From 3552f70f773ff89b2cd45937d253494cc3b16f9e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 18 Apr 2007 17:18:15 +0000 Subject: [PATCH] * Wed Apr 18 2007 Dan Walsh 2.0.9-6 - Change polgengui to a druid --- policycoreutils-gui.patch | 1579 ++++++++++++++++++++----------------- policycoreutils.spec | 5 +- 2 files changed, 854 insertions(+), 730 deletions(-) diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 359fb3b..bb69f0e 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.9/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/booleansPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/booleansPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,224 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel @@ -228,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + commands.getstatusoutput(setsebool) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.9/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/fcontextPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/fcontextPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,207 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -439,7 +439,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls)) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.9/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/loginsPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/loginsPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,173 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -654,7 +654,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu +relabel: diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.9/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/mappingsPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/mappingsPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,54 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -712,7 +712,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.9/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/modulesPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/modulesPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,172 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -888,12 +888,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.9/gui/polgen.glade --- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/polgen.glade 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,1127 @@ ++++ policycoreutils-2.0.9/gui/polgen.glade 2007-04-18 12:27:57.000000000 -0400 +@@ -0,0 +1,1167 @@ + + + + ++ + + + True @@ -918,210 +919,300 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + 0 + + -+ ++ ++ 4 + True -+ 5 -+ 4 -+ False -+ 0 -+ 0 ++ False + + -+ ++ + True -+ Name -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 ++ GNOME_EDGE_START ++ SELinux Policy Generation Druid ++ This tool can be used to generate a policy framework, to confine an application using SELinux. The tool will generate a Type Enforcement File (te), an interface file (if), a File Context File (fc) and a shell script (sh) used to compile the policy. + -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ + + + -+ ++ + True -+ Executable -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ 5 -+ fill -+ -+ -+ ++ Name of application to be confined + -+ -+ -+ True -+ Application Type -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ ... -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ 3 -+ 4 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Enter path to executable to be confined. -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 3 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ -+ True -+ Standard Daemon (init) -+Internet services daemon (inetd) -+User Application -+Web Script (CGI) -+ False -+ True -+ -+ -+ 1 -+ 4 -+ 2 -+ 3 -+ fill -+ fill -+ -+ -+ -+ -+ -+ True -+ Enter unigue policy type name for confined application. -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 4 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ -+ True -+ 0 -+ 0.5 -+ GTK_SHADOW_NONE -+ -+ -+ ++ ++ ++ 16 + True -+ 0.5 -+ 0.5 -+ 1 -+ 1 -+ 0 -+ 0 -+ 12 -+ 0 ++ False ++ 6 + + -+ ++ ++ True ++ 2 ++ 3 ++ False ++ 0 ++ 5 ++ ++ ++ ++ True ++ Name ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 0 ++ 1 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Enter path to executable to be confined. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 2 ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ ++ True ++ True ++ ... ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ 2 ++ 3 ++ 1 ++ 2 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Enter unigue policy type name for confined application. