diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 77173a7..c15a853 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -1,14 +1,13 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.26/gui/booleansPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.16/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/booleansPage.py 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,226 @@ ++++ policycoreutils-2.0.16/gui/booleansPage.py 2007-10-31 07:06:22.000000000 -0400 +@@ -0,0 +1,254 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# -+# Brent Fox +# Dan Walsh +# -+# Copyright 2006 Red Hat, Inc. ++# Copyright 2006, 2007 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by @@ -30,6 +29,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli +import gobject +import sys +import tempfile ++import seobject + +INSTALLPATH='/usr/share/system-config-selinux' +sys.path.append(INSTALLPATH) @@ -87,6 +87,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + try: + return _(self.translation[key][0]) + except: ++ #print key, "missing translation" + return _("Other") + + def get_value(self,key): @@ -156,6 +157,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli +class booleansPage: + def __init__(self, xml, doDebug=None): + self.xml = xml ++ self.local = False + self.types=[] + self.selinuxsupport = True + self.translation = Translation() @@ -173,6 +175,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + self.typeLabel = xml.get_widget("typeLabel") + self.modifySeparator = xml.get_widget("modifySeparator") + ++ self.revertButton = xml.get_widget("booleanRevertButton") ++ self.revertButton.set_sensitive(self.local) + listStore = gtk.ListStore(gobject.TYPE_STRING) + cell = gtk.CellRendererText() + @@ -190,12 +194,26 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + col = gtk.TreeViewColumn("", gtk.CellRendererText(), text=1) + self.booleansView.append_column(col) + self.filter="" -+ self.refreshBooleans(self.filter) ++ self.load(self.filter) + ++ def deleteDialog(self): ++ store, iter = self.booleansView.get_selection().get_selected() ++ boolean = store.get_value(iter, 2) ++ if boolean == None: ++ return ++ try: ++ (rc, out) = commands.getstatusoutput("semanage boolean -d %s" % boolean) ++ ++ if rc != 0: ++ return self.error(out) ++ self.load(self.filter) ++ except ValueError, e: ++ self.error(e.args[0]) ++ + def filter_changed(self, *arg): + filter = arg[0].get_text() + if filter != self.filter: -+ self.refreshBooleans(filter) ++ self.load(filter) + self.filter=filter + + def use_menus(self): @@ -204,18 +222,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + def get_description(self): + return _("Boolean") + -+ def refreshBooleans(self, filter=None): ++ def load(self, filter=None): + self.modifiers=Modifiers(self.booleansStore) -+ booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n") -+ for i in booleansList: -+ rec=i.split() -+ name=rec[0] ++ booleans=seobject.booleanRecords() ++ booleansList=booleans.get_all(self.local) ++# booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n") ++ for name in booleansList: ++ rec=booleansList[name] + if self.translation.match(name, filter): -+ if rec[2]=="on" or rec[2]=="active": -+ on=1 -+ else: -+ on=0 -+ self.modifiers.add(name,Boolean(name,on)) ++ self.modifiers.add(name,Boolean(name,rec[2] == 1)) + + def boolean_toggled(self, widget, row): + if len(row) == 1: @@ -228,9 +243,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + + setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) + commands.getstatusoutput(setsebool) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.26/gui/fcontextPage.py ++ ++ def on_local_clicked(self, button): ++ self.local = not self.local ++ self.revertButton.set_sensitive(self.local) ++ ++ if self.local: ++ button.set_label(_("all")) ++ else: ++ button.set_label(_("Customized")) ++ ++ self.load(self.filter) ++ return True ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.16/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/fcontextPage.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/fcontextPage.py 2007-10-31 07:06:58.000000000 -0400 @@ -0,0 +1,209 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -350,7 +378,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + def load(self, filter=""): + self.filter=filter + self.fcontext=seobject.fcontextRecords() -+ fcon_list=self.fcontext.get_all() ++ fcon_list=self.fcontext.get_all(self.local) + self.store.clear() + for fcon in fcon_list: + if not self.match(fcon, filter): @@ -369,7 +397,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + filter = arg[0].get_text() + if filter != self.filter: + self.load(filter) -+ ++ + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.fcontextEntry.set_text(store.get_value(iter, SPEC_COL)) @@ -441,9 +469,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + self.store.set_value(iter, SPEC_COL, fspec) + self.store.set_value(iter, FTYPE_COL, ftype) + self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls)) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.26/gui/loginsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.16/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/loginsPage.