setype):
try:
- return filter(lambda x: x["transtype"] == setype, search([TRANSITION], {'class': 'process'}))
+ return [x for x in search([TRANSITION], {'class': 'process'}) if x["transtype"] == setype]
except (TypeError, AttributeError):
pass
return None
@@ -605,7 +610,7 @@ def get_transitions(setype):
def get_file_transitions(setype):
try:
- return filter(lambda x: x['class'] != "process", search([TRANSITION], {'source': setype}))
+ return [x for x in search([TRANSITION], {'source': setype}) if x['class'] != "process"]
except (TypeError, AttributeError):
pass
return None
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 12/19] sepolicy: Simplify policy types detection
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (10 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 11/19] sepolicy: Don't return filter(), use [ ] notation instead Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 13/19] sepolicy/generate.py: Fix string formatting Petr Lautrbach
` (6 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
map() and filter() changed their return values from list to iterators in
Python 3. This change drops filter() and map() from gui.py to make it
work on Python 2 and 3
Fixes:
Traceback (most recent call last):
File "/bin/sepolicy", line 700, in <module>
args.func(args)
File "/bin/sepolicy", line 326, in gui_run
sepolicy.gui.SELinuxGui(args.domain, args.test)
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 238, in __init__
if self.populate_system_policy() < 2:
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 835, in populate_system_policy
types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0]
TypeError: 'map' object is not subscriptable
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/gui.py | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index e361aa1c..8e86a369 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -831,8 +831,7 @@ class SELinuxGui():
self.enforce_button = self.disabled_button_default
def populate_system_policy(self):
- selinux_path = selinux.selinux_path()
- types = map(lambda x: x[1], filter(lambda x: x[0] == selinux_path, os.walk(selinux_path)))[0]
+ types = next(os.walk(selinux.selinux_path(), topdown=True))[1]
types.sort()
ctr = 0
for item in types:
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 13/19] sepolicy/generate.py: Fix string formatting
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (11 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 12/19] sepolicy: Simplify policy types detection Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 14/19] policycoreutils/sepolicy: Define our own cmp() Petr Lautrbach
` (5 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
Fixes python3 problem:
>>> print("Failed to retrieve rpm info for %s") % package
Failed to retrieve rpm info for %s
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: unsupported operand type(s) for %: 'NoneType' and 'str'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/generate.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 596891a4..d68f96ef 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -92,7 +92,7 @@ def get_rpm_nvr_list(package):
nvr = get_rpm_nvr_from_header(h)
break
except:
- print("Failed to retrieve rpm info for %s") % package
+ print(("Failed to retrieve rpm info for %s") % package)
nvr = None
return nvr
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 14/19] policycoreutils/sepolicy: Define our own cmp()
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (12 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 13/19] sepolicy/generate.py: Fix string formatting Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 15/19] dbus: Use text streams in selinux_server.py Petr Lautrbach
` (4 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
Fixes:
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/sepolicy/gui.py", line 1447, in stripsort
return cmp(val1, val2)
NameError: name 'cmp' is not defined
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/gui.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 8e86a369..7f84b6f9 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -69,8 +69,14 @@ enabled = [_("No"), _("Yes")]
action = [_("Disable"), _("Enable")]
-def compare(a, b):
- return cmp(a.lower(), b.lower())
+def cmp(a, b):
+ if a is None and b is None:
+ return 0
+ if a is None:
+ return -1
+ if b is None:
+ return 1
+ return (a > b) - (a < b)
import distutils.sysconfig
ADVANCED_LABEL = (_("Advanced >>"), _("Advanced <<"))
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 15/19] dbus: Use text streams in selinux_server.py
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (13 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 14/19] policycoreutils/sepolicy: Define our own cmp() Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 16/19] sepolicy: setools.*Query wants a list in ruletype Petr Lautrbach
` (3 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
subprocess.Popen called without universal_newlines=True opens stdin,
stout and stderr as binary stream which cause problems with Python 3.
