- Add -w windowsize patch from Christoph A.
This commit is contained in:
parent
470f41d83d
commit
6e7e249de6
File diff suppressed because it is too large
Load Diff
@ -228,6 +228,64 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
if_set.to_file(f)
|
||||
f.close()
|
||||
|
||||
Binary files nsapolicycoreutils/load_policy/load_policy and policycoreutils-2.0.83/load_policy/load_policy differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-2.0.83/load_policy/load_policy.c
|
||||
--- nsapolicycoreutils/load_policy/load_policy.c 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/load_policy/load_policy.c 2010-08-23 10:48:26.000000000 -0400
|
||||
@@ -1,3 +1,4 @@
|
||||
+#define _GNU_SOURCE
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
@@ -17,12 +18,21 @@
|
||||
#define PACKAGE "policycoreutils" /* the name of this package lang translation */
|
||||
#endif
|
||||
|
||||
+
|
||||
void usage(char *progname)
|
||||
{
|
||||
fprintf(stderr, _("usage: %s [-qi]\n"), progname);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+char *policy_path(void) {
|
||||
+ char *path=NULL;
|
||||
+ if (asprintf(&path, "%s.%d", selinux_binary_policy_path(), security_policyvers()) < 0) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return path;
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int ret, opt, quiet = 0, nargs, init=0, enforce=0;
|
||||
@@ -76,9 +86,11 @@
|
||||
if (ret != 0 ) {
|
||||
if (enforce > 0) {
|
||||
/* SELinux in enforcing mode but load_policy failed */
|
||||
+ char *path=policy_path();
|
||||
fprintf(stderr,
|
||||
- _("%s: Can't load policy and enforcing mode requested: %s\n"),
|
||||
- argv[0], strerror(errno));
|
||||
+ _("%s: Can't load policy file %s and enforcing mode requested: %s\n"),
|
||||
+ argv[0], path, strerror(errno));
|
||||
+ free(path);
|
||||
exit(3);
|
||||
}
|
||||
}
|
||||
@@ -87,8 +99,10 @@
|
||||
ret = selinux_mkload_policy(1);
|
||||
}
|
||||
if (ret < 0) {
|
||||
- fprintf(stderr, _("%s: Can't load policy: %s\n"),
|
||||
- argv[0], strerror(errno));
|
||||
+ char *path=policy_path();
|
||||
+ fprintf(stderr, _("%s: Can't load policy file %s: %s\n"),
|
||||
+ argv[0], path, strerror(errno));
|
||||
+ free(path);
|
||||
exit(2);
|
||||
}
|
||||
exit(0);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.83/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@ -1589,7 +1647,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
@python test_sandbox.py -v
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
|
||||
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-08-24 22:50:26.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-09-07 11:24:03.000000000 -0400
|
||||
@@ -1,5 +1,6 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
@ -1618,7 +1676,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
import gettext
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
@@ -63,15 +66,15 @@
|
||||
@@ -41,6 +44,7 @@
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
|
||||
+DEFAULT_WINDOWSIZE = "1000x700"
|
||||
DEFAULT_TYPE = "sandbox_t"
|
||||
DEFAULT_X_TYPE = "sandbox_x_t"
|
||||
SAVE_FILES = {}
|
||||
@@ -63,15 +67,15 @@
|
||||
sys.stderr.flush()
|
||||
sys.exit(1)
|
||||
|
||||
@ -1638,7 +1704,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
if not os.path.exists(newdir):
|
||||
os.makedirs(newdir)
|
||||
dest = newdir + "/" + bname
|
||||
@@ -83,7 +86,7 @@
|
||||
@@ -83,7 +87,7 @@
|
||||
shutil.copy2(file, dest)
|
||||
except shutil.Error, elist:
|
||||
for e in elist:
|
||||
@ -1647,7 +1713,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
|
||||
|
||||
@@ -161,10 +164,10 @@
|
||||
@@ -161,10 +165,10 @@
|
||||
if not self.__options.homedir or not self.__options.tmpdir:
|
||||
self.usage(_("Homedir and tempdir required for level mounts"))
|
||||
|
||||
@ -1661,7 +1727,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
def __mount_callback(self, option, opt, value, parser):
|
||||
self.__mount = True
|
||||
@@ -172,6 +175,15 @@
|
||||
@@ -172,6 +176,15 @@
|
||||
def __x_callback(self, option, opt, value, parser):
|
||||
self.__mount = True
|
||||
setattr(parser.values, option.dest, True)
|
||||
@ -1677,7 +1743,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
|
||||
def __validdir(self, option, opt, value, parser):
|
||||
if not os.path.isdir(value):
|
||||
@@ -218,7 +230,7 @@
|
||||
@@ -218,7 +231,7 @@
|
||||
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
||||
%s &
|
||||
WM_PID=$!
