-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7dHSQACgkQrlYvE4MpobNvlACgrDgUKkCWefv2J8wwfRZeZmAx
5z8AnAu1kgHMian4r5Y6gwEQyC43/nKS
=rq/u
-----END PGP SIGNATURE-----
>From f1a02d34cb7b94a3b61316050e67de57bb3cc845 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Thu, 1 Dec 2011 15:50:55 -0500
Subject: [PATCH 34/48] policycoreutils: semanage: check file equivalence
rules for conflict
Check for conflict on equivalence when adding a file context.
If a user adds a file context that begins with an equivalence string, we
throw an exception.
/usr/sbin/semanage: File spec /usr/lib64/dan conflicts with equivalency rule '/usr/lib64 /usr/lib'; Try adding '/usr/lib/dan' instead
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/semanage/seobject.py | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 6ff3ff5..5e70fae 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -1604,11 +1604,20 @@ class fcontextRecords(semanageRecords):
return con
+ def check_equiv(self, target, fdict):
+ for i in fdict:
+ if target.startswith(i+"/"):
+ t = re.sub(i, fdict[i], target)
+ raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
+
+
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
if target.find(" ") != -1:
raise ValueError(_("File specification can not include spaces"))
+ self.check_equiv(target, self.equiv)
+ self.check_equiv(target, self.equiv_dist)
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
--
1.7.7.4