Fixes:
Traceback (most recent call last):
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 2773, in unconfined_toggle
self.dbus.semanage("module -e unconfined")
File "<string>", line 2, in semanage
File "/usr/lib/python3.4/site-packages/slip/dbus/polkit.py", line 121, in _enable_proxy
return func(*p, **k)
File "/usr/lib64/python3.4/site-packages/sepolicy/sedbus.py", line 14, in semanage
ret = self.dbus_object.semanage(buf, dbus_interface = "org.selinux")
File "/usr/lib64/python3.4/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python3.4/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError: TypeError: 'dbus.String' does not support the buffer interface
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
dbus/selinux_server.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index aae8b5fa..6e380e58 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -24,7 +24,7 @@ class selinux_server(slip.dbus.service.Object):
@slip.dbus.polkit.require_auth("org.selinux.semanage")
@dbus.service.method("org.selinux", in_signature='s')
def semanage(self, buf):
- p = Popen(["/usr/sbin/semanage", "import"], stdout=PIPE, stderr=PIPE, stdin=PIPE)
+ p = Popen(["/usr/sbin/semanage", "import"], stdout=PIPE, stderr=PIPE, stdin=PIPE, universal_newlines=True)
p.stdin.write(buf)
output = p.communicate()
if p.returncode and p.returncode != 0:
@@ -38,7 +38,7 @@ class selinux_server(slip.dbus.service.Object):
@slip.dbus.polkit.require_auth("org.selinux.customized")
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
def customized(self):
- p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE)
+ p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE, universal_newlines=True)
buf = p.stdout.read()
output = p.communicate()
if p.returncode and p.returncode != 0:
@@ -52,7 +52,7 @@ class selinux_server(slip.dbus.service.Object):
@slip.dbus.polkit.require_auth("org.selinux.semodule_list")
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
def semodule_list(self):
- p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE)
+ p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE, universal_newlines=True)
buf = p.stdout.read()
output = p.communicate()
if p.returncode and p.returncode != 0:
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 16/19] sepolicy: setools.*Query wants a list in ruletype
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (14 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 15/19] dbus: Use text streams in selinux_server.py Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 17/19] sepolicy: Fix several issues in 'sepolicy manpage -a' Petr Lautrbach
` (2 subsequent siblings)
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
This fixes a problem introduced in 18410c86 where ruletype is specified
as a string not a list.
Fixes:
>>> sepolicy.get_all_role_allows()
Traceback (most recent call last):
File "/usr/lib64/python3.6/site-packages/setools/policyrep/util.py", line 60, in lookup
return cls(value)
File "/usr/lib64/python3.6/enum.py", line 291, in __call__
return cls.__new__(cls, value)
File "/usr/lib64/python3.6/enum.py", line 533, in __new__
return cls._missing_(value)
File "/usr/lib64/python3.6/enum.py", line 546, in _missing_
raise ValueError("%r is not a valid %s" % (value, cls.__name__))
ValueError: 'a' is not a valid RBACRuletype
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 074d20ef..d2e3fc46 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -747,7 +747,7 @@ def get_all_role_allows():
return role_allows
role_allows = {}
- q = setools.RBACRuleQuery(_pol, ruletype='allow')
+ q = setools.RBACRuleQuery(_pol, ruletype=[ALLOW])
for r in q.results():
src = str(r.source)
tgt = str(r.target)
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 17/19] sepolicy: Fix several issues in 'sepolicy manpage -a'
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (15 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 16/19] sepolicy: setools.*Query wants a list in ruletype Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 18/19] sepolicy: info() should provide attributes for a TYPE Petr Lautrbach
2017-05-03 10:30 ` [PATCH 19/19] sepolicy/gui: Update text strings to use better gettext templates Petr Lautrbach
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
Fixes:
$ sepolicy manpage -a
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 699, in <module>
args.func(args)
File "/usr/bin/sepolicy", line 359, in manpage
