rpms/policycoreutils/F-9 policycoreutils-gui.patch, 1.60, 1.61 policycoreutils-po.patch, 1.30, 1.31 policycoreutils-rhat.patch, 1.360, 1.361 policycoreutils.spec, 1.517, 1.518
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Apr 30 16:26:45 UTC 2008
- Previous message (by thread): rpms/NetworkManager/F-9 .cvsignore, 1.80, 1.81 NetworkManager.spec, 1.219, 1.220 sources, 1.108, 1.109
- Next message (by thread): rpms/e16-themes/F-7 e16-themes.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19085
Modified Files:
policycoreutils-gui.patch policycoreutils-po.patch
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Apr 30 2008 Dan Walsh <dwalsh at redhat.com> 2.0.46-6
- Fix polgengui to allow defining of confined roles.
policycoreutils-gui.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.60 -r 1.61 policycoreutils-gui.patch
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-9/policycoreutils-gui.patch,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- policycoreutils-gui.patch 18 Apr 2008 22:56:24 -0000 1.60
+++ policycoreutils-gui.patch 30 Apr 2008 16:24:15 -0000 1.61
@@ -1,6 +1,6 @@
-diff -up /dev/null policycoreutils-2.0.46/gui/booleansPage.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/booleansPage.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.46/gui/booleansPage.py
+--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/booleansPage.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,230 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -232,9 +232,9 @@
+ self.load(self.filter)
+ return True
+
-diff -up /dev/null policycoreutils-2.0.46/gui/fcontextPage.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/fcontextPage.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.46/gui/fcontextPage.py
+--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/fcontextPage.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,217 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -453,9 +453,4506 @@
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff -up /dev/null policycoreutils-2.0.46/gui/loginsPage.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/loginsPage.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.46/gui/lockdown.glade
+--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/lockdown.glade 2008-04-30 09:18:09.000000000 -0400
+@@ -0,0 +1,2065 @@
++<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
++<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
++
++<glade-interface>
++<requires lib="gnome"/>
++<requires lib="bonobo"/>
++
++<widget class="GtkAboutDialog" id="aboutWindow">
++ <property name="border_width">5</property>
++ <property name="destroy_with_parent">False</property>
++ <property name="name" translatable="yes">system-config-selinux</property>
++ <property name="copyright" translatable="yes">Copyright (c)2006 Red Hat, Inc.
++Copyright (c) 2006 Dan Walsh <dwalsh at redhat.com></property>
++ <property name="wrap_license">False</property>
++ <property name="authors">Daniel Walsh <dwalsh at redhat.com>
++</property>
++ <property name="translator_credits" translatable="yes" comments="TRANSLATORS: Replace this string with your names, one name per line.">translator-credits</property>
++ <property name="logo">system-config-selinux.png</property>
++</widget>
++
++<widget class="GnomeApp" id="mainWindow">
++ <property name="width_request">800</property>
++ <property name="height_request">400</property>
++ <property name="title" translatable="yes">SELinux Boolean Lockdown</property>
++ <property name="type">GTK_WINDOW_TOPLEVEL</property>
++ <property name="window_position">GTK_WIN_POS_NONE</property>
++ <property name="modal">False</property>
++ <property name="resizable">True</property>
++ <property name="destroy_with_parent">False</property>
++ <property name="icon">system-config-selinux.png</property>
++ <property name="decorated">True</property>
++ <property name="skip_taskbar_hint">False</property>
++ <property name="skip_pager_hint">False</property>
++ <property name="type_hint">GDK_WINDOW_TYPE_HINT_NORMAL</property>
++ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
++ <property name="focus_on_map">True</property>
++ <property name="urgency_hint">False</property>
++ <property name="enable_layout_config">True</property>
++
++ <child internal-child="dock">
++ <widget class="BonoboDock" id="bonobodock2">
++ <property name="visible">True</property>
++ <property name="allow_floating">True</property>
++
++ <child>
++ <widget class="BonoboDockItem" id="bonobodockitem3">
++ <property name="visible">True</property>
++ <property name="shadow_type">GTK_SHADOW_NONE</property>
++
++ <child>
++ <widget class="GtkMenuBar" id="menubar1">
++ <property name="visible">True</property>
++ <property name="pack_direction">GTK_PACK_DIRECTION_LTR</property>
++ <property name="child_pack_direction">GTK_PACK_DIRECTION_LTR</property>
++
++ <child>
++ <widget class="GtkMenuItem" id="file1">
++ <property name="visible">True</property>
++ <property name="stock_item">GNOMEUIINFO_MENU_FILE_TREE</property>
++
++ <child>
++ <widget class="GtkMenu" id="file1_menu">
++
++ <child>
++ <widget class="GtkImageMenuItem" id="forward_menu_item">
++ <property name="visible">True</property>
++ <property name="label" translatable="yes">_Forward</property>
++ <property name="use_underline">True</property>
++ <signal name="activate" handler="on_forward_clicked" last_modification_time="Thu, 24 Apr 2008 10:18:41 GMT"/>
++ <accelerator key="f" modifiers="GDK_CONTROL_MASK" signal="activate"/>
++
++ <child internal-child="image">
++ <widget class="GtkImage" id="image17">
++ <property name="visible">True</property>
++ <property name="stock">gtk-media-next</property>
++ <property name="icon_size">1</property>
++ <property name="xalign">0.5</property>
++ <property name="yalign">0.5</property>
++ <property name="xpad">0</property>
++ <property name="ypad">0</property>
++ </widget>
++ </child>
++ </widget>
++ </child>
++
++ <child>
++ <widget class="GtkImageMenuItem" id="previous_menu_item">
++ <property name="visible">True</property>
++ <property name="label" translatable="yes">_Previous</property>
++ <property name="use_underline">True</property>
++ <signal name="activate" handler="on_previous_clicked" last_modification_time="Thu, 24 Apr 2008 10:18:41 GMT"/>
++ <accelerator key="p" modifiers="GDK_CONTROL_MASK" signal="activate"/>
++
++ <child internal-child="image">
++ <widget class="GtkImage" id="image18">
++ <property name="visible">True</property>
++ <property name="stock">gtk-media-previous</property>
++ <property name="icon_size">1</property>
++ <property name="xalign">0.5</property>
++ <property name="yalign">0.5</property>
++ <property name="xpad">0</property>
++ <property name="ypad">0</property>
++ </widget>
++ </child>
++ </widget>
++ </child>
++
++ <child>
++ <widget class="GtkImageMenuItem" id="cancel">
++ <property name="visible">True</property>
++ <property name="label" translatable="yes">Cancel</property>
++ <property name="use_underline">True</property>
++ <signal name="activate" handler="on_cancel_clicked" last_modification_time="Thu, 24 Apr 2008 10:18:41 GMT"/>
++ <accelerator key="c" modifiers="GDK_CONTROL_MASK" signal="activate"/>
++
++ <child internal-child="image">
++ <widget class="GtkImage" id="image19">
++ <property name="visible">True</property>
++ <property name="stock">gtk-cancel</property>
++ <property name="icon_size">1</property>
++ <property name="xalign">0.5</property>
++ <property name="yalign">0.5</property>
++ <property name="xpad">0</property>
++ <property name="ypad">0</property>
++ </widget>
++ </child>
++ </widget>
++ </child>
++ </widget>
++ </child>
++ </widget>
++ </child>
++
++ <child>
++ <widget class="GtkMenuItem" id="help1">
++ <property name="visible">True</property>
++ <property name="stock_item">GNOMEUIINFO_MENU_HELP_TREE</property>
++
++ <child>
++ <widget class="GtkMenu" id="help1_menu">
++
++ <child>
++ <widget class="GtkImageMenuItem" id="about">
++ <property name="visible">True</property>
++ <property name="stock_item">GNOMEUIINFO_MENU_ABOUT_ITEM</property>
++ <signal name="activate" handler="on_about_activate" last_modification_time="Fri, 06 Oct 2006 13:58:02 GMT"/>
++ </widget>
++ </child>
++ </widget>
++ </child>
++ </widget>
++ </child>
++ </widget>
++ </child>
++ </widget>
++ <packing>
++ <property name="placement">BONOBO_DOCK_TOP</property>
++ <property name="band">0</property>
[...4768 lines suppressed...]
