From 6971173a5a603bf30c922c61fde55681a92c7bad Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 3 Feb 2010 16:48:59 +0000 Subject: [PATCH] * Wed Feb 3 2010 Dan Walsh 2.0.78-18 - Fix seobject and fixfiles --- policycoreutils-gui.patch | 30 +- policycoreutils-rhat.patch | 691 ++++++++++++++++++++++++++++++++----- policycoreutils.spec | 5 +- 3 files changed, 638 insertions(+), 88 deletions(-) diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 55cf46d..42ea360 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -6414,8 +6414,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.78/gui/polgen.py 2010-01-08 10:18:49.000000000 -0500 -@@ -0,0 +1,1197 @@ ++++ policycoreutils-2.0.78/gui/polgen.py 2010-02-03 11:46:45.000000000 -0500 +@@ -0,0 +1,1213 @@ +#!/usr/bin/python +# +# Copyright (C) 2007, 2008, 2009 Red Hat @@ -6614,6 +6614,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.symbols["openlog"] = "set_use_kerberos(True)" + self.symbols["openlog"] = "set_use_kerb_rcache(True)" + self.symbols["openlog"] = "set_use_syslog(True)" ++ self.symbols["gethostby"] = "set_use_resolve(True)" ++ self.symbols["getaddrinfo"] = "set_use_resolve(True)" ++ self.symbols["getnameinfo"] = "set_use_resolve(True)" + self.symbols["krb"] = "set_use_kerberos(True)" + self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)" + self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)" @@ -6624,7 +6627,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.symbols["dbus_"] = "set_use_dbus(True)" + self.symbols["pam_"] = "set_use_pam(True)" + self.symbols["pam_"] = "set_use_audit(True)" -+ + self.symbols["fork"] = "add_process('fork')" + self.symbols["transition"] = "add_process('transition')" + self.symbols["sigchld"] = "add_process('sigchld')" @@ -6727,6 +6729,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.in_udp = [False, False, False, []] + self.out_tcp = [False, False, False, []] + self.out_udp = [False, False, False, []] ++ self.use_resolve = False + self.use_tmp = False + self.use_uid = False + self.use_syslog = False @@ -6816,6 +6819,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + def set_out_udp(self, all, ports): + self.out_udp = [ all , False, False, verify_ports(ports) ] + ++ def set_use_resolve(self, val): ++ if val != True and val != False: ++ raise ValueError(_("use_resolve must be a boolean value ")) ++ ++ self.use_resolve = val ++ + def set_use_syslog(self, val): + if val != True and val != False: + raise ValueError(_("use_syslog must be a boolean value ")) @@ -6873,6 +6882,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + else: + return "" + ++ def generate_resolve_rules(self): ++ if self.use_resolve: ++ return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules) ++ else: ++ return "" ++ + def generate_kerberos_rules(self): + if self.use_kerberos: + return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules) @@ -7283,6 +7298,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + newte += self.generate_tmp_rules() + newte += self.generate_uid_rules() + newte += self.generate_syslog_rules() ++ newte += self.generate_resolve_rules() + newte += self.generate_pam_rules() + newte += self.generate_dbus_rules() + newte += self.generate_audit_rules() @@ -11889,8 +11905,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-21 08:18:05.000000000 -0500 -@@ -0,0 +1,359 @@ ++++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-28 12:17:43.000000000 -0500 +@@ -0,0 +1,363 @@ +# Copyright (C) 2007-2009 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -12031,6 +12047,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +logging_send_syslog_msg(TEMPLATETYPE_t) +""" + ++te_resolve_rules=""" ++sysnet_dns_name_resolve(TEMPLATETYPE_t) ++""" ++ +te_pam_rules=""" +auth_domtrans_chk_passwd(TEMPLATETYPE_t) +""" diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 6756a5b..b8d275a 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -148,6 +148,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + audit2why.init() app = AuditToPolicy() app.main() +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.78/audit2allow/audit2allow.1 +--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-02-18 16:44:47.000000000 -0500 ++++ policycoreutils-2.0.78/audit2allow/audit2allow.1 2010-01-25 15:55:32.000000000 -0500 +@@ -44,6 +44,9 @@ + Note that all audit messages are not available via dmesg when + auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. + .TP ++.B "\-D" | "\-\-dontaudit" ++Generate dontaudit rules rather then allow rules ++.TP + .B "\-h" | "\-\-help" + Print a short usage message + .TP diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.78/Makefile --- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 +++ policycoreutils-2.0.78/Makefile 2009-12-08 17:05:49.000000000 -0500 @@ -1084,7 +1097,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.78/restorecond/watch.c --- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.78/restorecond/watch.c 2009-12-16 08:16:27.000000000 -0500 ++++ policycoreutils-2.0.78/restorecond/watch.c 2010-01-29 16:35:39.000000000 -0500 @@ -0,0 +1,260 @@ +#define _GNU_SOURCE +#include @@ -1700,8 +1713,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po +relabel: diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.78/sandbox/sandbox --- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-19 11:58:50.000000000 -0500 -@@ -0,0 +1,323 @@ ++++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-27 16:39:26.000000000 -0500 +@@ -0,0 +1,357 @@ +#! /usr/bin/python -E +# Authors: Dan Walsh +# Authors: Josh Cogliati @@ -1727,6 +1740,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po +import selinux +import signal +from tempfile import mkdtemp ++import pwd + +PROGNAME = "policycoreutils" + @@ -1823,7 +1837,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + X_FILES[file] = (dest, os.path.getmtime(dest)) + +def copyfiles(newhomedir, newtmpdir, files): -+ import pwd + homedir=pwd.getpwuid(os.getuid()).pw_dir + for f in files: + copyfile(f,homedir, newhomedir) @@ -1850,6 +1863,29 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + if(copy): + shutil.copy2(new,orig) + ++def setup_executable(execfile, command): ++ fd = open(execfile, "w+") ++ fd.write(""" ++#! /bin/sh ++/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap ++/usr/bin/matchbox-window-manager -use_titlebar no & ++WM_PID=$! ++%s ++kill -TERM $WM_PID 2> /dev/null ++""" % command) ++ fd.close() ++ os.chmod(execfile, 0700) ++ ++def setup_session(execfile, command="/etc/gdm/Xsession"): ++ fd = open(execfile, "w+") ++ fd.write(""" ++#!/bin/sh ++/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap ++%s ++""" % command) ++ fd.close() ++ os.chmod(execfile, 0700) ++ +if __name__ == '__main__': + setup_sighandlers() + if selinux.is_selinux_enabled() != 1: @@ -1859,7 +1895,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + + def usage(message = ""): + text = _(""" -+sandbox [-h] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command ++sandbox [-h] [-[X|M] [-S] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command +""") + error_exit("%s\n%s" % (message, text)) + @@ -1871,8 +1907,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + newtmpdir = None + existing_home = False + existing_temp = False ++ session = False + try: -+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:ht:XI:MH:T:", ++ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:hSt:XI:MH:T:", + ["help", + "include=", + "includefile=", @@ -1880,6 +1917,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + "mount", + "homedir=", + "tmpdir=", ++ "session", + "level=" + ]) + for o, a in gopts: @@ -1920,6 +1958,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + newtempdir = a + if o == "-h" or o == "--help": + usage(_("Usage")); ++ ++ if o == "-S" or o == "--session": ++ session = True ++ homedir=pwd.getpwuid(os.getuid()).pw_dir ++ + + if len(cmds) == 0: + usage(_("Command required")) @@ -1946,23 +1989,29 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + if existing_home: + if not os.path.isdir(newhomedir): + raise IOError("Home directory "+newhomedir+" not found") -+ if not level: ++ if not level and not session: + chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newhomedir)).split() + rc = os.spawnvp(os.P_WAIT, chcon[0], chcon) + else: + newhomedir = mkdtemp(dir=".", prefix=".sandbox") -+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split() ++ if session: ++ chcon = ("/usr/bin/chcon --reference %s %s" %( homedir, (newhomedir))).split() ++ else: ++ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split() + rc = os.spawnvp(os.P_WAIT, chcon[0], chcon) + + if existing_temp: + if not os.path.isdir(newtempdir): + raise IOError("Temp directory "+newtempdir+" not found") -+ if not level: ++ if not level and not session: + chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split() + rc = os.spawnvp(os.P_WAIT, chcon[0], chcon) + else: + newtmpdir = mkdtemp(dir="/tmp", prefix=".sandbox") -+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split() ++ if session: ++ chcon = ("/usr/bin/chcon --reference /tmp %s" % (newtmpdir)).split() ++ else: ++ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split() + rc = os.spawnvp(os.P_WAIT, chcon[0], chcon) + + warnings.resetwarnings() @@ -1982,12 +2031,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + xd.close() + + execfile = newhomedir + "/.sandboxrc" -+ fd = open(execfile, "w+") -+ fd.write("""#! /bin/sh -+%s -+""" % " ".join(paths)) -+ fd.close() -+ os.chmod(execfile, 0700) ++ if session: ++ setup_session(execfile, " ".join(paths)) ++ else: ++ setup_executable(execfile, " ".join(paths)) ++ + cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split() + rc = os.spawnvp(os.P_WAIT, cmds[0], cmds) + else: @@ -2019,12 +2067,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + except KeyError, error: + error_exit(_("Invalid value %s") % error.args[0]) + except IOError, error: -+ error_exit(error.args[1]) ++ error_exit(error.message) + except KeyboardInterrupt: + rc = 0 + + sys.exit(rc) -+ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.78/sandbox/sandbox.8 --- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.78/sandbox/sandbox.8 2009-12-18 07:37:35.000000000 -0500 @@ -2079,25 +2126,385 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po +.TP +runcon(1) +.PP +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth 2010-01-25 17:24:41.000000000 -0500 +@@ -0,0 +1 @@ ++ÊïhÊ~©òH||”â#xˆ +\ No newline at end of file +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500 +@@ -0,0 +1,24 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500 +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 2010-01-25 17:24:41.000000000 -0500 +@@ -0,0 +1,23 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 2010-01-25 17:25:15.000000000 -0500 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ gtk-im-context-simple ++ ++ +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 2010-01-25 17:25:15.000000000 -0500 +@@ -0,0 +1,4 @@ ++ ++ ++ ++ +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 2010-01-25 17:24:41.000000000 -0500 +@@ -0,0 +1,8 @@ ++ ++ ++ ++
  • ++ .xmodmap ++
    • ++     ++     +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap +--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap 2010-01-25 17:24:30.000000000 -0500 +@@ -0,0 +1,248 @@ ++keycode 8 = ++keycode 9 = Escape NoSymbol Escape ++keycode 10 = 1 exclam 1 exclam ++keycode 11 = 2 at 2 at ++keycode 12 = 3 numbersign 3 numbersign ++keycode 13 = 4 dollar 4 dollar ++keycode 14 = 5 percent 5 percent ++keycode 15 = 6 asciicircum 6 asciicircum ++keycode 16 = 7 ampersand 7 ampersand ++keycode 17 = 8 asterisk 8 asterisk ++keycode 18 = 9 parenleft 9 parenleft ++keycode 19 = 0 parenright 0 parenright ++keycode 20 = minus underscore minus underscore ++keycode 21 = equal plus equal plus ++keycode 22 = BackSpace NoSymbol BackSpace ++keycode 23 = Tab ISO_Left_Tab Tab ISO_Left_Tab ++keycode 24 = q Q q Q ++keycode 25 = w W w W ++keycode 26 = e E e E ++keycode 27 = r R r R ++keycode 28 = t T t T ++keycode 29 = y Y y Y ++keycode 30 = u U u U ++keycode 31 = i I i I ++keycode 32 = o O o O ++keycode 33 = p P p P ++keycode 34 = bracketleft braceleft bracketleft braceleft ++keycode 35 = bracketright braceright bracketright braceright ++keycode 36 = Return NoSymbol Return ++keycode 37 = Control_L NoSymbol Control_L ++keycode 38 = a A a A ++keycode 39 = s S s S ++keycode 40 = d D d D ++keycode 41 = f F f F ++keycode 42 = g G g G ++keycode 43 = h H h H ++keycode 44 = j J j J ++keycode 45 = k K k K ++keycode 46 = l L l L ++keycode 47 = semicolon colon semicolon colon ++keycode 48 = apostrophe quotedbl apostrophe quotedbl ++keycode 49 = grave asciitilde grave asciitilde ++keycode 50 = Shift_L NoSymbol Shift_L ++keycode 51 = backslash bar backslash bar ++keycode 52 = z Z z Z ++keycode 53 = x X x X ++keycode 54 = c C c C ++keycode 55 = v V v V ++keycode 56 = b B b B ++keycode 57 = n N n N ++keycode 58 = m M m M ++keycode 59 = comma less comma less ++keycode 60 = period greater period greater ++keycode 61 = slash question slash question ++keycode 62 = Shift_R NoSymbol Shift_R ++keycode 63 = KP_Multiply XF86_ClearGrab KP_Multiply XF86_ClearGrab ++keycode 64 = Alt_L Meta_L Alt_L Meta_L ++keycode 65 = space NoSymbol space ++keycode 66 = Caps_Lock NoSymbol Caps_Lock ++keycode 67 = F1 XF86_Switch_VT_1 F1 XF86_Switch_VT_1 ++keycode 68 = F2 XF86_Switch_VT_2 F2 XF86_Switch_VT_2 ++keycode 69 = F3 XF86_Switch_VT_3 F3 XF86_Switch_VT_3 ++keycode 70 = F4 XF86_Switch_VT_4 F4 XF86_Switch_VT_4 ++keycode 71 = F5 XF86_Switch_VT_5 F5 XF86_Switch_VT_5 ++keycode 72 = F6 XF86_Switch_VT_6 F6 XF86_Switch_VT_6 ++keycode 73 = F7 XF86_Switch_VT_7 F7 XF86_Switch_VT_7 ++keycode 74 = F8 XF86_Switch_VT_8 F8 XF86_Switch_VT_8 ++keycode 75 = F9 XF86_Switch_VT_9 F9 XF86_Switch_VT_9 ++keycode 76 = F10 XF86_Switch_VT_10 F10 XF86_Switch_VT_10 ++keycode 77 = Num_Lock Pointer_EnableKeys Num_Lock Pointer_EnableKeys ++keycode 78 = Scroll_Lock NoSymbol Scroll_Lock ++keycode 79 = KP_Home KP_7 KP_Home KP_7 ++keycode 80 = KP_Up KP_8 KP_Up KP_8 ++keycode 81 = KP_Prior