m = ManPage(domain, path, args.root, args.source_files, args.web)
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 408, in __init__
self.__gen_man_page()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 495, in __gen_man_page
self._entrypoints()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 903, in _entrypoints
if len(entrypoints) > 1:
TypeError: object of type 'map' has no len()
$ sepolicy manpage -a
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 699, in <module>
args.func(args)
File "/usr/bin/sepolicy", line 359, in manpage
m = ManPage(domain, path, args.root, args.source_files, args.web)
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 408, in __init__
self.__gen_man_page()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 497, in __gen_man_page
self._mcs_types()
File "/usr/lib/python3.6/site-packages/sepolicy/manpage.py", line 927, in _mcs_types
attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
TypeError: 'generator' object is not subscriptable
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 4cebb299..a4dc717a 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -94,11 +94,10 @@ def get_all_users_info():
all_entrypoints = None
-
def get_entrypoints():
global all_entrypoints
if not all_entrypoints:
- all_entrypoints = sepolicy.info(sepolicy.ATTRIBUTE, "entry_type")[0]["types"]
+ all_entrypoints = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
return all_entrypoints
domains = None
@@ -939,9 +938,8 @@ selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
return True
def _entrypoints(self):
- try:
- entrypoints = map(lambda x: x['target'], sepolicy.search([sepolicy.ALLOW], {'source': self.type, 'permlist': ['entrypoint'], 'class': 'file'}))
- except:
+ entrypoints = [x['target'] for x in sepolicy.search([sepolicy.ALLOW], {'source': self.type, 'permlist': ['entrypoint'], 'class': 'file'})]
+ if len(entrypoints) == 0:
return
self.fd.write("""
@@ -971,8 +969,8 @@ All executeables with the default executable label, usually stored in /usr/bin a
%s""" % ", ".join(paths))
def _mcs_types(self):
- attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
- if "mcs_constrained_type" not in attributes:
+ mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+ if self.type not in mcs_constrained_type['types']:
return
self.fd.write ("""
.SH "MCS Constrained"
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 18/19] sepolicy: info() should provide attributes for a TYPE
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (16 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 17/19] sepolicy: Fix several issues in 'sepolicy manpage -a' Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-03 10:30 ` [PATCH 19/19] sepolicy/gui: Update text strings to use better gettext templates Petr Lautrbach
18 siblings, 0 replies; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
"attributes" used to be there when sepolicy.info() used setools3
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 1 +
python/sepolicy/sepolicy/manpage.py | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index d2e3fc46..8fa2c2ae 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -171,6 +171,7 @@ def info(setype, name=None):
'aliases': map(str, x.aliases()),
'name': str(x),
'permissive': bool(x.ispermissive),
+ 'attributes': map(str, x.attributes())
} for x in q.results())
elif setype == ROLE:
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index a4dc717a..4159bafb 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -494,7 +494,7 @@ class ManPage:
self.desc = "%s user role" % self.domainname
if self.domainname in self.all_users:
- self.attributes = sepolicy.info(sepolicy.TYPE, (self.type))[0]["attributes"]
+ self.attributes = next(sepolicy.info(sepolicy.TYPE, (self.type)))["attributes"]
self._user_header()
self._user_attribute()
self._can_sudo()
@@ -539,7 +539,7 @@ class ManPage:
self.man_page_path = man_page_path
except KeyError:
continue;
- self.attributes[domain_type] = sepolicy.info(sepolicy.TYPE, ("%s") % domain_type)[0]["attributes"]
+ self.attributes[domain_type] = next(sepolicy.info(sepolicy.TYPE, ("%s") % domain_type))["attributes"]
self._header()
self._entrypoints()
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [PATCH 19/19] sepolicy/gui: Update text strings to use better gettext templates
2017-05-03 10:30 Several sepolicy fixes from Fedora Petr Lautrbach
` (17 preceding siblings ...)
