rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.43-1 

- Update to upstream
	* Merged fix fixfiles option processing from Vaclav Ovsik.
- Added existing users, staff and user_t users to polgengui
This commit is contained in:
Daniel J Walsh 2008-02-13 20:55:23 +00:00
parent 813c122421
commit 08594f6d5f
4 changed files with 596 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -174,3 +174,4 @@ policycoreutils-2.0.38.tgz
policycoreutils-2.0.39.tgz
policycoreutils-2.0.41.tgz
policycoreutils-2.0.42.tgz
policycoreutils-2.0.43.tgz

432
policycoreutils-gui.patch
View File

@ -941,8 +941,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.42/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.42/gui/polgen.glade 2008-02-05 16:09:43.000000000 -0500
@@ -0,0 +1,3012 @@
+++ policycoreutils-2.0.42/gui/polgen.glade 2008-02-13 15:08:32.000000000 -0500
@@ -0,0 +1,3222 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@ -1055,7 +1055,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <child>
+ <widget class="GtkNotebook" id="notebook1">
+ <property name="visible">True</property>
+ <property name="show_tabs">False</property>
+ <property name="can_focus">True</property>
+ <property name="show_tabs">True</property>
+ <property name="show_border">True</property>
+ <property name="tab_pos">GTK_POS_TOP</property>
+ <property name="scrollable">False</property>
@ -1123,6 +1124,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox16">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkFrame" id="frame9">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
@ -1290,11 +1297,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkRadioButton" id="xwindows_login_user_radiobutton">
+ <widget class="GtkRadioButton" id="existing_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select X Windows login role, if this is a user who will login to a machine via X</property>
+ <property name="tooltip" translatable="yes">Modify an existing login user record.</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">X Windows Login User Role</property>
+ <property name="label" translatable="yes">Existing User Roles</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
@ -1311,11 +1318,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="terminal_login_user_radiobutton">
+ <widget class="GtkRadioButton" id="terminal_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select Terminal Login User Role, if this user will login to a machine only via a terminal or remote login</property>
+ <property name="tooltip" translatable="yes">This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo.</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Terminal Login User Role</property>
+ <property name="label" translatable="yes">Minimal Terminal User Role</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
@ -1332,11 +1339,53 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="root_user_radiobutton">
+ <widget class="GtkRadioButton" id="xwindows_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.</property>
+ <property name="tooltip" translatable="yes">This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Root Administrator User Role</property>
+ <property name="label" translatable="yes">Minimal X Windows User Role</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="login_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">User with full networking, no setuid applications without transition, no sudo, no su.</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">User Role</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="admin_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Admin User Role</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
@ -1359,7 +1408,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <child>
+ <widget class="GtkLabel" id="label42">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">&lt;b&gt;Users&lt;/b&gt;</property>
+ <property name="label" translatable="yes">&lt;b&gt;Login Users&lt;/b&gt;</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -1385,6 +1434,93 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkFrame" id="frame11">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment17">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox16">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkRadioButton" id="root_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Root Admin User Role</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label50">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">&lt;b&gt;Root Users&lt;/b&gt;</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
@ -1651,6 +1787,57 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="existing_user_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select user roles that you want to customize</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox17">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow5">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="existing_user_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select the user roles that will transiton to this applications domains.</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label28">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label28</property>