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 3 ++ 0 ++ 1 ++ ++ ++ ++ ++ ++ ++ True ++ Executable ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 1 ++ 2 ++ fill ++ ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ True ++ Application Type ++ ++ ++ ++ 16 ++ True ++ False ++ 6 ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ True ++ Standard Init Daemon ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ Internet Services Daemon (inetd) ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ init_radiobutton ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ Web Application/Script (CGI) ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ init_radiobutton ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ User Application ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ init_radiobutton ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ True ++ Incoming Network Port Connections ++ ++ ++ ++ 16 ++ True ++ False ++ 6 ++ ++ ++ + True + 2 + 2 + False + 0 -+ 0 ++ 5 + + + @@ -1182,7 +1273,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of network ports. ++ Enter a comma separated list of tcp ports that this application binds to. + True + True + True @@ -1204,7 +1295,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of network ports. ++ Enter a comma separated list of tcp ports that this application binds to. + True + True + True @@ -1223,69 +1314,37 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + ++ ++ 0 ++ True ++ True ++ + + + -+ -+ -+ -+ True -+ <b>Incoming Network Connections</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ label_item -+ -+ + -+ -+ 0 -+ 4 -+ 3 -+ 4 -+ fill -+ + + + -+ ++ + True -+ 0 -+ 0.5 -+ GTK_SHADOW_NONE ++ Outgoing Network Port Connections + -+ -+ ++ ++ ++ 16 + True -+ 0.5 -+ 0.5 -+ 1 -+ 1 -+ 0 -+ 0 -+ 12 -+ 0 ++ False ++ 6 + + -+ ++ + True + 2 + 2 + False + 0 -+ 0 ++ 5 + + + @@ -1346,7 +1405,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of network ports. ++ Enter a comma separated list of tcp ports that this application connects to. + True + True + True @@ -1368,7 +1427,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of network ports. ++ Enter a comma separated list of udp ports that this application connects to. + True + True + True @@ -1387,244 +1446,46 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + ++ ++ 0 ++ True ++ True ++ + + + -+ -+ -+ -+ True -+ <b>Outgoing Network Connections</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ label_item -+ -+ + -+ -+ 0 -+ 4 -+ 4 -+ 5 -+ fill -+ -+ -+ -+ -+ 2 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ True -+ Application generates temporary files in /tmp or /var/tmp. -+ True -+ Uses syslog -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ + + + -+ ++ + True -+ Application generates temporary files in /tmp or /var/tmp. -+ True -+ Uses /tmp -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ ++ Common Application Traits + -+ -+ -+ True -+ Application uses pam for authentication. -+ True -+ Uses Pam -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Application uses/translates UIDs or GIDs. -+ True -+ Translates UIDs/GIDs -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ 0 -+ 0.5 -+ GTK_SHADOW_NONE -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 1 -+ 1 -+ 0 -+ 0 -+ 12 -+ 0 -+ -+ -+ ++ ++ ++ 16 + True + False -+ 0 ++ 6 + + -+ ++ + True + False + 0 + + -+ ++ + True + True ++ Application uses syslog to log messages ++ True + GTK_RELIEF_NORMAL + True -+ -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-add -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Add File -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ ++ False ++ False ++ True + + + 0 @@ -1634,76 +1495,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -+ ++ + True + True ++ Applicaiton uses /tmp to Create/Manipulate temporary files ++ True + GTK_RELIEF_NORMAL + True -+ -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-add -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Add Directory -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ ++ False ++ False ++ True + + + 0 @@ -1713,15 +1514,35 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -+ ++ + True + True -+ gtk-delete -+ True ++ Application uses Pam for authentication ++ True + GTK_RELIEF_NORMAL + True -+ -+ ++ False ++ False ++ True ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ Application uses nsswitch or translates UID's (daemons that run as non root) ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True + + + 0 @@ -1731,53 +1552,294 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -+ 4 -+ False ++ 0 ++ True + True + + ++ ++ ++ ++ ++ ++ ++ ++ True ++ Files and Directories that the application Creates/Modifies ++ ++ ++ ++ 16 ++ True ++ False ++ 6 + + -+ ++ + True -+ True -+ GTK_POLICY_NEVER -+ GTK_POLICY_NEVER -+ GTK_SHADOW_IN -+ GTK_CORNER_TOP_LEFT ++ 0 ++ 0.5 ++ GTK_SHADOW_NONE + + -+ ++ + True -+ GTK_SHADOW_IN ++ 0.5 ++ 0.5 ++ 1 ++ 1 ++ 0 ++ 0 ++ 12 ++ 0 + + -+ ++ + True + False + 0 + + -+ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ ++ ++ ++ True ++ False ++ 2 ++ ++ ++ ++ True ++ gtk-add ++ 4 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Add File ++ True ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ ++ ++ ++ True ++ False ++ 2 ++ ++ ++ ++ True ++ gtk-add ++ 4 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Add Directory ++ True ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ gtk-delete ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ 4 ++ False ++ True ++ ++ ++ ++ ++ + True + True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS ++ GTK_POLICY_NEVER ++ GTK_POLICY_NEVER + GTK_SHADOW_IN + GTK_CORNER_TOP_LEFT + + -+ ++ + True -+ Add Files/Directories that this application will need to "Write" to. Pid Files, Log Files, /var/lib Files ... -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False ++ GTK_SHADOW_IN ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ True ++ GTK_POLICY_ALWAYS ++ GTK_POLICY_ALWAYS ++ GTK_SHADOW_IN ++ GTK_CORNER_TOP_LEFT ++ ++ ++ ++ True ++ Add Files/Directories that this application will need to "Write" to. Pid Files, Log Files, /var/lib Files ... ++ True ++ False ++ False ++ False ++ True ++ False ++ False ++ False ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ + + + @@ -1804,103 +1866,28 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -+ ++ + True -+ <b>File/Directories modified by this executable</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ label_item -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ ++ Generate policy in this directory + -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ 0 -+ -+ -+ -+ True -+ True -+ True -+ gtk-close -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ ++ ++ ++ 16 + True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 ++ False ++ 5 + + -+ ++ + True + False -+ 2 ++ 0 + + -+ ++ + True -+ gtk-apply -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Generate -+ True ++ Policy Directory ++ False + False + GTK_JUSTIFY_LEFT + False @@ -1915,21 +1902,74 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + 0 + + ++ 5 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ True ++ True ++ ... ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ + 0 + False + False + + + ++ ++ 0 ++ False ++ True ++ + + + + + ++ ++ ++ ++ True ++ GNOME_EDGE_FINISH ++ Generated Policy Files ++ This tool will generate the following: Type Enforcment(te), File Context(fc), Interface(if), Shell Script(sh). ++Execute shell script to compile/install and relabel files/directories. Now you can put the machine in permissive mode (setenforce 0). ++Run/restart the application to generate avc messages. ++Use audit2allow -R to generate additional rules for the te file. ++ ++ ++ + + -+ 7 -+ False ++ 0 ++ True + True + + @@ -2019,8 +2059,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.9/gui/polgengui.py --- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/polgengui.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,211 @@ ++++ policycoreutils-2.0.9/gui/polgengui.py 2007-04-18 13:14:57.000000000 -0400 +@@ -0,0 +1,253 @@ +#!/usr/bin/python +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux @@ -2093,7 +2133,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + xml.signal_connect("on_exec_select_clicked", self.exec_select) + xml.signal_connect("on_add_clicked", self.add) + xml.signal_connect("on_add_dir_clicked", self.add_dir) -+ xml.signal_connect("on_generate_clicked", self.generate_policy) + xml.signal_connect("on_about_clicked", self.on_about_clicked) + + def verify(self, message, title="" ): @@ -2125,9 +2164,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + dlg.run() + dlg.destroy() + -+ def generate_policy(self, args): ++ def get_type(self): ++ if self.cgi_radiobutton.get_active(): ++ return polgen.policy.CGI ++ if self.user_radiobutton.get_active(): ++ return polgen.policy.USER ++ if self.init_radiobutton.get_active(): ++ return polgen.policy.Daemon ++ if self.inetd_radiobutton.get_active(): ++ return polgen.policy.INETD ++ ++ def generate_policy(self, *args): + try: -+ my_policy=polgen.policy(self.name_entry.get_text(), self.exec_entry.get_text(), self.type_combobox.get_active()) ++ my_policy=polgen.policy(self.name_entry.get_text(), self.exec_entry.get_text(), self.get_type()) + my_policy.set_in_tcp(self.in_tcp_entry.get_text()) + my_policy.set_in_udp(self.in_udp_entry.get_text()) + my_policy.set_out_tcp(self.out_tcp_entry.get_text()) @@ -2145,7 +2194,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + my_policy.add_dir(self.store.get_value(iter, 0)) + iter= self.store.iter_next(iter) + -+ self.info(my_policy.generate()) ++ self.info(my_policy.generate(self.output_entry.get_text())) ++ return False + except ValueError, e: + self.error(e.message) + @@ -2156,7 +2206,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + self.view.get_selection().select_path ((0,)) + + def __add(self,type): -+ self.file_dialog.set_select_multiple(1) + rc = self.file_dialog.run() + self.file_dialog.hide() + if rc == gtk.RESPONSE_CANCEL: @@ -2178,11 +2227,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + + def add(self, args): + self.file_dialog.set_title(_("Select file(s) that confined application creates or writes")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE) ++ self.file_dialog.set_select_multiple(1) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) + self.__add(FILE) + + def add_dir(self, args): + self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into")) ++ self.file_dialog.set_select_multiple(0) + self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_CREATE_FOLDER) + self.