KP_9 KP_Prior KP_9 ++keycode 82 = KP_Subtract XF86_Prev_VMode KP_Subtract XF86_Prev_VMode ++keycode 83 = KP_Left KP_4 KP_Left KP_4 ++keycode 84 = KP_Begin KP_5 KP_Begin KP_5 ++keycode 85 = KP_Right KP_6 KP_Right KP_6 ++keycode 86 = KP_Add XF86_Next_VMode KP_Add XF86_Next_VMode ++keycode 87 = KP_End KP_1 KP_End KP_1 ++keycode 88 = KP_Down KP_2 KP_Down KP_2 ++keycode 89 = KP_Next KP_3 KP_Next KP_3 ++keycode 90 = KP_Insert KP_0 KP_Insert KP_0 ++keycode 91 = KP_Delete KP_Decimal KP_Delete KP_Decimal ++keycode 92 = ISO_Level3_Shift NoSymbol ISO_Level3_Shift ++keycode 93 = ++keycode 94 = less greater less greater bar brokenbar ++keycode 95 = F11 XF86_Switch_VT_11 F11 XF86_Switch_VT_11 ++keycode 96 = F12 XF86_Switch_VT_12 F12 XF86_Switch_VT_12 ++keycode 97 = ++keycode 98 = Katakana NoSymbol Katakana ++keycode 99 = Hiragana NoSymbol Hiragana ++keycode 100 = Henkan_Mode NoSymbol Henkan_Mode ++keycode 101 = Hiragana_Katakana NoSymbol Hiragana_Katakana ++keycode 102 = Muhenkan NoSymbol Muhenkan ++keycode 103 = ++keycode 104 = KP_Enter NoSymbol KP_Enter ++keycode 105 = Control_R NoSymbol Control_R ++keycode 106 = KP_Divide XF86_Ungrab KP_Divide XF86_Ungrab ++keycode 107 = Print Sys_Req Print Sys_Req ++keycode 108 = Alt_R Meta_R Alt_R Meta_R ++keycode 109 = Linefeed NoSymbol Linefeed ++keycode 110 = Home NoSymbol Home ++keycode 111 = Up NoSymbol Up ++keycode 112 = Prior NoSymbol Prior ++keycode 113 = Left NoSymbol Left ++keycode 114 = Right NoSymbol Right ++keycode 115 = End NoSymbol End ++keycode 116 = Down NoSymbol Down ++keycode 117 = Next NoSymbol Next ++keycode 118 = Insert NoSymbol Insert ++keycode 119 = Delete NoSymbol Delete ++keycode 120 = ++keycode 121 = XF86AudioMute NoSymbol XF86AudioMute ++keycode 122 = XF86AudioLowerVolume NoSymbol XF86AudioLowerVolume ++keycode 123 = XF86AudioRaiseVolume NoSymbol XF86AudioRaiseVolume ++keycode 124 = XF86PowerOff NoSymbol XF86PowerOff ++keycode 125 = KP_Equal NoSymbol KP_Equal ++keycode 126 = plusminus NoSymbol plusminus ++keycode 127 = Pause Break Pause Break ++keycode 128 = ++keycode 129 = KP_Decimal NoSymbol KP_Decimal ++keycode 130 = Hangul NoSymbol Hangul ++keycode 131 = Hangul_Hanja NoSymbol Hangul_Hanja ++keycode 132 = ++keycode 133 = Super_L NoSymbol Super_L ++keycode 134 = Super_R NoSymbol Super_R ++keycode 135 = Menu NoSymbol Menu ++keycode 136 = Cancel NoSymbol Cancel ++keycode 137 = Redo NoSymbol Redo ++keycode 138 = SunProps NoSymbol SunProps ++keycode 139 = Undo NoSymbol Undo ++keycode 140 = SunFront NoSymbol SunFront ++keycode 141 = XF86Copy NoSymbol XF86Copy ++keycode 142 = SunOpen NoSymbol SunOpen ++keycode 143 = XF86Paste NoSymbol XF86Paste ++keycode 144 = Find NoSymbol Find ++keycode 145 = XF86Cut NoSymbol XF86Cut ++keycode 146 = Help NoSymbol Help ++keycode 147 = XF86MenuKB NoSymbol XF86MenuKB ++keycode 148 = XF86Calculator NoSymbol XF86Calculator ++keycode 149 = ++keycode 150 = XF86Sleep NoSymbol XF86Sleep ++keycode 151 = XF86WakeUp NoSymbol XF86WakeUp ++keycode 152 = XF86Explorer NoSymbol XF86Explorer ++keycode 153 = XF86Send NoSymbol XF86Send ++keycode 154 = ++keycode 155 = XF86Xfer NoSymbol XF86Xfer ++keycode 156 = XF86Launch1 NoSymbol XF86Launch1 ++keycode 157 = XF86Launch2 NoSymbol XF86Launch2 ++keycode 158 = XF86WWW NoSymbol XF86WWW ++keycode 159 = XF86DOS NoSymbol XF86DOS ++keycode 160 = XF86ScreenSaver NoSymbol XF86ScreenSaver ++keycode 161 = ++keycode 162 = XF86RotateWindows NoSymbol XF86RotateWindows ++keycode 163 = XF86Mail NoSymbol XF86Mail ++keycode 164 = XF86Favorites NoSymbol XF86Favorites ++keycode 165 = XF86MyComputer NoSymbol XF86MyComputer ++keycode 166 = XF86Back NoSymbol XF86Back ++keycode 167 = XF86Forward NoSymbol XF86Forward ++keycode 168 = ++keycode 169 = XF86Eject NoSymbol XF86Eject ++keycode 170 = XF86Eject XF86Eject XF86Eject XF86Eject ++keycode 171 = XF86AudioNext NoSymbol XF86AudioNext ++keycode 172 = XF86AudioPlay XF86AudioPause XF86AudioPlay XF86AudioPause ++keycode 173 = XF86AudioPrev NoSymbol XF86AudioPrev ++keycode 174 = XF86AudioStop XF86Eject XF86AudioStop XF86Eject ++keycode 175 = XF86AudioRecord NoSymbol XF86AudioRecord ++keycode 176 = XF86AudioRewind NoSymbol XF86AudioRewind ++keycode 177 = XF86Phone NoSymbol XF86Phone ++keycode 178 = ++keycode 179 = XF86Tools NoSymbol XF86Tools ++keycode 180 = XF86HomePage NoSymbol XF86HomePage ++keycode 181 = XF86Reload NoSymbol XF86Reload ++keycode 182 = XF86Close NoSymbol XF86Close ++keycode 183 = ++keycode 184 = ++keycode 185 = XF86ScrollUp NoSymbol XF86ScrollUp ++keycode 186 = XF86ScrollDown NoSymbol XF86ScrollDown ++keycode 187 = parenleft NoSymbol parenleft ++keycode 188 = parenright NoSymbol parenright ++keycode 189 = XF86New NoSymbol XF86New ++keycode 190 = Redo NoSymbol