@@ -10561,9 +15078,9 @@
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/__init__.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/__init__.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.46/gui/templates/__init__.py
+--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/__init__.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -10583,9 +15100,9 @@
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/network.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/network.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.46/gui/templates/network.py
+--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/network.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -10667,9 +15184,9 @@
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/rw.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/rw.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.46/gui/templates/rw.py
+--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/rw.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10799,10 +15316,10 @@
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/script.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/script.py 2008-04-18 13:24:17.000000000 -0400
-@@ -0,0 +1,91 @@
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.46/gui/templates/script.py
+--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/script.py 2008-04-30 11:16:52.000000000 -0400
+@@ -0,0 +1,105 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -10880,23 +15397,37 @@
+"""
+
+restorecon="""\
++# Fixing the file context on FILENAME
+/sbin/restorecon -F -R -v FILENAME
+"""
+
+tcp_ports="""\
++# Adding SELinux tcp port to port PORTNUM
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM
+"""
+
+udp_ports="""\
++# Adding SELinux udp port to port PORTNUM
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
+users="""\
-+/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
++# Adding SELinux user TEMPLATETYPE_u
++/usr/sbin/semanage user -a -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
++"""
++
++eusers="""\
++# Adding roles to SELinux user TEMPLATETYPE_u
++/usr/sbin/semanage user -m -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
++"""
++
++admin_trans="""\
++# Adding roles to SELinux user USER
++/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
+"""
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/semodule.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/semodule.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.46/gui/templates/semodule.py
+--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/semodule.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10939,9 +15470,9 @@
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/tmp.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/tmp.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.46/gui/templates/tmp.py
+--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/tmp.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11040,9 +15571,9 @@
+ TEMPLATETYPE_manage_tmp($1)
+"""
+
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/user.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/user.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.46/gui/templates/user.py
+--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/user.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,182 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11226,9 +15757,9 @@
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/var_lib.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/var_lib.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.46/gui/templates/var_lib.py
+--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/var_lib.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,158 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11388,9 +15919,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/var_log.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/var_log.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.46/gui/templates/var_log.py
+--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/var_log.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,110 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11502,9 +16033,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/var_run.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/var_run.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.46/gui/templates/var_run.py
+--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/var_run.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,118 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11624,9 +16155,9 @@
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff -up /dev/null policycoreutils-2.0.46/gui/templates/var_spool.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/templates/var_spool.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.46/gui/templates/var_spool.py
+--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/templates/var_spool.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11757,9 +16288,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff -up /dev/null policycoreutils-2.0.46/gui/translationsPage.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/translationsPage.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.46/gui/translationsPage.py
+--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/translationsPage.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -11879,9 +16410,9 @@
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff -up /dev/null policycoreutils-2.0.46/gui/usersPage.py
---- /dev/null 2008-04-18 15:30:34.773004687 -0400
-+++ policycoreutils-2.0.46/gui/usersPage.py 2008-04-18 13:24:17.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.46/gui/usersPage.py
+--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/gui/usersPage.py 2008-04-30 09:16:47.000000000 -0400
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
policycoreutils-po.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.30 -r 1.31 policycoreutils-po.patch
Index: policycoreutils-po.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-9/policycoreutils-po.patch,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- policycoreutils-po.patch 21 Jan 2008 21:04:52 -0000 1.30
+++ policycoreutils-po.patch 30 Apr 2008 16:24:15 -0000 1.31
@@ -1,16 +1,16 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.35/po/af.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.46/po/af.po
--- nsapolicycoreutils/po/af.po 2007-07-16 14:20:42.000000000 -0400
-+++ policycoreutils-2.0.35/po/af.po 2008-01-11 16:25:09.000000000 -0500
++++ policycoreutils-2.0.46/po/af.po 2008-04-30 12:16:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-11-21 14:21-0500\n"
-+"POT-Creation-Date: 2007-09-14 10:36-0400\n"
++"POT-Creation-Date: 2008-03-20 10:33-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
"Language-Team: LANGUAGE <LL at li.org>\n"
-@@ -16,1013 +16,3357 @@
+@@ -16,1013 +16,3244 @@
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -25,7 +25,7 @@
msgstr ""
-#: ../load_policy/load_policy.c:66
-+#: ../run_init/run_init.c:126 ../newrole/newrole.c:1170
++#: ../run_init/run_init.c:126 ../newrole/newrole.c:1187
#, c-format
-msgid "%s: Can't load policy: %s\n"
+msgid "failed to initialize PAM\n"
@@ -39,18 +39,18 @@
msgstr ""
-#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
-+#: ../run_init/run_init.c:162 ../newrole/newrole.c:334
++#: ../run_init/run_init.c:162 ../newrole/newrole.c:338
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
-+#: ../run_init/run_init.c:197 ../newrole/newrole.c:359
++#: ../run_init/run_init.c:197 ../newrole/newrole.c:363
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
-+#: ../run_init/run_init.c:203 ../newrole/newrole.c:366
++#: ../run_init/run_init.c:203 ../newrole/newrole.c:370
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -91,7 +91,7 @@
msgstr ""
-#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
-+#: ../run_init/run_init.c:405 ../newrole/newrole.c:1302
++#: ../run_init/run_init.c:405 ../newrole/newrole.c:1321
#, c-format
-msgid "Error setting capabilities, aborting\n"
+msgid "Could not set exec context to %s.\n"
@@ -100,363 +100,365 @@
-#: ../newrole/newrole.c:450
-#, c-format
-msgid "Error setting KEEPCAPS, aborting\n"
-+#: ../audit2allow/audit2allow:209
++#: ../audit2allow/audit2allow:216
+msgid "******************** IMPORTANT ***********************\n"
msgstr ""
-#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
-#, c-format
-msgid "Error dropping capabilities, aborting\n"
-+#: ../audit2allow/audit2allow:210
++#: ../audit2allow/audit2allow:217
+msgid "To make this policy package active, execute:"
msgstr ""
-#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
-#, c-format
-msgid "Error changing uid, aborting.\n"
-+#: ../semanage/seobject.py:135
-+msgid "translations not supported on non-MLS machines"
++#: ../semanage/seobject.py:111 ../semanage/seobject.py:115
++msgid "global"
msgstr ""
-#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
-#, c-format
-msgid "Error resetting KEEPCAPS, aborting\n"
-+#: ../semanage/seobject.py:142
-+#, python-format
-+msgid "Unable to open %s: translations not supported on non-MLS machines"
++#: ../semanage/seobject.py:170
++msgid "translations not supported on non-MLS machines"
msgstr ""
-#: ../newrole/newrole.c:477
-#, c-format
-msgid "Error dropping SETUID capability, aborting\n"
-+#: ../semanage/seobject.py:175
-+msgid "Level"
++#: ../semanage/seobject.py:177
++#, python-format
++msgid "Unable to open %s: translations not supported on non-MLS machines: %s"
msgstr ""
-#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
-#, c-format
-msgid "Error freeing caps\n"
-+#: ../semanage/seobject.py:175 ../gui/system-config-selinux.glade:651
-+#: ../gui/translationsPage.py:43 ../gui/translationsPage.py:59
-+msgid "Translation"
++#: ../semanage/seobject.py:210
++msgid "Level"
msgstr ""
-#: ../newrole/newrole.c:580
-#, c-format
-msgid "Error connecting to audit system.\n"
-+#: ../semanage/seobject.py:183 ../semanage/seobject.py:197
-+#, python-format
-+msgid "Translations can not contain spaces '%s' "
++#: ../semanage/seobject.py:210 ../gui/system-config-selinux.glade:651
++#: ../gui/translationsPage.py:43 ../gui/translationsPage.py:59
++msgid "Translation"
msgstr ""
-#: ../newrole/newrole.c:586
-#, c-format
-msgid "Error allocating memory.\n"
-+#: ../semanage/seobject.py:186
++#: ../semanage/seobject.py:218 ../semanage/seobject.py:232
+#, python-format
-+msgid "Invalid Level '%s' "
++msgid "Translations can not contain spaces '%s' "
msgstr ""
-#: ../newrole/newrole.c:593
-#, c-format
-msgid "Error sending audit message.\n"
-+#: ../semanage/seobject.py:189
++#: ../semanage/seobject.py:221
+#, python-format
-+msgid "%s already defined in translations"
++msgid "Invalid Level '%s' "
msgstr ""
-#: ../newrole/newrole.c:634 ../newrole/newrole.c:978
-#, c-format
-msgid "Could not determine enforcing mode.\n"
-+#: ../semanage/seobject.py:201
++#: ../semanage/seobject.py:224
+#, python-format
-+msgid "%s not defined in translations"
++msgid "%s already defined in translations"
msgstr ""
-#: ../newrole/newrole.c:641
-#, c-format
-msgid "Error! Could not open %s.\n"
-+#: ../semanage/seobject.py:219
-+msgid "Could not create semanage handle"
++#: ../semanage/seobject.py:236
++#, python-format
++msgid "%s not defined in translations"
msgstr ""
-#: ../newrole/newrole.c:646
-#, c-format
-msgid "%s! Could not get current context for %s, not relabeling tty.\n"
-+#: ../semanage/seobject.py:225
-+msgid "SELinux policy is not managed or store cannot be accessed."
