From 4f2b60f96a1301162d5035dab0397bb411ba5319 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 6 Sep 2011 15:17:14 -0400 Subject: [PATCH] Backport sandbox fixes from F16 --- policycoreutils-rhat.patch | 1826 +++++++++++++++++++----------------- policycoreutils.spec | 9 +- 2 files changed, 954 insertions(+), 881 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 0703981..7528aa4 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,95 +1,6 @@ -diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile -index 86ed03f..67d0ee8 100644 ---- a/policycoreutils/Makefile -+++ b/policycoreutils/Makefile -@@ -1,4 +1,4 @@ --SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui - - INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) - -diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow -index 5435e9d..c60490b 100644 ---- a/policycoreutils/audit2allow/audit2allow -+++ b/policycoreutils/audit2allow/audit2allow -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python -Es - # Authors: Karl MacMillan - # - # Copyright (C) 2006-2007 Red Hat -@@ -28,6 +28,7 @@ import sepolgen.objectmodel as objectmodel - import sepolgen.defaults as defaults - import sepolgen.module as module - from sepolgen.sepolgeni18n import _ -+import selinux.audit2why as audit2why - - class AuditToPolicy: - VERSION = "%prog .1" -@@ -46,6 +47,7 @@ class AuditToPolicy: - help="audit messages since last boot conflicts with -i") - parser.add_option("-a", "--all", action="store_true", dest="audit", default=False, - help="read input from audit log - conflicts with -i") -+ parser.add_option("-p", "--policy", dest="policy", default=None, help="Policy file to use for analysis") - parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False, - help="read input from dmesg - conflicts with --all and --input") - parser.add_option("-i", "--input", dest="input", -@@ -231,29 +233,12 @@ class AuditToPolicy: - - def __output_audit2why(self): - import selinux -- import selinux.audit2why as audit2why - import seobject -- audit2why.init() - for i in self.__parser.avc_msgs: -- rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses) -+ rc = i.type -+ bools = i.bools - if rc >= 0: - print "%s\n\tWas caused by:" % i.message -- if rc == audit2why.NOPOLICY: -- raise RuntimeError("Must call policy_init first") -- if rc == audit2why.BADTCON: -- print "Invalid Target Context %s\n" % i.tcontext -- continue -- if rc == audit2why.BADSCON: -- print "Invalid Source Context %s\n" % i.scontext -- continue -- if rc == audit2why.BADSCON: -- print "Invalid Type Class %s\n" % i.tclass -- continue -- if rc == audit2why.BADPERM: -- print "Invalid permission %s\n" % i.accesses -- continue -- if rc == audit2why. BADCOMPUTE: -- raise RuntimeError("Error during access vector computation") - if rc == audit2why.ALLOW: - print "\t\tUnknown - would be allowed by active policy\n", - print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" -@@ -350,11 +335,19 @@ class AuditToPolicy: - def main(self): - try: - self.__parse_options() -+ if self.__options.policy: -+ audit2why.init(self.__options.policy) -+ else: -+ audit2why.init() -+ - self.__read_input() - self.__process_input() - self.__output() - except KeyboardInterrupt: - sys.exit(0) -+ except ValueError, e: -+ print e -+ sys.exit(1) - - if __name__ == "__main__": - app = AuditToPolicy() -diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1 -index 6178cc8..b6f386d 100644 ---- a/policycoreutils/audit2allow/audit2allow.1 -+++ b/policycoreutils/audit2allow/audit2allow.1 +diff -up policycoreutils-2.0.85/audit2allow/audit2allow.1.rhat policycoreutils-2.0.85/audit2allow/audit2allow.1 +--- policycoreutils-2.0.85/audit2allow/audit2allow.1.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/audit2allow/audit2allow.1 2011-09-06 14:51:56.377898576 -0400 @@ -1,5 +1,6 @@ .\" Hey, Emacs! This is an -*- nroff -*- source file. .\" Copyright (c) 2005 Manoj Srivastava @@ -106,7 +17,7 @@ index 6178cc8..b6f386d 100644 .SH NAME .BR audit2allow \- generate SELinux policy allow/dontaudit rules from logs of denied operations -@@ -66,6 +67,9 @@ Generate module/require output +@@ -66,6 +67,9 @@ Generate module/require output " Generate loadable module package, conflicts with -o .TP @@ -191,10 +102,86 @@ index 6178cc8..b6f386d 100644 .fi .PP .SH AUTHOR -diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen -index 03f95a1..dad2009 100644 ---- a/policycoreutils/audit2allow/sepolgen-ifgen -+++ b/policycoreutils/audit2allow/sepolgen-ifgen +diff -up policycoreutils-2.0.85/audit2allow/audit2allow.rhat policycoreutils-2.0.85/audit2allow/audit2allow +--- policycoreutils-2.0.85/audit2allow/audit2allow.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/audit2allow/audit2allow 2011-09-06 14:51:56.376898569 -0400 +@@ -1,4 +1,4 @@ +-#! /usr/bin/python -E ++#! /usr/bin/python -Es + # Authors: Karl MacMillan + # + # Copyright (C) 2006-2007 Red Hat +@@ -28,6 +28,7 @@ import sepolgen.objectmodel as objectmod + import sepolgen.defaults as defaults + import sepolgen.module as module + from sepolgen.sepolgeni18n import _ ++import selinux.audit2why as audit2why + + class AuditToPolicy: + VERSION = "%prog .1" +@@ -46,6 +47,7 @@ class AuditToPolicy: + help="audit messages since last boot conflicts with -i") + parser.add_option("-a", "--all", action="store_true", dest="audit", default=False, + help="read input from audit log - conflicts with -i") ++ parser.add_option("-p", "--policy", dest="policy", default=None, help="Policy file to use for analysis") + parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False, + help="read input from dmesg - conflicts with --all and --input") + parser.add_option("-i", "--input", dest="input", +@@ -231,29 +233,12 @@ class AuditToPolicy: + + def __output_audit2why(self): + import selinux +- import selinux.audit2why as audit2why + import seobject +- audit2why.init() + for i in self.__parser.avc_msgs: +- rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses) ++ rc = i.type ++ bools = i.bools + if rc >= 0: + print "%s\n\tWas caused by:" % i.message +- if rc == audit2why.NOPOLICY: +- raise RuntimeError("Must call policy_init first") +- if rc == audit2why.BADTCON: +- print "Invalid Target Context %s\n" % i.tcontext +- continue +- if rc == audit2why.BADSCON: +- print "Invalid Source Context %s\n" % i.scontext +- continue +- if rc == audit2why.BADSCON: +- print "Invalid Type Class %s\n" % i.tclass +- continue +- if rc == audit2why.BADPERM: +- print "Invalid permission %s\n" % i.accesses +- continue +- if rc == audit2why. BADCOMPUTE: +- raise RuntimeError("Error during access vector computation") + if rc == audit2why.ALLOW: + print "\t\tUnknown - would be allowed by active policy\n", + print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n" +@@ -350,11 +335,19 @@ class AuditToPolicy: + def main(self): + try: + self.__parse_options() ++ if self.__options.policy: ++ audit2why.init(self.__options.policy) ++ else: ++ audit2why.init() ++ + self.__read_input() + self.__process_input() + self.__output() + except KeyboardInterrupt: + sys.exit(0) ++ except ValueError, e: ++ print e ++ sys.exit(1) + + if __name__ == "__main__": + app = AuditToPolicy() +diff -up policycoreutils-2.0.85/audit2allow/sepolgen-ifgen.rhat policycoreutils-2.0.85/audit2allow/sepolgen-ifgen +--- policycoreutils-2.0.85/audit2allow/sepolgen-ifgen.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/audit2allow/sepolgen-ifgen 2011-09-06 14:51:56.378898583 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -303,10 +290,18 @@ index 03f95a1..dad2009 100644 if_set.to_file(f) f.close() -diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c -index 2d31d64..e985289 100644 ---- a/policycoreutils/newrole/newrole.c -+++ b/policycoreutils/newrole/newrole.c +diff -up policycoreutils-2.0.85/Makefile.rhat policycoreutils-2.0.85/Makefile +--- policycoreutils-2.0.85/Makefile.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/Makefile 2011-09-06 14:51:56.375898562 -0400 +@@ -1,4 +1,4 @@ +-SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po ++SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui + + INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) + +diff -up policycoreutils-2.0.85/newrole/newrole.c.rhat policycoreutils-2.0.85/newrole/newrole.c +--- policycoreutils-2.0.85/newrole/newrole.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/newrole/newrole.c 2011-09-06 14:51:56.380898599 -0400 @@ -586,7 +586,7 @@ static int drop_capabilities(int full) return -1; } @@ -331,10 +326,9 @@ index 2d31d64..e985289 100644 if (set_signal_handles()) return -1; -diff --git a/policycoreutils/restorecond/Makefile b/policycoreutils/restorecond/Makefile -index 3f235e6..7552668 100644 ---- a/policycoreutils/restorecond/Makefile -+++ b/policycoreutils/restorecond/Makefile +diff -up policycoreutils-2.0.85/restorecond/Makefile.rhat policycoreutils-2.0.85/restorecond/Makefile +--- policycoreutils-2.0.85/restorecond/Makefile.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/Makefile 2011-09-06 14:51:56.381898607 -0400 @@ -1,17 +1,28 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr @@ -381,19 +375,16 @@ index 3f235e6..7552668 100644 relabel: install /sbin/restorecon $(SBINDIR)/restorecond -diff --git a/policycoreutils/restorecond/org.selinux.Restorecond.service b/policycoreutils/restorecond/org.selinux.Restorecond.service -new file mode 100644 -index 0000000..0ef5f0b ---- /dev/null -+++ b/policycoreutils/restorecond/org.selinux.Restorecond.service +diff -up policycoreutils-2.0.85/restorecond/org.selinux.Restorecond.service.rhat policycoreutils-2.0.85/restorecond/org.selinux.Restorecond.service +--- policycoreutils-2.0.85/restorecond/org.selinux.Restorecond.service.rhat 2011-09-06 14:51:56.382898614 -0400 ++++ policycoreutils-2.0.85/restorecond/org.selinux.Restorecond.service 2011-09-06 14:51:56.382898614 -0400 @@ -0,0 +1,3 @@ +[D-BUS Service] +Name=org.selinux.Restorecond +Exec=/usr/sbin/restorecond -u -diff --git a/policycoreutils/restorecond/restorecond.8 b/policycoreutils/restorecond/restorecond.8 -index b149dcb..0c14c94 100644 ---- a/policycoreutils/restorecond/restorecond.8 -+++ b/policycoreutils/restorecond/restorecond.8 +diff -up policycoreutils-2.0.85/restorecond/restorecond.8.rhat policycoreutils-2.0.85/restorecond/restorecond.8 +--- policycoreutils-2.0.85/restorecond/restorecond.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/restorecond.8 2011-09-06 14:51:56.383898621 -0400 @@ -3,7 +3,7 @@ restorecond \- daemon that watches for file creation and then sets the default SELinux file context @@ -403,7 +394,7 @@ index b149dcb..0c14c94 100644 .P .SH "DESCRIPTION" -@@ -19,13 +19,22 @@ the correct file context associated with the policy. +@@ -19,13 +19,22 @@ the correct file context associated with .B \-d Turns on debugging mode. Application will stay in the foreground and lots of debugs messages start printing. @@ -428,10 +419,22 @@ index b149dcb..0c14c94 100644 .SH "SEE ALSO" .BR restorecon (8), -diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c -index 58774e6..a588e5e 100644 ---- a/policycoreutils/restorecond/restorecond.c -+++ b/policycoreutils/restorecond/restorecond.c +diff -up policycoreutils-2.0.85/restorecond/restorecond.conf.rhat policycoreutils-2.0.85/restorecond/restorecond.conf +--- policycoreutils-2.0.85/restorecond/restorecond.conf.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/restorecond.conf 2011-09-06 14:51:56.384898628 -0400 +@@ -4,8 +4,5 @@ + /etc/mtab + /var/run/utmp + /var/log/wtmp +-~/* +-/root/.ssh ++/root/* + /root/.ssh/* +- +- +diff -up policycoreutils-2.0.85/restorecond/restorecond.c.rhat policycoreutils-2.0.85/restorecond/restorecond.c +--- policycoreutils-2.0.85/restorecond/restorecond.