__add(DIR) + @@ -2197,20 +2248,30 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + def setupScreen(self): + # Bring in widgets from glade file. + self.mainWindow = self.xml.get_widget("main_window") -+ self.type_combobox = self.xml.get_widget("type_combobox") -+ self.type_combobox.set_active(0) ++ self.type = 0 + self.name_entry = self.xml.get_widget("name_entry") + self.exec_entry = self.xml.get_widget("exec_entry") + self.in_tcp_entry = self.xml.get_widget("in_tcp_entry") + self.in_udp_entry = self.xml.get_widget("in_udp_entry") + self.out_tcp_entry = self.xml.get_widget("out_tcp_entry") ++ self.output_entry = self.xml.get_widget("output_entry") ++ self.output_entry.set_text(os.getcwd()) ++ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked) ++ + self.out_udp_entry = self.xml.get_widget("out_udp_entry") ++ self.user_radiobutton = self.xml.get_widget("user_radiobutton") ++ self.init_radiobutton = self.xml.get_widget("init_radiobutton") ++ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton") ++ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton") + self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton") + self.uid_checkbutton = self.xml.get_widget("uid_checkbutton") + self.pam_checkbutton = self.xml.get_widget("pam_checkbutton") + self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton") + self.view = self.xml.get_widget("write_treeview") + self.file_dialog = self.xml.get_widget("filechooserdialog") ++ self.xml.get_widget("name_page").connect("next",self.on_name_page_next) ++ self.xml.get_widget("finish_page").connect("finish",self.generate_policy) ++ + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT) + self.view.set_model(self.store) + col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) @@ -2218,6 +2279,27 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + self.view.append_column(col) + self.view.get_selection().select_path ((0,)) + ++ def output_button_clicked(self, *args): ++ self.file_dialog.set_title(_("Select directory to generate policy files in")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) ++ self.file_dialog.set_select_multiple(0) ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ self.output_entry.set_text(self.file_dialog.get_filename()) ++ ++ def on_name_page_next(self, *args): ++ name=self.name_entry.get_text() ++ if name == "": ++ self.error(_("You must enter a name")) ++ return True ++ ++ exe = self.exec_entry.get_text() ++ if exe == "": ++ self.error(_("You must enter a executable")) ++ return True ++ + def stand_alone(self): + desktopName = _("Configue SELinux") + @@ -2234,8 +2316,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.9/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/polgen.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,440 @@ ++++ policycoreutils-2.0.9/gui/polgen.py 2007-04-18 13:14:57.000000000 -0400 +@@ -0,0 +1,455 @@ +#! /usr/bin/python +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -2258,7 +2340,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore +# 02111-1307 USA +# +# -+import os, sys, getopt ++import os, sys, getopt, stat +import re +from templates import executable +from templates import var_spool @@ -2289,19 +2371,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore +class policy: + Daemon = 0 + INETD = 1 -+ UEER = 2 ++ USER = 2 + CGI = 3 + def __init__(self, name, program, type): + ports = seobject.portRecords() + self.dict = ports.get_all() + + self.DEFAULT_DIRS = {} -+ self.DEFAULT_DIRS["rw"] = ["rw", 0, rw]; -+ self.DEFAULT_DIRS["tmp"] = ["tmp", False, tmp]; -+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", 0, var_spool]; -+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", 0, var_lib]; -+ self.DEFAULT_DIRS["/var/log"] = ["var_log", 0, var_log]; -+ self.DEFAULT_DIRS["/var/run"] = ["var_run", 0, var_run]; ++ self.DEFAULT_DIRS["rw"] = ["rw", [], rw]; ++ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp]; ++ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool]; ++ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib]; ++ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log]; ++ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run]; + + self.DEFAULT_TYPES = (( self.generate_daemon_types, self.generate_daemon_rules), ( self.generate_inetd_types, self.generate_inetd_rules), ( self.generate_userapp_types, self.generate_userapp_rules), ( self.generate_cgi_types, self.generate_cgi_rules)) + if name == "": @@ -2376,10 +2458,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.use_pam = val + + def set_use_tmp(self, val): -+ if val != True and val != False: -+ raise ValueError(_("use_tmp must be a boolean value ")) ++ if val == True: ++ self.DEFAULT_DIRS["tmp"][1].append("/tmp"); ++ return ++ if val != False: ++ self.DEFAULT_DIRS["tmp"][1]=[] ++ return ++ raise ValueError(_("use_tmp must be a boolean value ")) + -+ self.DEFAULT_DIRS["tmp"][1] = val; + + def set_use_uid(self, val): + if val != True and val != False: @@ -2433,9 +2519,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + def __find_path(self, file): + for d in self.DEFAULT_DIRS: + if file.find(d) == 0: -+ self.DEFAULT_DIRS[d][1] = self.DEFAULT_DIRS[d][1] + 1 ++ self.DEFAULT_DIRS[d][1].append(file) + return