rpms/policycoreutils/devel policycoreutils-gui.patch, 1.25, 1.26 policycoreutils.spec, 1.441, 1.442
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Aug 31 19:10:14 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9132
Modified Files:
policycoreutils-gui.patch policycoreutils.spec
Log Message:
* Fri Aug 31 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-7
- Lots of fixes for role templates
policycoreutils-gui.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.25 -r 1.26 policycoreutils-gui.patch
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- policycoreutils-gui.patch 28 Aug 2007 19:31:24 -0000 1.25
+++ policycoreutils-gui.patch 31 Aug 2007 19:10:10 -0000 1.26
@@ -914,8 +914,8 @@
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.glade 2007-08-28 10:01:36.000000000 -0400
-@@ -0,0 +1,2261 @@
++++ policycoreutils-2.0.25/gui/polgen.glade 2007-08-31 15:06:49.000000000 -0400
+@@ -0,0 +1,2313 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@@ -1028,7 +1028,8 @@
+ <child>
+ <widget class="GtkNotebook" id="notebook1">
+ <property name="visible">True</property>
-+ <property name="show_tabs">False</property>
++ <property name="can_focus">True</property>
++ <property name="show_tabs">True</property>
+ <property name="show_border">True</property>
+ <property name="tab_pos">GTK_POS_TOP</property>
+ <property name="scrollable">False</property>
@@ -1039,12 +1040,12 @@
+ <property name="visible">True</property>
+ <property name="position">GNOME_EDGE_START</property>
+ <property name="title" translatable="yes">SELinux Policy Generation Druid</property>
-+ <property name="text" translatable="yes">This tool can be used to generate a policy framework, to confine an application or users using SELinux.
++ <property name="text" translatable="yes">This tool can be used to generate a policy framework, to confine applications or users using SELinux.
+
+The tool generates:
-+Type Enforcement File (te)
++Type enforcement file (te)
+Interface file (if)
-+File Context File (fc)
++File context file (fc)
+Shell script (sh) - used to compile and install the policy. </property>
+ </widget>
+ <packing>
@@ -1079,7 +1080,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="select_type_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Select what you want to confine.</property>
++ <property name="title" translatable="yes">Select application or user type that you want to confine.</property>
+ <signal name="next" handler="on_select_type_page_next" last_modification_time="Sat, 04 Aug 2007 11:39:15 GMT"/>
+
+ <child internal-child="vbox">
@@ -1090,196 +1091,255 @@
+ <property name="spacing">6</property>
+
+ <child>
-+ <widget class="GtkVBox" id="vbox9">
++ <widget class="GtkVBox" id="vbox14">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
-+ <widget class="GtkRadioButton" id="confine_application_radiobutton">
++ <widget class="GtkFrame" id="frame9">
+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="label" translatable="yes">Confine an application</property>
-+ <property name="use_underline">True</property>
-+ <property name="relief">GTK_RELIEF_NORMAL</property>
-+ <property name="focus_on_click">True</property>
-+ <property name="active">True</property>
-+ <property name="inconsistent">False</property>
-+ <property name="draw_indicator">True</property>
-+ </widget>
-+ <packing>
-+ <property name="padding">0</property>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ </packing>
-+ </child>
-+
-+ <child>
-+ <widget class="GtkRadioButton" id="confine_user_radiobutton">
-+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="label" translatable="yes">Confine a user</property>
-+ <property name="use_underline">True</property>
-+ <property name="relief">GTK_RELIEF_NORMAL</property>
-+ <property name="focus_on_click">True</property>