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/restorecond.c 2011-09-06 14:51:56.384898628 -0400 @@ -30,9 +30,11 @@ * and makes sure that there security context matches the systems defaults * @@ -473,7 +476,7 @@ index 58774e6..a588e5e 100644 - -#include -#include -- + -/* size of the event structure, not counting name */ -#define EVENT_SIZE (sizeof (struct inotify_event)) -/* reasonable guess as to size of 1024 events */ @@ -558,7 +561,11 @@ index 58774e6..a588e5e 100644 - } - firstDir = NULL; -} -- ++static char *server_watch_file = "/etc/selinux/restorecond.conf"; ++static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; ++static char *watch_file; ++static struct restore_opts r_opts; + -/* - Set the file context to the default file context for this system. - Same as restorecon. @@ -667,7 +674,7 @@ index 58774e6..a588e5e 100644 - } - free(line_buf); -} - +- -/* - Read config file ignoring Comment lines - Files specified one per line. Files with "~" will be expanded to the logged in users @@ -696,7 +703,8 @@ index 58774e6..a588e5e 100644 - if (master_wd == -1) - exitApp("Error watching config file."); -} -- ++#include + -/* - Inotify watch loop -*/ @@ -730,16 +738,11 @@ index 58774e6..a588e5e 100644 - if (event->len) - watch_list_find(event->wd, event->name); - break; -+static char *server_watch_file = "/etc/selinux/restorecond.conf"; -+static char *user_watch_file = "/etc/selinux/restorecond_user.conf"; -+static char *watch_file; -+static struct restore_opts r_opts; - +- - case 1: /* utmp has changed need to reload */ - read_config(fd); - break; -+#include - +- - default: /* No users logged in or out */ - break; - } @@ -937,25 +940,9 @@ index 58774e6..a588e5e 100644 if (pidfile) unlink(pidfile); -diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf -index 3fc9376..58b723a 100644 ---- a/policycoreutils/restorecond/restorecond.conf -+++ b/policycoreutils/restorecond/restorecond.conf -@@ -4,8 +4,5 @@ - /etc/mtab - /var/run/utmp - /var/log/wtmp --~/* --/root/.ssh -+/root/* - /root/.ssh/* -- -- -diff --git a/policycoreutils/restorecond/restorecond.desktop b/policycoreutils/restorecond/restorecond.desktop -new file mode 100644 -index 0000000..23ff89d ---- /dev/null -+++ b/policycoreutils/restorecond/restorecond.desktop +diff -up policycoreutils-2.0.85/restorecond/restorecond.desktop.rhat policycoreutils-2.0.85/restorecond/restorecond.desktop +--- policycoreutils-2.0.85/restorecond/restorecond.desktop.rhat 2011-09-06 14:51:56.385898635 -0400 ++++ policycoreutils-2.0.85/restorecond/restorecond.desktop 2011-09-06 14:51:56.385898635 -0400 @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=File Context maintainer @@ -964,10 +951,9 @@ index 0000000..23ff89d +Encoding=UTF-8 +Type=Application +StartupNotify=false -diff --git a/policycoreutils/restorecond/restorecond.h b/policycoreutils/restorecond/restorecond.h -index e1666bf..8c85ef0 100644 ---- a/policycoreutils/restorecond/restorecond.h -+++ b/policycoreutils/restorecond/restorecond.h +diff -up policycoreutils-2.0.85/restorecond/restorecond.h.rhat policycoreutils-2.0.85/restorecond/restorecond.h +--- policycoreutils-2.0.85/restorecond/restorecond.h.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/restorecond.h 2011-09-06 14:51:56.386898643 -0400 @@ -24,7 +24,22 @@ #ifndef RESTORED_CONFIG_H #define RESTORED_CONFIG_H @@ -993,10 +979,9 @@ index e1666bf..8c85ef0 100644 +extern int watch_list_isempty(); #endif -diff --git a/policycoreutils/restorecond/restorecond.init b/policycoreutils/restorecond/restorecond.init -index b966db6..775c52b 100644 ---- a/policycoreutils/restorecond/restorecond.init -+++ b/policycoreutils/restorecond/restorecond.init +diff -up policycoreutils-2.0.85/restorecond/restorecond.init.rhat policycoreutils-2.0.85/restorecond/restorecond.init +--- policycoreutils-2.0.85/restorecond/restorecond.init.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/restorecond.init 2011-09-06 14:51:56.387898651 -0400 @@ -26,7 +26,7 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin # Source function library. . /etc/rc.d/init.d/functions @@ -1025,11 +1010,9 @@ index b966db6..775c52b 100644 exit $RETVAL - -diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf -new file mode 100644 -index 0000000..f88a29a ---- /dev/null -+++ b/policycoreutils/restorecond/restorecond_user.conf +diff -up policycoreutils-2.0.85/restorecond/restorecond_user.conf.rhat policycoreutils-2.0.85/restorecond/restorecond_user.conf +--- policycoreutils-2.0.85/restorecond/restorecond_user.conf.rhat 2011-09-06 14:51:56.387898651 -0400 ++++ policycoreutils-2.0.85/restorecond/restorecond_user.conf 2011-09-06 14:51:56.923902646 -0400 @@ -0,0 +1,7 @@ +~/* +~/public_html/* @@ -1037,12 +1020,10 @@ index 0000000..f88a29a +~/local/* +~/.fonts/* +~/.cache/* -+ -diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c -new file mode 100644 -index 0000000..8cf2f20 ---- /dev/null -+++ b/policycoreutils/restorecond/user.c ++~/.config/* +diff -up policycoreutils-2.0.85/restorecond/user.c.rhat policycoreutils-2.0.85/restorecond/user.c +--- policycoreutils-2.0.85/restorecond/user.c.rhat 2011-09-06 14:51:56.389898666 -0400 ++++ policycoreutils-2.0.85/restorecond/user.c 2011-09-06 14:51:56.389898666 -0400 @@ -0,0 +1,242 @@ +/* + * restorecond @@ -1286,11 +1267,10 @@ index 0000000..8cf2f20 + return 0; +} + -diff --git a/policycoreutils/restorecond/utmpwatcher.c b/policycoreutils/restorecond/utmpwatcher.c -index f182c22..feddb5a 100644 ---- a/policycoreutils/restorecond/utmpwatcher.c -+++ b/policycoreutils/restorecond/utmpwatcher.c -@@ -72,8 +72,8 @@ unsigned int utmpwatcher_handle(int inotify_fd, int wd) +diff -up policycoreutils-2.0.85/restorecond/utmpwatcher.c.rhat policycoreutils-2.0.85/restorecond/utmpwatcher.c +--- policycoreutils-2.0.85/restorecond/utmpwatcher.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/restorecond/utmpwatcher.c 2011-09-06 14:51:56.390898673 -0400 +@@ -72,8 +72,8 @@ unsigned int utmpwatcher_handle(int inot if (utmp_wd == -1) exitApp("Error watching utmp file."); @@ -1300,11 +1280,9 @@ index f182c22..feddb5a 100644 strings_list_free(prev_utmp_ptr); } return changed; -diff --git a/policycoreutils/restorecond/watch.c b/policycoreutils/restorecond/watch.c -new file mode 100644 -index 0000000..20a861f ---- /dev/null -+++ b/policycoreutils/restorecond/watch.c +diff -up policycoreutils-2.0.85/restorecond/watch.c.rhat policycoreutils-2.0.85/restorecond/watch.c +--- policycoreutils-2.0.85/restorecond/watch.c.rhat 2011-09-06 14:51:56.390898673 -0400 ++++ policycoreutils-2.0.85/restorecond/watch.c 2011-09-06 14:51:56.390898673 -0400 @@ -0,0 +1,270 @@ +#define _GNU_SOURCE +#include @@ -1576,10 +1554,9 @@ index 0000000..20a861f + if (master_wd == -1) + exitApp("Error watching config file."); +} -diff --git a/policycoreutils/run_init/open_init_pty.8 b/policycoreutils/run_init/open_init_pty.8 -index 540860a..10175dd 100644 ---- a/policycoreutils/run_init/open_init_pty.8 -+++ b/policycoreutils/run_init/open_init_pty.8 +diff -up policycoreutils-2.0.85/run_init/open_init_pty.8.rhat policycoreutils-2.0.85/run_init/open_init_pty.8 +--- policycoreutils-2.0.85/run_init/open_init_pty.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/run_init/open_init_pty.8 2011-09-06 14:51:56.391898680 -0400 @@ -24,18 +24,18 @@ .\" .TH OPEN_INIT_PTY "8" "January 2005" "Security Enhanced Linux" NSA @@ -1603,10 +1580,9 @@ index 540860a..10175dd 100644 connects the physical terminal it was invoked upon with the pseudo terminal, passing keyboard input into to the child process, and passing the output of the child process to the physical terminal. -diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile -index ff0ee7c..0c8a085 100644 ---- a/policycoreutils/sandbox/Makefile -+++ b/policycoreutils/sandbox/Makefile +diff -up policycoreutils-2.0.85/sandbox/Makefile.rhat policycoreutils-2.0.85/sandbox/Makefile +--- policycoreutils-2.0.85/sandbox/Makefile.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/sandbox/Makefile 2011-09-06 14:51:56.392898687 -0400 @@ -7,10 +7,10 @@ SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -1641,10 +1617,146 @@ index ff0ee7c..0c8a085 100644 test: @python test_sandbox.py -v -diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox -index 48a26c2..5fa1d72 100644 ---- a/policycoreutils/sandbox/sandbox -+++ b/policycoreutils/sandbox/sandbox +diff -up policycoreutils-2.0.85/sandbox/sandbox.8.rhat policycoreutils-2.0.85/sandbox/sandbox.8 +--- policycoreutils-2.0.85/sandbox/sandbox.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/sandbox/sandbox.8 2011-09-06 14:53:42.653688409 -0400 +@@ -1,10 +1,13 @@ +-.TH SANDBOX "8" "May 2009" "chcat" "User Commands" ++.TH SANDBOX "8" "May 2010" "sandbox" "User Commands" + .SH NAME + sandbox \- Run cmd under an SELinux sandbox + .SH SYNOPSIS + .B sandbox +-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd +-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S ++[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd ++ ++.br ++.B sandbox ++[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S + .br + .SH DESCRIPTION + .PP +@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to + \fB\-T\ tmpdir + Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M. + .TP ++\fB\-S ++Run a full desktop session, Requires level, and home and tmpdir. ++.TP ++\fB\-w windowsize\fR ++Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700. ++.TP + \fB\-W windowmanager\fR + Select alternative window manager to run within + .B sandbox -X. +@@ -50,8 +59,20 @@ Default to /usr/bin/matchbox-window-mana + \fB\-X\fR + Create an X based Sandbox for gui apps, temporary files for + $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t ++.TP ++\fB\-c\fR ++Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. ++.TP ++\fB\-C\fR ++Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities. + .PP + .SH "SEE ALSO" + .TP +-runcon(1) ++runcon(1), seunshare(8), selinux(8) + .PP ++ ++.SH AUTHOR ++This manual page was written by ++.I Dan Walsh ++and ++.I Thomas Liu +diff -up policycoreutils-2.0.85/sandbox/sandbox.conf.5.rhat policycoreutils-2.0.85/sandbox/sandbox.conf.5 +--- policycoreutils-2.0.85/sandbox/sandbox.conf.5.rhat 2011-09-06 14:51:56.395898711 -0400 ++++ policycoreutils-2.0.85/sandbox/sandbox.conf.5 2011-09-06 14:54:34.623073026 -0400 +@@ -0,0 +1,40 @@ ++.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration" ++.SH NAME ++sandbox.conf \- user config file for the SELinux sandbox ++.SH DESCRIPTION ++.PP ++When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined. ++ ++.PP ++Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("="). ++ ++.PP ++These keywords are allowed. ++ ++.RS ++.TP ++.B NAME ++The name of the sandbox control group. Default is "sandbox". ++ ++.TP ++.B CPUAFFINITY ++Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5 ++ ++.TP ++.B MEMUSAGE ++How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M ++ ++.TP ++.B CPUUSAGE ++Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50% ++ ++ ++ ++.SH "SEE ALSO" ++.TP ++sandbox(8) ++.PP ++ ++.SH AUTHOR ++This manual page was written by ++.I Thomas Liu +diff -up policycoreutils-2.0.85/sandbox/sandbox.conf.rhat policycoreutils-2.0.85/sandbox/sandbox.conf +--- policycoreutils-2.0.85/sandbox/sandbox.conf.rhat 2011-09-06 14:51:56.394898703 -0400 ++++ policycoreutils-2.0.85/sandbox/sandbox.conf 2011-09-06 14:51:56.395898711 -0400 +@@ -0,0 +1,7 @@ ++# Space separate list of homedirs ++HOMEDIRS="/home" ++# Control group configuration ++NAME=sandbox ++CPUAFFINITY=ALL ++MEMUSAGE=80% ++CPUUSAGE=80% +diff -up policycoreutils-2.0.85/sandbox/sandbox.init.rhat policycoreutils-2.0.85/sandbox/sandbox.init +--- policycoreutils-2.0.85/sandbox/sandbox.init.