++#: ../semanage/seobject.py:254
++msgid "Could not create semanage handle"
msgstr ""
-#: ../newrole/newrole.c:656
-#, c-format
-msgid "%s! Could not get new context for %s, not relabeling tty.\n"
-+#: ../semanage/seobject.py:230
-+msgid "Cannot read policy store."
++#: ../semanage/seobject.py:263
++msgid "SELinux policy is not managed or store cannot be accessed."
msgstr ""
-#: ../newrole/newrole.c:666
-#, c-format
-msgid "%s! Could not set new context for %s\n"
-+#: ../semanage/seobject.py:235
-+msgid "Could not establish semanage connection"
++#: ../semanage/seobject.py:268
[...487606 lines suppressed...]
msgstr ""
-#: ../semanage/seobject.py:1099 ../semanage/seobject.py:1144
-#, python-format
-msgid "File context for %s is not defined"
-+#: ../gui/system-config-selinux.glade:2606
-+msgid "Modify SELinux User"
++#: ../gui/system-config-selinux.glade:2167
++msgid "Add SELinux User Mapping"
msgstr ""
-#: ../semanage/seobject.py:1103
-#, python-format
-msgid "Could not query file context for %s"
-+#: ../gui/system-config-selinux.glade:2739
-+msgid "label40"
++#: ../gui/system-config-selinux.glade:2183
++msgid "Modify SELinux User Mapping"
msgstr ""
-#: ../semanage/seobject.py:1120 ../semanage/seobject.py:1124
-#, python-format
-msgid "Could not modify file context for %s"
-+#: ../gui/system-config-selinux.glade:2776
-+msgid "Add Network Port"
++#: ../gui/system-config-selinux.glade:2199
++msgid "Delete SELinux User Mapping"
msgstr ""
-#: ../semanage/seobject.py:1142
-#, python-format
-msgid "File context for %s is defined in policy, cannot be deleted"
-+#: ../gui/system-config-selinux.glade:2792
-+msgid "Edit Network Port"
++#: ../gui/system-config-selinux.glade:2316
++msgid "label39"
msgstr ""
-#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1156
-#, python-format
-msgid "Could not delete file context for %s"
-+#: ../gui/system-config-selinux.glade:2808
-+msgid "Delete Network Port"
++#: ../gui/system-config-selinux.glade:2353
++msgid "Add Translation"
msgstr ""
-#: ../semanage/seobject.py:1164
-msgid "Could not list file contexts"
-+#: ../gui/system-config-selinux.glade:2851
-+msgid "Group/ungroup network ports by SELinux type."
++#: ../gui/system-config-selinux.glade:2369
++msgid "Modify Translation"
msgstr ""
-#: ../semanage/seobject.py:1168
-msgid "Could not list local file contexts"
-+#: ../gui/system-config-selinux.glade:2897
-+msgid "Group View"
++#: ../gui/system-config-selinux.glade:2385
++msgid "Delete Translation"
msgstr ""
-#: ../semanage/seobject.py:1203
-msgid "Requires value"
-+#: ../gui/system-config-selinux.glade:3035
-+msgid "label42"
++#: ../gui/system-config-selinux.glade:2502
++msgid "label41"
msgstr ""
-#: ../semanage/seobject.py:1211 ../semanage/seobject.py:1245
-#: ../semanage/seobject.py:1251
-#, python-format
-msgid "Could not check if boolean %s is defined"
-+#: ../gui/system-config-selinux.glade:3072
-+msgid "Generate new policy module"
++#: ../gui/system-config-selinux.glade:2555
++msgid "Modify SELinux User"
msgstr ""
-#: ../semanage/seobject.py:1213 ../semanage/seobject.py:1247
-#, python-format
-msgid "Boolean %s is not defined"
-+#: ../gui/system-config-selinux.glade:3088
-+msgid "Load policy module"
++#: ../gui/system-config-selinux.glade:2688
++msgid "label40"
msgstr ""
-#: ../semanage/seobject.py:1217
-#, python-format
-msgid "Could not query file context %s"
-+#: ../gui/system-config-selinux.glade:3104
-+msgid "Remove loadable policy module"
++#: ../gui/system-config-selinux.glade:2725
++msgid "Add Network Port"
msgstr ""
-#: ../semanage/seobject.py:1229 ../semanage/seobject.py:1233
-#, python-format
-msgid "Could not modify boolean %s"
-+#: ../gui/system-config-selinux.glade:3140
-+msgid ""
-+"Enable additional audit rules, that are normally not reported in the log "
-+"files."
++#: ../gui/system-config-selinux.glade:2741
++msgid "Edit Network Port"
msgstr ""
-#: ../semanage/seobject.py:1253
-#, python-format
-msgid "Boolean %s is defined in policy, cannot be deleted"
-+#: ../gui/system-config-selinux.glade:3141
-+msgid "Enable Audit"
++#: ../gui/system-config-selinux.glade:2757
++msgid "Delete Network Port"
msgstr ""
-#: ../semanage/seobject.py:1261 ../semanage/seobject.py:1265
-#, python-format
-msgid "Could not delete boolean %s"
-+#: ../gui/system-config-selinux.glade:3158
-+msgid ""
-+"Disable additional audit rules, that are normally not reported in the log "
-+"files."
++#: ../gui/system-config-selinux.glade:2793
++#: ../gui/system-config-selinux.glade:2811
++msgid "Toggle between Customized and All Ports"
msgstr ""
-#: ../semanage/seobject.py:1273
-msgid "Could not list booleans"
-+#: ../gui/system-config-selinux.glade:3159
-+msgid "Disable Audit"
++#: ../gui/system-config-selinux.glade:2930
++msgid "label42"
msgstr ""
-#: ../audit2allow/audit2allow:183
-#, c-format
-msgid "Generating type enforcment file: %s.te"
-+#: ../gui/system-config-selinux.glade:3277
-+msgid "label44"
++#: ../gui/system-config-selinux.glade:2967
++msgid "Generate new policy module"
msgstr ""
-#: ../audit2allow/audit2allow:189 ../audit2allow/audit2allow:194
-msgid "Compiling policy"
-+#: ../gui/translationsPage.py:53
-+msgid "Sensitvity Level"
++#: ../gui/system-config-selinux.glade:2983
++msgid "Load policy module"
msgstr ""
-#: ../audit2allow/audit2allow:205
-+#: ../gui/usersPage.py:55
- msgid ""
+-msgid ""
-"\n"
-"******************** IMPORTANT ***********************\n"
-+"Labeling\n"
-+"Prefix"
++#: ../gui/system-config-selinux.glade:2999
++msgid "Remove loadable policy module"
msgstr ""
-#: ../audit2allow/audit2allow:206
-#, c-format
-+#: ../gui/usersPage.py:58
++#: ../gui/system-config-selinux.glade:3035
msgid ""
-"In order to load this newly created policy package into the kernel,\n"
-"you are required to execute \n"
-"\n"
-"semodule -i %s.pp\n"
-"\n"
-+"MLS/\n"
-+"MCS Level"
++"Enable/Disable additional audit rules, that are normally not reported in the "
++"log files."