2017-05-03 10:30 ` [PATCH 18/19] sepolicy: info() should provide attributes for a TYPE Petr Lautrbach
@ 2017-05-03 10:30 ` Petr Lautrbach
2017-05-05 17:06 ` Stephen Smalley
18 siblings, 1 reply; 21+ messages in thread
From: Petr Lautrbach @ 2017-05-03 10:30 UTC (permalink / raw)
To: selinux
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/gui.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 7f84b6f9..007c94a7 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -1378,8 +1378,8 @@ class SELinuxGui():
self.treeview = self.network_in_treeview
category = _("listen for inbound connections")
- self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category})
- self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %s.") % {"APP": self.application, "PERM": category})
+ self.add_button.set_tooltip_text(_("Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
+ self.delete_button.set_tooltip_text(_("Delete modified port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
self.modify_button.set_tooltip_text(_("Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") % {"APP": self.application, "PERM": category})
if self.transitions_radio_button.get_active():
@@ -1599,8 +1599,8 @@ class SELinuxGui():
self.show_popup(self.login_popup_window)
if self.opage == FILE_EQUIV_PAGE:
- self.file_equiv_source_entry.set_text(self.file_equiv_liststore.get_value(iter, 0))
- self.file_equiv_dest_entry.set_text(self.file_equiv_liststore.get_value(iter, 1))
+ self.file_equiv_source_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 0)))
+ self.file_equiv_dest_entry.set_text(self.unmarkup(self.file_equiv_liststore.get_value(iter, 1)))
self.file_equiv_label.set_text((_("Modify File Equivalency Mapping. Mapping will be created when update is applied.")))
self.file_equiv_popup_window.set_title(_("Modify SELinux File Equivalency"))
self.clear_entry = True
--
2.12.2
^ permalink raw reply related [flat|nested] 21+ messages in thread
* Re: [PATCH 19/19] sepolicy/gui: Update text strings to use better gettext templates
2017-05-03 10:30 ` [PATCH 19/19] sepolicy/gui: Update text strings to use better gettext templates Petr Lautrbach
@ 2017-05-05 17:06 ` Stephen Smalley
0 siblings, 0 replies; 21+ messages in thread
From: Stephen Smalley @ 2017-05-05 17:06 UTC (permalink / raw)
To: Petr Lautrbach, selinux
On Wed, 2017-05-03 at 12:30 +0200, Petr Lautrbach wrote:
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Thanks, applied all 19 patches.
> ---
> python/sepolicy/sepolicy/gui.py | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/python/sepolicy/sepolicy/gui.py
> b/python/sepolicy/sepolicy/gui.py
> index 7f84b6f9..007c94a7 100644
> --- a/python/sepolicy/sepolicy/gui.py
> +++ b/python/sepolicy/sepolicy/gui.py
> @@ -1378,8 +1378,8 @@ class SELinuxGui():
> self.treeview = self.network_in_treeview
> category = _("listen for inbound connections")
>
> - self.add_button.set_tooltip_text(_("Add new port
> definition to which the '%(APP)s' domain is allowed to %s.") %
> {"APP": self.application, "PERM": category})
> - self.delete_button.set_tooltip_text(_("Delete modified
> port definitions to which the '%(APP)s' domain is allowed to %s.") %
> {"APP": self.application, "PERM": category})
> + self.add_button.set_tooltip_text(_("Add new port
> definition to which the '%(APP)s' domain is allowed to %(PERM)s.") %
> {"APP": self.application, "PERM": category})
> + self.delete_button.set_tooltip_text(_("Delete modified
> port definitions to which the '%(APP)s' domain is allowed to
> %(PERM)s.") % {"APP": self.application, "PERM": category})
> self.modify_button.set_tooltip_text(_("Modify port
> definitions to which the '%(APP)s' domain is allowed to %(PERM)s.") %
> {"APP": self.application, "PERM": category})
>
> if self.transitions_radio_button.get_active():
> @@ -1599,8 +1599,8 @@ class SELinuxGui():
> self.show_popup(self.login_popup_window)
>
> if self.opage == FILE_EQUIV_PAGE:
> - self.file_equiv_source_entry.set_text(self.file_equiv_li
> ststore.get_value(iter, 0))
> - self.file_equiv_dest_entry.set_text(self.file_equiv_list
> store.get_value(iter, 1))
> + self.file_equiv_source_entry.set_text(self.unmarkup(self
> .file_equiv_liststore.get_value(iter, 0)))
> + self.file_equiv_dest_entry.set_text(self.unmarkup(self.f
> ile_equiv_liststore.get_value(iter, 1)))
> self.file_equiv_label.set_text((_("Modify File
> Equivalency Mapping. Mapping will be created when update is
> applied.")))
> self.file_equiv_popup_window.set_title(_("Modify SELinux
> File Equivalency"))
> self.clear_entry = True
^ permalink raw reply [flat|nested] 21+ messages in thread