diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index bbdca42..8badd32 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,8 +1,158 @@ +diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile +index 83ebd45..bea9814 100644 +--- a/policycoreutils/Makefile ++++ b/policycoreutils/Makefile +@@ -1,4 +1,4 @@ +-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui ++SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui semanage/default_encoding + + INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) + +diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile +index fc290ea..f838b13 100644 +--- a/policycoreutils/audit2allow/Makefile ++++ b/policycoreutils/audit2allow/Makefile +@@ -4,12 +4,16 @@ BINDIR ?= $(PREFIX)/bin + LIBDIR ?= $(PREFIX)/lib + MANDIR ?= $(PREFIX)/share/man + LOCALEDIR ?= /usr/share/locale ++PYTHON ?= /usr/bin/python + + all: audit2why + + audit2why: + ln -sf audit2allow audit2why + ++test: all ++ @$(PYTHON) test_audit2allow.py -v ++ + install: all + -mkdir -p $(BINDIR) + install -m 755 audit2allow $(BINDIR) +diff --git a/policycoreutils/audit2allow/test.log b/policycoreutils/audit2allow/test.log +new file mode 100644 +index 0000000..8d23541 +--- /dev/null ++++ b/policycoreutils/audit2allow/test.log +@@ -0,0 +1,36 @@ ++node=bill.example.com type=AVC_PATH msg=audit(1166045975.667:1128): path="/usr/lib/libGL.so.1.2" ++type=AVC msg=audit(1166045975.667:1129): avc: denied { write } for comm=local dev=dm-0 name=root.lock pid=10581 scontext=system_u:system_r:postfix_local_t:s0 tclass=file tcontext=system_u:object_r:mail_spool_t:s0 ++node=bob.example.com type=PATH msg=audit(1166111074.191:74): item=0 name="/etc/auto.net" inode=16483485 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:automount_lock_t:s0 type=CWD msg=audit(1166111074.191:74): cwd="/" ++node=bob.example.com type=SYSCALL msg=audit(1166111074.191:74): arch=40000003 syscall=33 success=no exit=-13 a0=92c5288 a1=1 a2=154d50 a3=92c5120 items=1 ppid=13935 pid=13944 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 key=(null) ++node=bob.example.com type=AVC msg=audit(1166111074.191:74): avc: denied { execute } for pid=13944 comm="automount" name="auto.net" dev=dm-0 ino=16483485 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:automount_lock_t:s0 tclass=file ++node=james.example.com type=SYSCALL msg=audit(1165963069.244:851): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58ac0 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) ++node=james.example.com type=AVC msg=audit(1165963069.244:851): avc: denied { name_bind } for pid=21134 comm="httpd" src=81 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket ++node=tom.example.com type=SYSCALL msg=audit(1165963069.244:852): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58ac0 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="smbd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0 key=(null) ++node=tom.example.com type=AVC msg=audit(1165963069.244:852): avc: denied { name_connect } for pid=21134 comm="smbd" src=81 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket ++node=mary.example.com type=SYSCALL msg=audit(1166023021.373:910): arch=40000003 syscall=12 success=no exit=-13 a0=8493cd8 a1=cc3 a2=3282ec a3=bf992a04 items=0 ppid=24423 pid=24427 auid=3267 uid=0 gid=0 euid=3267 suid=3267 fsuid=3267 egid=3267 sgid=3267 fsgid=3267 tty=(none) comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0 key=(null) ++node=mary.example.com type=AVC msg=audit(1166023021.373:910): avc: denied { search } for pid=24427 comm="vsftpd" name="home" dev=dm-0 ino=9338881 scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir ++node=tom.example.com type=SYSCALL msg=audit(1165963069.244:852): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58ac0 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) ++node=tom.example.com type=AVC msg=audit(1165963069.244:852): avc: denied { name_connect } for pid=21134 comm="httpd" src=81 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket ++node=dan.example.com type=AVC_PATH msg=audit(1166017682.366:877): path="/var/www/html/index.html" ++node=dan.example.com type=SYSCALL msg=audit(1166017682.366:877): arch=40000003 syscall=196 success=no exit=-13 a0=96226a8 a1=bf88b01c a2=31fff4 a3=2008171 items=0 ppid=23762 pid=23768 auid=3267 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) ++node=dan.example.com type=AVC msg=audit(1166017682.366:877): avc: denied { execute_no_trans } for pid=23768 comm="httpd" name="index.html" dev=dm-0 ino=7996439 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file ++node=judy.example.com type=SYSCALL msg=audit(1165963069.244:853): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58ac0 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) ++node=judy.example.com type=AVC msg=audit(1165963069.244:853): avc: denied { name_connect } for pid=21134 comm="httpd" src=81 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket ++node=judy.example.com type=SYSCALL msg=audit(1165963069.244:853): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58ac0 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) ++node=judy.example.com type=AVC msg=audit(1165963069.244:853): avc: denied { name_connect } for pid=21134 comm="httpd" src=81 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket ++node=patty.example.com type=AVC_PATH msg=audit(1166036885.378:1097): path="/var/www/cgi-bin" ++node=patty.example.com type=SYSCALL msg=audit(1166036885.378:1097): arch=40000003 syscall=196 success=no exit=-13 a0=9624f38 a1=bf88b11c a2=31fff4 a3=2008171 items=0 ppid=23762 pid=23770 auid=3267 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) ++node=patty.example.com type=AVC msg=audit(1166036885.378:1097): avc: denied { execute } for pid=23770 comm="httpd" name="cgi-bin" dev=dm-0 ino=7995597 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=file ++node=sam.example.com type=SYSCALL msg=audit(1166038880.318:1103): arch=40000003 syscall=5 success=no exit=-13 a0=bf96f068 a1=18800 a2=0 a3=bf973110 items=0 ppid=23765 pid=12387 auid=3267 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="sealert.cgi" exe="/usr/bin/perl" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) ++node=sam.example.com type=AVC msg=audit(1166038880.318:1103): avc: denied { write } for pid=12387 comm="sealert.cgi" name="sealert-upload" dev=dm-0 ino=8093724 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file ++node=holycross.devel.redhat.com type=AVC_PATH msg=audit(1166027294.395:952): path="/home/devel/dwalsh/public_html" ++node=holycross.devel.redhat.com type=SYSCALL msg=audit(1166027294.395:952): arch=40000003 syscall=196 success=yes exit=0 a0=8495230 a1=849c830 a2=874ff4 a3=328d28 items=0 ppid=7234 pid=7236 auid=3267 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267 sgid=3267 fsgid=3267 tty=(none) comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0 key=(null) ++node=holycross.devel.redhat.com type=AVC msg=audit(1166027294.395:952): avc: denied { getattr } for pid=7236 comm="vsftpd" name="public_html" dev=dm-0 ino=9601649 scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file ++host=dhcppc2 type=AVC msg=audit(1216729188.853:241): avc: denied { read } for pid=14066 comm="qemu-kvm" name="HelpdeskRHEL4-RHEL4.x86_64" dev=tmpfs ino=333 scontext=system_u:system_r:qemu_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file host=dhcppc2 type=SYSCALL msg=audit(1216729188.853:241): arch=c000003e syscall=2 success=no exit=-13 a0=7fff6f654680 a1=0 a2=1a4 a3=3342f67a70 items=0 ppid=2953 pid=14066 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:qemu_t:s0 key=(null) ++node=mallorn.farre.nom type=AVC msg=audit(1228276291.360:466): avc: denied { execute } for pid=13015 comm="npviewer.bin" path="/opt/real/RealPlayer/mozilla/nphelix.so" dev=dm-0 ino=2850912 scontext=unconfined_u:unconfined_r:nsplugin_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file ++node=mallorn.farre.nom type=SYSCALL msg=audit(1228276291.360:466): arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=9eec a2=5 a3=802 items=0 ppid=13014 pid=13015 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=63 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0 key=(null) ++node=mary.example.com type=SYSCALL msg=audit(1166023021.373:910): arch=40000003 syscall=12 success=no exit=-13 a0=8493cd8 a1=cc3 a2=3282ec a3=bf992a04 items=0 ppid=24423 pid=24427 auid=3267 uid=0 gid=0 euid=3267 suid=3267 fsuid=3267 egid=3267 sgid=3267 fsgid=3267 tty=(none) comm="vssmbd" exe="/usr/sbin/vssmbd" subj=system_u:system_r:smbd_t:s0 key=(null) ++node=mary.example.com type=AVC msg=audit(1166023021.373:910): avc: denied { read } for pid=24427 comm="vssmbd" name="home" dev=dm-0 ino=9338881 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:ssh_home_t:s0 tclass=file ++node=lilly.example.com type=AVC_PATH msg=audit(1164783469.561:109): path="/linuxtest/LVT/lvt/log.current" ++node=lilly.example.com type=SYSCALL msg=audit(1164783469.561:109): arch=14 syscall=11 success=yes exit=0 a0=10120520 a1=10120a78 a2=10120970 a3=118 items=0 ppid=8310 pid=8311 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=root:system_r:smbd_t:s0 