msgstr ""
-#: ../audit2allow/audit2allow:211
-#, c-format
-msgid "Options Error: %s "
-+#: ../gui/usersPage.py:162
++#: ../gui/system-config-selinux.glade:3154
++msgid "label44"
++msgstr ""
++
++#: ../gui/translationsPage.py:53
++msgid "Sensitvity Level"
++msgstr ""
++
++#: ../gui/usersPage.py:138
+#, python-format
+msgid "SELinux user '%s' is required"
msgstr ""
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-9/policycoreutils-rhat.patch,v
retrieving revision 1.360
retrieving revision 1.361
diff -u -r1.360 -r1.361
--- policycoreutils-rhat.patch 8 Apr 2008 13:54:34 -0000 1.360
+++ policycoreutils-rhat.patch 30 Apr 2008 16:24:23 -0000 1.361
@@ -1,6 +1,644 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.46/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/audit2allow/audit2allow 2008-03-18 16:57:01.000000000 -0400
+@@ -19,7 +19,6 @@
+ #
+
+ import sys
+-import tempfile
+
+ import sepolgen.audit as audit
+ import sepolgen.policygen as policygen
+@@ -60,7 +59,10 @@
+ parser.add_option("-o", "--output", dest="output",
+ help="append output to <filename>, conflicts with -M")
+ parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
+- default=False, help="generate refpolicy style output")
++ default=True, help="generate refpolicy style output")
++
++ parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
++ default=False, help="do not generate refpolicy style output")
+ parser.add_option("-v", "--verbose", action="store_true", dest="verbose",
+ default=False, help="explain generated output")
+ parser.add_option("-e", "--explain", action="store_true", dest="explain_long",
+@@ -72,6 +74,9 @@
+ parser.add_option("--debug", dest="debug", action="store_true", default=False,
+ help="leave generated modules for -M")
+
++ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
++ help="Translates SELinux audit messages into a description of why the access was denied")
++
+ options, args = parser.parse_args()
+
+ # Make -d, -a, and -i conflict
+@@ -147,10 +152,12 @@
+
+ def __process_input(self):
+ if self.__options.type:
+- filter = audit.TypeFilter(self.__options.type)
+- self.__avs = self.__parser.to_access(filter)
++ avcfilter = audit.TypeFilter(self.__options.type)
++ self.__avs = self.__parser.to_access(avcfilter)
++ self.__selinux_errs = self.__parser.to_role(avcfilter)
+ else:
+ self.__avs = self.__parser.to_access()
++ self.__selinux_errs = self.__parser.to_role()
+
+ def __load_interface_info(self):
+ # Load interface info file
+@@ -210,7 +217,77 @@
+ sys.stdout.write((_("To make this policy package active, execute:" +\
+ "\n\nsemodule -i %s\n\n") % packagename))
+
++ def __output_audit2why(self):
++ import selinux
++ import selinux.audit2why as audit2why
++ import seobject
++ audit2why.init()
++ for i in self.__parser.avc_msgs:
++ rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
++ if rc >= 0:
++ print "%s\n\tWas caused by:" % i.message
++ if rc == audit2why.NOPOLICY:
++ raise RuntimeError("Must call policy_init first")
++ if rc == audit2why.BADTCON:
++ print "Invalid Target Context %s\n" % i.tcontext
++ continue
++ if rc == audit2why.BADSCON:
++ print "Invalid Source Context %s\n" % i.scontext
++ continue
++ if rc == audit2why.BADSCON:
++ print "Invalid Type Class %s\n" % i.tclass
++ continue
++ if rc == audit2why.BADPERM:
++ print "Invalid permission %s\n" % i.accesses
++ continue
++ if rc == audit2why. BADCOMPUTE:
++ raise RuntimeError("Error during access vector computation")
++ if rc == audit2why.ALLOW:
++ print "\t\tUnknown - would be allowed by active policy\n",
++ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
++ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
++ continue
++ if rc == audit2why.DONTAUDIT:
++ print "\t\tUnknown - should be dontaudit'd by active policy\n",
++ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
++ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
++ continue
++ if rc == audit2why.BOOLEAN:
++ if len(bools) > 1:
++ print "\tOne of the following booleans was set incorrectly."
++ for b in bools:
++ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
++ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
++ else:
++ print "\tThe boolean %s was set incorrectly. " % (bools[0][0])
++ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
++ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
++ continue
++
++ if rc == audit2why.TERULE:
++ print "\t\tMissing type enforcement (TE) allow rule.\n"
++ print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n"
++ continue
++
++ if rc == audit2why.CONSTRAINT:
++ print "\t\tPolicy constraint violation.\n"
++ print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
++ print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
++ continue
++
++ if rc == audit2why.RBAC:
++ print "\t\tMissing role allow rule.\n"
++ print "\t\tAdd an allow rule for the role pair.\n"
++ continue
++
++ audit2why.finish()
++ return
++
+ def __output(self):
++
++ if self.__options.audit2why:
++ return self.__output_audit2why()
++
+ g = policygen.PolicyGenerator()
+
+ if self.__options.module:
+@@ -251,6 +328,12 @@
+ fd = sys.stdout
+ writer.write(g.get_module(), fd)
+
++ if len(self.__selinux_errs) > 0:
++ fd.write("\n=========== ROLES ===============\n")
++
++ for role in self.__selinux_errs:
++ fd.write(role.output())
++
+ def main(self):
+ try:
+ self.__parse_options()
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.46/audit2allow/audit2allow.1
+--- nsapolicycoreutils/audit2allow/audit2allow.1 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/audit2allow/audit2allow.1 2008-03-18 16:57:01.000000000 -0400
+@@ -24,7 +24,12 @@
+ .\"
+ .TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
+ .SH NAME
+-audit2allow \- generate SELinux policy allow rules from logs of denied operations
++.BR audit2allow
++ \- generate SELinux policy allow rules from logs of denied operations
++
++.BR audit2why
++ \- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
++
+ .SH SYNOPSIS
+ .B audit2allow
+ .RI [ options "] "
+@@ -65,12 +70,19 @@
+ .B "\-r" | "\-\-requires"
+ Generate require output syntax for loadable modules.
+ .TP
++.B "\-N" | "\-\-noreference"
++Do not generate reference policy, traditional style allow rules.
++.TP
+ .B "\-R" | "\-\-reference"
+-Generate reference policy using installed macros. Requires the selinux-policy-devel package.
++Generate reference policy using installed macros.Default
+ .TP
+ .B "\-t " | "\-\-tefile"
+ Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
+ .TP
++.B "\-w" | "\-\-why"
++Translates SELinux audit messages into a description of why the access wasn denied
++
++.TP
+ .B "\-v" | "\-\-verbose"
+ Turn on verbose output
+
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.46/audit2allow/sepolgen-ifgen
+--- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/audit2allow/sepolgen-ifgen 2008-03-18 16:57:01.000000000 -0400
+@@ -80,7 +80,10 @@
+ if_set.to_file(f)
+ f.close()
+
+- return 0
++ if refparser.success:
++ return 0
++ else:
++ return 1
+
+ if __name__ == "__main__":
+ sys.exit(main())
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why policycoreutils-2.0.46/audit2why/audit2why
+--- nsapolicycoreutils/audit2why/audit2why 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/audit2why/audit2why 2008-03-18 16:57:01.000000000 -0400
+@@ -0,0 +1,2 @@
++#!/bin/sh
++/usr/bin/audit2allow -w $*
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-2.0.46/audit2why/audit2why.1
+--- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.46/audit2why/audit2why.1 2008-03-18 16:57:01.000000000 -0400
+@@ -0,0 +1 @@
++.so man1/audit2allow.1
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.8 policycoreutils-2.0.46/audit2why/audit2why.8
+--- nsapolicycoreutils/audit2why/audit2why.8 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/audit2why/audit2why.8 1969-12-31 19:00:00.000000000 -0500
+@@ -1,79 +0,0 @@
+-.\" Hey, Emacs! This is an -*- nroff -*- source file.
+-.\" Copyright (c) 2005 Dan Walsh <dwalsh at redhat.com>
+-.\"
+-.\" This is free documentation; you can redistribute it and/or
+-.\" modify it under the terms of the GNU General Public License as
+-.\" published by the Free Software Foundation; either version 2 of
+-.\" the License, or (at your option) any later version.
+-.\"
+-.\" The GNU General Public License's references to "object code"
+-.\" and "executables" are to be interpreted as the output of any
+-.\" document formatting or typesetting system, including
+-.\" intermediate and printed output.
