When a user tried to remove a policy module with priority other than 400 via
GUI, it failed with a message:
libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
"semodule -r NAME".
From Jono Hein <fredwacko40@hotmail.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Use codespell (https://github.com/codespell-project/codespell) in order
to find many common misspellings that are present in English texts.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/usr/share/applications is a standard directory for .desktop files.
Installation path can be changed using DESKTOPDIR variable in installation
phase, e.g.
make DESKTOPDIR=/usr/local/share/applications install
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
setools 4.2.0 dropped support for Python 2. On systems where
/usr/bin/python is Python 2, several tools are now broken because of
this. Update the shebang of these tools to /usr/bin/python3.
For future reference, as semanage/seobject.py, sepolicy and sepolgen
import setools, every program that uses one of these modules need to be
run with Python 3. The following programs do not use any of these
modules so their shebangs have not been modified:
dbus/selinux_server.py
libsemanage/utils/semanage_migrate_store
mcstrans/share/util/mlscolor-test
mcstrans/share/util/mlstrans-test
sandbox/start
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
"Edit" and "add" dialogues weren't closed after successful transaction
("add" and "edit" methods return "None" if successful).
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
- $ gtk-builder-convert polgen.glade polgen.ui
- use get_object instead of get_widget
- use connect_signals instead of signal_connect
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
b43991f9 added direct import of sepolicy but it forgot to import
sepolicy.generate and didn't change use of generate to sepolicy.generate
Fixes:
Traceback (most recent call last):
File "/usr/bin/selinux-polgengui", line 778, in <module>
app = childWindow()
File "/usr/bin/selinux-polgengui", line 205, in __init__
self.all_types = sepolicy.generate.get_all_types()
AttributeError: 'module' object has no attribute 'generate'
Traceback (most recent call last):
File "/usr/share/system-config-selinux/polgengui.py", line 365, in forward
if self.on_in_net_page_next():
File "/usr/share/system-config-selinux/polgengui.py", line 701, in on_in_net_page_next
generate.verify_ports(self.in_tcp_entry.get_text())
NameError: global name 'generate' is not defined
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Function delete() is defined twice in class usersPage and the first one
invoke semanagePage.delete(), which does not exist.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The output of "semodule -lfull" changed from "module version" to
"priority module kind". Update system-config-selinux to use this new
format in its tab "Policy Module".
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
PyGTK has been deprecated in favor of PyGI+GTK and thus has never been
ported to python3. Using pygi-convert.sh from
https://git.gnome.org/browse/pygobject/tree/pygi-convert.sh helps
migrating most of the API but gnome-python.
The glade file has been converted to GtkBuilder using
gtk-builder-convert system-config-selinux.glade system-config-selinux.ui
and some fixes in order to provide an application window (object
GnomeApp disappeared, GtkVBox is deprecated, etc.). The associated
Python code also needed some modifications in order to migrate to
GtkBuilder.
The result has been tested on Arch Linux with Python 3.6. There are some
bugs in the GUI itself, for which patches will be sent afterwards.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
selinux-gui does not install anything in /etc. Do not create this
directory when building a package with "make install".
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
semodule in policycoreutils-2.4 changed the list format. With this
patch, org.selinux.semodule_list uses 'semodule --list=full' and the
code using this was adapted to the new format.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309
Fixes:
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