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/sandbox/sandbox.init 2011-09-06 14:51:56.396898719 -0400 +@@ -10,17 +10,12 @@ + # + # chkconfig: 345 1 99 + # +-# Description: sandbox and other apps that want to use pam_namespace +-# on /var/tmp, /tmp and home directories, requires this script +-# to be run at boot time. +-# This script sets up the / mount point and all of its +-# subdirectories as shared. The script sets up +-# /tmp, /var/tmp, /home and any homedirs listed in +-# /etc/sysconfig/sandbox and all of their subdirectories +-# as unshared. +-# All processes that use pam_namespace will see +-# modifications to the global mountspace, except for the +-# unshared directories. ++# description: sandbox, xguest and other apps that want to use pam_namespace \ ++# require this script be run at boot. This service script does \ ++# not actually run any service but sets up: \ ++# /var/tmp, /tmp and home directories to be used by these tools.\ ++# If you do not use sandbox, xguest or pam_namespace you can turn \ ++# this service off.\ + # + + # Source function library. +diff -up policycoreutils-2.0.85/sandbox/sandbox.rhat policycoreutils-2.0.85/sandbox/sandbox +--- policycoreutils-2.0.85/sandbox/sandbox.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/sandbox/sandbox 2011-09-06 14:53:26.540568956 -0400 @@ -1,5 +1,6 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -1663,7 +1775,7 @@ index 48a26c2..5fa1d72 100644 import signal from tempfile import mkdtemp import pwd -+import commands ++import commands +import setools PROGNAME = "policycoreutils" @@ -1702,7 +1814,7 @@ index 48a26c2..5fa1d72 100644 if not os.path.exists(newdir): os.makedirs(newdir) dest = newdir + "/" + bname -@@ -81,9 +85,12 @@ def copyfile(file, dir, dest): +@@ -81,9 +85,10 @@ def copyfile(file, dir, dest): shutil.copytree(file, dest) else: shutil.copy2(file, dest) @@ -1711,13 +1823,11 @@ index 48a26c2..5fa1d72 100644 - for e in elist: - sys.stderr.write(e[1]) + for e in elist.message: -+ # ignore files that are missing -+ if not e[2].startswith("[Errno 2]"): -+ sys.stderr.write(e[2]) ++ sys.stderr.write(e[2]) SAVE_FILES[file] = (dest, os.path.getmtime(dest)) -@@ -161,10 +168,10 @@ class Sandbox: +@@ -161,10 +166,10 @@ class Sandbox: if not self.__options.homedir or not self.__options.tmpdir: self.usage(_("Homedir and tempdir required for level mounts")) @@ -1726,28 +1836,28 @@ index 48a26c2..5fa1d72 100644 raise ValueError(_(""" -/usr/sbin/seunshare is required for the action you want to perform. -""")) -+%s is required for the action you want to perform. ++%s is required for the action you want to perform. +""") % SEUNSHARE) def __mount_callback(self, option, opt, value, parser): self.__mount = True -@@ -172,6 +179,15 @@ class Sandbox: +@@ -172,6 +177,15 @@ class Sandbox: def __x_callback(self, option, opt, value, parser): self.__mount = True setattr(parser.values, option.dest, True) + if not os.path.exists(SEUNSHARE): + raise ValueError(_(""" -+%s is required for the action you want to perform. ++%s is required for the action you want to perform. +""") % SEUNSHARE) + + if not os.path.exists(SANDBOXSH): + raise ValueError(_(""" -+%s is required for the action you want to perform. ++%s is required for the action you want to perform. +""") % SANDBOXSH) def __validdir(self, option, opt, value, parser): if not os.path.isdir(value): -@@ -194,6 +210,8 @@ class Sandbox: +@@ -194,6 +208,8 @@ class Sandbox: self.__include(option, opt, i[:-1], parser) except IOError, e: sys.stderr.write(str(e)) @@ -1756,7 +1866,7 @@ index 48a26c2..5fa1d72 100644 fd.close() def __copyfiles(self): -@@ -212,13 +230,15 @@ class Sandbox: +@@ -212,13 +228,15 @@ class Sandbox: /etc/gdm/Xsession """) else: @@ -1774,18 +1884,14 @@ index 48a26c2..5fa1d72 100644 kill -TERM $WM_PID 2> /dev/null """ % (command, wm, command)) fd.close() -@@ -226,14 +246,25 @@ kill -TERM $WM_PID 2> /dev/null +@@ -229,12 +247,22 @@ kill -TERM $WM_PID 2> /dev/null - def usage(self, message = ""): - error_exit("%s\n%s" % (self.__parser.usage, message)) -- -+ def __parse_options(self): from optparse import OptionParser + types = "" + try: + types = _(""" -+Policy defines the following types for use with the -t: ++Policy defines the following types for use with the -t: +\t%s +""") % "\n\t".join(setools.seinfo(setools.ATTRIBUTE, "sandbox_type")[0]['types']) + except RuntimeError: @@ -1793,35 +1899,50 @@ index 48a26c2..5fa1d72 100644 + usage = _(""" -sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command -+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command ++sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command + -+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S ++sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S +%s +""") % types -sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S -""") - +- parser = OptionParser(version=self.VERSION, usage=usage) parser.disable_interspersed_args() -@@ -268,6 +299,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- + parser.add_option("-i", "--include", +@@ -260,14 +288,18 @@ sandbox [-h] [-[X|M] [-l level ] [-H hom + parser.add_option("-H", "--homedir", + action="callback", callback=self.__validdir, + type="string", +- dest="homedir", ++ dest="homedir", + help=_("alternate home directory to use for mounting")) + +- parser.add_option("-T", "--tmpdir", dest="tmpdir", ++ parser.add_option("-T", "--tmpdir", dest="tmpdir", + type="string", action="callback", callback=self.__validdir, help=_("alternate /tmp directory to use for mounting")) + parser.add_option("-w", "--windowsize", dest="windowsize", + type="string", default=DEFAULT_WINDOWSIZE, -+ help="size of the sandbox window") ++ help="size of the sandbox window") + parser.add_option("-W", "--windowmanager", dest="wm", type="string", default="/usr/bin/matchbox-window-manager -use_titlebar no", -@@ -276,13 +311,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -276,13 +308,21 @@ sandbox [-h] [-[X|M] [-l level ] [-H hom parser.add_option("-l", "--level", dest="level", help=_("MCS/MLS level for the sandbox")) -+ parser.add_option("-C", "--cgroups", -+ action="store_true", dest="usecgroup", default=False, -+ help="Use cgroups to limit this sandbox.") ++ parser.add_option("-c", "--cgroups", ++ action="store_true", dest="usecgroup", default=False, ++ help=_("Use cgroups to limit this sandbox.")) ++ ++ parser.add_option("-C", "--capabilities", ++ action="store_true", dest="usecaps", default=False, ++ help="Allow apps requiring capabilities to run within the sandbox.") + self.__parser=parser @@ -1830,11 +1951,11 @@ index 48a26c2..5fa1d72 100644 if self.__options.X_ind: self.setype = DEFAULT_X_TYPE - -+ ++ self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2") if self.__options.setype: self.setype = self.__options.setype -@@ -300,6 +339,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -300,6 +340,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H hom self.__homedir = self.__options.homedir self.__tmpdir = self.__options.tmpdir else: @@ -1845,7 +1966,15 @@ index 48a26c2..5fa1d72 100644 if len(cmds) == 0: self.usage(_("Command required")) cmds[0] = fullpath(cmds[0]) -@@ -329,44 +372,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -323,50 +367,51 @@ sandbox [-h] [-[X|M] [-l level ] [-H hom + + con = selinux.getcon()[1].split(":") + self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level) +- self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r", +- "%s_file_t" % self.setype[:-2], ++ self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r", ++ "%s_file_t" % self.setype[:-2], + level) def __setup_dir(self): if self.__options.level or self.__options.session: return @@ -1886,8 +2015,10 @@ index 48a26c2..5fa1d72 100644 - return rc - + cmds = [ SEUNSHARE, "-Z", self.__execcon ] -+ if self.__options.usecgroup == True: ++ if self.__options.usecgroup: + cmds.append('-c') ++ if self.__options.usecaps: ++ cmds.append('-C') if self.__mount: - cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths - rc = subprocess.Popen(cmds).wait() @@ -1902,14 +2033,14 @@ index 48a26c2..5fa1d72 100644 + + self.__setup_sandboxrc(self.__options.wm) + -+ cmds += [ "--", SANDBOXSH, self.__options.windowsize ] ++ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ] + else: + cmds += [ "--" ] + self.__paths + return subprocess.Popen(cmds).wait() selinux.setexeccon(self.__execcon) rc = subprocess.Popen(self.__cmds).wait() -@@ -404,7 +446,7 @@ if __name__ == '__main__': +@@ -404,7 +449,7 @@ if __name__ == '__main__': sandbox = Sandbox() rc = sandbox.main() except OSError, error: @@ -1918,163 +2049,23 @@ index 48a26c2..5fa1d72 100644 except ValueError, error: error_exit(error.args[0]) except KeyError, error: -diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8 -index 1479364..73d33b3 100644 ---- a/policycoreutils/sandbox/sandbox.8 -+++ b/policycoreutils/sandbox/sandbox.8 -@@ -1,10 +1,13 @@ --.TH SANDBOX "8" "May 2009" "chcat" "User Commands" -+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands" - .SH NAME - sandbox \- Run cmd under an SELinux sandbox - .SH SYNOPSIS - .B sandbox --[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd --[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S -+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd -+ -+.br -+.B sandbox -+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S - .br - .SH DESCRIPTION - .PP -@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X. - \fB\-T\ tmpdir - Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M. - .TP -+\fB\-S -+Run a full desktop session, Requires level, and home and tmpdir. -+.TP -+\fB\-w windowsize\fR -+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700. -+.TP - \fB\-W windowmanager\fR - Select alternative window manager to run within - .B sandbox -X. -@@ -50,8 +59,17 @@ Default to /usr/bin/matchbox-window-manager. - \fB\-X\fR - Create an X based Sandbox for gui apps, temporary files for - $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t -+.TP -+\fB\-C\fR -+Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. - .PP - .SH "SEE ALSO" - .TP --runcon(1) -+runcon(1), seunshare(8), selinux(8) - .PP -+ -+.SH AUTHOR -+This manual page was written by -+.I Dan Walsh -+and -+.I Thomas Liu -diff --git a/policycoreutils/sandbox/sandbox.conf b/policycoreutils/sandbox/sandbox.conf -new file mode 100644 -index 0000000..7c35808 ---- /dev/null -+++ b/policycoreutils/sandbox/sandbox.conf -@@ -0,0 +1,7 @@ -+# Space separate list of homedirs -+HOMEDIRS="/home" -+# Control group configuration -+NAME=sandbox -+CPUAFFINITY=ALL -+MEMUSAGE=80% -+CPUUSAGE=80% -diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5 -new file mode 100644 -index 0000000..ee97e10 ---- /dev/null -+++ b/policycoreutils/sandbox/sandbox.conf.5 -@@ -0,0 +1,40 @@ -+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration" -+.SH NAME -+sandbox.conf \- user config file for the SELinux sandbox -+.SH DESCRIPTION -+.PP -+When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined. -+ -+.PP -+Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("="). -+ -+.PP -+These keywords are allowed. -+ -+.RS -+.TP -+.B NAME -+The name of the sandbox control group. Default is "sandbox". -+ -+.TP -+.B CPUAFFINITY -+Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5 -+ -+.TP -+.B MEMUSAGE -+How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M -+ -+.TP -+.B CPUUSAGE -+Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50% -+ -+ -+ -+.SH "SEE ALSO" -+.TP -+sandbox(8) -+.PP -+ -+.SH AUTHOR -+This manual page was written by -+.I Thomas Liu -diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init -index ff8b3ef..8508647 100644 ---- a/policycoreutils/sandbox/sandbox.init -+++ b/policycoreutils/sandbox/sandbox.init -@@ -10,17 +10,12 @@ - # - # chkconfig: 345 1 99 - # --# Description: sandbox and other apps that want to use pam_namespace --# on /var/tmp, /tmp and home directories, requires this script --# to be run at boot time. --# This script sets up the / mount point and all of its --# subdirectories as shared. The script sets up --# /tmp, /var/tmp, /home and any homedirs listed in --# /etc/sysconfig/sandbox and all of their subdirectories --# as unshared. --# All processes that use pam_namespace will see --# modifications to the global mountspace, except for the --# unshared directories. -+# description: sandbox, xguest and other apps that want to use pam_namespace \ -+# require this script be run at boot. This service script does \ -+# not actually run any service but sets up: \ -+# /var/tmp, /tmp and home directories to be used by these tools.