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/loginsPage.py 2007-10-31 07:08:35.000000000 -0400 @@ -0,0 +1,179 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -514,7 +542,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + def load(self, filter = ""): + self.filter=filter + self.login = seobject.loginRecords() -+ dict = self.login.get_all() ++ dict = self.login.get_all(0) + keys = dict.keys() + keys.sort() + self.store.clear() @@ -538,7 +566,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + self.loginsSelinuxUserCombo.pack_start(cell, True) + self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0) + -+ selusers = seobject.seluserRecords().get_all() ++ selusers = seobject.seluserRecords().get_all(0) + keys = selusers.keys() + keys.sort() + for k in keys: @@ -624,9 +652,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.26/gui/Makefile +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.16/gui/Makefile --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/Makefile 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/Makefile 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,34 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -662,9 +690,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu +indent: + +relabel: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.26/gui/mappingsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.16/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/mappingsPage.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/mappingsPage.py 2007-10-31 07:08:45.000000000 -0400 @@ -0,0 +1,56 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -716,16 +744,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + self.view.set_model(self.store) + self.login = loginRecords() -+ dict = self.login.get_all() ++ dict = self.login.get_all(0) + keys = dict.keys() + keys.sort() + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.26/gui/modulesPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.16/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/modulesPage.py 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,181 @@ ++++ policycoreutils-2.0.16/gui/modulesPage.py 2007-10-31 07:07:45.000000000 -0400 +@@ -0,0 +1,187 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -777,6 +805,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + self.module_filter = xml.get_widget("modulesFilterEntry") + self.module_filter.connect("focus_out_event", self.filter_changed) + self.module_filter.connect("activate", self.filter_changed) ++ self.audit_enabled = False + + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) @@ -789,8 +818,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + col = gtk.TreeViewColumn(_("Version"), gtk.CellRendererText(), text = 1) + self.enable_audit_button = xml.get_widget("enableAuditButton") + self.enable_audit_button.connect("clicked", self.enable_audit) -+ self.disable_audit_button = xml.get_widget("disableAuditButton") -+ self.disable_audit_button.connect("clicked", self.disable_audit) + self.new_button = xml.get_widget("newModuleButton") + self.new_button.connect("clicked", self.new_module) + col.set_sort_column_id(1) @@ -853,8 +880,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + self.error(e.args[0]) + + def enable_audit(self, button): ++ self.audit_enabled = not self.audit_enabled + try: -+ status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/enableaudit.pp" % self.policy_type) ++ if self.audit_enabled: ++ status, output =commands.getstatusoutput("semodule -DB") ++ button.set_label(_("Disable Audit")) ++ else: ++ status, output =commands.getstatusoutput("semodule -B") ++ button.set_label(_("Enable Audit")) ++ + if status != 0: + self.error(output) + @@ -863,7 +897,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + + def disable_audit(self, button): + try: -+ status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/base.pp" % self.policy_type) ++ status, output =commands.getstatusoutput("semodule -B") + if status != 0: + self.error(output) + @@ -907,10 +941,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.26/gui/polgen.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.16/gui/polgen.glade --- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/polgen.glade 2007-09-18 20:15:07.000000000 -0400 -@@ -0,0 +1,2386 @@ ++++ policycoreutils-2.0.16/gui/polgen.glade 2007-09-18 14:18:45.000000000 -0400 +@@ -0,0 +1,2385 @@ + + + @@ -2007,7 +2041,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of tcp ports or ranges of ports that application/user binds to. Example: 612, 650-660 ++ Enter a comma separated list of tcp ports that application/user binds to. + True + True + True @@ -2139,7 +2173,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of udp ports or ranges of ports that application/user binds to. Example: 612, 650-660 ++ Allows application/user to bind to any udp ports > 1024 + True + Unreserved Ports (>1024) + True @@ -2197,7 +2231,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Allows application/user to bind to any udp ports > 1024 ++ Enter a comma separated list of tcp ports that application/user binds to. + True + True + True @@ -2289,7 +2323,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of tcp ports that application/user connects to. ++ Enter network ports that application/user connects to + + + 16 @@ -2387,8 +2421,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of tcp ports or ranges of ports that application/user connects to. Example: 612, 650-660 -+ ++ Enter a comma separated list of udp ports that application/user connects to. + True + True + True @@ -2520,7 +2553,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + True -+ Enter a comma separated list of udp ports or ranges of ports that application/user connects to. Example: 612, 650-660 ++ Enter a comma separated list of udp ports that application/user connects to. + True + True + True @@ -3297,10 +3330,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.26/gui/polgengui.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.16/gui/polgengui.py --- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/polgengui.py 2007-09-18 20:09:54.000000000 -0400 -@@ -0,0 +1,476 @@ ++++ policycoreutils-2.0.16/gui/polgengui.py 2007-09-18 14:18:45.000000000 -0400 +@@ -0,0 +1,452 @@ +#!