self.DEFAULT_DIRS[d] -+ self.DEFAULT_DIRS["rw"][1] = self.DEFAULT_DIRS["rw"][1] + 1 ++ self.DEFAULT_DIRS["rw"][1].append(file) + return self.DEFAULT_DIRS["rw"] + + def add_file(self, file): @@ -2527,7 +2613,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + for d in self.DEFAULT_DIRS: + if self.DEFAULT_DIRS[d][1] > 0: + newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules) -+ ++ for i in self.DEFAULT_DIRS[d][1]: ++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): ++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules) ++ break + return newif + + def generate_default_types(self): @@ -2539,7 +2628,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + def generate_te(self): + newte = self.generate_default_types() + for d in self.DEFAULT_DIRS: -+ if self.DEFAULT_DIRS[d][1] > 0: ++ if len(self.DEFAULT_DIRS[d][1]) > 0: + # CGI scripts already have a rw_t + if self.type != self.CGI or d != "rw": + newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) @@ -2550,8 +2639,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + + newte += self.generate_default_rules() + for d in self.DEFAULT_DIRS: -+ if self.DEFAULT_DIRS[d][1] > 0: ++ if len(self.DEFAULT_DIRS[d][1]) > 0: + newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules) ++ for i in self.DEFAULT_DIRS[d][1]: ++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): ++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules) ++ break + + newte += self.generate_network_rules() + if self.use_tmp: @@ -2574,7 +2667,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + newfc += re.sub("TEMPLATETYPE", self.name, t1) + + for i in self.files.keys(): -+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file) ++ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): ++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file) ++ else: ++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file) + t2 = re.sub("FILENAME", i, t1) + newfc += re.sub("FILETYPE", self.files[i][0], t2) + @@ -2608,40 +2704,40 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + + return newsh + -+ def write_te(self): -+ tefile = "%s.te" % self.file_name ++ def write_te(self, out_dir): ++ tefile = "%s/%s.te" % (out_dir, self.file_name) + fd = open(tefile, "w") + fd.write(self.generate_te()) + fd.close() + return tefile + -+ def write_sh(self): -+ shfile = "%s.sh" % self.file_name ++ def write_sh(self, out_dir): ++ shfile = "%s/%s.sh" % (out_dir, self.file_name) + fd = open(shfile, "w") + fd.write(self.generate_sh()) + fd.close() + return shfile + -+ def write_if(self): -+ iffile = "%s.if" % self.file_name ++ def write_if(self, out_dir): ++ iffile = "%s/%s.if" % (out_dir, self.file_name) + fd = open(iffile, "w") + fd.write(self.generate_if()) + fd.close() + return iffile + -+ def write_fc(self): -+ fcfile = "%s.fc" % self.file_name ++ def write_fc(self,out_dir): ++ fcfile = "%s/%s.fc" % (out_dir, self.file_name) + fd = open(fcfile, "w") + fd.write(self.generate_fc()) + fd.close() + return fcfile + -+ def generate(self): ++ def generate(self, out_dir = "."): + out = "Created the following files:\n" -+ out += "%-25s %s\n" % (_("Type Enforcment file"), self.write_te()) -+ out += "%-25s %s\n" % (_("Interface file"), self.write_if()) -+ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc()) -+ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh()) ++ out += "%-25s %s\n" % (_("Type Enforcment file"), self.write_te(out_dir)) ++ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir)) ++ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc(out_dir)) ++ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh(out_dir)) + return out + +def errorExit(error): @@ -2659,7 +2755,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + mypolicy.set_use_tmp(True) + mypolicy.set_use_syslog(True) + mypolicy.set_use_pam(True) -+ mypolicy.add_file("/var/run/daemon.pid") ++ mypolicy.add_file("/var/lib/mysql/mysql.sock") ++ mypolicy.add_file("/var/run/rpcbind.sock") + mypolicy.add_file("/var/run/daemon.pub") + mypolicy.add_file("/var/log/daemon.log") + mypolicy.add_dir("/var/lib/daemon") @@ -2678,7 +2775,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.9/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/portsPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/portsPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,227 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -3187,7 +3284,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.9/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/semanagePage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/semanagePage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,115 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -3306,7 +3403,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.9/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/statusPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/statusPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,220 @@ +## statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. @@ -6568,7 +6665,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.9/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/system-config-selinux.