+-.\"
+-.\" This manual is distributed in the hope that it will be useful,
+-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-.\" GNU General Public License for more details.
+-.\"
+-.\" You should have received a copy of the GNU General Public
+-.\" License along with this manual; if not, write to the Free
+-.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
+-.\" USA.
+-.\"
+-.\"
+-.TH AUDIT2WHY "8" "May 2005" "Security Enhanced Linux" NSA
+-.SH NAME
+-audit2why \- Translates SELinux audit messages into a description of why the access was denied
+-.SH SYNOPSIS
+-.B audit2why
+-.RI [ options "] "
+-.SH OPTIONS
+-.TP
+-
+-.B "\-\-help"
+-Print a short usage message
+-.TP
+-.B "\-p <policyfile>"
+-Specify an alternate policy file.
+-.SH DESCRIPTION
+-.PP
+-This utility processes SELinux audit messages from standard
+-input and and reports which component of the policy caused each
+-permission denial based on the specified policy file if the -p option
+-was used or the active policy otherwise. There are three possible
+-causes: 1) a missing or disabled TE allow rule, 2) a constraint violation,
+-or 3) a missing role allow rule. In the first case, the TE allow
+-rule may exist in the policy but may be disabled due to boolean settings.
+-See
+-.BR booleans (8).
+-If the allow rule is not present at all, it can be generated via
+-.BR audit2allow (1).
+-In the second case, a constraint is being violated; see policy/constraints
+-or policy/mls to identify the particular constraint. Typically, this can
+-be resolved by adding a type attribute to the domain. In the third case,
+-a role transition was attempted but no allow rule existed for the role pair.
+-This can be resolved by adding an allow rule for the role pair to the policy.
+-.PP
+-.SH EXAMPLE
+-.nf
+-$ /usr/sbin/audit2why < /var/log/audit/audit.log
+-
+-type=KERNEL msg=audit(1115316408.926:336418): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir
+- Was caused by:
+- Missing or disabled TE allow rule.
+- Allow rules may exist but be disabled by boolean settings; check boolean settings.
+- You can see the necessary allow rules by running audit2allow with this audit message as input.
+-
+-type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file
+- Was caused by:
+- Constraint violation.
+- Check policy/constraints.
+- Typically, you just need to add a type attribute to the domain to satisfy the constraint.
+-.fi
+-.PP
+-.SH AUTHOR
+-This manual page was written by
+-.I Dan Walsh <dwalsh at redhat.com>,
+-.B audit2why
+-utility was written by Stephen Smalley <sds at tycho.nsa.gov>.
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.46/audit2why/audit2why.c
+--- nsapolicycoreutils/audit2why/audit2why.c 2008-01-11 10:52:37.000000000 -0500
++++ policycoreutils-2.0.46/audit2why/audit2why.c 1969-12-31 19:00:00.000000000 -0500
+@@ -1,313 +0,0 @@
+-#define _GNU_SOURCE
+-#include <unistd.h>
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <ctype.h>
+-#include <errno.h>
+-#include <getopt.h>
+-#include <limits.h>
+-#include <sepol/sepol.h>
+-#include <sepol/policydb/services.h>
+-#include <selinux/selinux.h>
+-
+-#define AVCPREFIX "avc: denied { "
+-#define SCONTEXT "scontext="
+-#define TCONTEXT "tcontext="
+-#define TCLASS "tclass="
+-
+-void usage(char *progname, int rc)
+-{
+- fprintf(stderr, "usage: %s [-p policy] < /var/log/audit/audit.log\n",
+- progname);
+- exit(rc);
+-}
+-
+-int main(int argc, char **argv)
+-{
+- char path[PATH_MAX];
+- char *buffer = NULL, *bufcopy = NULL;
+- unsigned int lineno = 0;
+- size_t len = 0, bufcopy_len = 0;
+- FILE *fp = NULL;
+- int opt, rc, set_path = 0;
+- char *p, *scon, *tcon, *tclassstr, *permstr;
+- sepol_security_id_t ssid, tsid;
+- sepol_security_class_t tclass;
+- sepol_access_vector_t perm, av;
+- struct sepol_av_decision avd;
+- unsigned int reason;
+- int vers = 0;
+- sidtab_t sidtab;
+- policydb_t policydb;
+- struct policy_file pf;
+-
+- while ((opt = getopt(argc, argv, "p:?h")) > 0) {
+- switch (opt) {
+- case 'p':
+- set_path = 1;
+- strncpy(path, optarg, PATH_MAX);
+- fp = fopen(path, "r");
+- if (!fp) {
+- fprintf(stderr, "%s: unable to open %s: %s\n",
+- argv[0], path, strerror(errno));
+- exit(1);
+- }
+- break;
+- default:
+- usage(argv[0], 0);
+- }
+- }
+-
+- if (argc - optind)
+- usage(argv[0], 1);
+-
+- if (!set_path) {
+- if (!is_selinux_enabled()) {
+- fprintf(stderr,
+- "%s: Must specify -p policy on non-SELinux systems\n",
+- argv[0]);
+- exit(1);
+- }
+- vers = security_policyvers();
+- if (vers < 0) {
+- fprintf(stderr,
+- "%s: Could not get policy version: %s\n",
+- argv[0], strerror(errno));
+- exit(1);
+- }
+- snprintf(path, PATH_MAX, "%s.%d",
+- selinux_binary_policy_path(), vers);
+- fp = fopen(path, "r");
+- while (!fp && errno == ENOENT && --vers) {
+- snprintf(path, PATH_MAX, "%s.%d",
+- selinux_binary_policy_path(), vers);
+- fp = fopen(path, "r");
+- }
+- if (!fp) {
+- snprintf(path, PATH_MAX, "%s.%d",
+- selinux_binary_policy_path(),
+- security_policyvers());
+- fprintf(stderr, "%s: unable to open %s: %s\n",
+- argv[0], path, strerror(errno));
+- exit(1);
+- }
+- }
+-
+- /* Set up a policydb directly so that we can mutate it later
+- for booleans and user settings. Otherwise we would just use
+- sepol_set_policydb_from_file() here. */
+- pf.fp = fp;
+- pf.type = PF_USE_STDIO;
+- if (policydb_init(&policydb)) {
+- fprintf(stderr, "%s: policydb_init failed: %s\n",
+- argv[0], strerror(errno));
+- exit(1);
+- }
+- if (policydb_read(&policydb, &pf, 0)) {
+- fprintf(stderr, "%s: invalid binary policy %s\n",
+- argv[0], path);
+- exit(1);
+- }
+- fclose(fp);
+- sepol_set_policydb(&policydb);
+-
+- if (!set_path) {
+- /* If they didn't specify a full path of a binary policy file,
+- then also try loading any boolean settings and user
+- definitions from the active locations. Otherwise,
+- they can use genpolbools and genpolusers to build a
+- binary policy file that includes any desired settings
+- and then apply audit2why -p to the resulting file.