/usr/bin/python +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux @@ -3500,14 +3533,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + if self.on_select_type_page_next(): + return + -+ if self.pages[type][self.current_page] == self.IN_NET_PAGE: -+ if self.on_in_net_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE: -+ if self.on_out_net_page_next(): -+ return -+ + if self.pages[type][self.current_page] == self.APP_PAGE: + if self.on_name_page_next(): + return @@ -3729,22 +3754,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + return + self.output_entry.set_text(self.file_dialog.get_filename()) + -+ def on_in_net_page_next(self, *args): -+ try: -+ polgen.verify_ports(self.in_tcp_entry.get_text()) -+ polgen.verify_ports(self.in_udp_entry.get_text()) -+ except ValueError, e: -+ self.error(e.message) -+ return True -+ -+ def on_out_net_page_next(self, *args): -+ try: -+ polgen.verify_ports(self.out_tcp_entry.get_text()) -+ polgen.verify_ports(self.out_udp_entry.get_text()) -+ except ValueError, e: -+ self.error(e.message) -+ return True -+ + def on_select_type_page_next(self, *args): + self.exec_entry.set_sensitive(self.confine_application()) + self.exec_button.set_sensitive(self.confine_application()) @@ -3777,10 +3786,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.26/gui/polgen.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.16/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/polgen.py 2007-09-18 20:10:02.000000000 -0400 -@@ -0,0 +1,740 @@ ++++ policycoreutils-2.0.16/gui/polgen.py 2007-09-18 14:18:45.000000000 -0400 +@@ -0,0 +1,727 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -3866,34 +3875,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore +APPLICATIONS = [ DAEMON, INETD, USER, CGI ] +USERS = [ XUSER, TUSER, RUSER ] + -+def verify_ports(ports): -+ if ports == "": -+ return [] -+ max_port=2**16 -+ try: -+ temp = [] -+ for a in ports.split(","): -+ r = a.split("-") -+ if len(r) > 2: -+ raise ValueError -+ if len(r) == 1: -+ begin = int (r[0]) -+ end = int (r[0]) -+ else: -+ begin = int (r[0]) -+ end = int (r[1]) + 1 -+ -+ if begin > end: -+ raise ValueError -+ -+ for p in range(begin, end): -+ if p < 1 or p > max_port: -+ raise ValueError -+ temp.append(p) -+ return temp -+ except ValueError: -+ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port )) -+ +class policy: + + def __init__(self, name, type): @@ -3977,6 +3958,21 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + return self.dict[begin,end] + return None + ++ def __verify_ports(self, ports): ++ if ports == "": ++ return [] ++ max_port=2**16 ++ try: ++ temp = [] ++ for p in ports.split(","): ++ i = int(p.strip()) ++ if i < 1 or i > max_port: ++ raise ValueError() ++ temp.append(i) ++ return temp ++ except ValueError: ++ raise ValueError(_("Ports must be be numbers from 1 to %d " % max_port )) ++ + def set_program(self, program): + if self.type not in APPLICATIONS: + raise ValueError(_("USER Types are not allowed executables")) @@ -3990,16 +3986,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + self.initscript = initscript + + def set_in_tcp(self, all, reserved, unreserved, ports): -+ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)] ++ self.in_tcp = [ all, reserved, unreserved, self.__verify_ports(ports)] + + def set_in_udp(self, all, reserved, unreserved, ports): -+ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)] ++ self.in_udp = [ all, reserved, unreserved, self.__verify_ports(ports)] + + def set_out_tcp(self, all, ports): -+ self.out_tcp = [ all , False, False, verify_ports(ports) ] ++ self.out_tcp = [ all , False, False, self.__verify_ports(ports) ] + + def set_out_udp(self, all, ports): -+ self.out_udp = [ all , False, False, verify_ports(ports) ] ++ self.out_udp = [ all , False, False, self.__verify_ports(ports) ] + + def set_use_syslog(self, val): + if val != True and val != False: @@ -4448,7 +4444,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore +if __name__ == '__main__': + mypolicy = policy("mycgi", CGI) + mypolicy.set_program("/var/www/cgi-bin/cgi") -+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000") ++ mypolicy.set_in_tcp(1, 0, 0, "513") + mypolicy.set_in_udp(1, 0, 0, "1513") + mypolicy.set_use_uid(True) + mypolicy.set_use_tmp(False) @@ -4521,10 +4517,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + sys.exit(0) + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.26/gui/portsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.16/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/portsPage.py 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,247 @@ ++++ policycoreutils-2.0.16/gui/portsPage.py 2007-10-31 07:07:12.000000000 -0400 +@@ -0,0 +1,251 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -4576,6 +4572,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc +class portsPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "ports", "Network Port") ++ xml.signal_connect("on_group_clicked", self.on_group_clicked) ++ self.group = False + self.ports_filter = xml.get_widget("portsFilterEntry") + self.ports_filter.connect("focus_out_event", self.filter_changed) + self.ports_filter.connect("activate", self.filter_changed) @@ -4586,8 +4584,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + self.ports_add_button = xml.get_widget("portsAddButton") + self.ports_properties_button = xml.get_widget("portsPropertiesButton") + self.ports_delete_button = xml.get_widget("portsDeleteButton") -+ self.ports_group_togglebutton = xml.get_widget("portsGroupTogglebutton") -+ self.ports_group_togglebutton.connect("toggled", self.group_toggle) + liststore = self.ports_protocol_combo.get_model() + iter = liststore.get_iter_first() + self.ports_protocol_combo.set_active_iter(iter) @@ -4630,17 +4626,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + self.view.append_column(col) + self.store.set_sort_func(PORT_COL,self.sort_int, "") + -+ def group_toggle(self, button): -+ self.edit = not button.get_active() -+ self.ports_add_button.set_sensitive(self.edit) -+ self.ports_properties_button.set_sensitive(self.edit) -+ self.ports_delete_button.set_sensitive(self.edit) -+ self.mls_col.set_visible(self.edit) -+ if self.edit: -+ self.load(self.filter) -+ else: -+ self.group_load(self.filter) -+ + def sort_int(self, treemodel, iter1, iter2, user_data): + try: + p1 = int(treemodel.get_value(iter1,2)) @@ -4656,7 +4641,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + def load(self,filter = ""): + self.filter=filter + self.port = seobject.portRecords() -+ dict = self.port.get_all() ++ dict = self.port.get_all(self.local) + keys = dict.keys() + keys.sort() + self.store.clear() @@ -4677,7 +4662,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + def group_load(self, filter = ""): + self.filter=filter + self.port = seobject.portRecords() -+ dict = self.port.get_all_by_type() ++ dict = self.port.get_all_by_type(self.local) + keys = dict.keys() + keys.sort() + self.store.clear() @@ -4771,12 +4756,27 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + self.store.set_value(iter, PROTOCOL_COL, protocol) + self.store.set_value(iter, MLS_COL, mls) + ++ def on_group_clicked(self, button): ++ self.ports_add_button.set_sensitive(self.group) ++ self.ports_properties_button.set_sensitive(self.group) ++ self.ports_delete_button.set_sensitive(self.group) ++ self.mls_col.set_visible(self.group) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.26/gui/selinux.tbl ++ self.group = not self.group ++ if self.group: ++ button.set_label(_("List View")) ++ self.group_load(self.filter) ++ else: ++ button.set_label(_("Group View")) ++ self.load(self.filter) ++ ++ return True ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.16/gui/selinux.tbl --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/selinux.tbl 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,296 @@ -+allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390") ++++ policycoreutils-2.0.16/gui/selinux.tbl 2007-10-31 07:09:16.000000000 -0400 +@@ -0,0 +1,295 @@ ++! allow_console_login _("Login") _("Allow direct login to the console device. Required for System 390") +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow") +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") @@ -4784,7 +4784,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") +allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") +allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") -+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") ++allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") +allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system") +allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t") +allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services") @@ -4803,7 +4803,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +allow_mounton_anydir _("Mount") _("Allow mount to mount any directory") +allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack") +allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services") -+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support") ++allow_polyinstantiation _("Polyinstantiation") _("Enable polyinstantiated directory support") +allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications") +allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t") +allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t") @@ -4854,7 +4854,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon") +cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts") +crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon") -+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server") ++cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd back end server") +cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon") +cupsd_lpd_disable_trans _("Printing") _("Disable SELinux protection for cupsd_lpd") +cvs_disable_trans _("CVS") _("Disable SELinux protection for cvs daemon") @@ -4890,7 +4890,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom") +gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon") +gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon") -+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon") ++hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Hal daemon") +hide_broken_symptoms _("Compatibility") _("Do not audit things that we know to be broken but which are not security risks") +hostname_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hostname daemon") +hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon") @@ -4998,7 +4998,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +secure_mode_policyload _("Admin") _("Do not allow any processes to modify kernel SELinux policy") +sendmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sendmail daemon") +setrans_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setrans") -+setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroublesoot daemon") ++setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroubleshoot daemon") +slapd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slapd daemon") +slrnpull_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slrnpull daemon") +smbd_disable_trans _("Samba") _("Disable SELinux protection for smbd daemon") @@ -5006,10 +5006,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +snort_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snort daemon") +soundd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for soundd daemon") +sound_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sound daemon") -+spamassassin_can_network _("Spam Assassin") _("Allow Spam Assasin daemon network access") -+spamd_disable_trans _("spam Protection") _("Disable SELinux protection for spamd daemon") -+spamd_enable_home_dirs _("spam Protection") _("Allow spamd to access home directories") -+spammassasin_can_network _("spam Protection") _("Allow spammassasin to access the network") ++spamd_disable_trans _("Spam Protection") _("Disable SELinux protection for spamd daemon") ++spamd_enable_home_dirs _("Spam Protection") _("Allow spamd to access home directories") ++spamassassin_can_network _("Spam Protection") _("Allow Spam Assassin daemon network access") +speedmgmt_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for speedmgmt daemon") +squid_connect_any _("Squid") _("Allow squid daemon to connect to the network") +squid_disable_trans _("Squid") _("Disable SELinux protection for squid daemon") @@ -5057,7 +5056,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon") +xen_use_raw_disk _("XEN") _("Allow xen to read/write physical disk devices") +xfs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xfs daemon") -+xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen constrol") ++xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen control") +ypbind_disable_trans _("NIS") _("Disable SELinux protection for ypbind daemon") +yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon") +ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon") @@ -5069,13 +5068,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only") +samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write") +samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory") -+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories") -+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories") ++webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories") ++webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories") + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.26/gui/semanagePage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.16/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/semanagePage.py 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,136 @@ ++++ policycoreutils-2.0.16/gui/semanagePage.py 2007-10-31 07:09:38.000000000 -0400 +@@ -0,0 +1,147 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -5121,6 +5120,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli +class semanagePage: + def __init__(self, xml, name, description): + self.xml = xml ++ self.local = False + self.view = xml.get_widget("%sView" % name) + self.dialog = xml.get_widget("%sDialog" % name) + self.filter_entry = xml.get_widget("%sFilterEntry" % name ) @@ -5212,9 +5212,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + self.dialog.hide() + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.26/gui/statusPage.py ++ def on_local_clicked(self, button): ++ self.local = not self.local ++ if self.local: ++ button.set_label(_("all")) ++ else: ++ button.set_label(_("Customized")) ++ ++ self.load(self.filter) ++ return True ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.16/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/statusPage.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/statusPage.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,219 @@ +## statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. @@ -5435,10 +5445,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy + return self.types[self.selinuxTypeOptionMenu.get_active()] + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.26/gui/system-config-selinux.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.16/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/system-config-selinux.glade 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,3326 @@ ++++ policycoreutils-2.0.16/gui/system-config-selinux.glade 2007-10-31 07:08:03.000000000 -0400 +@@ -0,0 +1,3321 @@ + + + @@ -7317,6 +7327,55 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + 0 + + ++ ++ True ++ GTK_ORIENTATION_HORIZONTAL ++ GTK_TOOLBAR_BOTH ++ True ++ True ++ ++ ++ ++ True ++ Revert boolean setting to system default ++ gtk-revert-to-saved ++ True ++ True ++ False ++ ++ ++ ++ False ++ True ++ ++ ++ ++ ++ ++ True ++ Toggle between Customized and All Booleans ++ Customized ++ True ++ gtk-find ++ True ++ True ++ False ++ ++ ++ ++ False ++ True ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ + + True + False @@ -7494,6 +7553,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + True + + ++ ++ ++ ++ True ++ Toggle between all and customized file context ++ Customized ++ True ++ gtk-find ++ True ++ True ++ False ++ ++ ++ ++ False ++ True ++ ++ + + + 0 @@ -8280,92 +8357,38 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + -+ ++ + True ++ Toggle between Customized and All Ports ++ Group View ++ True ++ gtk-indent + True + True + False -+ -+ -+ -+ True -+ Group/ungroup network ports by SELinux type. -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-indent -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Group View -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ ++ + + + False -+ False ++ True ++ ++ ++ ++ ++ ++ True ++ Toggle between Customized and All Ports ++ Customized ++ True ++ gtk-find ++ True ++ True ++ False ++ ++ ++ ++ False ++ True + + + @@ -8578,7 +8601,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + True -+ Enable additional audit rules, that are normally not reported in the log files. ++ Enable/Disable additional audit rules, that are normally not reported in the log files. + Enable Audit + True + gtk-zoom-in @@ -8592,24 +8615,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + True + + -+ -+ -+ -+ True -+ Disable additional audit rules, that are normally not reported in the log files. -+ Disable Audit -+ True -+ gtk-zoom-out -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ + + + 0 @@ -8765,10 +8770,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.26/gui/system-config-selinux.