rpms/policycoreutils/devel policycoreutils-gui.patch, 1.46, 1.47 policycoreutils.spec, 1.473, 1.474
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Nov 15 16:02:30 UTC 2007
- Previous message (by thread): rpms/libselinux/F-8 libselinux.spec,1.291,1.292
- Next message (by thread): rpms/pixman/OLPC-2 .cvsignore, 1.7, 1.8 pixman.spec, 1.10, 1.11 sources, 1.7, 1.8 make-pixman-snapshot.sh, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14002
Modified Files:
policycoreutils-gui.patch policycoreutils.spec
Log Message:
* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 2.0.31-15
- Fix File Labeling add
policycoreutils-gui.patch:
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- policycoreutils-gui.patch 5 Nov 2007 21:30:56 -0000 1.46
+++ policycoreutils-gui.patch 15 Nov 2007 16:02:26 -0000 1.47
@@ -234,7 +234,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.31/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/fcontextPage.py 2007-11-05 16:29:06.000000000 -0500
++++ policycoreutils-2.0.31/gui/fcontextPage.py 2007-11-15 11:00:13.000000000 -0500
@@ -0,0 +1,217 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -424,7 +424,7 @@
+ iter = self.fcontextFileTypeCombo.get_active_iter()
+ ftype=list_model.get_value(iter,0)
+ self.wait()
-+ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec))
++ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec))
+ self.ready()
+ if rc != 0:
+ self.error(out)
@@ -443,7 +443,7 @@
+ iter = self.fcontextFileTypeCombo.get_active_iter()
+ ftype=list_model.get_value(iter,0)
+ self.wait()
-+ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec))
++ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec))
+ self.ready()
+ if rc != 0:
+ self.error(out)
@@ -5648,39 +5648,17 @@
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.31/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/selinux.tbl 2007-11-02 15:54:42.000000000 -0400
-@@ -0,0 +1,295 @@
-+! allow_console_login _("Login") _("Allow direct login to the console device. Required for System 390")
++++ policycoreutils-2.0.31/gui/selinux.tbl 2007-11-07 16:11:37.000000000 -0500
+@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
-+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys")
-+allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
-+allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
-+allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
-+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
-+allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system")
-+allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
-+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services")
-+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services")
-+allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack")
+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his home directory or /tmp")
-+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory")
+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his home directory or /tmp")
-+allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t")
-+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service")
-+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam")
-+allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t")
+allow_java_execstack _("Memory Protection") _("Allow java executable stack")
-+allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files")
+allow_mount_anyfile _("Mount") _("Allow mount to mount any file")
+allow_mounton_anydir _("Mount") _("Allow mount to mount any directory")
+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
-+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services")
-+allow_polyinstantiation _("Polyinstantiation") _("Enable polyinstantiated directory support")
-+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications")
-+allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
-+allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
+allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign")
+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his home directory or /tmp")
+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his home directory or /tmp")
@@ -5693,7 +5671,6 @@
+allow_write_xshm _("XServer") _("Allow clients to write to X shared memory")
+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his home directory or /tmp")
+allow_ypbind _("NIS") _("Allow daemons to run with NIS")
-+allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files")
+browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain")
+browser_confine_sysadm _("Web Applications") _("Transition sysadm SELinux user to Web Browser Domain")
+browser_confine_user _("Web Applications") _("Transition user SELinux user to Web Browser Domain")
@@ -5726,7 +5703,6 @@
+courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon")
+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
-+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts")
+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd back end server")
+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
@@ -5753,15 +5729,10 @@
+dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon")
+dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon")
+entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon")
-+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron")
+fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail")
+fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon")
+freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon")
+fsdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fsdaemon daemon")
-+ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon")
-+ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd")
-+ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
-+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom")
+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Hal daemon")
@@ -5770,20 +5741,8 @@
+hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon")
+howl_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for howl daemon")
+hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon")
-+httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
-+httpd_can_sendmail _("HTTPD Service") _("Allow HTTPD to send mail")
-+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases")
-+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network")
-+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay")
-+httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
-+httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