@ -2917,6 +3104,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label51">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label51</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="files_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select files/directories that the application manages</property>
@ -3957,15 +4167,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.42/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.42/gui/polgengui.py 2008-02-05 16:11:32.000000000 -0500
@@ -0,0 +1,610 @@
+++ policycoreutils-2.0.42/gui/polgengui.py 2008-02-13 15:08:28.000000000 -0500
@@ -0,0 +1,649 @@
+#!/usr/bin/python -E
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
+#
+# Dan Walsh <dwalsh@redhat.com>
+#
+# Copyright 2007 Red Hat, Inc.
+# Copyright 2007, 2008 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
@ -4063,18 +4273,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ START_PAGE = 0
+ SELECT_TYPE_PAGE = 1
+ APP_PAGE = 2
+ TRANSITION_PAGE = 3
+ USER_TRANSITION_PAGE = 4
+ ADMIN_PAGE = 5
+ ROLE_PAGE = 6
+ IN_NET_PAGE = 7
+ OUT_NET_PAGE = 8
+ COMMON_APPS_PAGE = 9
+ FILES_PAGE = 10
+ BOOLEAN_PAGE = 11
+ SELECT_DIR_PAGE = 12
+ GEN_POLICY_PAGE = 13
+ GEN_USER_POLICY_PAGE = 14
+ EXISTING_USER_PAGE = 3
+ TRANSITION_PAGE = 4
+ USER_TRANSITION_PAGE = 5
+ ADMIN_PAGE = 6
+ ROLE_PAGE = 7
+ IN_NET_PAGE = 8
+ OUT_NET_PAGE = 9
+ COMMON_APPS_PAGE = 10
+ FILES_PAGE = 11
+ BOOLEAN_PAGE = 12
+ SELECT_DIR_PAGE = 13
+ GEN_POLICY_PAGE = 14
+ GEN_USER_POLICY_PAGE = 15
+
+ def __init__(self):
+ self.xml = xml
@ -4105,6 +4316,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ for i in polgen.USERS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+
+ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE]
+
+ for i in polgen.APPLICATIONS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE]
@ -4159,6 +4374,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0)
+ self.role_treeview.append_column(col)
+
+ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
+ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.existing_user_treeview.set_model(self.existing_user_store)
+ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0)
+ self.existing_user_treeview.append_column(col)
+
+ roles = commands.getoutput("/usr/bin/seinfo -r").split()[2:]
+ for i in roles:
+ iter = self.role_store.append()
@ -4185,6 +4407,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ for i in polgen.get_users():
+ iter = self.user_transition_store.append()
+ self.user_transition_store.set_value(iter, 0, i)
+ iter = self.existing_user_store.append()
+ self.existing_user_store.set_value(iter, 0, i)
+
+ self.admin_treeview = self.xml.get_widget("admin_treeview")
+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
@ -4197,7 +4421,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ for i in polgen.methods:
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
+ if len(m) > 0:
+ if "%s_exec_t" % m[0] in self.types and "user_%s_t" % m[0] in self.types:
+ if "%s_exec_t" % m[0] in self.types:
+ iter = self.transition_store.append()
+ self.transition_store.set_value(iter, 0, m[0])
+ continue
@ -4232,6 +4456,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ if self.on_name_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE:
+ if self.on_existing_user_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE:
+ outputdir = self.output_entry.get_text()
+ if not os.path.isdir(outputdir):
@ -4291,6 +4519,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ dlg.destroy()
+
+ def get_name(self):
+ if self.existing_user_radiobutton.get_active():
+ store, iter = self.existing_user_treeview.get_selection().get_selected()
+ if iter == None:
+ raise(_("You must select a user"))
+ return store.get_value(iter, 0)
+ else:
+ return self.name_entry.get_text()
+
+ def get_type(self):
@ -4302,12 +4536,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ return polgen.DAEMON
+ if self.inetd_radiobutton.get_active():
+ return polgen.INETD
+ if self.xwindows_login_user_radiobutton.get_active():
+ if self.login_user_radiobutton.get_active():
+ return polgen.LUSER
+ if self.admin_user_radiobutton.get_active():
+ return polgen.AUSER
+ if self.xwindows_user_radiobutton.get_active():
+ return polgen.XUSER
+ if self.terminal_login_user_radiobutton.get_active():
+ if self.terminal_user_radiobutton.get_active():
+ return polgen.TUSER
+ if self.root_user_radiobutton.get_active():
+ return polgen.RUSER
+ if self.existing_user_radiobutton.get_active():
+ return polgen.EUSER
+
+ def generate_policy(self, *args):
+ outputdir = self.output_entry.get_text()
@ -4462,9 +4702,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.output_entry.set_text(os.getcwd())
+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