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.16/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/system-config-selinux.py 2007-09-18 16:40:57.000000000 -0400 -@@ -0,0 +1,171 @@ ++++ policycoreutils-2.0.16/gui/system-config-selinux.py 2007-10-31 07:10:06.000000000 -0400 +@@ -0,0 +1,175 @@ +#!/usr/bin/python +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux @@ -8849,6 +8854,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + xml.signal_connect("on_delete_clicked", self.delete) + xml.signal_connect("on_add_clicked", self.add) + xml.signal_connect("on_properties_clicked", self.properties) ++ xml.signal_connect("on_local_clicked", self.on_local_clicked) + self.add_page(statusPage.statusPage(xml)) + if selinux.is_selinux_enabled() > 0: + self.add_page(booleansPage.booleansPage(xml)) @@ -8885,6 +8891,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + def properties(self, args): + self.tabs[self.notebook.get_current_page()].propertiesDialog() + ++ def on_local_clicked(self, button): ++ self.tabs[self.notebook.get_current_page()].on_local_clicked(button) ++ + def on_about_activate(self, args): + dlg = xml.get_widget ("aboutWindow") + dlg.run () @@ -8940,9 +8949,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.26/gui/templates/executable.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.16/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/executable.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/executable.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,278 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9222,9 +9231,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.26/gui/templates/__init__.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.16/gui/templates/__init__.py --- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/__init__.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/__init__.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,18 @@ +# +# Copyright (C) 2007 Red Hat, Inc. @@ -9244,9 +9253,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.26/gui/templates/network.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.16/gui/templates/network.py --- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/network.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/network.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,80 @@ +te_port_types=""" +type TEMPLATETYPE_port_t; @@ -9328,9 +9337,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py +corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.26/gui/templates/rw.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.16/gui/templates/rw.py --- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/rw.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/rw.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,128 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9460,10 +9469,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +fc_dir=""" +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.26/gui/templates/script.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.16/gui/templates/script.py --- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/script.py 2007-09-18 17:32:55.000000000 -0400 -@@ -0,0 +1,50 @@ ++++ policycoreutils-2.0.16/gui/templates/script.py 2007-09-18 14:18:45.000000000 -0400 +@@ -0,0 +1,45 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information +# @@ -9489,11 +9498,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +########################### tmp Template File ############################# +compile=""" +#!/bin/sh -+if [ ! -f /usr/share/selinux/devel/Makefile ]; then -+echo 'selinux-policy-devel not installed, package required for building policy' -+echo '# yum install selinux-policy-devel' -+exit 1 -+fi +make -f /usr/share/selinux/devel/Makefile +/usr/sbin/semodule -i PACKAGEFILENAME.pp + @@ -9514,9 +9518,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +users="""\ +/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.26/gui/templates/semodule.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.16/gui/templates/semodule.py --- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/semodule.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/semodule.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,41 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9559,9 +9563,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p +semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.26/gui/templates/tmp.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.16/gui/templates/tmp.py --- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/tmp.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/tmp.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,97 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9660,9 +9664,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + TEMPLATETYPE_manage_tmp($2) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.26/gui/templates/user.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.16/gui/templates/user.py --- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/user.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/user.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,139 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9803,9 +9807,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.26/gui/templates/var_lib.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.16/gui/templates/var_lib.py --- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/var_lib.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/var_lib.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,162 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -9969,9 +9973,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.26/gui/templates/var_log.