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/system-config-selinux.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,169 @@ +#!/usr/bin/python +# @@ -6741,7 +6838,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.9/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/executable.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/templates/executable.py 2007-04-18 13:13:36.000000000 -0400 @@ -0,0 +1,156 @@ +#! /usr/bin/env python +# Copyright (C) 2007 Red Hat @@ -6901,7 +6998,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.9/gui/templates/__init__.py --- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/__init__.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/templates/__init__.py 2007-04-18 13:13:36.000000000 -0400 @@ -0,0 +1,18 @@ +# +# Copyright (C) 2007 Red Hat, Inc. @@ -6923,16 +7020,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.9/gui/templates/network.py --- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/network.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,46 @@ ++++ policycoreutils-2.0.9/gui/templates/network.py 2007-04-18 13:13:36.000000000 -0400 +@@ -0,0 +1,44 @@ +te_port_types="""\ -+# Default Networking +type TEMPLATETYPE_port_t; +corenet_port_type(TEMPLATETYPE_port_t) +""" + +te_network="""\ -+# Default Networking +sysnet_dns_name_resolve(TEMPLATETYPE_t) +corenet_non_ipsec_sendrecv(TEMPLATETYPE_t) +""" @@ -6957,7 +7052,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py +""" + +te_udp="""\ -+allow TEMPLATETYPE_t self:udp_socket create_socket_perms; ++allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen }; +corenet_udp_sendrecv_all_if(TEMPLATETYPE_t) +corenet_udp_sendrecv_all_nodes(TEMPLATETYPE_t) +corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t) @@ -6973,8 +7068,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.9/gui/templates/rw.py --- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/rw.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,106 @@ ++++ policycoreutils-2.0.9/gui/templates/rw.py 2007-04-18 13:13:36.000000000 -0400 +@@ -0,0 +1,104 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -6999,13 +7094,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli + +########################### tmp Template File ############################# +te_types=""" -+# log files +type TEMPLATETYPE_rw_t; +file_type(TEMPLATETYPE_rw_t) +""" + +te_rules=""" -+# tmp files +allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:file manage_file_perms; +allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:dir create_dir_perms; +files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_rw_t, { file dir }) @@ -7083,7 +7176,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.9/gui/templates/script.py --- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/script.py 2007-04-17 08:27:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/templates/script.py 2007-04-18 13:13:36.000000000 -0400 @@ -0,0 +1,42 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -7129,7 +7222,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.9/gui/templates/semodule.py --- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/semodule.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/templates/semodule.py 2007-04-18 13:13:36.000000000 -0400 @@ -0,0 +1,41 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -7174,8 +7267,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.9/gui/templates/tmp.py --- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/tmp.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,74 @@ ++++ policycoreutils-2.0.9/gui/templates/tmp.py 2007-04-18 13:13:36.000000000 -0400 +@@ -0,0 +1,72 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -7200,13 +7293,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol +########################### tmp Template File ############################# + +te_types=""" -+# log files +type TEMPLATETYPE_tmp_t; +files_tmp_file(TEMPLATETYPE_tmp_t) +""" + +te_rules=""" -+# tmp files +allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:file manage_file_perms; +allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:dir create_dir_perms; +files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_tmp_t, { file dir }) @@ -7252,8 +7343,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.9/gui/templates/var_lib.py --- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/var_lib.