\ -+# If you do not use sandbox, xguest or pam_namespace you can turn \ -+# this service off.\ - # - - # Source function library. -diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh -index 8338203..f9e23ec 100644 ---- a/policycoreutils/sandbox/sandboxX.sh -+++ b/policycoreutils/sandbox/sandboxX.sh -@@ -1,13 +1,17 @@ - #!/bin/bash --context=`id -Z | secon -t -l -P` --export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`" +diff -up policycoreutils-2.0.85/sandbox/sandboxX.sh.rhat policycoreutils-2.0.85/sandbox/sandboxX.sh +--- policycoreutils-2.0.85/sandbox/sandboxX.sh.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/sandbox/sandboxX.sh 2011-09-06 14:54:15.178929237 -0400 +@@ -1,15 +1,21 @@ +-#!/bin/bash ++#!/bin/bash ++trap "" TERM + context=`id -Z | secon -t -l -P` + export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`" -export SCREENSIZE="1000x700" -#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'` -+context=`id -Z | secon -t ` -+export TITLE="`grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` ($context)" -+[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700" ++[ -z $1 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$1" ++[ -z $2 ] && export DPI="96" || export DPI="$2" trap "exit 0" HUP -(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do -+(/usr/bin/Xephyr -nolisten tcp -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do ++(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -displayfd 5 5>&1 2>/dev/null) | while read D; do export DISPLAY=:$D - python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])' + cat > ~/seremote << __EOF @@ -2084,24 +2075,25 @@ index 8338203..f9e23ec 100644 + chmod +x ~/seremote + /usr/share/sandbox/start $HOME/.sandboxrc export EXITCODE=$? - kill -HUP 0 +- kill -HUP 0 ++ kill -TERM 0 break -diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8 -new file mode 100644 -index 0000000..e7b8991 ---- /dev/null -+++ b/policycoreutils/sandbox/seunshare.8 -@@ -0,0 +1,37 @@ + done + exit 0 +diff -up policycoreutils-2.0.85/sandbox/seunshare.8.rhat policycoreutils-2.0.85/sandbox/seunshare.8 +--- policycoreutils-2.0.85/sandbox/seunshare.8.rhat 2011-09-06 14:51:56.397898726 -0400 ++++ policycoreutils-2.0.85/sandbox/seunshare.8 2011-09-06 14:53:58.842808328 -0400 +@@ -0,0 +1,43 @@ +.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands" +.SH NAME +seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context +.SH SYNOPSIS +.B seunshare -+[ -v ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args] ++[ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args] +.br +.SH DESCRIPTION +.PP -+Run the ++Run the +.I executable +within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context. + @@ -2112,9 +2104,15 @@ index 0000000..e7b8991 +\fB\-t\ tmpdir +Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user. +.TP -+\fB\-c cgroups\fR ++\fB\-c --cgroups\fR +Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. +.TP ++\fB\-C --capabilities\fR ++Allow apps executed within the namespace to use capabilities. Default is no capabilities. ++.TP ++\fB\-k --kill\fR ++Kill all processes with matching MCS level. ++.TP +\fB\-Z\ context +Use alternate SELinux context while runing the executable. +.TP @@ -2122,18 +2120,17 @@ index 0000000..e7b8991 +Verbose output +.SH "SEE ALSO" +.TP -+runcon(1), sandbox(8), selinux(8) ++runcon(1), sandbox(8), selinux(8) +.PP +.SH AUTHOR -+This manual page was written by ++This manual page was written by +.I Dan Walsh +and +.I Thomas Liu -diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c -index ec692e7..49dad71 100644 ---- a/policycoreutils/sandbox/seunshare.c -+++ b/policycoreutils/sandbox/seunshare.c -@@ -1,28 +1,35 @@ +diff -up policycoreutils-2.0.85/sandbox/seunshare.c.rhat policycoreutils-2.0.85/sandbox/seunshare.c +--- policycoreutils-2.0.85/sandbox/seunshare.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/sandbox/seunshare.c 2011-09-06 14:53:01.919386232 -0400 +@@ -1,27 +1,35 @@ +/* + * Authors: Dan Walsh + * Authors: Thomas Liu @@ -2166,15 +2163,15 @@ index ec692e7..49dad71 100644 #include #include /* for context-mangling functions */ - +- -#include -#include -#include -- ++#include + #ifdef USE_NLS #include /* for setlocale() */ - #include /* for gettext() */ -@@ -39,29 +46,47 @@ +@@ -39,29 +47,55 @@ #define MS_PRIVATE 1<<18 #endif @@ -2184,11 +2181,12 @@ index ec692e7..49dad71 100644 + +#define BUF_SIZE 1024 +#define DEFAULT_PATH "/usr/bin:/bin" -+ -+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] -t tmpdir -h homedir [-Z context] -- executable [args]") ++#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -c ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ") + +static int verbose = 0; ++static int child = 0; + ++static capng_select_t cap_set = CAPNG_SELECT_BOTH; + /** - * This function will drop all capabilities @@ -2198,17 +2196,29 @@ index ec692e7..49dad71 100644 -static int drop_capabilities(uid_t uid) +static int drop_caps() { -+ if (capng_have_capabilities(CAPNG_SELECT_BOTH) == CAPNG_NONE) -+ return 0; - capng_clear(CAPNG_SELECT_BOTH); +- capng_clear(CAPNG_SELECT_BOTH); - - if (capng_lock() < 0) -- return -1; ++ if (capng_have_capabilities(cap_set) == CAPNG_NONE) ++ return 0; ++ capng_clear(cap_set); ++ if (capng_lock() == -1 || capng_apply(cap_set) == -1) { ++ fprintf(stderr, _("Failed to drop all capabilities\n")); + return -1; - /* Change uid */ - if (setresuid(uid, uid, uid)) { - fprintf(stderr, _("Error changing uid, aborting.\n")); -+ if (capng_lock() == -1 || capng_apply(CAPNG_SELECT_BOTH) == -1) { -+ fprintf(stderr, _("Failed to drop all capabilities\n")); ++ } ++ return 0; ++} ++ ++/** ++ * This function will drop all privileges. ++ */ ++static int drop_privs(uid_t uid) ++{ ++ if (drop_caps() == -1 || setresuid(uid, uid, uid) == -1) { ++ fprintf(stderr, _("Failed to drop privileges\n")); return -1; } - return capng_apply(CAPNG_SELECT_BOTH); @@ -2218,15 +2228,10 @@ index ec692e7..49dad71 100644 -#define DEFAULT_PATH "/usr/bin:/bin" -static int verbose = 0; +/** -+ * This function will drop all privileges. ++ * If the user sends a siginto to seunshare, kill the child's session + */ -+static int drop_privs(uid_t uid) -+{ -+ if (drop_caps() == -1 || setresuid(uid, uid, uid) == -1) { -+ fprintf(stderr, _("Failed to drop privileges\n")); -+ return -1; -+ } -+ return 0; ++void handler(int sig) { ++ if (child > 0) kill(-child,sig); +} /** @@ -2235,18 +2240,22 @@ index ec692e7..49dad71 100644 */ static int set_signal_handles(void) { -@@ -75,8 +100,8 @@ static int set_signal_handles(void) +@@ -75,32 +109,117 @@ static int set_signal_handles(void) (void)sigprocmask(SIG_SETMASK, &empty, NULL); - /* Terminate on SIGHUP. */ -- if (signal(SIGHUP, SIG_DFL) == SIG_ERR) { + /* Terminate on SIGHUP */ -+ if (signal(SIGHUP, SIG_IGN) == SIG_ERR) { + if (signal(SIGHUP, SIG_DFL) == SIG_ERR) { perror("Unable to set SIGHUP handler"); return -1; } -@@ -84,23 +109,103 @@ static int set_signal_handles(void) + ++ if (signal(SIGINT, handler) == SIG_ERR) { ++ perror("Unable to set SIGINT handler"); ++ return -1; ++ } ++ return 0; } @@ -2261,10 +2270,14 @@ index ec692e7..49dad71 100644 + retval = -1; \ + } while(0) + -+/** + /** +- * This function makes sure the mounted directory is owned by the user executing +- * seunshare. +- * If so, it returns 0. If it can not figure this out or they are different, it returns -1. + * Spawn external command using system() with dropped privileges. + * TODO: avoid system() and use exec*() instead -+ */ + */ +-static int verify_mount(const char *mntdir, struct passwd *pwd) { +static int spawn_command(const char *cmd, uid_t uid){ + int child; + int status = -1; @@ -2324,22 +2337,18 @@ index ec692e7..49dad71 100644 + (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \ + (one)->st_mode == (two)->st_mode) + - /** -- * This function makes sure the mounted directory is owned by the user executing -- * seunshare. -- * If so, it returns 0. If it can not figure this out or they are different, it returns -1. ++/** + * Sanity check specified directory. Store stat info for future comparison, or + * compare with previously saved info to detect replaced directories. + * Note: This function does not perform owner checks. - */ --static int verify_mount(const char *mntdir, struct passwd *pwd) { ++ */ +static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) { struct stat sb; - if (stat(mntdir, &sb) == -1) { - fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir, strerror(errno)); + + if (st_out == NULL) st_out = &sb; -+ ++ + if (lstat(dir, st_out) == -1) { + fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno)); + return -1; @@ -2360,7 +2369,7 @@ index ec692e7..49dad71 100644 return 0; } -@@ -123,7 +228,7 @@ static int verify_shell(const char *shell_name) +@@ -123,7 +242,7 @@ static int verify_shell(const char *shel /* check the shell skipping newline char */ if (!strcmp(shell_name, buf)) { @@ -2369,7 +2378,7 @@ index ec692e7..49dad71 100644 break; } } -@@ -131,45 +236,525 @@ static int verify_shell(const char *shell_name) +@@ -131,54 +250,618 @@ static int verify_shell(const char *shel return rc; } @@ -2453,12 +2462,12 @@ index ec692e7..49dad71 100644 +static int match(const char *string, char *pattern) +{ + int status; -+ regex_t re; ++ regex_t re; + if (regcomp(&re, pattern, REG_EXTENDED|REG_NOSUB) != 0) { + return 0; + } + status = regexec(&re, string, (size_t)0, NULL, 0); -+ regfree(&re); ++ regfree(&re); + if (status != 0) { + return 0; + } @@ -2479,8 +2488,9 @@ index ec692e7..49dad71 100644 + char buf[BUF_SIZE]; + char *tok = NULL; + int rc = -1; -+ const char* fname = "/etc/sysconfig/sandbox"; -+ ++ char *str = NULL; ++ const char* fname = "/etc/sysconfig/sandbox"; ++ + if ((fp = fopen(fname, "rt")) == NULL) { + fprintf(stderr, "Error opening sandbox config file."); + return rc; @@ -2488,12 +2498,15 @@ index ec692e7..49dad71 100644 + while(fgets(buf, BUF_SIZE, fp) != NULL) { + /* Skip comments */ + if (buf[0] == '#') continue; -+ ++ + /* Copy the string, ignoring whitespace */ + int len = strlen(buf); -+ char *str = malloc((len + 1) * sizeof(char)); -+ -+ int ind = 0; ++ free(str); ++ str = malloc((len + 1) * sizeof(char)); ++ if (!str) ++ goto err; ++ ++ int ind = 0; + int i; + for (i = 0; i < len; i++) { + char cur = buf[i]; @@ -2503,7 +2516,7 @@ index ec692e7..49dad71 100644 + } + } + str[ind] = '\0'; -+ ++ + tok = strtok(str, "=\n"); + if (tok != NULL) { + if (!strcmp(tok, "CPUAFFINITY")) { @@ -2527,7 +2540,7 @@ index ec692e7..49dad71 100644 + fprintf(stderr, "Error parsing config file."); + goto err; + } -+ ++ + } else if (!strcmp(tok, "CPUUSAGE")) { + tok = strtok(NULL, "=\n"); + if (match(tok, "^[0-9]+\%")) { @@ -2545,14 +2558,14 @@ index ec692e7..49dad71 100644 + continue; + } + } -+ ++ + } + if (mem == NULL) { + long phypz = sysconf(_SC_PHYS_PAGES); + long psize = sysconf(_SC_PAGE_SIZE); + memusage = phypz * psize * (float) memusage / 100.0; + } -+ ++ + cgroup_init(); + + int64_t current_runtime = 0; @@ -2568,8 +2581,8 @@ index ec692e7..49dad71 100644 + cgroup_get_cgroup(curr); + cgroup_get_value_int64(cgroup_get_controller(curr, "cpu"), "cpu.rt_runtime_us", ¤t_runtime); + cgroup_get_value_int64(cgroup_get_controller(curr, "cpu"), "cpu.rt_period_us", ¤t_period); -+ } -+ ++ } ++ + ret = cgroup_get_current_controller_path(getpid(), "memory", &curr_mem_path); + if (ret) { + sandbox_error("Error while trying to get current controller path.