Re: What provides _policy?

Sven Vermeulen <sven.vermeulen@xxxxxxxxx> · Tue, 7 May 2013 10:33:42 +0200

On Mon, May 06, 2013 at 02:52:39PM -0400, Daniel J Walsh wrote:
> You might have found a bug in the current upstream,  we don't have this
> problem in Fedora.
> 
> I have attached the current fedora-sepolicy patch.

Apparently, the port information code (in info.c) assumes that MLS is
enabled (it calls apol_context_get_range) and errors out if no range is
found.

The below "patch" fixes that behavior.


diff -ur policycoreutils-2.1.14.orig/sepolicy/info.c policycoreutils-2.1.14/sepolicy/info.c

--- policycoreutils-2.1.14.orig/sepolicy/info.c	2013-05-01 15:49:48.424339861 +0200
+++ policycoreutils-2.1.14/sepolicy/info.c	2013-05-07 10:16:52.238205378 +0200
@@ -827,16 +827,14 @@
 		if (py_insert_string(dict, "type", type))
 			goto err;
 
-		if((range = apol_context_get_range(c)) == NULL) {
-			goto err;
-		}
-			
-		range_str = apol_mls_range_render(policydb, range);
-		if (range_str == NULL) {
-			goto err;
+		if((range = apol_context_get_range(c)) != NULL) {
+			range_str = apol_mls_range_render(policydb, range);
+			if (range_str == NULL) {
+				goto err;
+			}
+			if (py_insert_string(dict, "range", range_str))
+				goto err;
 		}
-		if (py_insert_string(dict, "range", range_str))
-			goto err;
 
 		if (py_insert_string(dict, "protocol", proto_str))
 			goto err;
Only in policycoreutils-2.1.14/sepolicy/sepolicy: __init__.pyc
diff -ur policycoreutils-2.1.14.orig/sepolicy/sepolicy/network.py policycoreutils-2.1.14/sepolicy/sepolicy/network.py
--- policycoreutils-2.1.14.orig/sepolicy/sepolicy/network.py	2013-05-01 15:49:48.423339861 +0200
+++ policycoreutils-2.1.14/sepolicy/sepolicy/network.py	2013-05-07 10:18:33.119205594 +0200
@@ -39,7 +39,11 @@
         else:
             portrecs [(i['type'], i['protocol'])] = [port]
 
-        portrecsbynum[(i['low'], i['high'],i['protocol'])] = (i['type'], i['range'])
+        if 'range' in i:
+            portrecsbynum[(i['low'], i['high'],i['protocol'])] = (i['type'], i['range'])
+        else:
+            portrecsbynum[(i['low'], i['high'],i['protocol'])] = (i['type'])
+
     return ( portrecs, portrecsbynum )
 portrecs, portrecsbynum = _gen_port_dict()
 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.







