rpms/policycoreutils/devel policycoreutils-gui.patch, 1.30, 1.31 policycoreutils.spec, 1.445, 1.446
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Sep 10 19:45:06 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4436
Modified Files:
policycoreutils-gui.patch policycoreutils.spec
Log Message:
* Mon Sep 10 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-11
- Lots of fixes for polgengui
policycoreutils-gui.patch:
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- policycoreutils-gui.patch 10 Sep 2007 16:19:23 -0000 1.30
+++ policycoreutils-gui.patch 10 Sep 2007 19:45:03 -0000 1.31
@@ -914,8 +914,8 @@
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.glade 2007-09-10 11:56:01.000000000 -0400
-@@ -0,0 +1,2364 @@
++++ policycoreutils-2.0.25/gui/polgen.glade 2007-09-10 15:42:48.000000000 -0400
+@@ -0,0 +1,2386 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@@ -1028,8 +1028,7 @@
+ <child>
+ <widget class="GtkNotebook" id="notebook1">
+ <property name="visible">True</property>
-+ <property name="can_focus">True</property>
-+ <property name="show_tabs">True</property>
++ <property name="show_tabs">False</property>
+ <property name="show_border">True</property>
+ <property name="tab_pos">GTK_POS_TOP</property>
+ <property name="scrollable">False</property>
@@ -1080,7 +1079,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="select_type_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Select application or user type that you want to confine.</property>
++ <property name="title" translatable="yes">Select application or user role to be confined.</property>
+ <signal name="next" handler="on_select_type_page_next" last_modification_time="Sat, 04 Aug 2007 11:39:15 GMT"/>
+
+ <child internal-child="vbox">
@@ -1773,6 +1772,29 @@
+ </child>
+
+ <child>
++ <widget class="GtkLabel" id="label30">
++ <property name="visible">True</property>
++ <property name="label" translatable="yes">label30</property>
++ <property name="use_underline">False</property>
++ <property name="use_markup">False</property>
++ <property name="justify">GTK_JUSTIFY_LEFT</property>
++ <property name="wrap">False</property>
++ <property name="selectable">False</property>
++ <property name="xalign">0.5</property>
++ <property name="yalign">0.5</property>
++ <property name="xpad">0</property>
++ <property name="ypad">0</property>
++ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
++ <property name="width_chars">-1</property>
++ <property name="single_line_mode">False</property>
++ <property name="angle">0</property>
++ </widget>
++ <packing>
++ <property name="type">tab</property>
++ </packing>
++ </child>
++
++ <child>
+ <widget class="GnomeDruidPageStandard" id="roles_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select the roles(s) that this user will be able to become</property>
@@ -1824,9 +1846,9 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label30">
++ <widget class="GtkLabel" id="label31">
+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label30</property>
++ <property name="label" translatable="yes">label31</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -2247,9 +2269,9 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label31">
++ <widget class="GtkLabel" id="label32">
+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label31</property>
++ <property name="label" translatable="yes">label32</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -2563,9 +2585,9 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label32">
++ <widget class="GtkLabel" id="label33">
+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label32</property>
++ <property name="label" translatable="yes">label33</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -2695,9 +2717,9 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label33">
++ <widget class="GtkLabel" id="label34">
+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label33</property>
++ <property name="label" translatable="yes">label34</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -3025,9 +3047,9 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label34">
++ <widget class="GtkLabel" id="label35">
+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label34</property>
++ <property name="label" translatable="yes">label35</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -3141,9 +3163,9 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label35">
++ <widget class="GtkLabel" id="label43">
+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">label35</property>
++ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@@ -3181,7 +3203,7 @@
+ </child>
+
+ <child>
-+ <widget class="GtkLabel" id="label43">
++ <widget class="GtkLabel" id="label44">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
@@ -3282,8 +3304,8 @@
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgengui.py 2007-09-10 11:58:05.000000000 -0400
-@@ -0,0 +1,452 @@
++++ policycoreutils-2.0.25/gui/polgengui.py 2007-09-10 15:43:11.000000000 -0400
+@@ -0,0 +1,453 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@@ -3572,7 +3594,8 @@
+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
-+ my_policy.set_init_script(self.script_entry.get_text())
++ if self.get_type() is polgen.DAEMON:
++ my_policy.set_init_script(self.init_script_entry.get_text())
+ else:
+ if self.get_type() == polgen.RUSER:
+ selected = []
@@ -3738,8 +3761,8 @@
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.py 2007-09-10 12:16:38.000000000 -0400
-@@ -0,0 +1,719 @@
++++ policycoreutils-2.0.25/gui/polgen.py 2007-09-10 15:43:04.000000000 -0400
+@@ -0,0 +1,727 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -4207,6 +4230,13 @@
+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
+ return newte
+
++ def generate_user_if(self):
++ newif = ""
++ if self.type == USER:
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
++
++ return newif
++
+ def generate_if(self):
+ newif = ""
+ if self.program != "":
@@ -4221,6 +4251,7 @@
+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
+ break
++ newif += self.generate_user_if()
+ newif += self.generate_admin_if()
+
+ return newif
@@ -8884,8 +8915,8 @@
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-05 22:25:10.000000000 -0400
-@@ -0,0 +1,229 @@
++++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-10 15:43:29.000000000 -0400
+@@ -0,0 +1,277 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -8951,6 +8982,8 @@
+type TEMPLATETYPE_t;
+type TEMPLATETYPE_exec_t;
+application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
++role system_r types TEMPLATETYPE_t;
++
+"""
+
+te_cgi_types="""\
@@ -8995,6 +9028,22 @@
+"""
+
+te_userapp_rules="""
++########################################
++#
++# TEMPLATETYPE local policy
++#
++
++## internal communication is often done using fifo and unix sockets.
++allow TEMPLATETYPE_t self:fifo_file rw_file_perms;
++allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
++
++files_read_etc_files(TEMPLATETYPE_t)
++
++libs_use_ld_so(TEMPLATETYPE_t)
++libs_use_shared_libs(TEMPLATETYPE_t)
++
++miscfiles_read_localization(TEMPLATETYPE_t)
++
+"""
+
+te_cgi_rules="""
@@ -9032,11 +9081,41 @@
+ type TEMPLATETYPE_exec_t;
+ ')
+
-+ domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
++ domtrans_pattern($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
++')
++
++"""
++
++if_user_program_rules="""
++########################################
++## <summary>
++## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and
++## allow the specified role the TEMPLATETYPE domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the TEMPLATETYPE domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the role's terminal.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_run',`
++ gen_require(`
++ type TEMPLATETYPE_t;
++ ')
+
-+ allow TEMPLATETYPE_t $1:fd use;
-+ allow TEMPLATETYPE_t $1:fifo_file rw_file_perms;
-+ allow TEMPLATETYPE_t $1:process sigchld;
++ TEMPLATETYPE_domtrans($1)
++ role $2 types TEMPLATETYPE_t;
++ dontaudit TEMPLATETYPE_t $3:chr_file rw_term_perms;
+')
+
+"""
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.445
retrieving revision 1.446
diff -u -r1.445 -r1.446
--- policycoreutils.spec 10 Sep 2007 15:59:05 -0000 1.445
+++ policycoreutils.spec 10 Sep 2007 19:45:03 -0000 1.446
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.25
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -200,6 +200,9 @@
fi
%changelog
+* Mon Sep 10 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-11
+- Lots of fixes for polgengui
+
* Thu Sep 6 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-10
- Change Requires /bin/rpm to rpm
More information about the fedora-extras-commits
mailing list