\n"); @@ -2577,33 +2590,33 @@ index ec692e7..49dad71 100644 + struct cgroup *curr = cgroup_new_cgroup(curr_mem_path); + cgroup_get_cgroup(curr); + cgroup_get_value_int64(cgroup_get_controller(curr, "memory"), "memory.limit_in_bytes", ¤t_mem); -+ } -+ ++ } ++ + if (((float) cpupercentage) / 100.0> (float)current_runtime / (float) current_period) { + sandbox_error("CPU usage restricted!\n"); + goto err; -+ } -+ -+ if (mem == NULL) { ++ } ++ ++ if (mem == NULL) { + if (memusage > current_mem) { + sandbox_error("Attempting to use more memory than allowed!"); + goto err; + } + } -+ ++ + long nprocs = sysconf(_SC_NPROCESSORS_ONLN); -+ -+ struct sched_param sp; ++ ++ struct sched_param sp; + sp.sched_priority = sched_get_priority_min(SCHED_FIFO); + sched_setscheduler(getpid(), SCHED_FIFO, &sp); + struct cgroup *sandbox_group = cgroup_new_cgroup(cgroupname); + cgroup_add_controller(sandbox_group, "memory"); + cgroup_add_controller(sandbox_group, "cpu"); -+ ++ + if (mem == NULL) { + if (memusage > 0) { + cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", memusage); -+ } ++ } + } else { + cgroup_set_value_string(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", mem); + } @@ -2615,13 +2628,13 @@ index ec692e7..49dad71 100644 + if (cpus != NULL) { + cgroup_set_value_string(cgroup_get_controller(sandbox_group, "cpu"), "cgroup.procs",cpus); + } -+ ++ + uint64_t allocated_mem; + if (cgroup_get_value_uint64(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", &allocated_mem) > current_mem) { + sandbox_error("Attempting to use more memory than allowed!\n"); + goto err; + } -+ ++ + rc = cgroup_create_cgroup(sandbox_group, 1); + if (rc != 0) { + sandbox_error("Failed to create group. Ensure that cgconfig service is running. \n"); @@ -2632,13 +2645,15 @@ index ec692e7..49dad71 100644 + + rc = 0; +err: ++ fclose(fp); ++ free(str); + free(mem); + free(cgroupname); + free(cpus); + return rc; +} + -+/* ++/* + If path is empy or ends with "/." or "/.. return -1 else return 0; + */ +static int bad_path(const char *path) { @@ -2660,7 +2675,7 @@ index ec692e7..49dad71 100644 + return 0; +} + -+static int rsynccmd(const char * src, const char *dst, char **cmdbuf) ++static int rsynccmd(const char * src, const char *dst, char **cmdbuf) +{ + char *buf = NULL; + char *newbuf = NULL; @@ -2704,7 +2719,7 @@ index ec692e7..49dad71 100644 + newbuf = NULL; + } + -+ if (buf) { ++ if (buf) { + if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s'", buf, dst) == -1) { + fprintf(stderr, "Out of memory\n"); + goto err; @@ -2820,8 +2835,12 @@ index ec692e7..49dad71 100644 + if (verify_directory(tmpdir, NULL, out_st) < 0) { + goto err; + } -+ if (check_owner_uid(0, tmpdir, out_st) < 0) goto err; -+ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err; ++ ++ if (check_owner_uid(0, tmpdir, out_st) < 0) ++ goto err; ++ ++ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) ++ goto err; + + /* change permissions of the temporary directory */ + if ((fd_t = open(tmpdir, O_RDONLY)) < 0) { @@ -2848,7 +2867,7 @@ index ec692e7..49dad71 100644 + + /* copy selinux context */ + if (execcon) { -+ if (fsetfilecon(fd_t, con) == -1) { ++ if (fsetfilecon(fd_t, con) == -1) { + fprintf(stderr, _("Failed to set context of the directory %s: %s\n"), tmpdir, strerror(errno)); + goto err; + } @@ -2878,6 +2897,70 @@ index ec692e7..49dad71 100644 + if (fd_t >= 0) close(fd_t); + if (fd_s >= 0) close(fd_s); + return tmpdir; ++} ++ ++#define PROC_BASE "/proc" ++ ++static int ++killall (security_context_t execcon) ++{ ++ DIR *dir; ++ security_context_t scon; ++ struct dirent *de; ++ pid_t *pid_table, pid, self; ++ int i; ++ int pids, max_pids; ++ int running = 0; ++ self = getpid(); ++ if (!(dir = opendir(PROC_BASE))) { ++ return -1; ++ } ++ max_pids = 256; ++ pid_table = malloc(max_pids * sizeof (pid_t)); ++ if (!pid_table) { ++ (void)closedir(dir); ++ return -1; ++ } ++ pids = 0; ++ context_t con; ++ con = context_new(execcon); ++ const char *mcs = context_range_get(con); ++ printf("mcs=%s\n", mcs); ++ while ((de = readdir (dir)) != NULL) { ++ if (!(pid = (pid_t)atoi(de->d_name)) || pid == self) ++ continue; ++ ++ if (pids == max_pids) { ++ if (!(pid_table = realloc(pid_table, 2*pids*sizeof(pid_t)))) { ++ (void)closedir(dir); ++ return -1; ++ } ++ max_pids *= 2; ++ } ++ pid_table[pids++] = pid; ++ } ++ ++ (void)closedir(dir); ++ ++ for (i = 0; i < pids; i++) { ++ pid_t id = pid_table[i]; ++ ++ if (getpidcon(id, &scon) == 0) { ++ ++ context_t pidcon = context_new(scon); ++ /* Attempt to kill remaining processes */ ++ if (strcmp(context_range_get(pidcon), mcs) == 0) ++ kill(id, SIGKILL); ++ ++ context_free(pidcon); ++ freecon(scon); ++ } ++ running++; ++ } ++ ++ context_free(con); ++ free(pid_table); ++ return running; +} int main(int argc, char **argv) { @@ -2891,6 +2974,7 @@ index ec692e7..49dad71 100644 int clflag; /* holds codes for command line flags */ - char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */ + int usecgroups = 0; ++ int kill_all = 0; + char *homedir_s = NULL; /* homedir spec'd by user in argv[] */ + char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */ @@ -2903,26 +2987,32 @@ index ec692e7..49dad71 100644 const struct option long_options[] = { {"homedir", 1, 0, 'h'}, {"tmpdir", 1, 0, 't'}, ++ {"kill", 1, 0, 'k'}, {"verbose", 1, 0, 'v'}, + {"cgroups", 1, 0, 'c'}, + {"context", 1, 0, 'Z'}, ++ {"capabilities", 1, 0, 'C'}, {NULL, 0, 0, 0} }; -@@ -180,6 +765,12 @@ int main(int argc, char **argv) { + uid_t uid = getuid(); +- ++/* + if (!uid) { + fprintf(stderr, _("Must not be root")); return -1; } - ++*/ ++ +#ifdef USE_NLS + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); +#endif -+ + struct passwd *pwd=getpwuid(uid); if (!pwd) { - perror(_("getpwduid failed")); -@@ -187,34 +778,30 @@ int main(int argc, char **argv) { +@@ -187,34 +870,36 @@ int main(int argc, char **argv) { } if (verify_shell(pwd->pw_shell) < 0) { @@ -2934,7 +3024,7 @@ index ec692e7..49dad71 100644 while (1) { - clflag = getopt_long(argc, argv, "h:t:", long_options, - &flag_index); -+ clflag = getopt_long(argc, argv, "cvh:t:Z:", long_options, NULL); ++ clflag = getopt_long(argc, argv, "Ccvh:t:Z:", long_options, NULL); if (clflag == -1) break; @@ -2946,6 +3036,9 @@ index ec692e7..49dad71 100644 - } - if (verify_mount(tmpdir_s, pwd) < 0) return -1; + tmpdir_s = optarg; ++ break; ++ case 'k': ++ kill_all = 1; break; case 'h': - if (!(homedir_s = realpath(optarg, NULL))) { @@ -2963,12 +3056,15 @@ index ec692e7..49dad71 100644 + case 'c': + usecgroups = 1; + break; ++ case 'C': ++ cap_set = CAPNG_SELECT_CAPS; ++ break; + case 'Z': + execcon = optarg; break; default: fprintf(stderr, "%s\n", USAGE_STRING); -@@ -223,76 +810,84 @@ int main(int argc, char **argv) { +@@ -223,99 +908,131 @@ int main(int argc, char **argv) { } if (! homedir_s && ! tmpdir_s) { @@ -2989,14 +3085,16 @@ index ec692e7..49dad71 100644 - scontext = argv[optind++]; - - if (set_signal_handles()) -- return -1; -- -- if (unshare(CLONE_NEWNS) < 0) { -- perror(_("Failed to unshare")); + if (execcon && is_selinux_enabled() != 1) { + fprintf(stderr, _("Error: execution context specified, but SELinux is not enabled\n")); return -1; - } ++ } + +- if (unshare(CLONE_NEWNS) < 0) { +- perror(_("Failed to unshare")); ++ if (set_signal_handles()) + return -1; +- } - if (homedir_s && tmpdir_s && (strncmp(pwd->pw_dir, tmpdir_s, strlen(pwd->pw_dir)) == 0)) { - if (seunshare_mount(tmpdir_s, "/tmp", pwd) < 0) @@ -3010,13 +3108,11 @@ index ec692e7..49dad71 100644 - if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0) - return -1; - } -- ++ if (usecgroups && setup_cgroups() < 0) ++ return -1; + - if (drop_capabilities(uid)) { - perror(_("Failed to drop all capabilities")); -+ if (set_signal_handles()) return -1; -+ -+ if (usecgroups && setup_cgroups() < 0) return -1; -+ + /* set fsuid to ruid */ + /* Changing fsuid is usually required when user-specified directory is + * on an NFS mount. It's also desired to avoid leaking info about @@ -3039,8 +3135,9 @@ index ec692e7..49dad71 100644 return -1; } +- int child = fork(); + /* spawn child process */ - int child = fork(); ++ child = fork(); if (child == -1) { perror(_("Unable to fork")); - return -1; @@ -3054,9 +3151,6 @@ index ec692e7..49dad71 100644 - if (d) { - display = strdup(d); - if (!display) { -- perror(_("Out of memory")); -- exit(-1); -- } + if (child == 0) { + char *display = NULL; + int rc = -1; @@ -3064,12 +3158,8 @@ index ec692e7..49dad71 100644 + if (unshare(CLONE_NEWNS) < 0) { + perror(_("Failed to unshare")); + goto childerr; - } - -- if ((rc = clearenv())) { -- perror(_("Unable to clear environment")); -- free(display); -- exit(-1); ++ } ++ + /* assume fsuid==ruid after this point */ + setfsuid(uid); + @@ -3084,10 +3174,17 @@ index ec692e7..49dad71 100644 + /* construct a new environment */ + if ((display = getenv("DISPLAY")) != NULL) { + if ((display = strdup(display)) == NULL) { -+ perror(_("Out of memory")); + perror(_("Out of memory")); +- exit(-1); + goto childerr; -+ } + } } +- +- if ((rc = clearenv())) { +- perror(_("Unable to clear environment")); +- free(display); +- exit(-1); +- } - - if (setexeccon(scontext)) { - fprintf(stderr, _("Could not set exec context to %s.\n"), @@ -3099,18 +3196,20 @@ index ec692e7..49dad71 100644 + goto childerr; } - - if (display) +- if (display) ++ if (display) rc |= setenv("DISPLAY", display, 1); rc |= setenv("HOME", pwd->pw_dir, 1); -@@ -300,22 +895,41 @@ int main(int argc, char **argv) { + rc |= setenv("SHELL", pwd->pw_shell, 1); rc |= setenv("USER", pwd->pw_name, 1); rc |= setenv("LOGNAME", pwd->pw_name, 1); rc |= setenv("PATH", DEFAULT_PATH, 1); +- + if (rc != 0) { + fprintf(stderr, _("Failed to construct environment\n")); + goto childerr; + } - ++ + /* selinux context */ + if (execcon && setexeccon(execcon) != 0) { + fprintf(stderr, _("Could not set exec context to %s.