- Add -w windowsize patch from Christoph A.

policycoreutils-rhat.patch

@@ -228,6 +228,64 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
      if_set.to_file(f)
      f.close()
  
+Binary files nsapolicycoreutils/load_policy/load_policy and policycoreutils-2.0.83/load_policy/load_policy differ
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-2.0.83/load_policy/load_policy.c
+--- nsapolicycoreutils/load_policy/load_policy.c	2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.83/load_policy/load_policy.c	2010-08-23 10:48:26.000000000 -0400
+@@ -1,3 +1,4 @@
++#define _GNU_SOURCE
+ #include <unistd.h>
+ #include <stdlib.h>
+ #include <stdio.h>
+@@ -17,12 +18,21 @@
+ #define PACKAGE "policycoreutils"	/* the name of this package lang translation */
+ #endif
+ 
++
+ void usage(char *progname)
+ {
+ 	fprintf(stderr, _("usage:  %s [-qi]\n"), progname);
+ 	exit(1);
+ }
+ 
++char *policy_path(void) {
++	char *path=NULL;
++	if (asprintf(&path, "%s.%d", selinux_binary_policy_path(), security_policyvers()) < 0) {
++		return NULL;
++	}
++	return path;
++}
++
+ int main(int argc, char **argv)
+ {
+ 	int ret, opt, quiet = 0, nargs, init=0, enforce=0;
+@@ -76,9 +86,11 @@
+ 		if (ret != 0 ) {
+ 			if (enforce > 0) {
+ 				/* SELinux in enforcing mode but load_policy failed */
++				char *path=policy_path();
+ 				fprintf(stderr,
+-						_("%s:  Can't load policy and enforcing mode requested:  %s\n"),
+-						argv[0], strerror(errno));
++						_("%s:  Can't load policy file %s and enforcing mode requested: %s\n"),
++					argv[0], path, strerror(errno));
++				free(path);
+ 				exit(3);
+ 			}
+ 		}
+@@ -87,8 +99,10 @@
+ 		ret = selinux_mkload_policy(1);
+ 	}
+ 	if (ret < 0) {
+-		fprintf(stderr, _("%s:  Can't load policy:  %s\n"),
+-			argv[0], strerror(errno));
++		char *path=policy_path();
++		fprintf(stderr, _("%s:  Can't load policy file %s:  %s\n"),
++			argv[0], path, strerror(errno));
++		free(path);
+ 		exit(2);
+ 	}
+ 	exit(0);
 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.83/Makefile
 --- nsapolicycoreutils/Makefile	2010-06-16 08:03:38.000000000 -0400
 +++ policycoreutils-2.0.83/Makefile	2010-07-30 13:50:40.000000000 -0400
@@ -1589,7 +1647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  	@python test_sandbox.py -v
 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
 --- nsapolicycoreutils/sandbox/sandbox	2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandbox	2010-08-24 22:50:26.000000000 -0400
++++ policycoreutils-2.0.83/sandbox/sandbox	2010-09-07 11:24:03.000000000 -0400
 @@ -1,5 +1,6 @@
 -#! /usr/bin/python -E
 +#! /usr/bin/python -Es
@@ -1618,7 +1676,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  import gettext
  gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
  gettext.textdomain(PROGNAME)
-@@ -63,15 +66,15 @@
+@@ -41,6 +44,7 @@
+        import __builtin__
+        __builtin__.__dict__['_'] = unicode
+ 
++DEFAULT_WINDOWSIZE = "1000x700"
+ DEFAULT_TYPE = "sandbox_t"
+ DEFAULT_X_TYPE = "sandbox_x_t"
+ SAVE_FILES = {}
+@@ -63,15 +67,15 @@
      sys.stderr.flush()
      sys.exit(1)
  
@@ -1638,7 +1704,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
                       if not os.path.exists(newdir):
                              os.makedirs(newdir)
                       dest = newdir + "/" + bname
-@@ -83,7 +86,7 @@
+@@ -83,7 +87,7 @@
                              shutil.copy2(file, dest)
                except shutil.Error, elist:
                       for e in elist:
@@ -1647,7 +1713,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
                       
                SAVE_FILES[file] = (dest, os.path.getmtime(dest))
  
-@@ -161,10 +164,10 @@
+@@ -161,10 +165,10 @@
                    if not self.__options.homedir or not self.__options.tmpdir:
                           self.usage(_("Homedir and tempdir required for level mounts"))
  
@@ -1661,7 +1727,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  
      def __mount_callback(self, option, opt, value, parser):
             self.__mount = True
-@@ -172,6 +175,15 @@
+@@ -172,6 +176,15 @@
      def __x_callback(self, option, opt, value, parser):
             self.__mount = True
             setattr(parser.values, option.dest, True)
@@ -1677,7 +1743,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  
      def __validdir(self, option, opt, value, parser):
             if not os.path.isdir(value):
-@@ -218,7 +230,7 @@
+@@ -218,7 +231,7 @@
  /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
  %s &
  WM_PID=$!
@@ -1686,19 +1752,30 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  kill -TERM $WM_PID  2> /dev/null
  """ % (command, wm, command))
             fd.close()
-@@ -230,9 +242,9 @@
+@@ -230,9 +243,9 @@
      def __parse_options(self):
          from optparse import OptionParser
          usage = _("""
 -sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
-+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
++sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
  