Redo ++keycode 191 = ++keycode 192 = ++keycode 193 = ++keycode 194 = ++keycode 195 = ++keycode 196 = ++keycode 197 = ++keycode 198 = ++keycode 199 = ++keycode 200 = XF86TouchpadToggle NoSymbol XF86TouchpadToggle ++keycode 201 = ++keycode 202 = ++keycode 203 = Mode_switch NoSymbol Mode_switch ++keycode 204 = NoSymbol Alt_L NoSymbol Alt_L ++keycode 205 = NoSymbol Meta_L NoSymbol Meta_L ++keycode 206 = NoSymbol Super_L NoSymbol Super_L ++keycode 207 = NoSymbol Hyper_L NoSymbol Hyper_L ++keycode 208 = XF86AudioPlay NoSymbol XF86AudioPlay ++keycode 209 = XF86AudioPause NoSymbol XF86AudioPause ++keycode 210 = XF86Launch3 NoSymbol XF86Launch3 ++keycode 211 = XF86Launch4 NoSymbol XF86Launch4 ++keycode 212 = ++keycode 213 = XF86Suspend NoSymbol XF86Suspend ++keycode 214 = XF86Close NoSymbol XF86Close ++keycode 215 = XF86AudioPlay NoSymbol XF86AudioPlay ++keycode 216 = XF86AudioForward NoSymbol XF86AudioForward ++keycode 217 = ++keycode 218 = Print NoSymbol Print ++keycode 219 = ++keycode 220 = XF86WebCam NoSymbol XF86WebCam ++keycode 221 = ++keycode 222 = ++keycode 223 = XF86Mail NoSymbol XF86Mail ++keycode 224 = ++keycode 225 = XF86Search NoSymbol XF86Search ++keycode 226 = ++keycode 227 = XF86Finance NoSymbol XF86Finance ++keycode 228 = ++keycode 229 = XF86Shop NoSymbol XF86Shop ++keycode 230 = ++keycode 231 = Cancel NoSymbol Cancel ++keycode 232 = XF86MonBrightnessDown NoSymbol XF86MonBrightnessDown ++keycode 233 = XF86MonBrightnessUp NoSymbol XF86MonBrightnessUp ++keycode 234 = XF86AudioMedia NoSymbol XF86AudioMedia ++keycode 235 = XF86Display NoSymbol XF86Display ++keycode 236 = XF86KbdLightOnOff NoSymbol XF86KbdLightOnOff ++keycode 237 = XF86KbdBrightnessDown NoSymbol XF86KbdBrightnessDown ++keycode 238 = XF86KbdBrightnessUp NoSymbol XF86KbdBrightnessUp ++keycode 239 = XF86Send NoSymbol XF86Send ++keycode 240 = XF86Reply NoSymbol XF86Reply ++keycode 241 = XF86MailForward NoSymbol XF86MailForward ++keycode 242 = XF86Save NoSymbol XF86Save ++keycode 243 = XF86Documents NoSymbol XF86Documents ++keycode 244 = XF86Battery NoSymbol XF86Battery ++keycode 245 = XF86Bluetooth NoSymbol XF86Bluetooth ++keycode 246 = XF86WLAN NoSymbol XF86WLAN ++keycode 247 = ++keycode 248 = ++keycode 249 = ++keycode 250 = ++keycode 251 = ++keycode 252 = ++keycode 253 = ++keycode 254 = ++keycode 255 = diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.78/sandbox/sandboxX.sh --- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-19 12:20:41.000000000 -0500 -@@ -0,0 +1,19 @@ ++++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-27 16:49:23.000000000 -0500 +@@ -0,0 +1,14 @@ +#!/bin/bash -+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`" -+ ++export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70` Running as `secon -t -l -P`" ++export SCREENSIZE="1000x700" ++#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'` +trap "exit 0" HUP + -+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do ++(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do + export DISPLAY=:$D -+ (/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap) & -+ /usr/bin/matchbox-window-manager -use_titlebar no & -+ WM_PID=$! -+ ~/.sandboxrc & -+ CLIENT_PID=$! -+ wait $CLIENT_PID ++ python -c 'import gtk, os; os.system("%s/.sandboxrc" % os.environ["HOME"])' + export EXITCODE=$? -+ kill -TERM $WM_PID 2> /dev/null + kill -HUP 0 + break +done @@ -2371,6 +2778,58 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + + return status; +} +diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.78/scripts/fixfiles +--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500 ++++ policycoreutils-2.0.78/scripts/fixfiles 2010-01-29 16:40:10.000000000 -0500 +@@ -75,7 +75,8 @@ + -e 's|\(.*|*|g' \ + -e 's|\[.*|*|g' \ + -e 's|\.\*.*|*|g' \ +- -e 's|\.\+.*|*|g' | \ ++ -e 's|\.\+.*|*|g' \ ++ -e 's,/\*$,,g'| \ + # These two sorts need to be separate commands \ + sort -u | \ + sort -d | \ +@@ -87,11 +88,9 @@ + esac; \ + fi; \ + done | \ +- while read pattern ; do sh -c "find $pattern \ +- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o \ +- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \ +- done 2> /dev/null | \ +- ${RESTORECON} $* -0 -f - ++ xargs -r echo ++#${RESTORECON} -F -R -p -e /home -e /tmp -e /dev ++ + rm -f ${TEMPFILE} ${PREFCTEMPFILE} + fi + } +@@ -126,13 +125,7 @@ + exit $? + fi + if [ ! -z "$FILEPATH" ]; then +- if [ -x /usr/bin/find ]; then +- /usr/bin/find "$FILEPATH" \ +- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \ +- ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE +- else +- ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE +- fi ++ ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE + return + fi + [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon +@@ -146,7 +139,7 @@ + + fullrelabel() { + logit "Cleaning out /tmp" +- find /tmp/ -mindepth 1 -print0 | xargs -0 /bin/rm -f ++ find /tmp/ -mindepth 1 -delete + LogReadOnly + restore + } diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.78/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500 +++ policycoreutils-2.0.78/semanage/semanage 2010-01-08 09:24:07.000000000 -0500 @@ -2741,10 +3200,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po # Change apache to a permissive domain diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.78/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500 -+++ policycoreutils-2.0.78/semanage/seobject.py 2009-12-08 17:05:49.000000000 -0500 -@@ -37,40 +37,6 @@ - - import syslog ++++ policycoreutils-2.0.78/semanage/seobject.py 2010-02-03 11:39:44.000000000 -0500 +@@ -29,47 +29,12 @@ + import gettext + gettext.bindtextdomain(PROGNAME, "/usr/share/locale") + gettext.textdomain(PROGNAME) +-try: +- gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1) +-except IOError: +- import __builtin__ +- __builtin__.__dict__['_'] = unicode +- +-import syslog -handle = None - @@ -2777,13 +3244,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po - if is_mls_enabled < 0: - semanage_handle_destroy(handle) - raise ValueError(_("Could not test MLS enabled status")) -- ++import gettext ++translation=gettext.translation(PROGNAME, localedir = "/usr/share/locale", fallback=True) ++_=translation.ugettext + - return handle -- ++import syslog + file_types = {} file_types[""] = SEMANAGE_FCONTEXT_ALL; - file_types["all files"] = SEMANAGE_FCONTEXT_ALL; -@@ -194,44 +160,151 @@ +@@ -194,45 +159,152 @@ return trans else: return raw @@ -2874,8 +3344,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po raise ValueError(_("Semanage transaction not in progress")) - self.transaction = False + semanageRecords.transaction = False -+ self.commit() -+ + self.commit() + +class moduleRecords(semanageRecords): + def __init__(self, store): + semanageRecords.__init__(self, store) @@ -2939,17 +3409,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + if rc < 0 and rc != -2: + raise ValueError(_("Could not remove module %s (remove failed)") % m) + - self.commit() ++ self.commit() + + def deleteall(self): + l = self.get_all() + if len(l) > 0: + all = " ".join(l[0]) + self.delete(all) - ++ class dontauditClass(semanageRecords): def __init__(self, store): -@@ -259,6 +332,7 @@ + semanageRecords.__init__(self, store) +@@ -259,6 +331,7 @@ name = semanage_module_get_name(mod) if name and name.startswith("permissive_"): l.append(name.split("permissive_")[1]) @@ -2957,7 +3428,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po return l def list(self, heading = 1, locallist = 0): -@@ -343,7 +417,9 @@ +@@ -343,7 +416,9 @@ if rc < 0: raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: @@ -2968,7 +3439,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po if name[0] == '%': try: grp.getgrnam(name[1:]) -@@ -475,6 +551,16 @@ +@@ -475,6 +550,16 @@ mylog.log(1, "delete SELinux user mapping", name); @@ -2985,7 +3456,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -489,6 +575,15 @@ +@@ -489,6 +574,15 @@ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) return ddict @@ -3001,7 +3472,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def list(self,heading = 1, locallist = 0): ddict = self.get_all(locallist) keys = ddict.keys() -@@ -531,7 +626,8 @@ +@@ -531,7 +625,8 @@ if rc < 0: raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: @@ -3011,7 +3482,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po (rc, u) = semanage_user_create(self.sh) if rc < 0: -@@ -682,6 +778,16 @@ +@@ -682,6 +777,16 @@ mylog.log(1,"delete SELinux user record", name) @@ -3028,7 +3499,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -702,6 +808,15 @@ +@@ -702,6 +807,15 @@ return ddict @@ -3044,7 +3515,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): ddict = self.get_all(locallist) keys = ddict.keys() -@@ -740,12 +855,16 @@ +@@ -740,12 +854,16 @@ low = int(ports[0]) high = int(ports[1]) @@ -3061,7 +3532,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -808,6 +927,7 @@ +@@ -808,6 +926,7 @@ self.commit() def __modify(self, port, proto, serange, setype): @@ -3069,7 +3540,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po if serange == "" and setype == "": if is_mls_enabled == 1: raise ValueError(_("Requires setype or serange")) -@@ -942,6 +1062,18 @@ +@@ -942,6 +1061,18 @@ ddict[(ctype,proto_str)].append("%d-%d" % (low, high)) return ddict @@ -3088,7 +3559,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number")) -@@ -958,7 +1090,8 @@ +@@ -958,7 +1089,8 @@ class nodeRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self,store) @@ -3098,7 +3569,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def __add(self, addr, mask, proto, serange, ctype): if addr == "": raise ValueError(_("Node Address is required")) -@@ -966,14 +1099,11 @@ +@@ -966,14 +1098,11 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3116,7 +3587,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po if is_mls_enabled == 1: if serange == "": serange = "s0" -@@ -991,7 +1121,8 @@ +@@ -991,7 +1120,8 @@ (rc, exists) = semanage_node_exists(self.sh, k) if exists: @@ -3126,7 +3597,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po (rc, node) = semanage_node_create(self.sh) if rc < 0: -@@ -1047,13 +1178,10 @@ +@@ -1047,13 +1177,10 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3144,7 +3615,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po if serange == "" and setype == "": raise ValueError(_("Requires setype or serange")) -@@ -1098,11 +1226,9 @@ +@@ -1098,11 +1225,9 @@ if mask == "": raise ValueError(_("Node Netmask is required")) @@ -3159,7 +3630,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po raise ValueError(_("Unknown or missing protocol")) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) -@@ -1132,6 +1258,16 @@ +@@ -1132,6 +1257,16 @@ self.__delete(addr, mask, proto) self.commit() @@ -3176,7 +3647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist : -@@ -1145,15 +1281,20 @@ +@@ -1145,15 +1280,20 @@ con = semanage_node_get_con(node) addr = semanage_node_get_addr(self.sh, node) mask = semanage_node_get_mask(self.sh, node) @@ -3202,7 +3673,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") -@@ -1193,7 +1334,8 @@ +@@ -1193,7 +1333,8 @@ if rc < 0: raise ValueError(_("Could not check if interface %s is defined") % interface) if exists: @@ -3212,7 +3683,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po (rc, iface) = semanage_iface_create(self.sh) if rc < 0: -@@ -1307,6 +1449,16 @@ +@@ -1307,6 +1448,16 @@ self.__delete(interface) self.commit() @@ -3229,7 +3700,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def get_all(self, locallist = 0): ddict = {} if locallist: -@@ -1322,6 +1474,15 @@ +@@ -1322,6 +1473,15 @@ return ddict @@ -3245,7 +3716,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def list(self, heading = 1, locallist = 0): if heading: print "%-30s %s\n" % (_("SELinux Interface"), _("Context")) -@@ -1338,6 +1499,48 @@ +@@ -1338,6 +1498,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -3294,7 +3765,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def createcon(self, target, seuser = "system_u"): (rc, con) = semanage_context_create(self.sh) -@@ -1364,6 +1567,8 @@ +@@ -1364,6 +1566,8 @@ def validate(self, target): if target == "" or target.find("\n") >= 0: raise ValueError(_("Invalid file specification")) @@ -3303,7 +3774,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"): self.validate(target) -@@ -1388,7 +1593,8 @@ +@@ -1388,7 +1592,8 @@ raise ValueError(_("Could not check if file context for %s is defined") % target) if exists: @@ -3313,7 +3784,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po (rc, fcontext) = semanage_fcontext_create(self.sh) if rc < 0: -@@ -1504,9 +1710,16 @@ +@@ -1504,9 +1709,16 @@ raise ValueError(_("Could not delete the file context %s") % target) semanage_fcontext_key_free(k) @@ -3330,7 +3801,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) if rc < 0: raise ValueError(_("Could not create a key for %s") % target) -@@ -1561,12 +1774,22 @@ +@@ -1561,12 +1773,22 @@ return ddict @@ -3355,7 +3826,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po for k in keys: if fcon_dict[k]: if is_mls_enabled: -@@ -1575,6 +1798,12 @@ +@@ -1575,6 +1797,12 @@ print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2]) else: print "%-50s %-18s <>" % (k[0], k[1]) @@ -3368,7 +3839,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po class booleanRecords(semanageRecords): def __init__(self, store = ""): -@@ -1706,6 +1935,16 @@ +@@ -1706,6 +1934,16 @@ else: return _("unknown") @@ -3523,8 +3994,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po } diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.78/setfiles/restore.c --- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500 -+++ policycoreutils-2.0.78/setfiles/restore.c 2009-12-16 08:14:21.000000000 -0500 -@@ -31,7 +31,6 @@ ++++ policycoreutils-2.0.78/setfiles/restore.c 2010-01-29 16:37:02.000000000 -0500 +@@ -1,4 +1,5 @@ + #include "restore.h" ++#include + + #define SKIP -2 + #define ERR -1 +@@ -31,7 +32,6 @@ static file_spec_t *fl_head; @@ -3532,7 +4009,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po static int filespec_add(ino_t