key=(null) ++node=lilly.example.com type=AVC msg=audit(1164783469.561:109): avc: denied { append } for pid=8311 comm="smbd" name="log.current" dev=dm-0 ino=130930 scontext=root:system_r:smbd_t:s0 tcontext=root:object_r:default_t:s0 tclass=dir +diff --git a/policycoreutils/audit2allow/test_audit2allow.py b/policycoreutils/audit2allow/test_audit2allow.py +new file mode 100644 +index 0000000..d7d872e +--- /dev/null ++++ b/policycoreutils/audit2allow/test_audit2allow.py +@@ -0,0 +1,46 @@ ++import unittest, os, shutil ++from tempfile import mkdtemp ++from subprocess import Popen, PIPE ++ ++class Audit2allowTests(unittest.TestCase): ++ def assertDenied(self, err): ++ self.assert_('Permission denied' in err, ++ '"Permission denied" not found in %r' % err) ++ def assertNotFound(self, err): ++ self.assert_('not found' in err, ++ '"not found" not found in %r' % err) ++ ++ def assertFailure(self, status): ++ self.assert_(status != 0, ++ '"Succeeded when it should have failed') ++ ++ def assertSuccess(self, cmd, status, err): ++ self.assert_(status == 0, ++ '"%s should have succeeded for this test %r' % (cmd, err)) ++ ++ def test_sepolgen_ifgen(self): ++ "Verify sepolgen-ifgen works" ++ p = Popen(['sudo', 'sepolgen-ifgen'], stdout = PIPE) ++ out, err = p.communicate() ++ if err: ++ print(out, err) ++ self.assertSuccess("sepolgen-ifgen", p.returncode, err) ++ ++ def test_audit2allow(self): ++ "Verify audit2allow works" ++ p = Popen(['audit2allow',"-i","test.log"], stdout = PIPE) ++ out, err = p.communicate() ++ if err: ++ print(out, err) ++ self.assertSuccess("audit2allow", p.returncode, err) ++ ++ def test_audit2why(self): ++ "Verify audit2why works" ++ p = Popen(['audit2why',"-i","test.log"], stdout = PIPE) ++ out, err = p.communicate() ++ if err: ++ print(out, err) ++ self.assertSuccess("audit2why", p.returncode, err) ++ ++if __name__ == "__main__": ++ unittest.main() +diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile +index 9d9f820..0c2b390 100644 +--- a/policycoreutils/gui/Makefile ++++ b/policycoreutils/gui/Makefile +@@ -12,7 +12,6 @@ domainsPage.py \ + fcontextPage.py \ + html_util.py \ + loginsPage.py \ +-mappingsPage.py \ + modulesPage.py \ + polgen.glade \ + portsPage.py \ diff --git a/policycoreutils/gui/booleansPage.py b/policycoreutils/gui/booleansPage.py -index eee954d..075b896 100644 +index eee954d..0c4b14b 100644 --- a/policycoreutils/gui/booleansPage.py +++ b/policycoreutils/gui/booleansPage.py -@@ -31,7 +31,7 @@ import semanagePage +@@ -18,20 +18,17 @@ + # You should have received a copy of the GNU General Public License + # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + # +-import string + import gtk + import gtk.glade +-import os + import gobject + import sys +-import tempfile + import seobject + import semanagePage + INSTALLPATH='/usr/share/system-config-selinux' sys.path.append(INSTALLPATH) @@ -11,18 +161,38 @@ index eee954d..075b896 100644 ENFORCING=0 PERMISSIVE=1 DISABLED=2 -@@ -50,8 +50,8 @@ try: +@@ -50,10 +47,8 @@ try: unicode=False, codeset = 'utf-8') except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode +- +-from glob import fnmatch + import builtins + builtins.__dict__['_'] = str - from glob import fnmatch + class Modifier: + def __init__(self,name, on, save): +@@ -103,8 +98,6 @@ class booleansPage: + self.revertButton = xml.get_widget("booleanRevertButton") + self.revertButton.set_sensitive(self.local) + self.revertButton.connect("clicked", self.on_revert_clicked) +- listStore = gtk.ListStore(gobject.TYPE_STRING) +- cell = gtk.CellRendererText() -@@ -170,16 +170,15 @@ class booleansPage: + self.store = gtk.ListStore(gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.store.set_sort_column_id(1, gtk.SORT_ASCENDING) +@@ -123,7 +116,7 @@ class booleansPage: + self.booleansView.append_column(col) + + col = gtk.TreeViewColumn("Description", gtk.CellRendererText(), text=DESC) +- col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) ++ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(400) + col.set_sort_column_id(DESC) + col.set_resizable(True) +@@ -170,16 +163,15 @@ class booleansPage: # change cursor if boolean == None: return @@ -46,7 +216,7 @@ index eee954d..075b896 100644 def filter_changed(self, *arg): filter = arg[0].get_text() -@@ -224,17 +223,25 @@ class booleansPage: +@@ -224,17 +216,25 @@ class booleansPage: self.store.set_value(iter, ACTIVE , not val) self.wait() setsebool="/usr/sbin/setsebool -P %s %d" % (key, not val) @@ -55,7 +225,7 @@ index eee954d..075b896 100644 - self.error(out) - self.load(self.filter) + try: -+ subprocess.check_output(setsebool, ++ subprocess.check_output(setsebool, + stderr=subprocess.STDOUT, + shell=True) + self.load(self.filter) @@ -69,7 +239,7 @@ index eee954d..075b896 100644 - commands.getstatusoutput(setsebool) - self.load(self.filter) + try: -+ subprocess.check_output(setsebool, ++ subprocess.check_output(setsebool, + stderr=subprocess.STDOUT, + shell=True) + self.load(self.filter) @@ -158,11 +328,14 @@ index 6af1e9a..39a4574 100644 + self.error(e.output) + self.ready() diff --git a/policycoreutils/gui/fcontextPage.py b/policycoreutils/gui/fcontextPage.py -index 131f1c2..600232e 100644 +index 131f1c2..9a34143 100644 --- a/policycoreutils/gui/fcontextPage.py +++ b/policycoreutils/gui/fcontextPage.py -@@ -21,7 +21,7 @@ import gtk.glade - import os +@@ -18,10 +18,9 @@ + ## Author: Dan Walsh + import gtk + import gtk.glade +-import os import gobject import seobject -import commands @@ -170,7 +343,7 @@ index 131f1c2..600232e 100644 from semanagePage import *; SPEC_COL = 0 -@@ -55,8 +55,8 @@ try: +@@ -55,8 +54,8 @@ try: unicode=False, codeset = 'utf-8') except IOError: @@ -181,7 +354,58 @@ index 131f1c2..600232e 100644 class fcontextPage(semanagePage): -@@ -124,7 +124,7 @@ class fcontextPage(semanagePage): +@@ -72,16 +71,16 @@ class fcontextPage(semanagePage): + self.view.set_search_equal_func(self.search) + + col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=SPEC_COL) +- col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) +- col.set_fixed_width(250) ++ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) ++ col.set_fixed_width(250) + + col.set_sort_column_id(SPEC_COL) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("Selinux\nFile Type"), gtk.CellRendererText(), text=TYPE_COL) + +- col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) +- col.set_fixed_width(250) ++ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) ++ col.set_fixed_width(250) + col.set_sort_column_id(TYPE_COL) + col.set_resizable(True) + self.view.append_column(col) +@@ -97,16 +96,16 @@ class fcontextPage(semanagePage): + liststore=self.fcontextFileTypeCombo.get_model() + for k in seobject.file_types: + if len(k) > 0 and k[0] != '-': +- iter=liststore.append() +- liststore.set_value(iter, 0, k) +- iter = liststore.get_iter_first() +- self.fcontextFileTypeCombo.set_active_iter(iter) ++ it=liststore.append() ++ liststore.set_value(it, 0, k) ++ it = liststore.get_iter_first() ++ self.fcontextFileTypeCombo.set_active_iter(it) + self.fcontextTypeEntry = xml.get_widget("fcontextTypeEntry") + self.fcontextMLSEntry = xml.get_widget("fcontextMLSEntry") + +- def match(self, fcon_dict, k, filter): ++ def match(self, fcon_dict, k, filt): + try: +- f=filter.lower() ++ f=filt.lower() + for con in k: + k=con.lower() + if k.find(f) >= 0: +@@ -119,46 +118,46 @@ class fcontextPage(semanagePage): + pass + return False + +- def load(self, filter=""): +- self.filter=filter ++ def load(self, filt=""): ++ self.filter=filt self.fcontext=seobject.fcontextRecords() self.store.clear() fcon_dict=self.fcontext.get_all(self.local) @@ -189,13 +413,66 @@ index 131f1c2..600232e 100644 + keys = list(fcon_dict.keys()) keys.sort() for k in keys: - if not self.match(fcon_dict, k, filter): -@@ -170,19 +170,18 @@ class fcontextPage(semanagePage): +- if not self.match(fcon_dict, k, filter): ++ if not self.match(fcon_dict, k, filt): + continue +- iter=self.store.append() +- self.store.set_value(iter, SPEC_COL, k[0]) +- self.store.set_value(iter, FTYPE_COL, k[1]) ++ it=self.store.append() ++ self.store.set_value(it, SPEC_COL, k[0]) ++ self.store.set_value(it, FTYPE_COL, k[1]) + if fcon_dict[k]: + rec="%s:%s" % (fcon_dict[k][2], seobject.translate(fcon_dict[k][3],False)) + else: + rec="<>" +- self.store.set_value(iter, TYPE_COL, rec) ++ self.store.set_value(it, TYPE_COL, rec) + self.view.get_selection().select_path ((0,)) + + def filter_changed(self, *arg): +- filter = arg[0].get_text() +- if filter != self.filter: +- self.load(filter) ++ filt = arg[0].get_text() ++ if filt != self.filter: ++ self.load(filt) + + def dialogInit(self): +- store, iter = self.view.get_selection().get_selected() +- self.fcontextEntry.set_text(store.get_value(iter, SPEC_COL)) ++ store, it = self.view.get_selection().get_selected() ++ self.fcontextEntry.set_text(store.get_value(it, SPEC_COL)) + self.fcontextEntry.set_sensitive(False) +- scontext = store.get_value(iter, TYPE_COL) ++ scontext = store.get_value(it, TYPE_COL) + scon=context(scontext) + self.fcontextTypeEntry.set_text(scon.type) + self.fcontextMLSEntry.set_text(scon.mls) +- type=store.get_value(iter, FTYPE_COL) ++ setype=store.get_value(it, FTYPE_COL) + liststore=self.fcontextFileTypeCombo.get_model() +- iter = liststore.get_iter_first() +- while iter != None and liststore.get_value(iter,0) != type: +- iter = liststore.iter_next(iter) +- if iter != None: +- self.fcontextFileTypeCombo.set_active_iter(iter) ++ it = liststore.get_iter_first() ++ while it != None and liststore.get_value(it,0) != setype: ++ it = liststore.iter_next(it) ++ if it != None: ++ self.fcontextFileTypeCombo.set_active_iter(it) + self.fcontextFileTypeCombo.set_sensitive(False) + + def dialogClear(self): +@@ -169,55 +168,60 @@ class fcontextPage(semanagePage): + self.fcontextMLSEntry.set_text("s0") def delete(self): - store, iter = self.view.get_selection().get_selected() -+ fspec=store.get_value(iter, SPEC_COL) -+ ftype=store.get_value(iter, FTYPE_COL) +- store, iter = self.view.get_selection().get_selected() ++ store, it = self.view.get_selection().get_selected() ++ fspec=store.get_value(it, SPEC_COL) ++ ftype=store.get_value(it, FTYPE_COL) + self.wait() try: - fspec=store.get_value(iter, SPEC_COL) @@ -206,10 +483,11 @@ index 131f1c2..600232e 100644 - - if rc != 0: - return self.error(out) -+ subprocess.check_output("semanage fcontext -d -f '%s' '%s'" % (ftype, fspec), +- store.remove(iter) ++ subprocess.check_output("semanage fcontext -d -f '%s' '%s'" % (ftype, fspec), + stderr=subprocess.STDOUT, + shell=True) - store.remove(iter) ++ store.remove(it) self.view.get_selection().select_path ((0,)) - except ValueError, e: - self.error(e.args[0]) @@ -219,7 +497,10 @@ index 131f1c2..600232e 100644 def add(self): ftype=["", "--", "-d", "-c", "-b", "-s", "-l", "-p" ] -@@ -192,17 +191,20 @@ class fcontextPage(semanagePage): + fspec=self.fcontextEntry.get_text().strip() +- type=self.fcontextTypeEntry.get_text().strip() ++ setype=self.fcontextTypeEntry.get_text().strip() + mls=self.fcontextMLSEntry.get_text().strip() list_model=self.fcontextFileTypeCombo.get_model() active = self.fcontextFileTypeCombo.get_active() self.wait() @@ -228,14 +509,14 @@ index 131f1c2..600232e 100644 - if rc != 0: - self.error(out) + try: -+ subprocess.check_output("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype[active], fspec), ++ subprocess.check_output("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (setype, mls, ftype[active], fspec), + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ iter=self.store.append() -+ self.store.set_value(iter, SPEC_COL, fspec) -+ self.store.set_value(iter, FTYPE_COL, ftype) -+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) ++ it=self.store.append() ++ self.store.set_value(it, SPEC_COL, fspec) ++ self.store.set_value(it, FTYPE_COL, ftype) ++ self.store.set_value(it, TYPE_COL, "%s:%s" % (setype, mls)) + except subprocess.CalledProcessError as e: + self.error(e.output) + self.ready() @@ -248,24 +529,28 @@ index 131f1c2..600232e 100644 - def modify(self): fspec=self.fcontextEntry.get_text().strip() - type=self.fcontextTypeEntry.get_text().strip() -@@ -211,13 +213,16 @@ class fcontextPage(semanagePage): - iter = self.fcontextFileTypeCombo.get_active_iter() - ftype=list_model.get_value(iter,0) +- type=self.fcontextTypeEntry.get_text().strip() ++ setype=self.fcontextTypeEntry.get_text().strip() + mls=self.fcontextMLSEntry.get_text().strip() + list_model=self.fcontextFileTypeCombo.get_model() +- iter = self.fcontextFileTypeCombo.get_active_iter() +- ftype=list_model.get_value(iter,0) ++ it = self.fcontextFileTypeCombo.get_active_iter() ++ ftype=list_model.get_value(it,0) self.wait() - (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec)) - self.ready() - if rc != 0: - self.error(out) + try: -+ subprocess.check_output("semanage fcontext -m -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec), ++ subprocess.check_output("semanage fcontext -m -t %s -r %s -f '%s' '%s'" % (setype, mls, ftype, fspec), + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, SPEC_COL, fspec) -+ self.store.set_value(iter, FTYPE_COL, ftype) -+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) ++ store, it = self.view.get_selection().get_selected() ++ self.store.set_value(it, SPEC_COL, fspec) ++ self.store.set_value(it, FTYPE_COL, ftype) ++ self.store.set_value(it, TYPE_COL, "%s:%s" % (setype, mls)) + except subprocess.CalledProcessError as e: + self.error(e.output) + self.ready() @@ -317,19 +602,25 @@ index 68eed76..32de37a 100644 if type(result) in [TupleType, ListType]: for item in result: diff --git a/policycoreutils/gui/loginsPage.py b/policycoreutils/gui/loginsPage.py -index ec29fd9..e52debd 100644 +index ec29fd9..8a1c0b7 100644 --- a/policycoreutils/gui/loginsPage.py +++ b/policycoreutils/gui/loginsPage.py -@@ -22,7 +22,7 @@ import gtk.glade - import os +@@ -16,13 +16,10 @@ + ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + ## Author: Dan Walsh +-import string + import gtk + import gtk.glade +-import os import gobject - import sys +-import sys -import commands +import subprocess import seobject from semanagePage import *; -@@ -39,8 +39,8 @@ try: +@@ -39,8 +36,8 @@ try: unicode=False, codeset = 'utf-8') except IOError: @@ -340,7 +631,7 @@ index ec29fd9..e52debd 100644 class loginsPage(semanagePage): def __init__(self, xml): -@@ -68,7 +68,7 @@ class loginsPage(semanagePage): +@@ -68,21 +65,21 @@ class loginsPage(semanagePage): self.filter=filter self.login = seobject.loginRecords() dict = self.login.get_all(0) @@ -349,7 +640,26 @@ index ec29fd9..e52debd 100644 keys.sort() self.store.clear() for k in keys: -@@ -92,7 +92,7 @@ class loginsPage(semanagePage): + range = seobject.translate(dict[k][1]) + if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter)): + continue +- iter = self.store.append() +- self.store.set_value(iter, 0, k) +- self.store.set_value(iter, 1, dict[k][0]) +- self.store.set_value(iter, 2, range) ++ it = self.store.append() ++ self.store.set_value(it, 0, k) ++ self.store.set_value(it, 1, dict[k][0]) ++ self.store.set_value(it, 2, range) + self.view.get_selection().select_path ((0,)) + + def __dialogSetup(self): +- if self.firstTime == True: ++ if self.firstTime: + return + self.firstTime = True + liststore = gtk.ListStore(gobject.TYPE_STRING) +@@ -92,31 +89,31 @@ class loginsPage(semanagePage): self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0) selusers = seobject.seluserRecords().get_all(0) @@ -358,7 +668,53 @@ index ec29fd9..e52debd 100644 keys.sort() for k in keys: if k != "system_u": -@@ -133,14 +133,18 @@ class loginsPage(semanagePage): + self.loginsSelinuxUserCombo.append_text(k) + +- iter = liststore.get_iter_first() +- while liststore.get_value(iter,0) != "user_u": +- iter = liststore.iter_next(iter) +- self.loginsSelinuxUserCombo.set_active_iter(iter) ++ it = liststore.get_iter_first() ++ while liststore.get_value(it,0) != "user_u": ++ it = liststore.iter_next(it) ++ self.loginsSelinuxUserCombo.set_active_iter(it) + + def dialogInit(self): + self.__dialogSetup() +- store, iter = self.view.get_selection().get_selected() +- self.loginsNameEntry.set_text(store.get_value(iter, 0)) ++ store, it = self.view.get_selection().get_selected() ++ self.loginsNameEntry.set_text(store.get_value(it, 0)) + self.loginsNameEntry.set_sensitive(False) + +- self.loginsMLSEntry.set_text(store.get_value(iter, 2)) +- seuser = store.get_value(iter, 1) ++ self.loginsMLSEntry.set_text(store.get_value(it, 2)) ++ seuser = store.get_value(it, 1) + liststore = self.loginsSelinuxUserCombo.get_model() +- iter = liststore.get_iter_first() +- while iter != None and liststore.get_value(iter,0) != seuser: +- iter = liststore.iter_next(iter) +- if iter != None: +- self.loginsSelinuxUserCombo.set_active_iter(iter) ++ it = liststore.get_iter_first() ++ while it != None and liststore.get_value(it,0) != seuser: ++ it = liststore.iter_next(it) ++ if it != None: ++ self.loginsSelinuxUserCombo.set_active_iter(it) + + + def dialogClear(self): +@@ -126,21 +123,25 @@ class loginsPage(semanagePage): + self.loginsMLSEntry.set_text("s0") + + def delete(self): +- store, iter = self.view.get_selection().get_selected() ++ store, it = self.view.get_selection().get_selected() + try: +- login=store.get_value(iter, 0) ++ login=store.get_value(it, 0) + if login == "root" or login == "__default__": raise ValueError(_("Login '%s' is required") % login) self.wait() @@ -367,11 +723,11 @@ index ec29fd9..e52debd 100644 - if rc != 0: - self.error(out) + try: -+ subprocess.check_output("semanage login -d %s" % login, ++ subprocess.check_output("semanage login -d %s" % login, + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ store.remove(iter) ++ store.remove(it) + self.view.get_selection().select_path ((0,)) + except subprocess.CalledProcessError as e: + self.ready() @@ -384,9 +740,14 @@ index ec29fd9..e52debd 100644 self.error(e.args[0]) def add(self): -@@ -152,17 +156,20 @@ class loginsPage(semanagePage): - iter = self.loginsSelinuxUserCombo.get_active_iter() - seuser = list_model.get_value(iter,0) +@@ -149,36 +150,42 @@ class loginsPage(semanagePage): + if serange == "": + serange="s0" + list_model=self.loginsSelinuxUserCombo.get_model() +- iter = self.loginsSelinuxUserCombo.get_active_iter() +- seuser = list_model.get_value(iter,0) ++ it = self.loginsSelinuxUserCombo.get_active_iter() ++ seuser = list_model.get_value(it,0) self.wait() - (rc, out) = commands.getstatusoutput("semanage login -a -s %s -r %s %s" % (seuser, serange, target)) - self.ready() @@ -397,10 +758,10 @@ index ec29fd9..e52debd 100644 + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ iter = self.store.append() -+ self.store.set_value(iter, 0, target) -+ self.store.set_value(iter, 1, seuser) -+ self.store.set_value(iter, 2, seobject.translate(serange)) ++ it = self.store.append() ++ self.store.set_value(it, 0, target) ++ self.store.set_value(it, 1, seuser) ++ self.store.set_value(it, 2, seobject.translate(serange)) + except subprocess.CalledProcessError as e: + self.error(e.output) + self.ready() @@ -414,9 +775,13 @@ index ec29fd9..e52debd 100644 def modify(self): target=self.loginsNameEntry.get_text().strip() serange=self.loginsMLSEntry.get_text().strip() -@@ -172,13 +179,16 @@ class loginsPage(semanagePage): - iter = self.loginsSelinuxUserCombo.get_active_iter() - seuser=list_model.get_value(iter,0) + if serange == "": + serange = "s0" + list_model = self.loginsSelinuxUserCombo.get_model() +- iter = self.loginsSelinuxUserCombo.get_active_iter() +- seuser=list_model.get_value(iter,0) ++ it = self.loginsSelinuxUserCombo.get_active_iter() ++ seuser=list_model.get_value(it,0) self.wait() - (rc, out) = commands.getstatusoutput("semanage login -m -s %s -r %s %s" % (seuser, serange, target)) - self.ready() @@ -427,10 +792,10 @@ index ec29fd9..e52debd 100644 + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, 0, target) -+ self.store.set_value(iter, 1, seuser) -+ self.store.set_value(iter, 2, seobject.translate(serange)) ++ store, it = self.view.get_selection().get_selected() ++ self.store.set_value(it, 0, target) ++ self.store.set_value(it, 1, seuser) ++ self.store.set_value(it, 2, seobject.translate(serange)) + except subprocess.CalledProcessError as e: + self.error(e.output) + self.ready() @@ -441,32 +806,68 @@ index ec29fd9..e52debd 100644 - self.store.set_value(iter, 1, seuser) - self.store.set_value(iter, 2, seobject.translate(serange)) diff --git a/policycoreutils/gui/mappingsPage.py b/policycoreutils/gui/mappingsPage.py -index fd0ea75..ecd95bf 100644 +deleted file mode 100644 +index fd0ea75..0000000 --- a/policycoreutils/gui/mappingsPage.py -+++ b/policycoreutils/gui/mappingsPage.py -@@ -37,8 +37,8 @@ try: - unicode=False, - codeset = 'utf-8') - except IOError: ++++ /dev/null +@@ -1,55 +0,0 @@ +-## mappingsPage.py - show selinux mappings +-## Copyright (C) 2006 Red Hat, Inc. +- +-## This program is free software; you can redistribute it and/or modify +-## it under the terms of the GNU General Public License as published by +-## the Free Software Foundation; either version 2 of the License, or +-## (at your option) any later version. +- +-## This program is distributed in the hope that it will be useful, +-## but WITHOUT ANY WARRANTY; without even the implied warranty of +-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-## GNU General Public License for more details. +- +-## You should have received a copy of the GNU General Public License +-## along with this program; if not, write to the Free Software +-## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +- +-## Author: Dan Walsh +-import string +-import gtk +-import gtk.glade +-import os +-import gobject +-import sys +-import seobject +- +-## +-## I18N +-## +-PROGNAME="policycoreutils" +-import gettext +-gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +-gettext.textdomain(PROGNAME) +-try: +- gettext.install(PROGNAME, +- localedir="/usr/share/locale", +- unicode=False, +- codeset = 'utf-8') +-except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode -+ import builtins -+ builtins.__dict__['_'] = str - - class loginsPage: - def __init__(self, xml): -@@ -49,7 +49,7 @@ class loginsPage: - self.view.set_model(self.store) - self.login = loginRecords() - dict = self.login.get_all(0) +- +-class loginsPage: +- def __init__(self, xml): +- self.xml = xml +- self.view = xml.get_widget("mappingsView") +- self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) +- self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) +- self.view.set_model(self.store) +- self.login = loginRecords() +- dict = self.login.get_all(0) - keys = dict.keys() -+ keys = list(dict.keys()) - keys.sort() - for k in keys: +- keys.sort() +- for k in keys: - print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) -+ print("%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))) diff --git a/policycoreutils/gui/modulesPage.py b/policycoreutils/gui/modulesPage.py -index 9ff0766..20f64b5 100644 +index 9ff0766..a52863e 100644 --- a/policycoreutils/gui/modulesPage.py +++ b/policycoreutils/gui/modulesPage.py @@ -20,7 +20,7 @@ import string @@ -489,6 +890,33 @@ index 9ff0766..20f64b5 100644 class modulesPage(semanagePage): def __init__(self, xml): +@@ -85,8 +85,8 @@ class modulesPage(semanagePage): + except: + return 0 + +- def load(self, filter=""): +- self.filter=filter ++ def load(self, filt=""): ++ self.filter=filt + self.store.clear() + try: + fd = Popen("semodule -l", shell=True, stdout=PIPE).stdout +@@ -94,11 +94,11 @@ class modulesPage(semanagePage): + fd.close() + for i in l: + module, ver, newline = i.split('\t') +- if not (self.match(module, filter) or self.match(ver, filter)): ++ if not (self.match(module, filt) or self.match(ver, filt)): + continue +- iter = self.store.append() +- self.store.set_value(iter, 0, module.strip()) +- self.store.set_value(iter, 1, ver.strip()) ++ it = self.store.append() ++ self.store.set_value(it, 0, module.strip()) ++ self.store.set_value(it, 1, ver.strip()) + except: + pass + self.view.get_selection().select_path ((0,)) @@ -107,53 +107,51 @@ class modulesPage(semanagePage): def new_module(self, args): try: @@ -498,8 +926,10 @@ index 9ff0766..20f64b5 100644 self.error(e.args[0]) def delete(self): - store, iter = self.view.get_selection().get_selected() - module = store.get_value(iter, 0) +- store, iter = self.view.get_selection().get_selected() +- module = store.get_value(iter, 0) ++ store, it = self.view.get_selection().get_selected() ++ module = store.get_value(it, 0) + self.wait() try: - self.wait() @@ -516,7 +946,7 @@ index 9ff0766..20f64b5 100644 + subprocess.check_output("semodule -r %s" % module, + stderr=subprocess.STDOUT, + shell=True) -+ store.remove(iter) ++ store.remove(it) + self.view.get_selection().select_path ((0,)) + except subprocess.CalledProcessError as e: + self.error(e.output) @@ -526,10 +956,10 @@ index 9ff0766..20f64b5 100644 self.audit_enabled = not self.audit_enabled + if self.audit_enabled: + cmd = "semodule -DB" -+ label = _("Disable Audit")) ++ label = _("Disable Audit") + else: + cmd = "semodule -B" -+ label = _("Enable Audit")) ++ label = _("Enable Audit") + self.wait() try: - self.wait() @@ -575,7 +1005,22 @@ index 9ff0766..20f64b5 100644 def propertiesDialog(self): # Do nothing -@@ -178,14 +176,14 @@ class modulesPage(semanagePage): +@@ -167,10 +165,10 @@ class modulesPage(semanagePage): + gtk.STOCK_OPEN, gtk.RESPONSE_OK)) + dialog.set_default_response(gtk.RESPONSE_OK) + +- filter = gtk.FileFilter() +- filter.set_name("Policy Files") +- filter.add_pattern("*.pp") +- dialog.add_filter(filter) ++ filt = gtk.FileFilter() ++ filt.set_name("Policy Files") ++ filt.add_pattern("*.pp") ++ dialog.add_filter(filt) + + response = dialog.run() + if response == gtk.RESPONSE_OK: +@@ -178,14 +176,13 @@ class modulesPage(semanagePage): dialog.destroy() def add(self, file): @@ -599,7 +1044,6 @@ index 9ff0766..20f64b5 100644 + except subprocess.CalledProcessError as e: + self.error(e.output) + self.ready() -+ diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py index 0f0e564..ab2b9c5 100644 --- a/policycoreutils/gui/polgengui.py @@ -726,19 +1170,26 @@ index 0f0e564..ab2b9c5 100644 self.store.set_value(iter, 0, f) self.store.set_value(iter, 1, DIR) diff --git a/policycoreutils/gui/portsPage.py b/policycoreutils/gui/portsPage.py -index bfb4e36..e85e807 100644 +index bfb4e36..e6c87c5 100644 --- a/policycoreutils/gui/portsPage.py +++ b/policycoreutils/gui/portsPage.py -@@ -23,7 +23,7 @@ import os +@@ -16,14 +16,11 @@ + ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + ## Author: Dan Walsh +-import string + import gtk + import gtk.glade +-import os import gobject - import sys +-import sys import seobject -import commands +import subprocess from semanagePage import *; ## -@@ -43,8 +43,8 @@ try: +@@ -43,8 +40,8 @@ try: unicode=False, codeset = 'utf-8') except IOError: @@ -749,40 +1200,151 @@ index bfb4e36..e85e807 100644 class portsPage(semanagePage): def __init__(self, xml): -@@ -120,7 +120,7 @@ class portsPage(semanagePage): - self.filter=filter +@@ -62,19 +59,19 @@ class portsPage(semanagePage): + self.ports_properties_button = xml.get_widget("portsPropertiesButton") + self.ports_delete_button = xml.get_widget("portsDeleteButton") + liststore = self.ports_protocol_combo.get_model() +- iter = liststore.get_iter_first() +- self.ports_protocol_combo.set_active_iter(iter) ++ it = liststore.get_iter_first() ++ self.ports_protocol_combo.set_active_iter(it) + self.init_store() + self.edit = True + self.load() + + def filter_changed(self, *arg): +- filter = arg[0].get_text() +- if filter != self.filter: ++ filt = arg[0].get_text() ++ if filt != self.filter: + if self.edit: +- self.load(filter) ++ self.load(filt) + else: +- self.group_load(filter) ++ self.group_load(filt) + + def init_store(self): + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING , gobject.TYPE_STRING) +@@ -116,43 +113,43 @@ class portsPage(semanagePage): + except: + return 0 + +- def load(self,filter = ""): +- self.filter=filter ++ def load(self,filt = ""): ++ self.filter=filt self.port = seobject.portRecords() - dict = self.port.get_all(self.local) +- dict = self.port.get_all(self.local) - keys = dict.keys() -+ keys = list(dict.keys()) ++ pdict = self.port.get_all(self.local) ++ keys = list(pdict.keys()) keys.sort() self.store.clear() for k in keys: -@@ -141,7 +141,7 @@ class portsPage(semanagePage): - self.filter=filter +- if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(k[2], filter) or self.match(dict[k][1], filter) or self.match(dict[k][1], filter)): ++ if not (self.match(str(k[0]), filt) or self.match(pdict[k][0], filt) or self.match(k[2], filt) or self.match(pdict[k][1], filt) or self.match(pdict[k][1], filt)): + continue +- iter = self.store.append() ++ it = self.store.append() + if k[0] == k[1]: +- self.store.set_value(iter, PORT_COL, k[0]) ++ self.store.set_value(it, PORT_COL, k[0]) + else: + rec = "%s-%s" % k[:2] +- self.store.set_value(iter, PORT_COL, rec) +- self.store.set_value(iter, TYPE_COL, dict[k][0]) +- self.store.set_value(iter, PROTOCOL_COL, k[2]) +- self.store.set_value(iter, MLS_COL, dict[k][1]) ++ self.store.set_value(it, PORT_COL, rec) ++ self.store.set_value(it, TYPE_COL, pdict[k][0]) ++ self.store.set_value(it, PROTOCOL_COL, k[2]) ++ self.store.set_value(it, MLS_COL, pdict[k][1]) + self.view.get_selection().select_path ((0,)) + +- def group_load(self, filter = ""): +- self.filter=filter ++ def group_load(self, filt = ""): ++ self.filter=filt self.port = seobject.portRecords() - dict = self.port.get_all_by_type(self.local) +- dict = self.port.get_all_by_type(self.local) - keys = dict.keys() -+ keys = list(dict.keys()) ++ pdict = self.port.get_all_by_type(self.local) ++ keys = list(pdict.keys()) keys.sort() self.store.clear() for k in keys: -@@ -185,16 +185,17 @@ class portsPage(semanagePage): - store, iter = self.view.get_selection().get_selected() - port = store.get_value(iter, PORT_COL) - protocol = store.get_value(iter, 1) +- ports_string = ", ".join(dict[k]) +- if not (self.match(ports_string, filter) or self.match(k[0], filter) or self.match(k[1], filter) ): ++ ports_string = ", ".join(pdict[k]) ++ if not (self.match(ports_string, filt) or self.match(k[0], filt) or self.match(k[1], filt) ): + continue +- iter = self.store.append() +- self.store.set_value(iter, TYPE_COL, k[0]) +- self.store.set_value(iter, PROTOCOL_COL, k[1]) +- self.store.set_value(iter, PORT_COL, ports_string) +- self.store.set_value(iter, MLS_COL, "") ++ it = self.store.append() ++ self.store.set_value(it, TYPE_COL, k[0]) ++ self.store.set_value(it, PROTOCOL_COL, k[1]) ++ self.store.set_value(it, PORT_COL, ports_string) ++ self.store.set_value(it, MLS_COL, "") + self.view.get_selection().select_path ((0,)) + + def propertiesDialog(self): +@@ -160,19 +157,19 @@ class portsPage(semanagePage): + semanagePage.propertiesDialog(self) + + def dialogInit(self): +- store, iter = self.view.get_selection().get_selected() +- self.ports_number_entry.set_text(store.get_value(iter, PORT_COL)) ++ store, it = self.view.get_selection().get_selected() ++ self.ports_number_entry.set_text(store.get_value(it, PORT_COL)) + self.ports_number_entry.set_sensitive(False) + self.ports_protocol_combo.set_sensitive(False) +- self.ports_name_entry.set_text(store.get_value(iter, TYPE_COL)) +- self.ports_mls_entry.set_text(store.get_value(iter, MLS_COL)) +- protocol = store.get_value(iter, PROTOCOL_COL) ++ self.ports_name_entry.set_text(store.get_value(it, TYPE_COL)) ++ self.ports_mls_entry.set_text(store.get_value(it, MLS_COL)) ++ protocol = store.get_value(it, PROTOCOL_COL) + liststore = self.ports_protocol_combo.get_model() +- iter = liststore.get_iter_first() +- while iter != None and liststore.get_value(iter,0) != protocol: +- iter = liststore.iter_next(iter) +- if iter != None: +- self.ports_protocol_combo.set_active_iter(iter) ++ it = liststore.get_iter_first() ++ while it != None and liststore.get_value(it,0) != protocol: ++ it = liststore.iter_next(it) ++ if it != None: ++ self.ports_protocol_combo.set_active_iter(it) + + def dialogClear(self): + self.ports_number_entry.set_text("") +@@ -182,19 +179,20 @@ class portsPage(semanagePage): + self.ports_mls_entry.set_text("s0") + + def delete(self): +- store, iter = self.view.get_selection().get_selected() +- port = store.get_value(iter, PORT_COL) +- protocol = store.get_value(iter, 1) ++ store, it = self.view.get_selection().get_selected() ++ port = store.get_value(it, PORT_COL) ++ protocol = store.get_value(it, 1) + self.wait() -+ cmd = "semanage port -d -p %s %s" % (protocol, port)) ++ cmd = "semanage port -d -p %s %s" % (protocol, port) try: - self.wait() - (rc, out) = commands.getstatusoutput("semanage port -d -p %s %s" % (protocol, port)) - self.ready() - if rc != 0: - return self.error(out) +- store.remove(iter) + subprocess.check_output(cmd, + stderr=subprocess.STDOUT, + shell=True) - store.remove(iter) ++ store.remove(it) self.view.get_selection().select_path ((0,)) - except ValueError, e: - self.error(e.args[0]) @@ -792,40 +1354,48 @@ index bfb4e36..e85e807 100644 def add(self): target = self.ports_name_entry.get_text().strip() -@@ -210,17 +211,20 @@ class portsPage(semanagePage): - iter = self.ports_protocol_combo.get_active_iter() - protocol = list_model.get_value(iter,0) +@@ -207,39 +205,47 @@ class portsPage(semanagePage): + self.error(_("Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 ") % port_number ) + return False + list_model = self.ports_protocol_combo.get_model() +- iter = self.ports_protocol_combo.get_active_iter() +- protocol = list_model.get_value(iter,0) ++ it = self.ports_protocol_combo.get_active_iter() ++ protocol = list_model.get_value(it,0) self.wait() - (rc, out) = commands.getstatusoutput("semanage port -a -p %s -r %s -t %s %s" % (protocol, mls, target, port_number)) -- self.ready() ++ cmd = "semanage port -a -p %s -r %s -t %s %s" % (protocol, mls, target, port_number) ++ try: ++ subprocess.check_output(cmd, ++ stderr=subprocess.STDOUT, ++ shell=True) ++ it = self.store.append() ++ self.store.set_value(it, TYPE_COL, target) ++ self.store.set_value(it, PORT_COL, port_number) ++ self.store.set_value(it, PROTOCOL_COL, protocol) ++ self.store.set_value(it, MLS_COL, mls) ++ except subprocess.CalledProcessError as e: ++ self.error(e.output) + self.ready() - if rc != 0: - self.error(out) - return False - iter = self.store.append() -+ cmd = "semanage port -a -p %s -r %s -t %s %s" % (protocol, mls, target, port_number) -+ try: -+ output = subprocess.check_output(cmd, -+ stderr=subprocess.STDOUT, -+ shell=True) -+ iter = self.store.append() - +- - self.store.set_value(iter, TYPE_COL, target) - self.store.set_value(iter, PORT_COL, port_number) - self.store.set_value(iter, PROTOCOL_COL, protocol) - self.store.set_value(iter, MLS_COL, mls) -+ self.store.set_value(iter, TYPE_COL, target) -+ self.store.set_value(iter, PORT_COL, port_number) -+ self.store.set_value(iter, PROTOCOL_COL, protocol) -+ self.store.set_value(iter, MLS_COL, mls) -+ except subprocess.CalledProcessError as e: -+ self.error(e.output) -+ self.ready() def modify(self): target = self.ports_name_entry.get_text().strip() -@@ -230,16 +234,22 @@ class portsPage(semanagePage): - iter = self.ports_protocol_combo.get_active_iter() - protocol = list_model.get_value(iter,0) + mls = self.ports_mls_entry.get_text().strip() + port_number = self.ports_number_entry.get_text().strip() + list_model = self.ports_protocol_combo.get_model() +- iter = self.ports_protocol_combo.get_active_iter() +- protocol = list_model.get_value(iter,0) ++ it = self.ports_protocol_combo.get_active_iter() ++ protocol = list_model.get_value(it,0) self.wait() - (rc, out) = commands.getstatusoutput("semanage port -m -p %s -r %s -t %s %s" % (protocol, mls, target, port_number)) - self.ready() @@ -836,11 +1406,11 @@ index bfb4e36..e85e807 100644 + subprocess.check_output(cmd, + stderr=subprocess.STDOUT, + shell=True) -+ store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, TYPE_COL, target) -+ self.store.set_value(iter, PORT_COL, port_number) -+ self.store.set_value(iter, PROTOCOL_COL, protocol) -+ self.store.set_value(iter, MLS_COL, mls) ++ store, it = self.view.get_selection().get_selected() ++ self.store.set_value(it, TYPE_COL, target) ++ self.store.set_value(it, PORT_COL, port_number) ++ self.store.set_value(it, PROTOCOL_COL, protocol) ++ self.store.set_value(it, MLS_COL, mls) + self.ready() + return True + except subprocess.CalledProcessError as e: @@ -865,7 +1435,7 @@ index 0c2f399..bbcb18f 100644 X-Desktop-File-Install-Version=0.2 -Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/semanagePage.py b/policycoreutils/gui/semanagePage.py -index 3a0e478..342ecb2 100644 +index 3a0e478..040a4f8 100644 --- a/policycoreutils/gui/semanagePage.py +++ b/policycoreutils/gui/semanagePage.py @@ -37,8 +37,8 @@ try: @@ -879,8 +1449,65 @@ index 3a0e478..342ecb2 100644 def idle_func(): while gtk.events_pending(): -@@ -139,7 +139,7 @@ class semanagePage: - if self.add() == False: +@@ -77,9 +77,9 @@ class semanagePage: + return + + def filter_changed(self, *arg): +- filter = arg[0].get_text() +- if filter != self.filter: +- self.load(filter) ++ filt = arg[0].get_text() ++ if filt != self.filter: ++ self.load(filt) + + def search(self, model, col, key, i): + sort_col = self.store.get_sort_column_id()[0] +@@ -122,13 +122,37 @@ class semanagePage: + dlg.destroy() + + def deleteDialog(self): +- store, iter = self.view.get_selection().get_selected() +- if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(iter, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES: ++ store, it = self.view.get_selection().get_selected() ++ if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(it, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES: + self.delete() + + def use_menus(self): + return True + ++ def load(self, filt): ++ raise RuntimeError("load method not implemented in parent class"); ++ ++ def filter(self): ++ raise RuntimeError("filter method not implemented in parent class"); ++ ++ def store(self): ++ raise RuntimeError("store method not implemented in parent class"); ++ ++ def add(self): ++ raise RuntimeError("add method not implemented"); ++ ++ def modify(self): ++ raise RuntimeError("modify method not implemented"); ++ ++ def delete(self): ++ raise RuntimeError("delete method not implemented"); ++ ++ def dialogInit(self): ++ raise RuntimeError("dialogInit method not implemented"); ++ ++ def dialogClear(self): ++ raise RuntimeError("dialogClear method not implemented"); ++ + def addDialog(self): + self.dialogClear() + self.dialog.set_title(_("Add %s" % self.description)) +@@ -136,10 +160,10 @@ class semanagePage: + + while self.dialog.run() == gtk.RESPONSE_OK: + try: +- if self.add() == False: ++ if not self.add(): continue break; - except ValueError, e: @@ -888,8 +1515,12 @@ index 3a0e478..342ecb2 100644 self.error(e.args[0]) self.dialog.hide() -@@ -152,7 +152,7 @@ class semanagePage: - if self.modify() == False: +@@ -149,10 +173,10 @@ class semanagePage: + self.dialog.set_position(gtk.WIN_POS_MOUSE) + while self.dialog.run() == gtk.RESPONSE_OK: + try: +- if self.modify() == False: ++ if not self.modify(): continue break; - except ValueError, e: @@ -898,32 +1529,89 @@ index 3a0e478..342ecb2 100644 self.dialog.hide() diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py -index 02685f2..8ee96b8 100644 +index 02685f2..6510d2a 100644 --- a/policycoreutils/gui/statusPage.py +++ b/policycoreutils/gui/statusPage.py -@@ -27,7 +27,7 @@ import tempfile +@@ -16,18 +16,14 @@ + ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + ## Author: Dan Walsh +-import string + import gtk + import gtk.glade + import os +-import gobject + import sys +-import tempfile + INSTALLPATH = '/usr/share/system-config-selinux' sys.path.append(INSTALLPATH) -import commands -+import subprocess ENFORCING = 1 PERMISSIVE = 0 DISABLED = -1 -@@ -45,10 +45,10 @@ gettext.bindtextdomain(PROGNAME, "/usr/share/locale") - gettext.textdomain(PROGNAME) - import selinux +@@ -47,8 +43,8 @@ import selinux try: -- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) -+ gettext.install(PROGNAME, localedir="/usr/share/locale", str=1) + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode + import builtins -+ builtins.__dict__['_'] = str ++ builtins.__dict__['_'] = unicode class statusPage: def __init__(self, xml): +@@ -127,21 +123,21 @@ class statusPage: + return rc + + def typemenu_changed(self, menu): +- type = self.get_type() ++ setype = self.get_type() + enabled = self.enabledOptionMenu.get_active() +- if self.initialtype != type: ++ if self.initialtype != setype: + if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: + menu.set_active(self.typeHistory) + return None + + self.relabel_checkbutton.set_active(True) + +- self.write_selinux_config(modearray[enabled], type ) ++ self.write_selinux_config(modearray[enabled], setype ) + self.typeHistory = menu.get_active() + + def enabled_changed(self, combo): + enabled = combo.get_active() +- type = self.get_type() ++ setype = self.get_type() + + if self.initEnabled != DISABLED and enabled == DISABLED: + if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot Do you wish to continue?")) == gtk.RESPONSE_NO: +@@ -154,11 +150,11 @@ class statusPage: + return None + self.relabel_checkbutton.set_active(True) + +- self.write_selinux_config(modearray[enabled], type ) ++ self.write_selinux_config(modearray[enabled], setype ) + self.enabled = enabled + +- def write_selinux_config(self, enforcing, type): +- path = selinux.selinux_path() + "config" ++ def write_selinux_config(self, enforcing, setype): ++ path = selinux.selinux_path() + "config" + backup_path = path + ".bck" + fd = open(path) + lines = fd.readlines() +@@ -169,7 +165,7 @@ class statusPage: + fd.write("SELINUX=%s\n" % enforcing) + continue + if l.startswith("SELINUXTYPE="): +- fd.write("SELINUXTYPE=%s\n" % type) ++ fd.write("SELINUXTYPE=%s\n" % setype) + continue + fd.write(l) + fd.close() diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop index 8822ce2..befdb23 100644 --- a/policycoreutils/gui/system-config-selinux.desktop @@ -971,59 +1659,108 @@ index bc3027e..9482fa5 100644 xml.signal_connect("on_quit_activate", self.destroy) diff --git a/policycoreutils/gui/usersPage.py b/policycoreutils/gui/usersPage.py -index 93804ac..6fcf70d 100644 +index 93804ac..1451903 100644 --- a/policycoreutils/gui/usersPage.py +++ b/policycoreutils/gui/usersPage.py -@@ -22,7 +22,7 @@ import gtk.glade - import os +@@ -16,13 +16,10 @@ + ## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + ## Author: Dan Walsh +-import string + import gtk + import gtk.glade +-import os import gobject - import sys +-import sys -import commands +import subprocess import seobject from semanagePage import *; -@@ -34,10 +34,10 @@ import gettext - gettext.bindtextdomain(PROGNAME, "/usr/share/locale") - gettext.textdomain(PROGNAME) +@@ -36,8 +33,8 @@ gettext.textdomain(PROGNAME) try: -- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) -+ gettext.install(PROGNAME, localedir="/usr/share/locale", str=1) + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode + import builtins -+ builtins.__dict__['_'] = str ++ builtins.__dict__['_'] = unicode class usersPage(semanagePage): def __init__(self, xml): -@@ -69,7 +69,7 @@ class usersPage(semanagePage): - self.filter=filter +@@ -65,34 +62,30 @@ class usersPage(semanagePage): + self.mlsRangeEntry = xml.get_widget("mlsRangeEntry") + self.selinuxRolesEntry = xml.get_widget("selinuxRolesEntry") + +- def load(self, filter = ""): +- self.filter=filter ++ def load(self, filt = ""): ++ self.filter=filt self.user = seobject.seluserRecords() - dict = self.user.get_all() +- dict = self.user.get_all() - keys = dict.keys() -+ keys = list(dict.keys()) ++ udict = self.user.get_all() ++ keys = list(udict.keys()) keys.sort() self.store.clear() for k in keys: -@@ -106,15 +106,19 @@ class usersPage(semanagePage): +- range = seobject.translate(dict[k][2]) +- if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter) or self.match(dict[k][3], filter)): ++ serange = seobject.translate(udict[k][2]) ++ if not (self.match(k, filt) or self.match(udict[k][0], filter) or self.match(serange, filt) or self.match(udict[k][3], filt)): + continue + +- iter = self.store.append() +- self.store.set_value(iter, 0, k) +- self.store.set_value(iter, 1, range) +- self.store.set_value(iter, 2, dict[k][3]) ++ it = self.store.append() ++ self.store.set_value(it, 0, k) ++ self.store.set_value(it, 1, serange) ++ self.store.set_value(it, 2, udict[k][3]) + self.view.get_selection().select_path ((0,)) + +- def delete(self): +- if semanagePage.delete(self) == gtk.RESPONSE_NO: +- return None +- + def dialogInit(self): +- store, iter = self.view.get_selection().get_selected() +- self.selinuxUserEntry.set_text(store.get_value(iter, 0)) ++ store, it = self.view.get_selection().get_selected() ++ self.selinuxUserEntry.set_text(store.get_value(it, 0)) + self.selinuxUserEntry.set_sensitive(False) +- self.mlsRangeEntry.set_text(store.get_value(iter, 1)) +- self.selinuxRolesEntry.set_text(store.get_value(iter, 2)) ++ self.mlsRangeEntry.set_text(store.get_value(it, 1)) ++ self.selinuxRolesEntry.set_text(store.get_value(it, 2)) + + def dialogClear(self): + self.selinuxUserEntry.set_text("") +@@ -102,48 +95,62 @@ class usersPage(semanagePage): + + def add(self): + user = self.selinuxUserEntry.get_text() +- range = self.mlsRangeEntry.get_text() ++ serange = self.mlsRangeEntry.get_text() roles = self.selinuxRolesEntry.get_text() self.wait() - (rc, out) = commands.getstatusoutput("semanage user -a -R '%s' -r %s %s" % (roles, range, user)) - self.ready() - if rc != 0: +- self.error(out) + try: -+ subprocess.check_output("semanage user -a -R '%s' -r %s %s" % (roles, range, user), ++ subprocess.check_output("semanage user -a -R '%s' -r %s %s" % (roles, serange, user), + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ iter = self.store.append() -+ self.store.set_value(iter, 0, user) -+ self.store.set_value(iter, 1, range) -+ self.store.set_value(iter, 2, roles) -+ except: - self.error(out) ++ it = self.store.append() ++ self.store.set_value(it, 0, user) ++ self.store.set_value(it, 1, serange) ++ self.store.set_value(it, 2, roles) ++ except subprocess.CalledProcessError as e: ++ self.error(e.output) + self.ready() return False - iter = self.store.append() @@ -1033,7 +1770,8 @@ index 93804ac..6fcf70d 100644 def modify(self): user = self.selinuxUserEntry.get_text() -@@ -122,13 +126,18 @@ class usersPage(semanagePage): +- range = self.mlsRangeEntry.get_text() ++ serange = self.mlsRangeEntry.get_text() roles = self.selinuxRolesEntry.get_text() self.wait() @@ -1042,7 +1780,7 @@ index 93804ac..6fcf70d 100644 - - if rc != 0: - self.error(out) -+ cmd = "semanage user -m -R '%s' -r %s %s" % (roles, range, user) ++ cmd = "semanage user -m -R '%s' -r %s %s" % (roles, serange, user) + try: + subprocess.check_output(cmd, + stderr=subprocess.STDOUT, @@ -1057,8 +1795,12 @@ index 93804ac..6fcf70d 100644 + return True def delete(self): - store, iter = self.view.get_selection().get_selected() -@@ -138,12 +147,17 @@ class usersPage(semanagePage): +- store, iter = self.view.get_selection().get_selected() ++ store, it = self.view.get_selection().get_selected() + try: +- user=store.get_value(iter, 0) ++ user=store.get_value(it, 0) + if user == "root" or user == "user_u": raise ValueError(_("SELinux user '%s' is required") % user) self.wait() @@ -1072,7 +1814,7 @@ index 93804ac..6fcf70d 100644 + stderr=subprocess.STDOUT, + shell=True) + self.ready() -+ store.remove(iter) ++ store.remove(it) + self.view.get_selection().select_path ((0,)) + except subprocess.CalledProcessError as e: + self.error(e.output) @@ -252531,6 +253273,150 @@ index fb5a24c..3668abe 100644 if self.__options.setype: self.setype = self.__options.setype +diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile +new file mode 100644 +index 0000000..e15a877 +--- /dev/null ++++ b/policycoreutils/semanage/default_encoding/Makefile +@@ -0,0 +1,8 @@ ++all: ++ LDFLAGS="" python setup.py build ++ ++install: all ++ LDFLAGS="" python setup.py install --root=$(DESTDIR)/ ++ ++clean: ++ rm -rf build *~ +diff --git a/policycoreutils/semanage/default_encoding/default_encoding.c b/policycoreutils/semanage/default_encoding/default_encoding.c +new file mode 100644 +index 0000000..023b8f4 +--- /dev/null ++++ b/policycoreutils/semanage/default_encoding/default_encoding.c +@@ -0,0 +1,57 @@ ++/* ++ * Authors: ++ * John Dennis ++ * ++ * Copyright (C) 2009 Red Hat ++ * see file 'COPYING' for use and warranty information ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ */ ++ ++#include ++ ++PyDoc_STRVAR(setdefaultencoding_doc, ++"setdefaultencoding(encoding='utf-8')\n\ ++\n\ ++Set the current default string encoding used by the Unicode implementation.\n\ ++Defaults to utf-8." ++); ++ ++static PyObject * ++setdefaultencoding(PyObject *self, PyObject *args, PyObject *kwds) ++{ ++ static char *kwlist[] = {"utf-8", NULL}; ++ char *encoding; ++ ++ if (!PyArg_ParseTupleAndKeywords(args, kwds, "s:setdefaultencoding", kwlist, &encoding)) ++ return NULL; ++ ++ if (PyUnicode_SetDefaultEncoding(encoding)) ++ return NULL; ++ ++ Py_RETURN_NONE; ++} ++ ++static PyMethodDef methods[] = { ++ {"setdefaultencoding", (PyCFunction)setdefaultencoding, METH_VARARGS|METH_KEYWORDS, setdefaultencoding_doc}, ++ {NULL, NULL} /* sentinel */ ++}; ++ ++ ++PyMODINIT_FUNC ++initdefault_encoding_utf8(void) ++{ ++ PyUnicode_SetDefaultEncoding("utf-8"); ++ Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8"); ++} +diff --git a/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py +new file mode 100644 +index 0000000..ccb6b8b +--- /dev/null ++++ b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py +@@ -0,0 +1,17 @@ ++# ++# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# +diff --git a/policycoreutils/semanage/default_encoding/setup.py b/policycoreutils/semanage/default_encoding/setup.py +new file mode 100644 +index 0000000..e2befdb +--- /dev/null ++++ b/policycoreutils/semanage/default_encoding/setup.py +@@ -0,0 +1,38 @@ ++# Authors: ++# John Dennis ++# ++# Copyright (C) 2009 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ ++from distutils.core import setup, Extension ++ ++default_encoding_utf8 = Extension('policycoreutils.default_encoding_utf8', ['default_encoding.c']) ++ ++setup(name = 'policycoreutils-default-encoding', ++ version = '0.1', ++ description = 'Forces the default encoding in Python to be utf-8', ++ long_description = 'Forces the default encoding in Python to be utf-8', ++ author = 'John Dennis', ++ author_email = 'jdennis@redhat.com', ++ maintainer = 'John Dennis', ++ maintainer_email = 'jdennis@redhat.com', ++ license = 'GPLv3+', ++ platforms = 'posix', ++ url = '', ++ download_url = '', ++ ext_modules = [default_encoding_utf8], ++ packages=["policycoreutils"], ++) diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage index bd6c526..9204622 100644 --- a/policycoreutils/semanage/semanage @@ -257370,13 +258256,15 @@ index 9b9a09a..ec3e67e 100755 return tlist diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py -index 15366c3..b3e2557 100644 +index 15366c3..bd7af36 100644 --- a/policycoreutils/sepolicy/sepolicy/generate.py +++ b/policycoreutils/sepolicy/sepolicy/generate.py -@@ -28,21 +28,21 @@ from sepolicy import get_all_types, get_all_attributes, get_all_roles +@@ -26,23 +26,22 @@ import re + import sepolicy + from sepolicy import get_all_types, get_all_attributes, get_all_roles import time - import yum - +-import yum +- -from templates import executable -from templates import boolean -from templates import etc_rw @@ -257392,6 +258280,7 @@ index 15366c3..b3e2557 100644 -from templates import script -from templates import spec -from templates import user ++ +from .templates import executable +from .templates import boolean +from .templates import etc_rw @@ -257410,7 +258299,7 @@ index 15366c3..b3e2557 100644 import sepolgen.interfaces as interfaces import sepolgen.defaults as defaults -@@ -57,11 +57,11 @@ gettext.textdomain(PROGNAME) +@@ -57,11 +56,11 @@ gettext.textdomain(PROGNAME) try: gettext.install(PROGNAME, localedir="/usr/share/locale", @@ -257425,7 +258314,7 @@ index 15366c3..b3e2557 100644 def get_rpm_nvr_from_header(hdr): 'Given an RPM header return the package NVR as a string' -@@ -83,7 +83,7 @@ def get_rpm_nvr_list(package): +@@ -83,7 +82,7 @@ def get_rpm_nvr_list(package): nvr = get_rpm_nvr_from_header(h) break except: @@ -257434,7 +258323,7 @@ index 15366c3..b3e2557 100644 nvr = None return nvr -@@ -99,7 +99,7 @@ def get_all_ports(): +@@ -99,7 +98,7 @@ def get_all_ports(): return dict def get_all_users(): @@ -257443,7 +258332,7 @@ index 15366c3..b3e2557 100644 users.remove("system_u") users.remove("root") users.sort() -@@ -142,13 +142,13 @@ poltype[RUSER] = _("Confined Root Administrator Role") +@@ -142,13 +141,13 @@ poltype[RUSER] = _("Confined Root Administrator Role") poltype[NEWTYPE] = _("Module information for a new type") def get_poltype_desc(): @@ -257459,7 +258348,7 @@ index 15366c3..b3e2557 100644 APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ] USERS = [ XUSER, TUSER, LUSER, AUSER, RUSER] -@@ -182,7 +182,7 @@ def verify_ports(ports): +@@ -182,7 +181,7 @@ def verify_ports(ports): class policy: @@ -257468,7 +258357,7 @@ index 15366c3..b3e2557 100644 self.rpms = [] self.ports = [] self.all_roles = get_all_roles() -@@ -191,14 +191,14 @@ class policy: +@@ -191,14 +190,14 @@ class policy: if type not in poltype: raise ValueError(_("You must enter a valid policy type")) @@ -257488,7 +258377,7 @@ index 15366c3..b3e2557 100644 self.symbols = {} self.symbols["openlog"] = "set_use_kerberos(True)" -@@ -290,32 +290,32 @@ class policy: +@@ -290,32 +289,32 @@ class policy: self.symbols["audit_control"] = "add_capability('audit_control')" self.symbols["setfcap"] = "add_capability('setfcap')" @@ -257544,7 +258433,7 @@ index 15366c3..b3e2557 100644 ( self.generate_daemon_types, self.generate_daemon_rules), \ ( self.generate_dbusd_types, self.generate_dbusd_rules), \ ( self.generate_inetd_types, self.generate_inetd_rules), \ -@@ -332,47 +332,47 @@ class policy: +@@ -332,47 +331,47 @@ class policy: if not re.match(r"^[a-zA-Z0-9-_]+$", name): raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) @@ -257623,7 +258512,7 @@ index 15366c3..b3e2557 100644 self.roles = [] def __isnetset(self, l): -@@ -415,162 +415,162 @@ class policy: +@@ -415,162 +414,162 @@ class policy: return self.use_tcp() or self.use_udp() def find_port(self, port, protocol="tcp"): @@ -257848,7 +258737,7 @@ index 15366c3..b3e2557 100644 newte ="" if self.use_mail: newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules) -@@ -590,7 +590,7 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -590,7 +589,7 @@ allow %s_t %s_t:%s_socket