 -sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
-+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
++sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
  """)
          
          parser = OptionParser(version=self.VERSION, usage=usage)
-@@ -276,6 +288,10 @@
+@@ -268,6 +281,10 @@
+                           action="callback", callback=self.__validdir,
+                           help=_("alternate /tmp directory to use for mounting"))
+ 
++        parser.add_option("-w", "--windowsize", dest="windowsize",
++                          type="string", default=DEFAULT_WINDOWSIZE,
++                          help="size of the sandbox window")		
++
+         parser.add_option("-W", "--windowmanager", dest="wm",  
+                           type="string",
+                           default="/usr/bin/matchbox-window-manager -use_titlebar no",
+@@ -276,6 +293,10 @@
          parser.add_option("-l", "--level", dest="level", 
                            help=_("MCS/MLS level for the sandbox"))
  
@@ -1709,7 +1786,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
          self.__parser=parser
  
          self.__options, cmds = parser.parse_args()
-@@ -351,22 +367,24 @@
+@@ -351,22 +372,24 @@
  
      def __execute(self):
             try:
@@ -1742,7 +1819,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
 +
 +                                self.__setup_sandboxrc(self.__options.wm)
 +
-+                                cmds += [ "--", SANDBOXSH ]
++                                cmds += [ "--", SANDBOXSH, self.__options.windowsize ]
 +                         else:
 +                                cmds += [ "--" ] + self.__paths
 +                         return subprocess.Popen(cmds).wait()
@@ -1751,32 +1828,38 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
                    rc = subprocess.Popen(self.__cmds).wait()
 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.83/sandbox/sandbox.8
 --- nsapolicycoreutils/sandbox/sandbox.8	2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandbox.8	2010-07-30 13:50:40.000000000 -0400
-@@ -1,9 +1,12 @@
++++ policycoreutils-2.0.83/sandbox/sandbox.8	2010-09-07 11:15:04.000000000 -0400
+@@ -1,10 +1,13 @@
 -.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
 +.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
  .SH NAME
  sandbox \- Run cmd under an SELinux sandbox
  .SH SYNOPSIS
  .B sandbox
- [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+-[-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+-[-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
++[-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
 +
 +.br
 +.B sandbox
- [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
++[-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
  .br
  .SH DESCRIPTION
-@@ -42,6 +45,9 @@
+ .PP
+@@ -42,6 +45,12 @@
  \fB\-T\ tmpdir
  Use alternate tempory directory to mount on /tmp.  Defaults to tmpfs. Requires -X or -M.
  .TP
 +\fB\-S
 +Run a full desktop session, Requires level, and home and tmpdir.
++.TP
++\fB\-w windowsize\fR
++Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700. 
 +.TP
  \fB\-W windowmanager\fR
  Select alternative window manager to run within 
  .B sandbox -X.
-@@ -50,8 +56,17 @@
+@@ -50,8 +59,17 @@
  \fB\-X\fR 
  Create an X based Sandbox for gui apps, temporary files for
  $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
@@ -1885,8 +1968,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
  # Source function library.
 diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.83/sandbox/sandboxX.sh
 --- nsapolicycoreutils/sandbox/sandboxX.sh	2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.83/sandbox/sandboxX.sh	2010-08-24 17:04:39.000000000 -0400
-@@ -7,7 +7,16 @@
++++ policycoreutils-2.0.83/sandbox/sandboxX.sh	2010-09-07 11:21:08.000000000 -0400
+@@ -1,13 +1,21 @@
+ #!/bin/bash 
+ context=`id -Z | secon -t -l -P`
+ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
+-export SCREENSIZE="1000x700"
+-#export SCREENSIZE=`xdpyinfo | awk  '/dimensions/ {  print $2 }'`
++[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
+ trap "exit 0" HUP
  
  (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do 
      export DISPLAY=:$D

policycoreutils.spec

@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.83
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 Source:  http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -315,6 +315,9 @@ fi
 exit 0
 
 %changelog
+* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-23
+- Add -w windowsize patch from Christoph A.
+
 * Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-22
 - Update po
 

selinux-polgengui.desktop

@@ -3,7 +3,7 @@ Name=SELinux Policy Generation Tool
 Name[bn_IN]="SELinux Policy নির্মাণের সামগ্রী"
 Name[ca]="Eina de generació de polítiques del SELinux"
 Name[de]="Tool zur Erstellung von SELinux-Richtlinien"
-Name[es]="Herramienta de Generación de Políticas de SELinux"
+Name[es]="Generador de Políticas de SELinux"
 Name[fi]="SELinux-käytäntöjen generointityökalu"
 Name[fr]="Outil de génération de stratégies SELinux"
 Name[gu]="SELinux પોલિસી બનાવટ સાધન"