ino, const security_context_t con, const char *file); static int only_changed_user(const char *a, const char *b); struct restore_opts *r_opts = NULL; -@@ -53,7 +52,6 @@ +@@ -53,7 +53,6 @@ } } return; @@ -3540,7 +4017,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po } void restore_init(struct restore_opts *opts) -@@ -303,6 +301,12 @@ +@@ -303,6 +302,12 @@ FTS *fts_handle; FTSENT *ftsent; @@ -3553,7 +4030,37 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po fts_handle = fts_open((char **)namelist, r_opts->fts_flags, NULL); if (fts_handle == NULL) { fprintf(stderr, -@@ -374,6 +378,7 @@ +@@ -357,6 +362,29 @@ + goto out; + } + ++int process_glob(char *name, int recurse) { ++ glob_t globbuf; ++ size_t i = 0; ++ int errors = 0; ++ memset(&globbuf, 0, sizeof(globbuf)); ++ globbuf.gl_offs = 0; ++ if (glob(name, ++ GLOB_TILDE | GLOB_PERIOD, ++ NULL, ++ &globbuf) >= 0) { ++ for (i = 0; i < globbuf.gl_pathc; i++) { ++ int len = strlen(globbuf.gl_pathv[i]) -2; ++ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) continue; ++ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) continue; ++ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse) < 0; ++ } ++ globfree(&globbuf); ++ } ++ else ++ errors |= process_one_realpath(name, recurse) < 0; ++ return errors; ++} ++ + int process_one_realpath(char *name, int recurse) + { + int rc = 0; +@@ -374,6 +402,7 @@ } else { rc = lstat(name, &sb); if (rc < 0) { @@ -3561,7 +4068,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po fprintf(stderr, "%s: lstat(%s) failed: %s\n", r_opts->progname, name, strerror(errno)); return -1; -@@ -409,7 +414,7 @@ +@@ -409,7 +438,7 @@ } } @@ -3570,7 +4077,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po { int i = 0; for (i = 0; i < excludeCtr; i++) { -@@ -602,5 +607,67 @@ +@@ -602,5 +631,67 @@ return -1; } @@ -3599,7 +4106,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + fp = fopen("/proc/mounts", "r"); + if (!fp) + return; - ++ + while ((num = getline(&buf, &len, fp)) != -1) { + found = 0; + index = 0; @@ -3617,7 +4124,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po + buf); + continue; + } -+ + + /* remove pre-existing entry */ + remove_exclude(mount_info[1]); + @@ -3666,7 +4173,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po show changes in file labels. diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.78/setfiles/restore.h --- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500 -+++ policycoreutils-2.0.78/setfiles/restore.h 2009-12-16 08:14:23.000000000 -0500 ++++ policycoreutils-2.0.78/setfiles/restore.h 2010-01-29 16:27:56.000000000 -0500 @@ -27,6 +27,7 @@ int hard_links; int verbose; @@ -3675,15 +4182,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po char *rootpath; int rootpathlen; char *progname; -@@ -44,7 +45,9 @@ +@@ -44,7 +45,10 @@ void restore_init(struct restore_opts *opts); void restore_finish(); int add_exclude(const char *directory); +int exclude(const char *path); void remove_exclude(const char *directory); int process_one_realpath(char *name, int recurse); -+void exclude_non_seclabel_mounts(); ++int process_glob(char *name, int recurse); ++void exclude_non_seclabel_mounts(); #endif diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.78/setfiles/setfiles.8 --- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400 @@ -3700,7 +4208,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po suppress non-error output. diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.78/setfiles/setfiles.c --- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500 -+++ policycoreutils-2.0.78/setfiles/setfiles.c 2009-12-16 08:14:26.000000000 -0500 ++++ policycoreutils-2.0.78/setfiles/setfiles.c 2010-01-29 16:31:10.000000000 -0500 @@ -5,7 +5,6 @@ #include #include @@ -3821,3 +4329,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po argv[0]); exit(1); } +@@ -475,7 +410,7 @@ + buf[len - 1] = 0; + if (!strcmp(buf, "/")) + mass_relabel = 1; +- errors |= process_one_realpath(buf, recurse) < 0; ++ errors |= process_glob(buf, recurse) < 0; + } + if (strcmp(input_filename, "-") != 0) + fclose(f); +@@ -483,7 +418,8 @@ + for (i = optind; i < argc; i++) { + if (!strcmp(argv[i], "/")) + mass_relabel = 1; +- errors |= process_one_realpath(argv[i], recurse) < 0; ++ ++ errors |= process_glob(argv[i], recurse) < 0; + } + } + diff --git a/policycoreutils.spec b/policycoreutils.spec index 5735ddf..0242fc2 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.78 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -298,6 +298,9 @@ fi exit 0 %changelog +* Wed Feb 3 2010 Dan Walsh 2.0.78-18 +- Fix seobject and fixfiles + * Fri Jan 29 2010 Dan Walsh 2.0.78-17 - Change seobject to use translations properly