name_%s; """ % (port_name, self.name, port_name, protocol, action) return line @@ -257857,7 +258746,7 @@ index 15366c3..b3e2557 100644 for i in self.in_tcp[PORTS]: rec = self.find_port(int(i), "tcp") if rec == None: -@@ -628,7 +628,7 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -628,7 +627,7 @@ allow %s_t %s_t:%s_socket name_%s; return re.sub("TEMPLATETYPE", self.name, network.te_types) return "" @@ -257866,7 +258755,7 @@ index 15366c3..b3e2557 100644 for d in self.DEFAULT_DIRS: if file.find(d) == 0: self.DEFAULT_DIRS[d][1].append(file) -@@ -636,34 +636,34 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -636,34 +635,34 @@ allow %s_t %s_t:%s_socket name_%s; self.DEFAULT_DIRS["rw"][1].append(file) return self.DEFAULT_DIRS["rw"] @@ -257911,7 +258800,7 @@ index 15366c3..b3e2557 100644 newte = "" self.processes.sort() if len(self.processes) > 0: -@@ -671,9 +671,9 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -671,9 +670,9 @@ allow %s_t %s_t:%s_socket name_%s; return newte @@ -257924,7 +258813,7 @@ index 15366c3..b3e2557 100644 newte = "\n" newte += re.sub("TEMPLATETYPE", self.name, network.te_network) -@@ -726,7 +726,7 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -726,7 +725,7 @@ allow %s_t %s_t:%s_socket name_%s; for i in self.found_udp_ports: newte += i @@ -257933,7 +258822,7 @@ index 15366c3..b3e2557 100644 def generate_transition_rules(self): newte = "" -@@ -751,11 +751,11 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -751,11 +750,11 @@ allow %s_t %s_t:%s_socket name_%s; tmp = re.sub("TEMPLATETYPE", name, user.te_admin_domain_rules) if role not in self.all_roles: tmp = re.sub(role, "system_r", tmp) @@ -257948,7 +258837,7 @@ index 15366c3..b3e2557 100644 if self.type == RUSER: newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules) -@@ -773,7 +773,7 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -773,7 +772,7 @@ allow %s_t %s_t:%s_socket name_%s; return newte @@ -257957,7 +258846,7 @@ index 15366c3..b3e2557 100644 newif = "" if self.use_dbus: newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules) -@@ -809,31 +809,31 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -809,31 +808,31 @@ allow %s_t %s_t:%s_socket name_%s; return "" @@ -258006,7 +258895,7 @@ index 15366c3..b3e2557 100644 if len(self.existing_domains) == 0: raise ValueError(_("'%s' policy modules require existing domains") % poltype[self.type]) newte = re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types) -@@ -845,27 +845,27 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -845,27 +844,27 @@ allow %s_t %s_t:%s_socket name_%s; role = d.split("_t")[0] + "_r" if role in self.all_roles: newte += """ @@ -258043,7 +258932,7 @@ index 15366c3..b3e2557 100644 newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_types) break -@@ -877,46 +877,46 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -877,46 +876,46 @@ allow %s_t %s_t:%s_socket name_%s; return newte @@ -258103,7 +258992,7 @@ index 15366c3..b3e2557 100644 newif = "" for t in self.types: for i in self.DEFAULT_EXT: -@@ -926,46 +926,46 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -926,46 +925,46 @@ allow %s_t %s_t:%s_socket name_%s; break return newif @@ -258175,7 +259064,7 @@ index 15366c3..b3e2557 100644 newif ="" if self.use_terminal or self.type == USER: newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules) -@@ -974,7 +974,7 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -974,7 +973,7 @@ allow %s_t %s_t:%s_socket name_%s; newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules) return newif @@ -258184,7 +259073,7 @@ index 15366c3..b3e2557 100644 newif = "" newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules) if self.program: -@@ -983,8 +983,8 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -983,8 +982,8 @@ allow %s_t %s_t:%s_socket name_%s; newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules) for d in self.DEFAULT_KEYS: @@ -258195,7 +259084,7 @@ index 15366c3..b3e2557 100644 for i in self.DEFAULT_DIRS[d][1]: if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules) -@@ -996,17 +996,17 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -996,17 +995,17 @@ allow %s_t %s_t:%s_socket name_%s; newif += self.generate_new_type_if() newif += self.generate_new_rules() @@ -258218,7 +259107,7 @@ index 15366c3..b3e2557 100644 newte = "" if self.type in ( TUSER, XUSER, AUSER, LUSER ): roles = "" -@@ -1018,12 +1018,12 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1018,12 +1017,12 @@ allow %s_t %s_t:%s_socket name_%s; newte += re.sub("ROLE", role, tmp) return newte @@ -258236,7 +259125,7 @@ index 15366c3..b3e2557 100644 newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) if self.type != EUSER: -@@ -1035,14 +1035,14 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1035,14 +1034,14 @@ allow %s_t %s_t:%s_socket name_%s; """ % self.name newte += self.generate_capabilities() newte += self.generate_process() @@ -258257,7 +259146,7 @@ index 15366c3..b3e2557 100644 if self.type == EUSER: newte_tmp = "" for domain in self.existing_domains: -@@ -1060,40 +1060,40 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1060,40 +1059,40 @@ allow %s_t %s_t:%s_socket name_%s; newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules) break @@ -258325,7 +259214,7 @@ index 15366c3..b3e2557 100644 fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2)) if self.type in USERS + [ SANDBOX ]: -@@ -1113,9 +1113,9 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1113,9 +1112,9 @@ allow %s_t %s_t:%s_socket name_%s; fclist.sort() newfc="\n".join(fclist) @@ -258337,7 +259226,7 @@ index 15366c3..b3e2557 100644 newsh = "" if self.type not in ( TUSER, XUSER, AUSER, LUSER, RUSER): return newsh -@@ -1141,7 +1141,7 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1141,7 +1140,7 @@ allow %s_t %s_t:%s_socket name_%s; return newsh @@ -258346,7 +259235,7 @@ index 15366c3..b3e2557 100644 temp = re.sub("TEMPLATETYPE", self.file_name, script.compile) temp = re.sub("DOMAINTYPE", self.name, temp) if self.type == EUSER: -@@ -1155,11 +1155,11 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1155,11 +1154,11 @@ allow %s_t %s_t:%s_socket name_%s; if self.initscript != "": newsh += re.sub("FILENAME", self.initscript, script.restorecon) @@ -258362,7 +259251,7 @@ index 15366c3..b3e2557 100644 for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]: if self.find_port(i,"tcp") == None: -@@ -1168,88 +1168,88 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1168,90 +1167,91 @@ allow %s_t %s_t:%s_socket name_%s; for i in self.in_udp[PORTS]: if self.find_port(i,"udp") == None: @@ -258528,8 +259417,23 @@ index 15366c3..b3e2557 100644 + return fcfile def __extract_rpms(self): ++ import yum yb = yum.YumBase() -@@ -1313,10 +1313,10 @@ allow %s_t %s_t:%s_socket name_%s; + yb.setCacheDir() + +@@ -1293,7 +1293,10 @@ allow %s_t %s_t:%s_socket name_%s; + self.add_dir(fname) + + def gen_writeable(self): +- self.__extract_rpms() ++ try: ++ self.__extract_rpms() ++ except ImportError: ++ pass + + if os.path.isfile("/var/run/%s.pid" % self.name): + self.add_file("/var/run/%s.pid" % self.name) +@@ -1313,10 +1316,10 @@ allow %s_t %s_t:%s_socket name_%s; if os.path.isfile("/etc/rc.d/init.d/%s" % self.name): self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name) @@ -258542,7 +259446,7 @@ index 15366c3..b3e2557 100644 temp_dirs = [] try: temp_basepath = self.DEFAULT_DIRS[p][1][0] + "/" -@@ -1331,9 +1331,9 @@ allow %s_t %s_t:%s_socket name_%s; +@@ -1331,9 +1334,9 @@ allow %s_t %s_t:%s_socket name_%s; if len(temp_dirs) is not 0: for i in temp_dirs: @@ -258554,7 +259458,7 @@ index 15366c3..b3e2557 100644 del(self.files[i]) else: continue -@@ -1355,10 +1355,10 @@ Warning %s does not exist +@@ -1355,10 +1358,10 @@ Warning %s does not exist for s in fd.read().split(): for b in self.symbols: if s.startswith(b): @@ -258907,7 +259811,7 @@ index bbabb3b..63cff9b 100644 os.remove(v) diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py -index ba15b2c..09066d9 100755 +index ba15b2c..1765b1c 100755 --- a/policycoreutils/sepolicy/sepolicy/manpage.py +++ b/policycoreutils/sepolicy/sepolicy/manpage.py @@ -30,7 +30,7 @@ import selinux @@ -259091,7 +259995,12 @@ index ba15b2c..09066d9 100755 def prettyprint(f,trim): return " ".join(f[:-len(trim)].split("_")) -@@ -139,68 +139,73 @@ fedora_releases = ["Fedora17","Fedora18"] +@@ -135,72 +135,77 @@ def prettyprint(f,trim): + manpage_domains = [] + manpage_roles = [] + +-fedora_releases = ["Fedora17","Fedora18"] ++fedora_releases = ["Fedora17","Fedora18","Fedora19","Fedora20"] rhel_releases = ["RHEL6","RHEL7"] def get_alphabet_manpages(manpage_list): @@ -259122,14 +260031,14 @@ index ba15b2c..09066d9 100755 - fd.write(output) - fd.close() + try: -+ subprocess.check_output("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage, ++ man_page = subprocess.check_output("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage, + stderr=subprocess.STDOUT, + shell=True) + except subprocess.CalledProcessError as e: + sys.stderr.write(e.output) + return + fd = open(html_manpage,'w') -+ fd.write(output) ++ fd.write(man_page) + fd.close() + print(html_manpage)