+- Errors are non-fatal as such settings are optional. */
+- sepol_debug(0);
+- (void)sepol_genbools_policydb(&policydb,
+- selinux_booleans_path());
+- (void)sepol_genusers_policydb(&policydb, selinux_users_path());
+- }
+-
+- /* Initialize the sidtab for subsequent use by sepol_context_to_sid
+- and sepol_compute_av_reason. */
+- rc = sepol_sidtab_init(&sidtab);
+- if (rc < 0) {
+- fprintf(stderr, "%s: unable to init sidtab\n", argv[0]);
+- exit(1);
+- }
+- sepol_set_sidtab(&sidtab);
+-
+- /* Process the audit messages. */
+- while (getline(&buffer, &len, stdin) > 0) {
+- size_t len2 = strlen(buffer);
+-
+- if (buffer[len2 - 1] == '\n')
+- buffer[len2 - 1] = 0;
+- lineno++;
+-
+- p = buffer;
+- while (*p && strncmp(p, AVCPREFIX, sizeof(AVCPREFIX) - 1))
+- p++;
+- if (!(*p))
+- continue; /* not an avc denial */
+-
+- p += sizeof(AVCPREFIX) - 1;
+-
+- /* Save a copy of the original unmodified buffer. */
+- if (!bufcopy) {
+- /* Initial allocation */
+- bufcopy_len = len;
+- bufcopy = malloc(len);
+- } else if (bufcopy_len < len) {
+- /* Grow */
+- bufcopy_len = len;
+- bufcopy = realloc(bufcopy, len);
+- }
+- if (!bufcopy) {
+- fprintf(stderr, "%s: OOM on buffer copy\n", argv[0]);
+- exit(2);
+- }
+- memcpy(bufcopy, buffer, len);
+-
+- /* Remember where the permission list begins,
+- and terminate the list. */
+- permstr = p;
+- while (*p && *p != '}')
+- p++;
+- if (!(*p)) {
+- fprintf(stderr,
+- "Missing closing bracket on line %u, skipping...\n",
+- lineno);
+- continue;
+- }
+- *p++ = 0;
+-
+- /* Get scontext and convert to SID. */
+- while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
+- p++;
+- if (!(*p)) {
+- fprintf(stderr, "Missing %s on line %u, skipping...\n",
+- SCONTEXT, lineno);
+- continue;
+- }
+- p += sizeof(SCONTEXT) - 1;
+- scon = p;
+- while (*p && !isspace(*p))
+- p++;
+- if (*p)
+- *p++ = 0;
+- rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
+- if (rc < 0) {
+- fprintf(stderr,
+- "Invalid %s%s on line %u, skipping...\n",
+- SCONTEXT, scon, lineno);
+- continue;
+- }
+-
+- /* Get tcontext and convert to SID. */
+- while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
+- p++;
+- if (!(*p)) {
+- fprintf(stderr, "Missing %s on line %u, skipping...\n",
+- TCONTEXT, lineno);
+- continue;
+- }
+- p += sizeof(TCONTEXT) - 1;
+- tcon = p;
+- while (*p && !isspace(*p))
+- p++;
+- if (*p)
+- *p++ = 0;
+- rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
+- if (rc < 0) {
+- fprintf(stderr,
+- "Invalid %s%s on line %u, skipping...\n",
+- TCONTEXT, tcon, lineno);
+- continue;
+- }
+-
+- /* Get tclass= and convert to value. */
+- while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
+- p++;
+- if (!(*p)) {
+- fprintf(stderr, "Missing %s on line %u, skipping...\n",
+- TCLASS, lineno);
+- continue;
+- }
+- p += sizeof(TCLASS) - 1;
+- tclassstr = p;
+- while (*p && !isspace(*p))
+- p++;
+- if (*p)
+- *p = 0;
+- tclass = string_to_security_class(tclassstr);
+- if (!tclass) {
+- fprintf(stderr,
+- "Invalid %s%s on line %u, skipping...\n",
+- TCLASS, tclassstr, lineno);
+- continue;
+- }
+-
+- /* Convert the permission list to an AV. */
+- p = permstr;
+- av = 0;
+- while (*p) {
+- while (*p && !isspace(*p))
+- p++;
+- if (*p)
+- *p++ = 0;
+- perm = string_to_av_perm(tclass, permstr);
+- if (!perm) {
+- fprintf(stderr,
+- "Invalid permission %s on line %u, skipping...\n",
+- permstr, lineno);
+- continue;
+- }
+- av |= perm;
+- permstr = p;
+- }
+-
+- /* Reproduce the computation. */
+- rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd,
+- &reason);
+- if (rc < 0) {
+- fprintf(stderr,
+- "Error during access vector computation on line %u, skipping...\n",
+- lineno);
+- continue;
+- }
+-
+- printf("%s\n\tWas caused by:\n", bufcopy);
+-
+- if (!reason) {
+- printf("\t\tUnknown - would be allowed by %s policy\n",
+- set_path ? "specified" : "active");
+- printf
+- ("\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n");
+- printf
+- ("\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n");
+- }
+-
+- if (reason & SEPOL_COMPUTEAV_TE) {
+- printf("\t\tMissing or disabled TE allow rule.\n");
+- printf
+- ("\t\tAllow rules may exist but be disabled by boolean settings; check boolean settings.\n");
+- printf
+- ("\t\tYou can see the necessary allow rules by running audit2allow with this audit message as input.\n");
+- }
+-
+- if (reason & SEPOL_COMPUTEAV_CONS) {
+- printf("\t\tConstraint violation.\n");
+- printf("\t\tCheck policy/constraints.\n");
+- printf
+- ("\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n");
+- }
+-
+- if (reason & SEPOL_COMPUTEAV_RBAC) {
+- printf("\t\tMissing role allow rule.\n");
+- printf("\t\tAdd allow rule for the role pair.\n");
+- }
+-
+- printf("\n");
+- }
+- free(buffer);
+- free(bufcopy);
+- exit(0);
+-}
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-2.0.46/audit2why/Makefile
+--- nsapolicycoreutils/audit2why/Makefile 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/audit2why/Makefile 2008-03-18 16:57:01.000000000 -0400
+@@ -1,15 +1,7 @@
+ # Installation directories.
+ PREFIX ?= ${DESTDIR}/usr
+ BINDIR ?= $(PREFIX)/bin
+-LIBDIR ?= ${PREFIX}/lib
+ MANDIR ?= $(PREFIX)/share/man
+-LOCALEDIR ?= /usr/share/locale
+-INCLUDEDIR ?= ${PREFIX}/include
+-
+-
+-CFLAGS ?= -Werror -Wall -W
+-override CFLAGS += -I$(INCLUDEDIR)
+-LDLIBS = ${LIBDIR}/libsepol.a -lselinux -L$(LIBDIR)
+
+ TARGETS=audit2why
+
+@@ -18,13 +10,9 @@
+ install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 $(TARGETS) $(BINDIR)
+- -mkdir -p $(MANDIR)/man8
+- install -m 644 audit2why.8 $(MANDIR)/man8/
++ -mkdir -p $(MANDIR)/man1
++ install -m 644 audit2why.1 $(MANDIR)/man1/
+
+ clean:
+- -rm -f $(TARGETS) *.o
+-
+-indent:
+- ../../scripts/Lindent $(wildcard *.[ch])
+
+ relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.46/Makefile
--- nsapolicycoreutils/Makefile 2007-12-19 06:02:52.000000000 -0500
-+++ policycoreutils-2.0.46/Makefile 2008-04-08 09:35:27.000000000 -0400
++++ policycoreutils-2.0.46/Makefile 2008-04-30 09:16:46.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@@ -9,7 +647,7 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.46/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.46/restorecond/restorecond.c 2008-04-08 09:35:27.000000000 -0400
++++ policycoreutils-2.0.46/restorecond/restorecond.c 2008-04-30 09:16:46.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -36,10 +674,310 @@
}
free(scontext);
close(fd);
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.46/scripts/chcat
+--- nsapolicycoreutils/scripts/chcat 2007-08-23 16:52:26.000000000 -0400
++++ policycoreutils-2.0.46/scripts/chcat 2008-03-18 16:57:01.000000000 -0400
+@@ -25,10 +25,6 @@
+ import commands, sys, os, pwd, string, getopt, selinux
+ import seobject
+ import gettext
+-import codecs
+-import locale
+-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
+-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
+
+ try:
+ gettext.install('policycoreutils')
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.46/scripts/fixfiles
+--- nsapolicycoreutils/scripts/fixfiles 2007-12-10 21:42:28.000000000 -0500
++++ policycoreutils-2.0.46/scripts/fixfiles 2008-03-18 16:57:01.000000000 -0400
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+ # fixfiles
+ #
+ # Script to restore labels on a SELinux box
+@@ -36,8 +36,8 @@
+ LOGGER=/usr/sbin/logger
+ SETFILES=/sbin/setfiles
+ RESTORECON=/sbin/restorecon
+-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(rw/{print $3}';`
+-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | jfs ).*\(ro/{print $3}';`
++FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
++FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
+ FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
+ SELINUXTYPE="targeted"
+ if [ -e /etc/selinux/config ]; then
+@@ -84,15 +84,15 @@
+ do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null; then \
+ echo "$pattern"; \
+ case "$pattern" in *"*") \
+- echo "$pattern" | sed 's,\*$,,g' >> ${TEMPFILE};;
++ echo "$pattern" | sed -e 's,^,^,' -e 's,\*$,,g' >> ${TEMPFILE};;
+ esac; \
+ fi; \
+ done | \
+- while read pattern ; do sh -c "find $pattern" \
+- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
+- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
++ while read pattern ; do sh -c "find $pattern \
++ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
++ \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
+ done 2> /dev/null | \
+- ${RESTORECON} $2 -f -
++ ${RESTORECON} $* -0 -f -
+ rm -f ${TEMPFILE} ${PREFCTEMPFILE}
+ fi
+ }
+@@ -117,7 +117,7 @@
+ #
+ restore () {
+ if [ ! -z "$PREFC" ]; then
+- diff_filecontext $1
++ diff_filecontext $*
+ exit $?