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.16/gui/templates/var_log.py --- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/var_log.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/var_log.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,112 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10085,9 +10089,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.26/gui/templates/var_run.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.16/gui/templates/var_run.py --- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/var_run.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/var_run.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,119 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10208,9 +10212,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.26/gui/templates/var_spool.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.16/gui/templates/var_spool.py --- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/templates/var_spool.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/templates/var_spool.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,131 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -10343,9 +10347,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.26/gui/translationsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.16/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/translationsPage.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/translationsPage.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,118 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. @@ -10465,9 +10469,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.26/gui/usersPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.16/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.26/gui/usersPage.py 2007-09-18 16:40:57.000000000 -0400 ++++ policycoreutils-2.0.16/gui/usersPage.py 2007-09-18 14:18:45.000000000 -0400 @@ -0,0 +1,172 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 3d7746b..5b0e4a9 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -224,18 +224,710 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po return 1 except: continue +diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.16/semanage/semanage +--- nsapolicycoreutils/semanage/semanage 2007-05-04 09:14:48.000000000 -0400 ++++ policycoreutils-2.0.16/semanage/semanage 2007-10-31 07:04:57.000000000 -0400 +@@ -34,7 +34,10 @@ + sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace') + + try: +- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) ++ gettext.install(PROGNAME, ++ localedir="/usr/share/locale", ++ unicode=False, ++ codeset = 'utf-8') + except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode +@@ -45,13 +48,14 @@ + + def usage(message = ""): + print _('\ +-semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\ ++semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] \n\ + semanage login -{a|d|m} [-sr] login_name\n\ + semanage user -{a|d|m} [-LrRP] selinux_name\n\ + semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\ + semanage interface -{a|d|m} [-tr] interface_spec\n\ + semanage fcontext -{a|d|m} [-frst] file_spec\n\ + semanage translation -{a|d|m} [-T] level\n\n\ ++semanage boolean -{d|m} boolean\n\n\ + \ + Primary Options:\n\ + \ +@@ -59,10 +63,12 @@ + -d, --delete Delete a OBJECT record NAME\n\ + -m, --modify Modify a OBJECT record NAME\n\ + -l, --list List the OBJECTS\n\n\ ++ -C, --locallist List OBJECTS local customizations\n\n\ ++ -D, --deleteall Remove all OBJECTS local customizations\n\ + \ + -h, --help Display this message\n\ +- -n, --noheading Do not print heading when listing OBJECTS\n\n\ +-\ ++ -n, --noheading Do not print heading when listing OBJECTS\n\ ++ -S, --store Select and alternate SELinux store to manage\n\n\ + Object-specific Options (see above):\n\ + -f, --ftype File Type of OBJECT \n\ + "" (all files) \n\ +@@ -95,7 +101,7 @@ + + def get_options(): + valid_option={} +- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ] ++ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ] + valid_option["login"] = [] + valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] + valid_option["user"] = [] +@@ -108,6 +114,8 @@ + valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] + valid_option["translation"] = [] + valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] ++ valid_option["boolean"] = [] ++ valid_option["boolean"] += valid_everyone + return valid_option + + # +@@ -131,7 +139,10 @@ + add = 0 + modify = 0 + delete = 0 ++ deleteall = 0 + list = 0 ++ locallist = 0 ++ store = "" + if len(sys.argv) < 3: + usage(_("Requires 2 or more arguments")) + +@@ -143,16 +154,19 @@ + args = sys.argv[2:] + + gopts, cmds = getopt.getopt(args, +- 'adf:lhmnp:s:R:L:r:t:T:P:', ++ 'adf:lhmnp:s:CDR:L:r:t:T:P:S:', + ['add', + 'delete', ++ 'deleteall', + 'ftype=', + 'help', + 'list', + 'modify', + 'noheading', ++ 'localist', + 'proto=', + 'seuser=', ++ 'store=', + 'range=', + 'level=', + 'roles=', +@@ -174,6 +188,10 @@ + if modify or add: + usage() + delete = 1 ++ if o == "-D" or o == "--deleteall": ++ if modify: ++ usage() ++ deleteall = 1 + if o == "-f" or o == "--ftype": + ftype=a + if o == "-h" or o == "--help": +@@ -182,11 +200,17 @@ + if o == "-n" or o == "--noheading": + heading=0 + ++ if o == "-C" or o == "--locallist": ++ locallist=1 ++ + if o == "-m"or o == "--modify": + if delete or add: + usage() + modify = 1 + ++ if o == "-S" or o == '--store': ++ store = a ++ + if o == "-r" or o == '--range': + if is_mls_enabled == 0: + errorExit(_("range not supported on Non MLS machines")) +@@ -219,31 +243,38 @@ + setrans = a + + if object == "login": +- OBJECT = seobject.loginRecords() ++ OBJECT = seobject.loginRecords(store) + + if