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,107 @@ ++++ policycoreutils-2.0.9/gui/templates/var_lib.py 2007-04-18 13:13:36.000000000 -0400 +@@ -0,0 +1,137 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -7279,18 +7370,21 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + +########################### Type Enforcement File ############################# +te_types=""" -+# var/lib files +type TEMPLATETYPE_var_lib_t; +files_type(TEMPLATETYPE_var_lib_t) +""" +te_rules=""" -+# var/lib files for TEMPLATETYPE -+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file create_file_perms; -+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file create_file_perms; -+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir create_dir_perms; -+files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir sock_file }) ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir manage_dir_perms; ++files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir }) +""" + ++te_stream_rules="""\ ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_file_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, sock_file) ++""" ++ ++ +########################### Interface File ############################# +if_rules=""" +######################################## @@ -7353,18 +7447,45 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + files_search_var_lib($1) +') +""" ++ ++if_stream_rules=""" ++######################################## ++## ++## Connect to TEMPLATETYPE over an unix stream socket. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_stream_connect',` ++ gen_require(` ++ type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t; ++ ') ++ ++ files_search_pids($1) ++ allow $1 TEMPLATETYPE_var_lib_t:sock_file write; ++ allow $1 TEMPLATETYPE_t:unix_stream_socket connectto; ++') ++""" ++ +########################### File Context ################################## +fc_file="""\ +FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" + ++fc_sock_file="""\ ++FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) ++""" ++ +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.9/gui/templates/var_log.py --- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/var_log.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,91 @@ ++++ policycoreutils-2.0.9/gui/templates/var_log.py 2007-04-18 13:13:36.000000000 -0400 +@@ -0,0 +1,89 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -7390,13 +7511,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py + +########################### Type Enforcement File ############################# +te_types=""" -+# log files +type TEMPLATETYPE_log_t; +logging_log_file(TEMPLATETYPE_log_t) +""" + +te_rules=""" -+# log files +allow TEMPLATETYPE_t TEMPLATETYPE_log_t:file manage_file_perms; +allow TEMPLATETYPE_t TEMPLATETYPE_log_t:dir { rw_dir_perms setattr }; +logging_log_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_log_t,{ file dir }) @@ -7458,8 +7577,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.9/gui/templates/var_run.py --- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/var_run.py 2007-04-16 13:26:34.000000000 -0400 -@@ -0,0 +1,93 @@ ++++ policycoreutils-2.0.9/gui/templates/var_run.py 2007-04-18 13:13:36.000000000 -0400 +@@ -0,0 +1,95 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -7484,16 +7603,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +########################### var_run Template File ############################# + +te_types=""" -+# pid files +type TEMPLATETYPE_var_run_t; +files_pid_file(TEMPLATETYPE_var_run_t) +""" + +te_rules=""" -+# pid file +allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:file manage_file_perms; -+allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:dir rw_dir_perms; -+files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, file) ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:dir manage_dir_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, { file dir }) +""" + +te_stream_rules=""" @@ -7523,7 +7640,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py + +""" + -+if_stream_rules=""" ++if_stream_rules="""\ +######################################## +## +## Connect to TEMPLATETYPE over an unix stream socket. @@ -7549,13 +7666,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" + ++fc_sock_file="""\ ++FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) ++""" ++ +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.9/gui/templates/var_spool.py --- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/templates/var_spool.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/templates/var_spool.py 2007-04-18 13:13:36.000000000 -0400 @@ -0,0 +1,107 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -7666,7 +7787,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.9/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/translationsPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/translationsPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,111 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. @@ -7781,7 +7902,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py + self.store.set_value(iter, 1, translation) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.9/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.9/gui/usersPage.py 2007-04-16 13:26:34.000000000 -0400 ++++ policycoreutils-2.0.9/gui/usersPage.py 2007-04-18 13:14:57.000000000 -0400 @@ -0,0 +1,166 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. diff --git a/policycoreutils.spec b/policycoreutils.spec index 646a247..2c2b8dd 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 2.0.9 -Release: 5%{?dist} +Release: 6%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Wed Apr 18 2007 Dan Walsh 2.0.9-6 +- Change polgengui to a druid + * Tue Apr 16 2007 Dan Walsh 2.0.9-5 - Fully path script.py