\n"), execcon); @@ -3122,9 +3221,7 @@ index ec692e7..49dad71 100644 - exit(-1); + goto childerr; } -+ setsid(); -+ execv(argv[optind], argv + optind); + fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno)); +childerr: @@ -3138,23 +3235,26 @@ index ec692e7..49dad71 100644 - free(tmpdir_s); - free(homedir_s); + drop_caps(); - ++ + /* parent waits for child exit to do the cleanup */ + waitpid(child, &status, 0); + status_to_retval(status, status); + -+ if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1); ++ /* Make sure all child processes exit */ ++ kill(-child,SIGTERM); + ++ if (execcon && kill_all) ++ killall(execcon); ++ ++ if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1); + +err: + free(tmpdir_r); return status; } -+ -diff --git a/policycoreutils/sandbox/start b/policycoreutils/sandbox/start -new file mode 100644 -index 0000000..52950d7 ---- /dev/null -+++ b/policycoreutils/sandbox/start +diff -up policycoreutils-2.0.85/sandbox/start.rhat policycoreutils-2.0.85/sandbox/start +--- policycoreutils-2.0.85/sandbox/start.rhat 2011-09-06 14:51:56.400898747 -0400 ++++ policycoreutils-2.0.85/sandbox/start 2011-09-06 14:51:56.400898747 -0400 @@ -0,0 +1,9 @@ +#! /usr/bin/python -Es +import gtk, commands, sys @@ -3165,43 +3265,40 @@ index 0000000..52950d7 + pass +if rc[0] == 0: + print rc[1] -diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile -index 53b65b6..cc75a96 100644 ---- a/policycoreutils/scripts/Makefile -+++ b/policycoreutils/scripts/Makefile -@@ -14,6 +14,7 @@ install: all - install -m 755 genhomedircon $(SBINDIR) - -mkdir -p $(MANDIR)/man8 - install -m 644 fixfiles.8 $(MANDIR)/man8/ -+ install -m 644 genhomedircon.8 $(MANDIR)/man8/ - install -m 644 chcat.8 $(MANDIR)/man8/ - - clean: -diff --git a/policycoreutils/scripts/chcat b/policycoreutils/scripts/chcat -index 4038a99..9efcb22 100755 ---- a/policycoreutils/scripts/chcat -+++ b/policycoreutils/scripts/chcat -@@ -1,4 +1,4 @@ --#! /usr/bin/python -E -+#! /usr/bin/python -Es - # Copyright (C) 2005 Red Hat - # see file 'COPYING' for use and warranty information - # -diff --git a/policycoreutils/scripts/chcat.8 b/policycoreutils/scripts/chcat.8 -index 3f9efba..7c6d75a 100644 ---- a/policycoreutils/scripts/chcat.8 -+++ b/policycoreutils/scripts/chcat.8 -@@ -51,5 +51,5 @@ When operating on files this script wraps the chcon command. +diff -up policycoreutils-2.0.85/scripts/chcat.8.rhat policycoreutils-2.0.85/scripts/chcat.8 +--- policycoreutils-2.0.85/scripts/chcat.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/scripts/chcat.8 2011-09-06 14:51:56.402898763 -0400 +@@ -51,5 +51,5 @@ When operating on files this script wrap .SH "FILES" /etc/selinux/{SELINUXTYPE}/setrans.conf .br -/etc/selinux/{SELINUXTYPE}/seuser +/etc/selinux/{SELINUXTYPE}/seusers -diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index ae519fc..8e47d94 100755 ---- a/policycoreutils/scripts/fixfiles -+++ b/policycoreutils/scripts/fixfiles +diff -up policycoreutils-2.0.85/scripts/chcat.rhat policycoreutils-2.0.85/scripts/chcat +--- policycoreutils-2.0.85/scripts/chcat.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/scripts/chcat 2011-09-06 14:51:56.401898755 -0400 +@@ -1,4 +1,4 @@ +-#! /usr/bin/python -E ++#! /usr/bin/python -Es + # Copyright (C) 2005 Red Hat + # see file 'COPYING' for use and warranty information + # +diff -up policycoreutils-2.0.85/scripts/fixfiles.8.rhat policycoreutils-2.0.85/scripts/fixfiles.8 +--- policycoreutils-2.0.85/scripts/fixfiles.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/scripts/fixfiles.8 2011-09-06 14:51:56.404898778 -0400 +@@ -29,6 +29,8 @@ new policy, or just check whether the f + as you expect. By default it will relabel all mounted ext2, ext3, xfs and + jfs file systems as long as they do not have a security context mount + option. You can use the -R flag to use rpmpackages as an alternative. ++The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories ++excluded from relabelling. + .P + .B fixfiles onboot + will setup the machine to relabel on the next reboot. +diff -up policycoreutils-2.0.85/scripts/fixfiles.rhat policycoreutils-2.0.85/scripts/fixfiles +--- policycoreutils-2.0.85/scripts/fixfiles.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/scripts/fixfiles 2011-09-06 14:51:56.403898771 -0400 @@ -21,6 +21,44 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA @@ -3258,7 +3355,7 @@ index ae519fc..8e47d94 100755 SELINUXTYPE="targeted" if [ -e /etc/selinux/config ]; then . /etc/selinux/config -@@ -87,23 +123,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then +@@ -87,23 +123,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; esac; \ fi; \ done | \ @@ -3342,24 +3439,9 @@ index ae519fc..8e47d94 100755 restore } -diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8 -index dfe8aa9..0b4cbaa 100644 ---- a/policycoreutils/scripts/fixfiles.8 -+++ b/policycoreutils/scripts/fixfiles.8 -@@ -29,6 +29,8 @@ new policy, or just check whether the file contexts are all - as you expect. By default it will relabel all mounted ext2, ext3, xfs and - jfs file systems as long as they do not have a security context mount - option. You can use the -R flag to use rpmpackages as an alternative. -+The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories -+excluded from relabelling. - .P - .B fixfiles onboot - will setup the machine to relabel on the next reboot. -diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8 -new file mode 100644 -index 0000000..6331660 ---- /dev/null -+++ b/policycoreutils/scripts/genhomedircon.8 +diff -up policycoreutils-2.0.85/scripts/genhomedircon.8.rhat policycoreutils-2.0.85/scripts/genhomedircon.8 +--- policycoreutils-2.0.85/scripts/genhomedircon.8.rhat 2011-09-06 14:51:56.404898778 -0400 ++++ policycoreutils-2.0.85/scripts/genhomedircon.8 2011-09-06 14:51:56.404898778 -0400 @@ -0,0 +1,37 @@ +.\" Hey, Emacs! This is an -*- nroff -*- source file. +.\" Copyright (c) 2010 Dan Walsh @@ -3398,25 +3480,20 @@ index 0000000..6331660 +.SH AUTHOR +This manual page was written by +.I Dan Walsh -diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile -new file mode 100644 -index 0000000..176b11f ---- /dev/null -+++ b/policycoreutils/semanage/default_encoding/Makefile -@@ -0,0 +1,8 @@ -+all: -+ LDFLAGS="" python setup.py build -+ -+install: all -+ LDFLAGS="" python setup.py install --root=$(DESTDIR)/ -+ -+clean: -+ rm -rf build *~ -diff --git a/policycoreutils/semanage/default_encoding/default_encoding.c b/policycoreutils/semanage/default_encoding/default_encoding.c -new file mode 100644 -index 0000000..c3cdd4e ---- /dev/null -+++ b/policycoreutils/semanage/default_encoding/default_encoding.c +diff -up policycoreutils-2.0.85/scripts/Makefile.rhat policycoreutils-2.0.85/scripts/Makefile +--- policycoreutils-2.0.85/scripts/Makefile.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/scripts/Makefile 2011-09-06 14:51:56.401898755 -0400 +@@ -14,6 +14,7 @@ install: all + install -m 755 genhomedircon $(SBINDIR) + -mkdir -p $(MANDIR)/man8 + install -m 644 fixfiles.8 $(MANDIR)/man8/ ++ install -m 644 genhomedircon.8 $(MANDIR)/man8/ + install -m 644 chcat.8 $(MANDIR)/man8/ + + clean: +diff -up policycoreutils-2.0.85/semanage/default_encoding/default_encoding.c.rhat policycoreutils-2.0.85/semanage/default_encoding/default_encoding.c +--- policycoreutils-2.0.85/semanage/default_encoding/default_encoding.c.rhat 2011-09-06 14:51:56.406898792 -0400 ++++ policycoreutils-2.0.85/semanage/default_encoding/default_encoding.c 2011-09-06 14:51:56.406898792 -0400 @@ -0,0 +1,59 @@ +/* + * Authors: @@ -3477,11 +3554,21 @@ index 0000000..c3cdd4e + PyUnicode_SetDefaultEncoding("utf-8"); + m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8"); +} -diff --git a/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py -new file mode 100644 -index 0000000..ccb6b8b ---- /dev/null -+++ b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py +diff -up policycoreutils-2.0.85/semanage/default_encoding/Makefile.rhat policycoreutils-2.0.85/semanage/default_encoding/Makefile +--- policycoreutils-2.0.85/semanage/default_encoding/Makefile.rhat 2011-09-06 14:51:56.405898785 -0400 ++++ policycoreutils-2.0.85/semanage/default_encoding/Makefile 2011-09-06 14:51:56.405898785 -0400 +@@ -0,0 +1,8 @@ ++all: ++ LDFLAGS="" python setup.py build ++ ++install: all ++ LDFLAGS="" python setup.py install --root=$(DESTDIR)/ ++ ++clean: ++ rm -rf build *~ +diff -up policycoreutils-2.0.85/semanage/default_encoding/policycoreutils/__init__.py.rhat policycoreutils-2.0.85/semanage/default_encoding/policycoreutils/__init__.py +--- policycoreutils-2.0.85/semanage/default_encoding/policycoreutils/__init__.py.rhat 2011-09-06 14:51:56.406898792 -0400 ++++ policycoreutils-2.0.85/semanage/default_encoding/policycoreutils/__init__.py 2011-09-06 14:51:56.407898799 -0400 @@ -0,0 +1,17 @@ +# +# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc. @@ -3500,11 +3587,9 @@ index 0000000..ccb6b8b +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# -diff --git a/policycoreutils/semanage/default_encoding/setup.py b/policycoreutils/semanage/default_encoding/setup.py -new file mode 100644 -index 0000000..e2befdb ---- /dev/null -+++ b/policycoreutils/semanage/default_encoding/setup.py +diff -up policycoreutils-2.0.85/semanage/default_encoding/setup.py.rhat policycoreutils-2.0.85/semanage/default_encoding/setup.py +--- policycoreutils-2.0.85/semanage/default_encoding/setup.py.rhat 2011-09-06 14:51:56.407898799 -0400 ++++ policycoreutils-2.0.85/semanage/default_encoding/setup.py 2011-09-06 14:51:56.408898807 -0400 @@ -0,0 +1,38 @@ +# Authors: +# John Dennis @@ -3544,10 +3629,218 @@ index 0000000..e2befdb + ext_modules = [default_encoding_utf8], + packages=["policycoreutils"], +) -diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage -index ffaca5b..bc989bf 100644 ---- a/policycoreutils/semanage/semanage -+++ b/policycoreutils/semanage/semanage +diff -up policycoreutils-2.0.85/semanage/semanage.8.rhat policycoreutils-2.0.85/semanage/semanage.8 +--- policycoreutils-2.0.85/semanage/semanage.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/semanage/semanage.8 2011-09-06 14:51:56.410898823 -0400 +@@ -1,29 +1,69 @@ +-.TH "semanage" "8" "2005111103" "" "" ++.TH "semanage" "8" "20100223" "" "" + .SH "NAME" + semanage \- SELinux Policy Management tool + + .SH "SYNOPSIS" +-.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store] ++Output local customizations + .br +-.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file ++.B semanage [ -S store ] -o [ output_file | - ] ++ ++Input local customizations + .br +-.B semanage login \-{a|d|m} [\-sr] login_name | %groupname ++.B semanage [ -S store ] -i [ input_file | - ] ++ ++Manage booleans. Booleans allow the administrator to modify the confinement of ++processes based on his configuration. + .br +-.B semanage user \-{a|d|m} [\-LrRP] selinux_name ++.B semanage boolean [\-S store] \-{d|m|l|n|D} \-[\-on|\-off|\1|0] -F boolean | boolean_file ++ ++Manage SELinux confined users (Roles and levels for an SELinux user) ++.br ++.B semanage user [\-S store] \-{a|d|m|l|n|D} [\-LrRP] selinux_name ++ ++Manage login mappings between linux users and SELinux confined users. ++.br ++.B semanage login [\-S store] \-{a|d|m|l|n|D} [\-sr] login_name | %groupname ++ ++Manage policy modules. ++.br ++.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name ++ ++Manage network port type definitions ++.br ++.B semanage port [\-S store] \-{a|d|m|l|n|D} [\-tr] [\-p proto] port | port_range ++.br ++ ++Manage network interface type definitions ++.br ++.B semanage interface [\-S store] \-{a|d|m|l|n|D} [\-tr] interface_spec ++ ++Manage network node type definitions ++.br ++.B semanage node [\-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address ++.br ++ ++Manage file context mapping definitions + .br +-.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range ++.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec + .br +-.B semanage interface \-{a|d|m} [\-tr] interface_spec ++.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target + .br +-.