|
||||
@ -1686,19 +1752,30 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
kill -TERM $WM_PID 2> /dev/null
|
||||
""" % (command, wm, command))
|
||||
fd.close()
|
||||
@@ -230,9 +242,9 @@
|
||||
@@ -230,9 +243,9 @@
|
||||
def __parse_options(self):
|
||||
from optparse import OptionParser
|
||||
usage = _("""
|
||||
-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
|
||||
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
|
||||
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
|
||||
|
||||
-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
|
||||
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
|
||||
+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
|
||||
""")
|
||||
|
||||
parser = OptionParser(version=self.VERSION, usage=usage)
|
||||
@@ -276,6 +288,10 @@
|
||||
@@ -268,6 +281,10 @@
|
||||
action="callback", callback=self.__validdir,
|
||||
help=_("alternate /tmp directory to use for mounting"))
|
||||
|
||||
+ parser.add_option("-w", "--windowsize", dest="windowsize",
|
||||
+ type="string", default=DEFAULT_WINDOWSIZE,
|
||||
+ help="size of the sandbox window")
|
||||
+
|
||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||
type="string",
|
||||
default="/usr/bin/matchbox-window-manager -use_titlebar no",
|
||||
@@ -276,6 +293,10 @@
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
help=_("MCS/MLS level for the sandbox"))
|
||||
|
||||
@ -1709,7 +1786,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
self.__parser=parser
|
||||
|
||||
self.__options, cmds = parser.parse_args()
|
||||
@@ -351,22 +367,24 @@
|
||||
@@ -351,22 +372,24 @@
|
||||
|
||||
def __execute(self):
|
||||
try:
|
||||
@ -1742,7 +1819,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
+
|
||||
+ self.__setup_sandboxrc(self.__options.wm)
|
||||
+
|
||||
+ cmds += [ "--", SANDBOXSH ]
|
||||
+ cmds += [ "--", SANDBOXSH, self.__options.windowsize ]
|
||||
+ else:
|
||||
+ cmds += [ "--" ] + self.__paths
|
||||
+ return subprocess.Popen(cmds).wait()
|
||||
@ -1751,32 +1828,38 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
rc = subprocess.Popen(self.__cmds).wait()
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.83/sandbox/sandbox.8
|
||||
--- nsapolicycoreutils/sandbox/sandbox.8 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,9 +1,12 @@
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-09-07 11:15:04.000000000 -0400
|
||||
@@ -1,10 +1,13 @@
|
||||
-.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||
+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
|
||||
.SH NAME
|
||||
sandbox \- Run cmd under an SELinux sandbox
|
||||
.SH SYNOPSIS
|
||||
.B sandbox
|
||||
[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
|
||||
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
|
||||
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
|
||||
+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
|
||||
+
|
||||
+.br
|
||||
+.B sandbox
|
||||
[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
|
||||
+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
|
||||
.br
|
||||
.SH DESCRIPTION
|
||||
@@ -42,6 +45,9 @@
|
||||
.PP
|
||||
@@ -42,6 +45,12 @@
|
||||
\fB\-T\ tmpdir
|
||||
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
|
||||
.TP
|
||||
+\fB\-S
|
||||
+Run a full desktop session, Requires level, and home and tmpdir.
|
||||
+.TP
|
||||
+\fB\-w windowsize\fR
|
||||
+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.
|
||||
+.TP
|
||||
\fB\-W windowmanager\fR
|
||||
Select alternative window manager to run within
|
||||
.B sandbox -X.
|
||||
@@ -50,8 +56,17 @@
|
||||
@@ -50,8 +59,17 @@
|
||||
\fB\-X\fR
|
||||
Create an X based Sandbox for gui apps, temporary files for
|
||||
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
|
||||
@ -1885,8 +1968,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
||||
# Source function library.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.83/sandbox/sandboxX.sh
|
||||
--- nsapolicycoreutils/sandbox/sandboxX.sh 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandboxX.sh 2010-08-24 17:04:39.000000000 -0400
|
||||
@@ -7,7 +7,16 @@
|
||||
+++ policycoreutils-2.0.83/sandbox/sandboxX.sh 2010-09-07 11:21:08.000000000 -0400
|
||||
@@ -1,13 +1,21 @@
|
||||
#!/bin/bash
|
||||
context=`id -Z | secon -t -l -P`
|
||||
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
|
||||
-export SCREENSIZE="1000x700"
|
||||
-#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
|
||||
+[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
|
||||
trap "exit 0" HUP
|
||||
|
||||
(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.83
|
||||
Release: 22%{?dist}
|
||||
Release: 23%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -315,6 +315,9 @@ fi
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-23
|
||||
- Add -w windowsize patch from Christoph A.
|
||||
|
||||
* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-22
|
||||
- Update po
|
||||
|
||||
|
@ -3,7 +3,7 @@ Name=SELinux Policy Generation Tool
|
||||
Name[bn_IN]="SELinux Policy নির্মাণের সামগ্রী"
|
||||
Name[ca]="Eina de generació de polítiques del SELinux"
|
||||
Name[de]="Tool zur Erstellung von SELinux-Richtlinien"
|
||||
Name[es]="Herramienta de Generación de Políticas de SELinux"
|
||||
Name[es]="Generador de Políticas de SELinux"
|
||||
Name[fi]="SELinux-käytäntöjen generointityökalu"
|
||||
Name[fr]="Outil de génération de stratégies SELinux"
|
||||
Name[gu]="SELinux પોલિસી બનાવટ સાધન"
|
||||
|
Loading…
Reference in New Issue
Block a user