+
+ self.xwindows_login_user_radiobutton = self.xml.get_widget("xwindows_login_user_radiobutton")
+ self.terminal_login_user_radiobutton = self.xml.get_widget("terminal_login_user_radiobutton")
+ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
+ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
+ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
+ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
+ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
+ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")
+
+ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
+ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
@ -4543,6 +4786,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
+ self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
+
+ def on_existing_user_page_next(self, *args):
+ store, iter = self.view.get_selection().get_selected()
+ if iter != None:
+ self.error(_("You must select a user"))
+ return True
+
+ def on_name_page_next(self, *args):
+ name=self.name_entry.get_text()
+ if name == "":
@ -4571,9 +4820,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.42/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.42/gui/polgen.py 2008-02-05 16:11:48.000000000 -0500
@@ -0,0 +1,835 @@
+# Copyright (C) 2007 Red Hat
+++ policycoreutils-2.0.42/gui/polgen.py 2008-02-13 15:08:24.000000000 -0500
@@ -0,0 +1,879 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2007, 2008 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@ -4665,9 +4916,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+CGI = 3
+XUSER = 4
+TUSER = 5
+RUSER = 6
+LUSER = 6
+AUSER = 7
+EUSER = 8
+RUSER = 9
+
+APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
+USERS = [ XUSER, TUSER, RUSER ]
+USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
+
+def verify_ports(ports):
+ if ports == "":
@ -4712,9 +4967,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
+
+ self.DEFAULT_TYPES = (( self.generate_daemon_types, self.generate_daemon_rules), ( self.generate_inetd_types, self.generate_inetd_rules), ( self.generate_userapp_types, self.generate_userapp_rules), ( self.generate_cgi_types, self.generate_cgi_rules), ( self.generate_x_login_user_types, self.generate_x_login_user_rules), ( self.generate_login_user_types, self.generate_login_user_rules), ( self.generate_root_user_types, self.generate_root_user_rules))
+ self.DEFAULT_TYPES = (\
+( self.generate_daemon_types, self.generate_daemon_rules), \
+( self.generate_inetd_types, self.generate_inetd_rules), \
+( self.generate_userapp_types, self.generate_userapp_rules), \
+( self.generate_cgi_types, self.generate_cgi_rules), \
+( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
+( self.generate_min_login_user_types, self.generate_login_user_rules), \
+( self.generate_login_user_types, self.generate_login_user_rules), \
+( self.generate_admin_user_types, self.generate_login_user_rules), \
+( self.generate_existing_user_types, self.generate_existing_user_rules), \
+( self.generate_root_user_types, self.generate_root_user_rules))
+ if name == "":
+ raise ValueError(_("You must enter a name for your confined process"))
+ raise ValueError(_("You must enter a name for your confined process/user"))
+ if type == CGI:
+ self.name = "httpd_%s_script" % name
+ else:
@ -5066,9 +5331,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ def generate_inetd_types(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
+
+ def generate_min_login_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types)
+
+ def generate_login_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
+
+ def generate_admin_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types)
+
+ def generate_existing_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types)
+
+ def generate_x_login_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
+
@ -5111,6 +5385,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ def generate_login_user_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
+
+ def generate_existing_user_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules)
+
+ def generate_x_login_user_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
+
@ -5170,7 +5447,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+ def generate_roles_rules(self):
+ newte = ""
+ if self.type in ( TUSER, XUSER):
+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
+ roles = ""
+ if len(self.roles) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
@ -5243,7 +5520,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+ def generate_user_sh(self):
+ newsh = ""
+ if self.type in ( TUSER, XUSER):
+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
+ roles = ""
+ for role in self.roles:
+ roles += " %s_r" % role
@ -5254,7 +5531,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return newsh
+
+ def generate_sh(self):
+ newsh = re.sub("TEMPLATETYPE", self.file_name, script.compile)
+ temp = re.sub("TEMPLATETYPE", self.file_name, script.compile)
+ if self.type == RUSER:
+ newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp)
+ else:
+ newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
+ if self.program != "":
+ newsh += re.sub("FILENAME", self.program, script.restorecon)
+ if self.initscript != "":
@ -5281,6 +5562,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return newsh
+
+ def write_te(self, out_dir):
+ if self.type == EUSER:
+ tefile = "%s/my%s.te" % (out_dir, self.file_name)
+ else:
+ tefile = "%s/%s.te" % (out_dir, self.file_name)
+ fd = open(tefile, "w")
+ fd.write(self.generate_te())
@ -5288,6 +5572,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return tefile
+
+ def write_sh(self, out_dir):
+ if self.type == EUSER:
+ shfile = "%s/my%s.sh" % (out_dir, self.file_name)
+ else:
+ shfile = "%s/%s.sh" % (out_dir, self.file_name)
+ fd = open(shfile, "w")
+ fd.write(self.generate_sh())
@ -5296,6 +5583,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return shfile
+
+ def write_if(self, out_dir):
+ if self.type == EUSER:
+ iffile = "%s/my%s.if" % (out_dir, self.file_name)
+ else:
+ iffile = "%s/%s.if" % (out_dir, self.file_name)
+ fd = open(iffile, "w")
+ fd.write(self.generate_if())
@ -5303,6 +5593,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ return iffile
+
+ def write_fc(self,out_dir):
+ if self.type == EUSER:
+ fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
+ else:
+ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
+ if self.type in APPLICATIONS:
+ fd = open(fcfile, "w")
@ -10546,7 +10839,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.42/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.42/gui/templates/script.py 2008-02-05 16:09:43.000000000 -0500
+++ policycoreutils-2.0.42/gui/templates/script.py 2008-02-13 15:09:17.000000000 -0500
@@ -0,0 +1,91 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@ -10590,7 +10883,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+
+if [ $# -eq 1 ]; then
+ if [ "$1" = "--update" ] ; then
+ time=`ls -l --time-style="+%x %X" TEMPLATETYPE.te | awk '{ printf "%s %s", $6, $7 }'`
+ time=`ls -l --time-style="+%x %X" TEMPLATEFILE.te | awk '{ printf "%s %s", $6, $7 }'`
+ rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE`
+ if [ x"$rules" != "x" ] ; then
+ echo "Found avc's to update policy with"
@ -10599,7 +10892,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+ read ANS
+ if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then
+ echo "Updating policy"
+ echo -e "$rules" | audit2allow -R >> TEMPLATETYPE.te
+ echo -e "$rules" | audit2allow -R >> TEMPLATEFILE.te
+ # Fall though and rebuild policy
+ else
+ exit 0
@ -10620,7 +10913,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+echo "Building and Loading Policy"
+set -x
+make -f /usr/share/selinux/devel/Makefile
+/usr/sbin/semodule -i TEMPLATETYPE.pp
+/usr/sbin/semodule -i TEMPLATEFILE.pp
+
+"""
+
@ -10787,8 +11080,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.42/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.42/gui/templates/user.py 2008-02-05 16:10:54.000000000 -0500
@@ -0,0 +1,141 @@
+++ policycoreutils-2.0.42/gui/templates/user.py 2008-02-13 15:51:31.000000000 -0500
@@ -0,0 +1,182 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@ -10820,6 +11113,28 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+# Declarations
+#
+
+userdom_unpriv_user_template(TEMPLATETYPE)
+"""
+
+te_admin_user_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+userdom_admin_login_user_template(TEMPLATETYPE)
+"""
+
+te_min_login_user_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+userdom_restricted_user_template(TEMPLATETYPE)
+"""
+
@ -10834,6 +11149,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+userdom_restricted_xwindows_user_template(TEMPLATETYPE)
+"""
+
+te_existing_user_types="""\
+policy_module(myTEMPLATETYPE,1.0.0)
+
+gen_require(`
+ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t, TEMPLATETYPE_tty_device_t;
+ role TEMPLATETYPE_r;
+')
+
+"""
+
+te_root_user_types="""\
+
+policy_module(TEMPLATETYPE,1.0.0)
@ -10855,6 +11180,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+
+"""
+
+te_existing_user_rules="""\
+
+########################################
+#
+# TEMPLATETYPE customized policy
+#
+
+"""
+
+te_x_login_user_rules="""\
+
+########################################

9
policycoreutils.spec
View File

@ -5,8 +5,8 @@
%define sepolgenver 1.0.11
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.42
Release: 3%{?dist}
Version: 2.0.43
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,6 +192,11 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
- Update to upstream
* Merged fix fixfiles option processing from Vaclav Ovsik.
- Added existing users, staff and user_t users to polgengui
* Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
- Add messages for audit2allow DONTAUDIT

2
sources
View File

@ -1,2 +1,2 @@
3fed5cd04ee67c0f86e3cc6825261819 sepolgen-1.0.11.tgz
f6c0318b5142ee58a8ea98abc5a90506 policycoreutils-2.0.42.tgz
ea60bf5f1cb06e1bc677ffaa5f18d258 policycoreutils-2.0.43.tgz