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address ++ ++Manage processes type enforcement mode + .br +-.B semanage fcontext \-{a|d|m} [\-frst] file_spec ++.B semanage permissive [\-S store] \-{a|d|l|n|D} type + .br +-.B semanage permissive \-{a|d} type ++ ++Disable/Enable dontaudit rules in policy + .br +-.B semanage dontaudit [ on | off ] ++.B semanage dontaudit [\-S store] [ on | off ] + .P + ++Execute multiple commands within a single transaction. ++.br ++.B semanage [\-S store] \-i command-file ++.br ++ + .SH "DESCRIPTION" + semanage is used to configure certain elements of + SELinux policy without requiring modification to or recompilation +@@ -52,6 +92,22 @@ Delete a OBJECT record NAME + .I \-D, \-\-deleteall + Remove all OBJECTS local customizations + .TP ++.I \-\-disable ++Disable a policy module, requires -m option ++ ++Currently modules only. ++.TP ++.I \-\-enable ++Enable a disabled policy module, requires -m option ++ ++Currently modules only. ++.TP ++.I \-e, \-\-equal ++Substitute target path with sourcepath when generating default label. This is used with ++fcontext. Requires source and target path arguments. The context ++labeling for the target subtree is made equivalent to that ++defined for the source. ++.TP + .I \-f, \-\-ftype + File Type. This is used with fcontext. + Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. +@@ -60,6 +116,7 @@ Requires a file type as shown in the mod + Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format. + + Currently booleans only. ++ + .TP + .I \-h, \-\-help + display this message +@@ -76,6 +133,9 @@ Default SELinux Level for SELinux use, s + .I \-m, \-\-modify + Modify a OBJECT record NAME + .TP ++.I \-M, \-\-mask ++Network Mask ++.TP + .I \-n, \-\-noheading + Do not print heading when listing OBJECTS. + .TP +@@ -99,26 +159,67 @@ Select and alternate SELinux store to ma + .TP + .I \-t, \-\-type + SELinux Type for the object ++.TP ++.I \-i, \-\-input ++Take a set of commands from a specified file and load them in a single ++transaction. + + .SH EXAMPLE + .nf +-# View SELinux user mappings +-$ semanage user -l +-# Allow joe to login as staff_u +-$ semanage login -a -s staff_u joe +-# Allow the group clerks to login as user_u +-$ semanage login -a -s user_u %clerks +-# Add file-context for everything under /web (used by restorecon) +-$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" +-# Allow Apache to listen on port 81 +-$ semanage port -a -t http_port_t -p tcp 81 +-# Change apache to a permissive domain +-$ semanage permissive -a httpd_t +-# Turn off dontaudit rules +-$ semanage dontaudit off ++.B SELinux user ++List SELinux users ++# semanage user -l ++ ++.B SELinux login ++Change joe to login as staff_u ++# semanage login -a -s staff_u joe ++Change the group clerks to login as user_u ++# semanage login -a -s user_u %clerks ++ ++.B File contexts ++.i remember to run restorecon after you set the file context ++Add file-context for everything under /web ++# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" ++# restorecon -R -v /web ++ ++Substitute /home1 with /home when setting file context ++# semanage fcontext -a -e /home /home1 ++# restorecon -R -v /home1 ++ ++For home directories under top level directory, for example /disk6/home, ++execute the following commands. ++# semanage fcontext -a -t home_root_t "/disk6" ++# semanage fcontext -a -e /home /disk6/home ++# restorecon -R -v /disk6 ++ ++.B Port contexts ++Allow Apache to listen on tcp port 81 ++# semanage port -a -t http_port_t -p tcp 81 ++ ++.B Change apache to a permissive domain ++# semanage permissive -a httpd_t ++ ++.B Turn off dontaudit rules ++# semanage dontaudit off ++ ++.B Managing multiple machines ++Multiple machines that need the same customizations. ++Extract customizations off first machine, copy them ++to second and import them. ++ ++# semanage -o /tmp/local.selinux ++# scp /tmp/local.selinux secondmachine:/tmp ++# ssh secondmachine ++# semanage -i /tmp/local.selinux ++ ++If these customizations include file context, you need to apply the ++context using restorecon. ++ + .fi + + .SH "AUTHOR" +-This man page was written by Daniel Walsh and +-Russell Coker . ++This man page was written by Daniel Walsh ++.br ++and Russell Coker . ++.br + Examples by Thomas Bleher . +diff -up policycoreutils-2.0.85/semanage/semanage.rhat policycoreutils-2.0.85/semanage/semanage +--- policycoreutils-2.0.85/semanage/semanage.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/semanage/semanage 2011-09-06 14:51:56.409898815 -0400 @@ -1,4 +1,4 @@ -#! /usr/bin/python -E +#! /usr/bin/python -Es @@ -3586,7 +3879,8 @@ index ffaca5b..bc989bf 100644 def usage(message = ""): text = _(""" semanage [ -S store ] -i [ input_file | - ] -- ++semanage [ -S store ] -o [ output_file | - ] + -semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n] -semanage login -{a|d|m} [-sr] login_name | %groupname -semanage user -{a|d|m} [-LrRP] selinux_name @@ -3594,8 +3888,6 @@ index ffaca5b..bc989bf 100644 -semanage interface -{a|d|m} [-tr] interface_spec -semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr -semanage fcontext -{a|d|m} [-frst] file_spec -+semanage [ -S store ] -o [ output_file | - ] -+ +semanage login -{a|d|m|l|D|E} [-nrs] login_name | %groupname +semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name +semanage port -{a|d|m|l|D|E} [-nrt] [ -p proto ] port | port_range @@ -4064,221 +4356,10 @@ index ffaca5b..bc989bf 100644 errorExit(error.args[1]) + except OSError, error: + errorExit(error.args[1]) -diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8 -index 70d1a20..fb6a79b 100644 ---- a/policycoreutils/semanage/semanage.8 -+++ b/policycoreutils/semanage/semanage.8 -@@ -1,29 +1,69 @@ --.TH "semanage" "8" "2005111103" "" "" -+.TH "semanage" "8" "20100223" "" "" - .SH "NAME" - semanage \- SELinux Policy Management tool - - .SH "SYNOPSIS" --.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store] -+Output local customizations - .br --.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file -+.B semanage [ -S store ] -o [ output_file | - ] -+ -+Input local customizations -+.br -+.B semanage [ -S store ] -i [ input_file | - ] -+ -+Manage booleans. Booleans allow the administrator to modify the confinement of -+processes based on his configuration. -+.br -+.B semanage boolean [\-S store] \-{d|m|l|n|D} \-[\-on|\-off|\1|0] -F boolean | boolean_file -+ -+Manage SELinux confined users (Roles and levels for an SELinux user) -+.br -+.B semanage user [\-S store] \-{a|d|m|l|n|D} [\-LrRP] selinux_name -+ -+Manage login mappings between linux users and SELinux confined users. -+.br -+.B semanage login [\-S store] \-{a|d|m|l|n|D} [\-sr] login_name | %groupname -+ -+Manage policy modules. -+.br -+.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name -+ -+Manage network port type definitions - .br --.B semanage login \-{a|d|m} [\-sr] login_name | %groupname -+.B semanage port [\-S store] \-{a|d|m|l|n|D} [\-tr] [\-p proto] port | port_range - .br --.B semanage user \-{a|d|m} [\-LrRP] selinux_name -+ -+Manage network interface type definitions -+.br -+.B semanage interface [\-S store] \-{a|d|m|l|n|D} [\-tr] interface_spec -+ -+Manage network node type definitions - .br --.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range -+.B semanage node [\-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address - .br --.B semanage interface \-{a|d|m} [\-tr] interface_spec -+ -+Manage file context mapping definitions -+.br -+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec - .br --.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address -+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target - .br --.B semanage fcontext \-{a|d|m} [\-frst] file_spec -+ -+Manage processes type enforcement mode - .br --.B semanage permissive \-{a|d} type -+.B semanage permissive [\-S store] \-{a|d|l|n|D} type - .br --.B semanage dontaudit [ on | off ] -+ -+Disable/Enable dontaudit rules in policy -+.br -+.B semanage dontaudit [\-S store] [ on | off ] - .P - -+Execute multiple commands within a single transaction. -+.br -+.B semanage [\-S store] \-i command-file -+.br -+ - .SH "DESCRIPTION" - semanage is used to configure certain elements of - SELinux policy without requiring modification to or recompilation -@@ -52,6 +92,22 @@ Delete a OBJECT record NAME - .I \-D, \-\-deleteall - Remove all OBJECTS local customizations - .TP -+.I \-\-disable -+Disable a policy module, requires -m option -+ -+Currently modules only. -+.TP -+.I \-\-enable -+Enable a disabled policy module, requires -m option -+ -+Currently modules only. -+.TP -+.I \-e, \-\-equal -+Substitute target path with sourcepath when generating default label. This is used with -+fcontext. Requires source and target path arguments. The context -+labeling for the target subtree is made equivalent to that -+defined for the source. -+.TP - .I \-f, \-\-ftype - File Type. This is used with fcontext. - Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. -@@ -60,6 +116,7 @@ Requires a file type as shown in the mode field by ls, e.g. use -d to match only - Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format. - - Currently booleans only. -+ - .TP - .I \-h, \-\-help - display this message -@@ -76,6 +133,9 @@ Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only) - .I \-m, \-\-modify - Modify a OBJECT record NAME - .TP -+.I \-M, \-\-mask -+Network Mask -+.TP - .I \-n, \-\-noheading - Do not print heading when listing OBJECTS. - .TP -@@ -99,26 +159,67 @@ Select and alternate SELinux store to manage - .TP - .I \-t, \-\-type - SELinux Type for the object -+.TP -+.I \-i, \-\-input -+Take a set of commands from a specified file and load them in a single -+transaction. - - .SH EXAMPLE - .nf --# View SELinux user mappings --$ semanage user -l --# Allow joe to login as staff_u --$ semanage login -a -s staff_u joe --# Allow the group clerks to login as user_u --$ semanage login -a -s user_u %clerks --# Add file-context for everything under /web (used by restorecon) --$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" --# Allow Apache to listen on port 81 --$ semanage port -a -t http_port_t -p tcp 81 --# Change apache to a permissive domain --$ semanage permissive -a httpd_t --# Turn off dontaudit rules --$ semanage dontaudit off -+.B SELinux user -+List SELinux users -+# semanage user -l -+ -+.B SELinux login -+Change joe to login as staff_u -+# semanage login -a -s staff_u joe -+Change the group clerks to login as user_u -+# semanage login -a -s user_u %clerks -+ -+.B File contexts -+.i remember to run restorecon after you set the file context -+Add file-context for everything under /web -+# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" -+# restorecon -R -v /web -+ -+Substitute /home1 with /home when setting file context -+# semanage fcontext -a -e /home /home1 -+# restorecon -R -v /home1 -+ -+For home directories under top level directory, for example /disk6/home, -+execute the following commands. -+# semanage fcontext -a -t home_root_t "/disk6" -+# semanage fcontext -a -e /home /disk6/home -+# restorecon -R -v /disk6 -+ -+.B Port contexts -+Allow Apache to listen on tcp port 81 -+# semanage port -a -t http_port_t -p tcp 81 -+ -+.B Change apache to a permissive domain -+# semanage permissive -a httpd_t -+ -+.B Turn off dontaudit rules -+# semanage dontaudit off -+ -+.B Managing multiple machines -+Multiple machines that need the same customizations. -+Extract customizations off first machine, copy them -+to second and import them. -+ -+# semanage -o /tmp/local.selinux -+# scp /tmp/local.selinux secondmachine:/tmp -+# ssh secondmachine -+# semanage -i /tmp/local.selinux -+ -+If these customizations include file context, you need to apply the -+context using restorecon. -+ - .fi - - .SH "AUTHOR" --This man page was written by Daniel Walsh and --Russell Coker . -+This man page was written by Daniel Walsh -+.br -+and Russell Coker . -+.br - Examples by Thomas Bleher . -diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py -index b7d257b..4462c9e 100644 ---- a/policycoreutils/semanage/seobject.py -+++ b/policycoreutils/semanage/seobject.py -@@ -25,51 +25,17 @@ import pwd, grp, string, selinux, tempfile, os, re, sys, stat +diff -up policycoreutils-2.0.85/semanage/seobject.py.rhat policycoreutils-2.0.85/semanage/seobject.py +--- policycoreutils-2.0.85/semanage/seobject.py.