+ fi
+ if [ ! -z "$RPMFILES" ]; then
+@@ -126,17 +126,15 @@
+ done
+ exit $?
+ fi
+-if [ ! -z "$DIRS" ]; then
++if [ ! -z "$FILEPATH" ]; then
+ if [ -x /usr/bin/find ]; then
+- for d in ${DIRS} ; do find $d \
+- ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print | \
+- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
+- done
++ /usr/bin/find "$FILEPATH" \
++ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
++ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+ else
+- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $DIRS 2>&1 >> $LOGFILE
++ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+ fi
+-
+- exit $?
++ return
+ fi
+ LogReadOnly
+ ${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+@@ -173,6 +171,20 @@
+ fi
+ }
+
++process() {
++#
++# Make sure they specified one of the three valid commands
++#
++case "$1" in
++ restore) restore -p ;;
++ check) restore -n -v;;
++ verify) restore -n -o -;;
++ relabel) relabel;;
++ *)
++ usage
++ exit 1
++esac
++}
+ usage() {
+ echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
+ echo or
+@@ -189,27 +201,21 @@
+ case "$i" in
+ f)
+ fullFlag=1
+- shift 1
+ ;;
+ R)
+ RPMFILES=$OPTARG
+- shift 2
+ ;;
+ o)
+ OUTFILES=$OPTARG
+- shift 2
+ ;;
+ l)
+ LOGFILE=$OPTARG
+- shift 2
+ ;;
+ C)
+ PREFC=$OPTARG
+- shift 2
+ ;;
+ F)
+ FORCEFLAG="-F"
+- shift 1
+ ;;
+ *)
+ usage
+@@ -217,34 +223,36 @@
+ esac
+ done
+
++# Move out processed options from arguments
++shift $(( OPTIND - 1 ))
++
+ # Check for the command
+ command=$1
+ if [ -z $command ]; then
+ usage
+ fi
+
++# Move out command from arguments
++shift
++
+ #
+ # check if they specified both DIRS and RPMFILES
+ #
+
+-shift 1
+ if [ ! -z "$RPMFILES" ]; then
++ process $command
+ if [ $# -gt 0 ]; then
+ usage
+ fi
+ else
+- DIRS=$*
++ if [ -z "$1" ]; then
++ process $command
++ else
++ while [ -n "$1" ]; do
++ FILEPATH=$1
++ process $command
++ shift
++ done
++ fi
+ fi
+-
+-#
+-# Make sure they specified one of the three valid commands
+-#
+-case "$command" in
+- restore) restore -p ;;
+- check) restore -n -v ;;
+- verify) restore -n -o -;;
+- relabel) relabel;;
+- *)
+- usage
+- exit 1
+-esac
++exit $?
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.46/scripts/fixfiles.8
+--- nsapolicycoreutils/scripts/fixfiles.8 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/scripts/fixfiles.8 2008-03-18 16:57:01.000000000 -0400
+@@ -35,7 +35,7 @@
+
+ .TP
+ .B -f
+-Don't prompt for removal of /tmp directory.
++Clear /tmp directory with out prompt for removal.
+
+ .TP
+ .B -R rpmpackagename[,rpmpackagename...]
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.46/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
++++ policycoreutils-2.0.46/semanage/semanage 2008-04-30 09:44:35.000000000 -0400
+@@ -1,5 +1,5 @@
+ #! /usr/bin/python -E
+-# Copyright (C) 2005 Red Hat
++# Copyright (C) 2005, 2006, 2007 Red Hat
+ # see file 'COPYING' for use and warranty information
+ #
+ # semanage is a tool for managing SELinux configuration files
+@@ -28,10 +28,6 @@
+ import gettext
+ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+ gettext.textdomain(PROGNAME)
+-import codecs
+-import locale
+-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
+-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
+
+ try:
+ gettext.install(PROGNAME,
+@@ -51,7 +47,7 @@
+ semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] \n\
+ semanage login -{a|d|m} [-sr] login_name\n\
+ semanage user -{a|d|m} [-LrRP] selinux_name\n\
+-semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
++semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range\n\
+ semanage interface -{a|d|m} [-tr] interface_spec\n\
+ semanage fcontext -{a|d|m} [-frst] file_spec\n\
+ semanage translation -{a|d|m} [-T] level\n\n\
+@@ -107,7 +103,7 @@
+ valid_option["user"] = []
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
+ valid_option["port"] = []
+- valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ]
++ valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
+ valid_option["interface"] = []
+ valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] = []
+@@ -115,7 +111,7 @@
+ valid_option["translation"] = []
+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
+ valid_option["boolean"] = []
+- valid_option["boolean"] += valid_everyone
++ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
+ return valid_option
+
+ #
+@@ -133,9 +129,9 @@
+ setrans = ""
+ roles = ""
+ seuser = ""
+- prefix = ""
++ prefix = "user"
+ heading=1
+-
++ value=0
+ add = 0
+ modify = 0
+ delete = 0
+@@ -154,7 +150,7 @@
+ args = sys.argv[2:]
+
+ gopts, cmds = getopt.getopt(args,
+- 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
++ '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
+ 'deleteall',
+@@ -164,6 +160,8 @@
+ 'modify',
+ 'noheading',
+ 'localist',
++ 'off',
++ 'on',
+ 'proto=',
+ 'seuser=',
+ 'store=',
+@@ -242,6 +240,11 @@
+ if o == "-T" or o == "--trans":
+ setrans = a
+
++ if o == "--on" or o == "-1":
++ value = 1
++ if o == "-off" or o == "-0":
++ value = 0
++
+ if object == "login":
+ OBJECT = seobject.loginRecords(store)
+
+@@ -287,8 +290,6 @@
+ rlist = roles.split()
+ if len(rlist) == 0:
+ raise ValueError(_("You must specify a role"))
+- if prefix == "":
+- raise ValueError(_("You must specify a prefix"))
+ OBJECT.add(target, rlist, selevel, serange, prefix)
+
+ if object == "port":
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.46/semanage/semanage.8
---- nsapolicycoreutils/semanage/semanage.8 2008-04-08 09:37:21.000000000 -0400
-+++ policycoreutils-2.0.46/semanage/semanage.8 2008-04-08 09:35:46.000000000 -0400
-@@ -3,7 +3,9 @@
+--- nsapolicycoreutils/semanage/semanage.8 2007-07-16 14:20:41.000000000 -0400
++++ policycoreutils-2.0.46/semanage/semanage.8 2008-04-30 09:16:46.000000000 -0400
+@@ -3,13 +3,15 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
@@ -50,6 +988,13 @@
.br
.B semanage login \-{a|d|m} [\-sr] login_name
.br
+ .B semanage user \-{a|d|m} [\-LrRP] selinux_name
+ .br
+-.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range
++.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
+ .br
+ .B semanage interface \-{a|d|m} [\-tr] interface_spec
+ .br
@@ -43,6 +45,9 @@
.I \-d, \-\-delete
Delete a OBJECT record NAME
@@ -61,9 +1006,22 @@
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.46/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2008-01-24 14:41:25.000000000 -0500
-+++ policycoreutils-2.0.46/semanage/seobject.py 2008-04-08 09:35:27.000000000 -0400
-@@ -464,7 +464,7 @@
+--- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
++++ policycoreutils-2.0.46/semanage/seobject.py 2008-04-30 11:17:55.000000000 -0400
+@@ -117,6 +117,12 @@
+ #print _("Failed to translate booleans.\n%s") % e
+ pass
+
++def boolean_desc(boolean):
++ if boolean in booleans_dict:
++ return _(booleans_dict[boolean][2])
++ else:
++ return boolean
++
+ def validate_level(raw):
+ sensitivity = "s[0-9]*"
+ category = "c[0-9]*"
+@@ -458,7 +464,7 @@
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -72,3 +1030,208 @@