-+ <property name="active">False</property>
-+ <property name="inconsistent">False</property>
-+ <property name="draw_indicator">True</property>
-+ <property name="group">confine_application_radiobutton</property>
-+ </widget>
-+ <packing>
-+ <property name="padding">0</property>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ </packing>
-+ </child>
-+ </widget>
-+ <packing>
-+ <property name="padding">0</property>
-+ <property name="expand">True</property>
-+ <property name="fill">True</property>
-+ </packing>
-+ </child>
-+ </widget>
-+ </child>
-+ </widget>
-+ <packing>
-+ <property name="tab_expand">False</property>
-+ <property name="tab_fill">True</property>
-+ </packing>
-+ </child>
-+
-+ <child>
-+ <widget class="GtkLabel" id="label26">
-+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label26</property>
-+ <property name="use_underline">False</property>
-+ <property name="use_markup">False</property>
-+ <property name="justify">GTK_JUSTIFY_LEFT</property>
-+ <property name="wrap">False</property>
-+ <property name="selectable">False</property>
-+ <property name="xalign">0.5</property>
-+ <property name="yalign">0.5</property>
-+ <property name="xpad">0</property>
-+ <property name="ypad">0</property>
-+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
-+ <property name="width_chars">-1</property>
-+ <property name="single_line_mode">False</property>
-+ <property name="angle">0</property>
-+ </widget>
-+ <packing>
-+ <property name="type">tab</property>
-+ </packing>
-+ </child>
++ <property name="label_xalign">0</property>
++ <property name="label_yalign">0.5</property>
++ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
-+ <child>
-+ <widget class="GnomeDruidPageStandard" id="user_page">
-+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Name and Type of user to confine.</property>
++ <child>
++ <widget class="GtkAlignment" id="alignment15">
++ <property name="visible">True</property>
++ <property name="xalign">0.5</property>
++ <property name="yalign">0.5</property>
++ <property name="xscale">1</property>
++ <property name="yscale">1</property>
++ <property name="top_padding">0</property>
++ <property name="bottom_padding">0</property>
++ <property name="left_padding">12</property>
++ <property name="right_padding">0</property>
+
-+ <child internal-child="vbox">
-+ <widget class="GtkVBox" id="druid-vbox18">
-+ <property name="border_width">16</property>
-+ <property name="visible">True</property>
-+ <property name="homogeneous">False</property>
-+ <property name="spacing">6</property>
++ <child>
++ <widget class="GtkVBox" id="vbox6">
++ <property name="visible">True</property>
++ <property name="homogeneous">False</property>
++ <property name="spacing">0</property>
+
-+ <child>
-+ <widget class="GtkVBox" id="vbox10">
-+ <property name="visible">True</property>
-+ <property name="homogeneous">False</property>
-+ <property name="spacing">0</property>
++ <child>
++ <widget class="GtkRadioButton" id="init_radiobutton">
++ <property name="visible">True</property>
++ <property name="tooltip" translatable="yes">Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/init.d</property>
++ <property name="can_focus">True</property>
++ <property name="label" translatable="yes">Standard Init Daemon</property>
++ <property name="use_underline">True</property>
++ <property name="relief">GTK_RELIEF_NORMAL</property>
++ <property name="focus_on_click">True</property>
++ <property name="active">False</property>
++ <property name="inconsistent">False</property>
++ <property name="draw_indicator">True</property>
++ </widget>
++ <packing>
++ <property name="padding">0</property>
++ <property name="expand">False</property>
++ <property name="fill">False</property>
++ </packing>
++ </child>
+
-+ <child>
-+ <widget class="GtkHBox" id="hbox13">
[...1647 lines suppressed...]