-+httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server")
-+httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
+httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs")
-+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts")
+httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
-+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates")
-+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files")
+hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon")
+i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon")
+imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon")
@@ -5813,12 +5772,9 @@
+mysqld_disable_trans _("Databases") _("Disable SELinux protection for mysqld daemon")
+nagios_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nagios daemon")
+named_disable_trans _("Name Service") _("Disable SELinux protection for named daemon")
-+named_write_master_zones _("Name Service") _("Allow named to overwrite master zone files")
+nessusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nessusd daemon")
+NetworkManager_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for NetworkManager")
+nfsd_disable_trans _("NFS") _("Disable SELinux protection for nfsd daemon")
-+nfs_export_all_ro _("NFS") _("Allow NFS to share any file/directory read only")
-+nfs_export_all_rw _("NFS") _("Allow NFS to share any file/directory read/write")
+nmbd_disable_trans _("Samba") _("Disable SELinux protection for nmbd daemon")
+nrpe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nrpe daemon")
+nscd_disable_trans _("Name Service") _("Disable SELinux protection for nscd daemon")
@@ -5834,10 +5790,6 @@
+portslave_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portslave daemon")
+postfix_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for postfix")
+postgresql_disable_trans _("Databases") _("Disable SELinux protection for postgresql daemon")
-+openvpn_enable_homedirs _("Network Configuration") _("Allow openvpn service access to users home directories")
-+pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel")
-+pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon")
-+pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon")
+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user")
+pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp")
+prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon")
@@ -5851,7 +5803,6 @@
+rdisc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rdisc")
+readahead_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for readahead")
+read_default_t _("Admin") _("Allow programs to read files in non-standard locations (default_t)")
-+read_untrusted_content _("Web Applications") _("Allow programs to read untrusted content without relabel")
+restorecond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for restorecond")
+rhgb_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rhgb daemon")
+ricci_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci")
@@ -5861,7 +5812,6 @@
+rshd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rshd")
+rsync_disable_trans _("rsync") _("Disable SELinux protection for rsync daemon")
+run_ssh_inetd _("SSH") _("Allow ssh to run from inetd instead of as a daemon")
-+samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories")
+samba_share_nfs _("Samba") _("Allow Samba to share nfs directories")
+allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow")
+allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable")
@@ -5907,8 +5857,6 @@
+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined")
+updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon")
+uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon")
-+use_lpd_server _("Printing") _("Use lpd server instead of cups")
-+use_nfs_home_dirs _("NFS") _("Support NFS home directories")
+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so")
+user_can_mount _("Mount") _("Allow users to execute the mount command")
+user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)")
@@ -5919,12 +5867,10 @@
+user_rw_usb _("User Privs") _("Allow users to rw usb devices")
+user_tcp_server _("User Privs") _("Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols")
+user_ttyfile_stat _("User Privs") _("Allow user to stat ttyfiles")
-+use_samba_home_dirs _("Samba") _("Allow users to login with CIFS home directories")
+uucpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uucpd daemon")
+vmware_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for vmware daemon")
+watchdog_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for watchdog daemon")
+winbind_disable_trans _("Samba") _("Disable SELinux protection for winbind daemon")
-+write_untrusted_content _("Web Applications") _("Allow web applications to write untrusted content to disk (implies read)")
+xdm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xdm daemon")
+xdm_sysadm_login _("XServer") _("Allow xdm logins as sysadm_r:sysadm_t")
+xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon")
@@ -5935,13 +5881,6 @@
+yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon")
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
-+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
-+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems")
-+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems")
-+samba_domain_controller _("Samba") _("Allow samba to act as the domain controller, add users, groups and change passwords")
-+samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only")
-+samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write")
-+samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory")
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.473
retrieving revision 1.474
diff -u -r1.473 -r1.474
--- policycoreutils.spec 9 Nov 2007 17:10:22 -0000 1.473
+++ policycoreutils.spec 15 Nov 2007 16:02:26 -0000 1.474
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.31
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -207,7 +207,10 @@
fi
%changelog
-* Thu Nov 9 2007 Dan Walsh <dwalsh at redhat.com> 2.0.31-14
+* Thu Nov 15 2007 Dan Walsh <dwalsh at redhat.com> 2.0.31-15
+- Fix File Labeling add
+
+* Thu Nov 8 2007 Dan Walsh <dwalsh at redhat.com> 2.0.31-14
- Fix semanage to handle state where policy.xml is not installed
* Mon Nov 5 2007 Dan Walsh <dwalsh at redhat.com> 2.0.31-13
- Previous message (by thread): rpms/libselinux/F-8 libselinux.spec,1.291,1.292
- Next message (by thread): rpms/pixman/OLPC-2 .cvsignore, 1.7, 1.8 pixman.spec, 1.10, 1.11 sources, 1.7, 1.8 make-pixman-snapshot.sh, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list