diff options
| author | Nicolas Iooss | 2018-11-11 22:07:04 +0100 |
|---|---|---|
| committer | Nicolas Iooss | 2018-11-19 21:30:10 +0100 |
| commit | c7941c1604e6f9c917c449f63df5dd535c5dbddf (patch) | |
| tree | 97e86177d79ce71820ca25b6a9899eb2217ebe4d | |
| parent | 26591cccaef49bbb5cac471ac73a221b07603f02 (diff) | |
| download | aur-c7941c1604e6f9c917c449f63df5dd535c5dbddf.tar.gz | |
selinux-python 2.8-3 update: support SETools 4.2.0
| -rw-r--r-- | .SRCINFO | 6 | ||||
| -rw-r--r-- | 0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch | 81 | ||||
| -rw-r--r-- | PKGBUILD | 13 |
3 files changed, 95 insertions, 5 deletions
@@ -1,7 +1,7 @@ pkgbase = selinux-python pkgdesc = SELinux python tools and libraries pkgver = 2.8 - pkgrel = 2 + pkgrel = 3 url = https://github.com/SELinuxProject/selinux/wiki arch = i686 arch = x86_64 @@ -12,11 +12,13 @@ pkgbase = selinux-python makedepends = python-ipy makedepends = libsemanage>=2.8 makedepends = setools>=4.0.0 - provides = sepolgen=2.8-2 + provides = sepolgen=2.8-3 conflicts = sepolgen<2.7 conflicts = policycoreutils<2.7 source = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz + source = 0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch sha256sums = e69f5e24820cb247a3d881a9c90efba1e64d76af863c82fb81bc3b87ed71e238 + sha256sums = f95c0bb79f86c79abdbc1f3ec3bcb13294f2e10181df15d8ab5a8b54569918f1 pkgname = selinux-python depends = python diff --git a/0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch b/0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch new file mode 100644 index 000000000000..da57fa563b7b --- /dev/null +++ b/0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch @@ -0,0 +1,81 @@ +From e5f312667b8301b013533fd768e24d944b84c4b1 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis <vmojzis@redhat.com> +Date: Mon, 24 Sep 2018 11:05:49 +0200 +Subject: [PATCH 1/1] python/sepolicy: Update to work with setools-4.2.0 + +Change in internal setools API causes sepolicy to crash when processing +AVRules. + + File "python/sepolicy/sepolicy/__init__.py", line 277, in _setools_rule_to_dict + if isinstance(rule, setools.policyrep.terule.AVRule): + AttributeError: module 'setools.policyrep' has no attribute 'terule' + +See https://github.com/SELinuxProject/setools/issues/8 for more details. + +Stop using internal setools API: + +- use AttributeError instead of setools specific exceptions +- evaluate conditional expressions using conditional.evaluate() instead +of qpol_symbol.is_enabled() + +Signed-off-by: Vit Mojzis <vmojzis@redhat.com> +Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> +--- + python/sepolicy/sepolicy/__init__.py | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py +index 89346aba0b15..5d0535b9dd28 100644 +--- a/python/sepolicy/sepolicy/__init__.py ++++ b/python/sepolicy/sepolicy/__init__.py +@@ -272,34 +272,38 @@ def _setools_rule_to_dict(rule): + 'class': str(rule.tclass), + } + ++ # Evaluate boolean expression associated with given rule (if there is any) + try: +- enabled = bool(rule.qpol_symbol.is_enabled(rule.policy)) ++ # Get state of all booleans in the conditional expression ++ boolstate = {} ++ for boolean in rule.conditional.booleans: ++ boolstate[str(boolean)] = boolean.state ++ # evaluate if the rule is enabled ++ enabled = rule.conditional.evaluate(**boolstate) == rule.conditional_block + except AttributeError: ++ # non-conditional rules are always enabled + enabled = True + +- if isinstance(rule, setools.policyrep.terule.AVRule): +- d['enabled'] = enabled ++ d['enabled'] = enabled + + try: + d['permlist'] = list(map(str, rule.perms)) +- except setools.policyrep.exception.RuleUseError: ++ except AttributeError: + pass + + try: + d['transtype'] = str(rule.default) +- except setools.policyrep.exception.RuleUseError: ++ except AttributeError: + pass + + try: + d['boolean'] = [(str(rule.conditional), enabled)] +- except (AttributeError, setools.policyrep.exception.RuleNotConditional): ++ except AttributeError: + pass + + try: + d['filename'] = rule.filename +- except (AttributeError, +- setools.policyrep.exception.RuleNotConditional, +- setools.policyrep.exception.TERuleNoFilename): ++ except AttributeError: + pass + + return d +-- +2.19.1 + @@ -6,7 +6,7 @@ pkgbase=selinux-python pkgname=(selinux-python selinux-python2) pkgver=2.8 -pkgrel=2 +pkgrel=3 pkgdesc="SELinux python tools and libraries" groups=('selinux') arch=('i686' 'x86_64') @@ -15,8 +15,15 @@ license=('GPL2') makedepends=('python2' 'python' 'python-ipy' 'libsemanage>=2.8' 'setools>=4.0.0') conflicts=('sepolgen<2.7' 'policycoreutils<2.7') provides=("sepolgen=${pkgver}-${pkgrel}") -source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/${pkgname}-${pkgver}.tar.gz") -sha256sums=('e69f5e24820cb247a3d881a9c90efba1e64d76af863c82fb81bc3b87ed71e238') +source=("https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/${pkgname}-${pkgver}.tar.gz" + '0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch') +sha256sums=('e69f5e24820cb247a3d881a9c90efba1e64d76af863c82fb81bc3b87ed71e238' + 'f95c0bb79f86c79abdbc1f3ec3bcb13294f2e10181df15d8ab5a8b54569918f1') + +prepare() { + cd "${pkgbase}-${pkgver}" + patch -p2 -i "$srcdir/0001-python-sepolicy-Update-to-work-with-setools-4.2.0.patch" +} build() { cd "${pkgbase}-${pkgver}" |