+
++te_admin_rules="""
++optional_policy(`
++ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r, { TEMPLATETYPE_tty_device_t TEMPLATETYPE_devpts_t })
++')
++"""
++
++
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_lib.py 2007-08-28 09:22:17.000000000 -0400
-@@ -0,0 +1,137 @@
++++ policycoreutils-2.0.25/gui/templates/var_lib.py 2007-08-31 15:07:36.000000000 -0400
+@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -9246,7 +9557,7 @@
+
+te_stream_rules="""\
+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_file_perms;
-+files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, sock_file)
++files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, sock_file)
+"""
+
+
@@ -9311,6 +9622,27 @@
+ allow $1 TEMPLATETYPE_var_lib_t:dir rw_dir_perms;
+ files_search_var_lib($1)
+')
++
++########################################
++## <summary>
++## Manage TEMPLATETYPE var_lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_manage_var_lib',`
++ gen_require(`
++ type TEMPLATETYPE_var_lib_t;
++ ')
++
++ manage_dir_perms($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t)
++ manage_file_perms($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t)
++ manage_lnk_file_perms($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t)
++')
++
+"""
+
+if_stream_rules="""
@@ -9335,6 +9667,10 @@
+')
+"""
+
++if_admin_rules="""
++ TEMPLATETYPE_manage_var_lib($1)
++"""
++
+########################### File Context ##################################
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
@@ -9349,8 +9685,8 @@
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.25/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_log.py 2007-08-28 09:22:17.000000000 -0400
-@@ -0,0 +1,89 @@
++++ policycoreutils-2.0.25/gui/templates/var_log.py 2007-08-31 15:07:36.000000000 -0400
+@@ -0,0 +1,112 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -9430,6 +9766,29 @@
+ allow $1 TEMPLATETYPE_log_t:file { getattr append };
+')
+
++########################################
++## <summary>
++## Allow domain to manage TEMPLATETYPE log files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_manage_log',`
++ gen_require(`
++ type TEMPLATETYPE_log_t;
++ ')
++
++ manage_dir_perms($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t)
++ manage_file_perms($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t)
++ manage_lnk_file_perms($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t)
++')
++"""
++
++if_admin_rules="""
++ TEMPLATETYPE_manage_log($1)
+"""
+
+########################### File Context ##################################
@@ -9442,8 +9801,8 @@
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.25/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_run.py 2007-08-28 09:22:17.000000000 -0400
-@@ -0,0 +1,95 @@
++++ policycoreutils-2.0.25/gui/templates/var_run.py 2007-08-31 15:07:36.000000000 -0400
+@@ -0,0 +1,119 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -9503,6 +9862,26 @@
+ allow $1 TEMPLATETYPE_var_run_t:file r_file_perms;
+')
+
++########################################
++## <summary>
++## Manage TEMPLATETYPE var_run files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_manage_var_run',`
++ gen_require(`
++ type TEMPLATETYPE_var_run_t;
++ ')
++
++ manage_dir_perms($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t)
++ manage_file_perms($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t)
++ manage_lnk_file_perms($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t)
++')
++
+"""
+
+if_stream_rules="""\
@@ -9527,6 +9906,10 @@
+')
+"""
+
++if_admin_rules="""
++ TEMPLATETYPE_manage_var_run($1)
++"""
++
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
@@ -9541,8 +9924,8 @@
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.25/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_spool.py 2007-08-28 09:22:17.000000000 -0400
-@@ -0,0 +1,105 @@
++++ policycoreutils-2.0.25/gui/templates/var_spool.py 2007-08-31 15:07:36.000000000 -0400
+@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -9639,7 +10022,33 @@
+ allow $1 TEMPLATETYPE_spool_t:dir rw_dir_perms;
+ files_search_spool($1)
+')
++
++########################################
++## <summary>
++## Allow domain to manage TEMPLATETYPE spool files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_manage_spool',`
++ gen_require(`
++ type TEMPLATETYPE_spool_t;
++ ')
++
++ manage_dir_perms($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t)
++ manage_file_perms($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t)
++ manage_lnk_file_perms($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t)
++')
++
++"""
++
++if_admin_rules="""
++ TEMPLATETYPE_manage_spool($1)
+"""
++
+########################### File Context ##################################
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.441
retrieving revision 1.442
diff -u -r1.441 -r1.442
--- policycoreutils.spec 28 Aug 2007 19:31:24 -0000 1.441
+++ policycoreutils.spec 31 Aug 2007 19:10:10 -0000 1.442
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.25
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -200,6 +200,9 @@
fi
%changelog
+* Fri Aug 31 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-7
+- Lots of fixes for role templates
+
* Tue Aug 28 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-6
- Add more role_templates
More information about the fedora-extras-commits
mailing list