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/semanage/seobject.py 2011-09-06 14:51:56.412898837 -0400 +@@ -25,51 +25,17 @@ import pwd, grp, string, selinux, tempfi from semanage import *; PROGNAME = "policycoreutils" import sepolgen.module as module @@ -4294,7 +4375,7 @@ index b7d257b..4462c9e 100644 - __builtin__.__dict__['_'] = unicode - -import syslog - +- -handle = None - -def get_handle(store): @@ -4307,7 +4388,7 @@ index b7d257b..4462c9e 100644 - - if store != "": - semanage_select_store(handle, store, SEMANAGE_CON_DIRECT); -- + - if not semanage_is_managed(handle): - semanage_handle_destroy(handle) - raise ValueError(_("SELinux policy is not managed or store cannot be accessed.")) @@ -4498,7 +4579,7 @@ index b7d257b..4462c9e 100644 class dontauditClass(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) -@@ -259,14 +328,23 @@ class permissiveRecords(semanageRecords): +@@ -259,14 +328,23 @@ class permissiveRecords(semanageRecords) name = semanage_module_get_name(mod) if name and name.startswith("permissive_"): l.append(name.split("permissive_")[1]) @@ -4768,10 +4849,10 @@ index b7d257b..4462c9e 100644 def __delete(self, addr, mask, proto): - if addr == "": - raise ValueError(_("Node Address is required")) -- + - if mask == "": - raise ValueError(_("Node Netmask is required")) - +- - if proto == "ipv4": - proto = 0 - elif proto == "ipv6": @@ -5056,11 +5137,9 @@ index b7d257b..4462c9e 100644 def list(self, heading = True, locallist = False, use_file = False): on_off = (_("off"), _("on")) if use_file: -diff --git a/policycoreutils/sepolgen-ifgen/Makefile b/policycoreutils/sepolgen-ifgen/Makefile -new file mode 100644 -index 0000000..211580d ---- /dev/null -+++ b/policycoreutils/sepolgen-ifgen/Makefile +diff -up policycoreutils-2.0.85/sepolgen-ifgen/Makefile.rhat policycoreutils-2.0.85/sepolgen-ifgen/Makefile +--- policycoreutils-2.0.85/sepolgen-ifgen/Makefile.rhat 2011-09-06 14:51:56.413898844 -0400 ++++ policycoreutils-2.0.85/sepolgen-ifgen/Makefile 2011-09-06 14:51:56.413898844 -0400 @@ -0,0 +1,25 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -5087,11 +5166,9 @@ index 0000000..211580d + ../../scripts/Lindent $(wildcard *.[ch]) + +relabel: ; -diff --git a/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c b/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c -new file mode 100644 -index 0000000..8f5c8e0 ---- /dev/null -+++ b/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c +diff -up policycoreutils-2.0.85/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c.rhat policycoreutils-2.0.85/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c +--- policycoreutils-2.0.85/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c.rhat 2011-09-06 14:51:56.414898851 -0400 ++++ policycoreutils-2.0.85/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2011-09-06 14:51:56.414898851 -0400 @@ -0,0 +1,233 @@ +/* Authors: Frank Mayer + * and Karl MacMillan @@ -5326,10 +5403,35 @@ index 0000000..8f5c8e0 + + return 0; +} -diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index b649d8f..38416d8 100644 ---- a/policycoreutils/setfiles/restore.c -+++ b/policycoreutils/setfiles/restore.c +diff -up policycoreutils-2.0.85/setfiles/restorecon.8.rhat policycoreutils-2.0.85/setfiles/restorecon.8 +--- policycoreutils-2.0.85/setfiles/restorecon.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setfiles/restorecon.8 2011-09-06 14:51:56.417898875 -0400 +@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SE + + .SH "SYNOPSIS" + .B restorecon +-.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname... ++.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname... + .P + .B restorecon +-.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F] ++.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F] + + .SH "DESCRIPTION" + This manual page describes the +@@ -40,6 +40,9 @@ don't change any file labels. + .TP + .B \-o outfilename + save list of files with incorrect context in outfilename. ++.TP ++.B \-p ++show progress by printing * every 1000 files. + .TP + .B \-v + show changes in file labels. +diff -up policycoreutils-2.0.85/setfiles/restore.c.rhat policycoreutils-2.0.85/setfiles/restore.c +--- policycoreutils-2.0.85/setfiles/restore.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setfiles/restore.c 2011-09-06 14:51:56.415898859 -0400 @@ -1,4 +1,5 @@ #include "restore.h" +#include @@ -5344,7 +5446,7 @@ index b649d8f..38416d8 100644 static int filespec_add(ino_t ino, const security_context_t con, const char *file); static int only_changed_user(const char *a, const char *b); struct restore_opts *r_opts = NULL; -@@ -53,7 +53,6 @@ void remove_exclude(const char *directory) +@@ -53,7 +53,6 @@ void remove_exclude(const char *director } } return; @@ -5352,7 +5454,7 @@ index b649d8f..38416d8 100644 } void restore_init(struct restore_opts *opts) -@@ -300,8 +299,14 @@ static int process_one(char *name, int recurse_this_path) +@@ -300,8 +299,14 @@ static int process_one(char *name, int r int rc = 0; const char *namelist[2] = {name, NULL}; dev_t dev_num = 0; @@ -5405,7 +5507,7 @@ index b649d8f..38416d8 100644 if (r_opts == NULL){ fprintf(stderr, -@@ -372,8 +400,9 @@ int process_one_realpath(char *name, int recurse) +@@ -372,8 +400,9 @@ int process_one_realpath(char *name, int if (!r_opts->expand_realpath) { return process_one(name, recurse); } else { @@ -5416,7 +5518,7 @@ index b649d8f..38416d8 100644 fprintf(stderr, "%s: lstat(%s) failed: %s\n", r_opts->progname, name, strerror(errno)); return -1; -@@ -409,7 +438,7 @@ int process_one_realpath(char *name, int recurse) +@@ -409,7 +438,7 @@ int process_one_realpath(char *name, int } } @@ -5425,7 +5527,7 @@ index b649d8f..38416d8 100644 { int i = 0; for (i = 0; i < excludeCtr; i++) { -@@ -537,7 +566,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -537,7 +566,7 @@ static int filespec_add(ino_t ino, const { file_spec_t *prevfl, *fl; int h, ret; @@ -5434,7 +5536,7 @@ index b649d8f..38416d8 100644 if (!fl_head) { fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); -@@ -550,7 +579,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -550,7 +579,7 @@ static int filespec_add(ino_t ino, const for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; prevfl = fl, fl = fl->next) { if (ino == fl->ino) { @@ -5443,7 +5545,7 @@ index b649d8f..38416d8 100644 if (ret < 0 || sb.st_ino != ino) { freecon(fl->con); free(fl->file); -@@ -602,5 +631,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -602,5 +631,67 @@ static int filespec_add(ino_t ino, const return -1; } @@ -5511,10 +5613,9 @@ index b649d8f..38416d8 100644 + free(buf); +} -diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h -index 03b82e8..8b50ff8 100644 ---- a/policycoreutils/setfiles/restore.h -+++ b/policycoreutils/setfiles/restore.h +diff -up policycoreutils-2.0.85/setfiles/restore.h.rhat policycoreutils-2.0.85/setfiles/restore.h +--- policycoreutils-2.0.85/setfiles/restore.h.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setfiles/restore.h 2011-09-06 14:51:56.416898867 -0400 @@ -27,6 +27,7 @@ struct restore_opts { int hard_links; int verbose; @@ -5534,37 +5635,9 @@ index 03b82e8..8b50ff8 100644 +void exclude_non_seclabel_mounts(); #endif -diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 -index 1eb6a43..c8ea4bb 100644 ---- a/policycoreutils/setfiles/restorecon.8 -+++ b/policycoreutils/setfiles/restorecon.8 -@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts. - - .SH "SYNOPSIS" - .B restorecon --.I [\-o outfilename ] [\-R] [\-n] [\-v] [\-e directory ] pathname... -+.I [\-o outfilename ] [\-R] [\-n] [\-p] [\-v] [\-e directory ] pathname... - .P - .B restorecon --.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-v] [\-F] -+.I \-f infilename [\-o outfilename ] [\-e directory ] [\-R] [\-n] [\-p] [\-v] [\-F] - - .SH "DESCRIPTION" - This manual page describes the -@@ -40,6 +40,9 @@ don't change any file labels. - .TP - .B \-o outfilename - save list of files with incorrect context in outfilename. -+.TP -+.B \-p -+show progress by printing * every 1000 files. - .TP - .B \-v - show changes in file labels. -diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index ac68b94..7f700ca 100644 ---- a/policycoreutils/setfiles/setfiles.8 -+++ b/policycoreutils/setfiles/setfiles.8 +diff -up policycoreutils-2.0.85/setfiles/setfiles.8.rhat policycoreutils-2.0.85/setfiles/setfiles.8 +--- policycoreutils-2.0.85/setfiles/setfiles.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setfiles/setfiles.8 2011-09-06 14:51:56.417898875 -0400 @@ -10,7 +10,7 @@ This manual page describes the .BR setfiles program. @@ -5584,10 +5657,9 @@ index ac68b94..7f700ca 100644 .TP .B \-q suppress non-error output. -diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index 8f4f663..b0a7e09 100644 ---- a/policycoreutils/setfiles/setfiles.c -+++ b/policycoreutils/setfiles/setfiles.c +diff -up policycoreutils-2.0.85/setfiles/setfiles.c.rhat policycoreutils-2.0.85/setfiles/setfiles.c +--- policycoreutils-2.0.85/setfiles/setfiles.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setfiles/setfiles.c 2011-09-06 14:51:56.418898883 -0400 @@ -5,7 +5,6 @@ #include #include @@ -5620,7 +5692,7 @@ index 8f4f663..b0a7e09 100644 name); } exit(1); -@@ -138,69 +136,6 @@ static void maybe_audit_mass_relabel(void) +@@ -138,69 +136,6 @@ static void maybe_audit_mass_relabel(voi #endif } @@ -5727,10 +5799,9 @@ index 8f4f663..b0a7e09 100644 } } -diff --git a/policycoreutils/setsebool/setsebool.8 b/policycoreutils/setsebool/setsebool.8 -index 4b13387..2b66bad 100644 ---- a/policycoreutils/setsebool/setsebool.8 -+++ b/policycoreutils/setsebool/setsebool.8 +diff -up policycoreutils-2.0.85/setsebool/setsebool.8.rhat policycoreutils-2.0.85/setsebool/setsebool.8 +--- policycoreutils-2.0.85/setsebool/setsebool.8.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setsebool/setsebool.8 2011-09-06 14:51:56.419898890 -0400 @@ -16,7 +16,7 @@ affected; the boot-time default settings are not changed. @@ -5740,11 +5811,10 @@ index 4b13387..2b66bad 100644 .SH AUTHOR This manual page was written by Dan Walsh . -diff --git a/policycoreutils/setsebool/setsebool.c b/policycoreutils/setsebool/setsebool.c -index dc037dd..d6c041b 100644 ---- a/policycoreutils/setsebool/setsebool.c -+++ b/policycoreutils/setsebool/setsebool.c -@@ -82,8 +82,13 @@ static int selinux_set_boolean_list(size_t boolcnt, +diff -up policycoreutils-2.0.85/setsebool/setsebool.c.rhat policycoreutils-2.0.85/setsebool/setsebool.c +--- policycoreutils-2.0.85/setsebool/setsebool.c.rhat 2010-12-21 16:12:03.000000000 -0500 ++++ policycoreutils-2.0.85/setsebool/setsebool.c 2011-09-06 14:51:56.420898897 -0400 +@@ -82,8 +82,13 @@ static int selinux_set_boolean_list(size if (errno == ENOENT) fprintf(stderr, "Could not change active booleans: " "Invalid boolean\n"); @@ -5760,7 +5830,7 @@ index dc037dd..d6c041b 100644 return -1; } -@@ -115,8 +120,13 @@ static int semanage_set_boolean_list(size_t boolcnt, +@@ -115,8 +120,13 @@ static int semanage_set_boolean_list(siz goto err; } else if (managed == 0) { diff --git a/policycoreutils.spec b/policycoreutils.spec index 34c5c0f..0f1a759 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.85 -Release: 30.2%{?dist} +Release: 30.3%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -60,11 +60,11 @@ context. %prep %setup -q -a 1 -%patch -p2 -b .rhat +%patch -p1 -b .rhat %patch1 -p1 -b .rhatpo %patch3 -p1 -b .gui %patch4 -p1 -b .sepolgen -%patch5 -p1 -b .sandbox +#%patch5 -p1 -b .sandbox %build make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all @@ -320,6 +320,9 @@ fi exit 0 %changelog +* Tue Sep 6 2011 Dan Walsh 2.0.86-7.3 +- Backport sandbox fixes from F16 + * Thu Jul 7 2011 Dan Walsh 2.0.86-7.2 - Change seunshare to send kill signals to the childs session. - Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.