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
+@@ -503,8 +509,6 @@
+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
+ if rc < 0:
+ raise ValueError(_("Could not set MLS level for %s") % name)
+- if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
+- raise ValueError(_("Invalid prefix %s") % prefix)
+ rc = semanage_user_set_prefix(self.sh, u, prefix)
+ if rc < 0:
+ raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
+@@ -570,17 +574,18 @@
+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+
+ if prefix != "":
+- if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+- raise ValueError(_("Invalid prefix %s") % prefix)
+ semanage_user_set_prefix(self.sh, u, prefix)
+
+ if len(roles) != 0:
+- for r in rlist:
+- if r not in roles:
+- semanage_user_del_role(u, r)
+- for r in roles:
+- if r not in rlist:
+- semanage_user_add_role(self.sh, u, r)
++ if len(roles) == 1 and roles[0][0] == "+":
++ semanage_user_add_role(self.sh, u, roles[0][1:])
++ else:
++ for r in rlist:
++ if r not in roles:
++ semanage_user_del_role(u, r)
++ for r in roles:
++ if r not in rlist:
++ semanage_user_add_role(self.sh, u, r)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+@@ -655,7 +660,7 @@
+ raise ValueError(_("Could not list roles for user %s") % name)
+
+ roles = string.join(rlist, ' ');
+- ddict[semanage_user_get_name(u)] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
++ ddict[name] = (semanage_user_get_prefix(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+
+ return ddict
+
+@@ -1456,10 +1461,7 @@
+ return ddict
+
+ def get_desc(self, boolean):
+- if boolean in booleans_dict:
+- return _(booleans_dict[boolean][2])
+- else:
+- return boolean
++ return boolean_desc(boolean)
+
+ def get_category(self, boolean):
+ if boolean in booleans_dict:
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.46/semodule/semodule.c
+--- nsapolicycoreutils/semodule/semodule.c 2008-01-11 10:52:37.000000000 -0500
++++ policycoreutils-2.0.46/semodule/semodule.c 2008-03-18 16:57:02.000000000 -0400
+@@ -285,7 +285,7 @@
+ if (!sh) {
+ fprintf(stderr, "%s: Could not create semanage handle\n",
+ argv[0]);
+- goto cleanup;
++ goto cleanup_nohandle;
+ }
+
+ if (store) {
+@@ -473,6 +473,8 @@
+ }
+ }
+ semanage_handle_destroy(sh);
++
++ cleanup_nohandle:
+ cleanup();
+ exit(status);
+ }
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule_expand/semodule_expand.c policycoreutils-2.0.46/semodule_expand/semodule_expand.c
+--- nsapolicycoreutils/semodule_expand/semodule_expand.c 2007-07-16 14:20:42.000000000 -0400
++++ policycoreutils-2.0.46/semodule_expand/semodule_expand.c 2008-03-18 16:57:01.000000000 -0400
+@@ -44,6 +44,7 @@
+ sepol_policydb_t *out, *p;
+ FILE *fp, *outfile;
+ int check_assertions = 1;
++ sepol_handle_t *handle;
+
+ while ((ch = getopt(argc, argv, "c:Vva")) != EOF) {
+ switch (ch) {
+@@ -105,6 +106,10 @@
+ basename = argv[optind++];
+ outname = argv[optind];
+
++ handle = sepol_handle_create();
++ if (!handle)
++ exit(1);
++
+ if (sepol_policy_file_create(&pf)) {
+ fprintf(stderr, "%s: Out of memory\n", argv[0]);
+ exit(1);
+@@ -132,7 +137,7 @@
+
+ /* linking the base takes care of enabling optional avrules */
+ p = sepol_module_package_get_policy(base);
+- if (sepol_link_modules(NULL, p, NULL, 0, 0)) {
++ if (sepol_link_modules(handle, p, NULL, 0, 0)) {
+ fprintf(stderr, "%s: Error while enabling avrules\n", argv[0]);
+ exit(1);
+ }
+@@ -144,7 +149,9 @@
+ exit(1);
+ }
+
+- if (sepol_expand_module(NULL, p, out, verbose, check_assertions)) {
++ sepol_set_expand_consume_base(handle, 1);
++
++ if (sepol_expand_module(handle, p, out, verbose, check_assertions)) {
+ fprintf(stderr, "%s: Error while expanding policy\n", argv[0]);
+ exit(1);
+ }
+@@ -174,6 +181,7 @@
+ exit(1);
+ }
+ fclose(outfile);
++ sepol_handle_destroy(handle);
+ sepol_policydb_free(out);
+ sepol_policy_file_free(pf);
+
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.46/setfiles/setfiles.8
+--- nsapolicycoreutils/setfiles/setfiles.8 2007-07-16 14:20:43.000000000 -0400
++++ policycoreutils-2.0.46/setfiles/setfiles.8 2008-03-18 16:57:01.000000000 -0400
+@@ -59,6 +59,9 @@
+ .TP
+ .B \-W
+ display warnings about entries that had no matching files.
++.TP
++.B \-0
++Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
+
+ .SH "ARGUMENTS"
+ .B spec_file
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.46/setfiles/setfiles.c
+--- nsapolicycoreutils/setfiles/setfiles.c 2008-01-11 10:52:37.000000000 -0500
++++ policycoreutils-2.0.46/setfiles/setfiles.c 2008-03-18 16:57:01.000000000 -0400
+@@ -55,6 +55,7 @@
+ static int verbose = 0;
+ static int logging = 0;
+ static int warn_no_match = 0;
++static int null_terminated = 0;
+ static char *rootpath = NULL;
+ static int rootpathlen = 0;
+ static int recurse; /* Recursive descent. */
+@@ -384,7 +385,7 @@
+ {
+ if (iamrestorecon) {
+ fprintf(stderr,
+- "usage: %s [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
++ "usage: %s [-iFnrRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]\n",
+ name);
+ } else {
+ fprintf(stderr,
+@@ -805,7 +806,7 @@
+ }
+
+ /* Process any options. */
+- while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW")) > 0) {
++ while ((opt = getopt(argc, argv, "c:de:f:ilnpqrsvo:FRW0")) > 0) {
+ switch (opt) {
+ case 'c':
+ {
+@@ -927,6 +928,9 @@
+ case 'W':
+ warn_no_match = 1;
+ break;
++ case '0':
++ null_terminated = 1;
++ break;
+ case '?':
+ usage(argv[0]);
+ }
+@@ -983,6 +987,7 @@
+ if (use_input_file) {
+ FILE *f = stdin;
+ ssize_t len;
++ int delim;
+ if (strcmp(input_filename, "-") != 0)
+ f = fopen(input_filename, "r");
+ if (f == NULL) {
+@@ -991,7 +996,9 @@
+ usage(argv[0]);
+ }
+ __fsetlocking(f, FSETLOCKING_BYCALLER);
+- while ((len = getline(&buf, &buf_len, f)) > 0) {
++
++ delim = (null_terminated != 0) ? '\0' : '\n';
++ while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
+ buf[len - 1] = 0;
+ errors |= process_one(buf);
+ }
+diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.46/VERSION
+--- nsapolicycoreutils/VERSION 2008-01-11 10:52:37.000000000 -0500
++++ policycoreutils-2.0.46/VERSION 2008-03-18 16:57:01.000000000 -0400
+@@ -1 +1 @@
+-2.0.35
++2.0.46
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-9/policycoreutils.spec,v
retrieving revision 1.517
retrieving revision 1.518
diff -u -r1.517 -r1.518
--- policycoreutils.spec 18 Apr 2008 22:56:24 -0000 1.517
+++ policycoreutils.spec 30 Apr 2008 16:24:24 -0000 1.518
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.46
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -191,6 +191,9 @@
fi
%changelog
+* Wed Apr 30 2008 Dan Walsh <dwalsh at redhat.com> 2.0.46-6
+- Fix polgengui to allow defining of confined roles.
+
* Fri Apr 18 2008 Matthias Clasen <mclasen at redhat.com> - 2.0.46-5
- Uninvasive (ie no string or widget changes) HIG approximations
in selinux-polgenui
- Previous message (by thread): rpms/NetworkManager/F-9 .cvsignore, 1.80, 1.81 NetworkManager.spec, 1.219, 1.220 sources, 1.108, 1.109
- Next message (by thread): rpms/e16-themes/F-7 e16-themes.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list