object == "user": +- OBJECT = seobject.seluserRecords() ++ OBJECT = seobject.seluserRecords(store) + + if object == "port": +- OBJECT = seobject.portRecords() ++ OBJECT = seobject.portRecords(store) + + if object == "interface": +- OBJECT = seobject.interfaceRecords() ++ OBJECT = seobject.interfaceRecords(store) + + if object == "fcontext": +- OBJECT = seobject.fcontextRecords() ++ OBJECT = seobject.fcontextRecords(store) ++ ++ if object == "boolean": ++ OBJECT = seobject.booleanRecords(store) + + if object == "translation": + OBJECT = seobject.setransRecords() + + if list: +- OBJECT.list(heading) ++ OBJECT.list(heading, locallist) ++ sys.exit(0); ++ ++ if deleteall: ++ OBJECT.deleteall() + sys.exit(0); + + if len(cmds) != 1: + usage() +- +- target = cmds[0] ++ ++ target = cmds[0] + + if add: + if object == "login": +@@ -271,6 +302,9 @@ + sys.exit(0); + + if modify: ++ if object == "boolean": ++ OBJECT.modify(target, value) ++ + if object == "login": + OBJECT.modify(target, seuser, serange) + diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.16/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2007-05-04 09:14:48.000000000 -0400 -+++ policycoreutils-2.0.16/semanage/seobject.py 2007-09-18 14:18:45.000000000 -0400 -@@ -210,6 +210,7 @@ ++++ policycoreutils-2.0.16/semanage/seobject.py 2007-10-31 07:04:59.000000000 -0400 +@@ -170,7 +170,7 @@ + rec += "%s=%s\n" % (k, self.ddict[k]) + return rec + +- def list(self,heading = 1): ++ def list(self,heading = 1, locallist = 0): + if heading: + print "\n%-25s %s\n" % (_("Level"), _("Translation")) + keys = self.ddict.keys() +@@ -210,13 +210,17 @@ os.write(fd, self.out()) os.close(fd) os.rename(newfilename, self.filename) + os.system("/sbin/service mcstrans reload > /dev/null") class semanageRecords: - def __init__(self): -@@ -1283,9 +1284,12 @@ +- def __init__(self): ++ def __init__(self, store): + self.sh = semanage_handle_create() + if not self.sh: + raise ValueError(_("Could not create semanage handle")) + ++ if store != "": ++ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT); ++ + self.semanaged = semanage_is_managed(self.sh) + + if not self.semanaged: +@@ -234,8 +238,8 @@ + raise ValueError(_("Could not establish semanage connection")) + + class loginRecords(semanageRecords): +- def __init__(self): +- semanageRecords.__init__(self) ++ def __init__(self, store = ""): ++ semanageRecords.__init__(self, store) + + def add(self, name, sename, serange): + if is_mls_enabled == 1: +@@ -389,10 +393,12 @@ + mylog.log(1,"delete SELinux user mapping", name); + semanage_seuser_key_free(k) + +- +- def get_all(self): ++ def get_all(self, locallist = 0): + ddict = {} +- (rc, self.ulist) = semanage_seuser_list(self.sh) ++ if locallist: ++ (rc, self.ulist) = semanage_seuser_list_local(self.sh) ++ else: ++ (rc, self.ulist) = semanage_seuser_list(self.sh) + if rc < 0: + raise ValueError(_("Could not list login mappings")) + +@@ -401,8 +407,8 @@ + ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) + return ddict + +- def list(self,heading = 1): +- ddict = self.get_all() ++ def list(self,heading = 1, locallist = 0): ++ ddict = self.get_all(locallist) + keys = ddict.keys() + keys.sort() + if is_mls_enabled == 1: +@@ -417,8 +423,8 @@ + print "%-25s %-25s" % (k, ddict[k][0]) + + class seluserRecords(semanageRecords): +- def __init__(self): +- semanageRecords.__init__(self) ++ def __init__(self, store = ""): ++ semanageRecords.__init__(self, store) + + def add(self, name, roles, selevel, serange, prefix): + if is_mls_enabled == 1: +@@ -601,9 +607,12 @@ + mylog.log(1,"delete SELinux user record", name) + semanage_user_key_free(k) + +- def get_all(self): ++ def get_all(self, locallist = 0): + ddict = {} +- (rc, self.ulist) = semanage_user_list(self.sh) ++ if locallist: ++ (rc, self.ulist) = semanage_user_list_local(self.sh) ++ else: ++ (rc, self.ulist) = semanage_user_list(self.sh) + if rc < 0: + raise ValueError(_("Could not list SELinux users")) + +@@ -618,8 +627,8 @@ + + return ddict + +- def list(self, heading = 1): +- ddict = self.get_all() ++ def list(self, heading = 1, locallist = 0): ++ ddict = self.get_all(locallist) + keys = ddict.keys() + keys.sort() + if is_mls_enabled == 1: +@@ -635,8 +644,8 @@ + print "%-15s %s" % (k, ddict[k][3]) + + class portRecords(semanageRecords): +- def __init__(self): +- semanageRecords.__init__(self) ++ def __init__(self, store = ""): ++ semanageRecords.__init__(self, store) + + def __genkey(self, port, proto): + if proto == "tcp": +@@ -767,6 +776,34 @@ + semanage_port_key_free(k) + semanage_port_free(p) + ++ def deleteall(self): ++ (rc, plist) = semanage_port_list_local(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not list the ports")) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not start semanage transaction")) ++ ++ for port in plist: ++ proto = semanage_port_get_proto(port) ++ proto_str = semanage_port_get_proto_str(proto) ++ low = semanage_port_get_low(port) ++ high = semanage_port_get_high(port) ++ port_str = "%s-%s" % (low, high) ++ ( k, proto_d, low, high ) = self.__genkey(port_str , proto_str) ++ if rc < 0: ++ raise ValueError(_("Could not create a key for %s") % port_str) ++ ++ rc = semanage_port_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError(_("Could not delete the port %s") % port_str) ++ semanage_port_key_free(k) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not delete the %s") % port_str) ++ + def delete(self, port, proto): + ( k, proto_d, low, high ) = self.__genkey(port, proto) + (rc,exists) = semanage_port_exists(self.sh, k) +@@ -795,9 +832,12 @@ + + semanage_port_key_free(k) + +- def get_all(self): ++ def get_all(self, locallist = 0): + ddict = {} +- (rc, self.plist) = semanage_port_list(self.sh) ++ if locallist: ++ (rc, self.plist) = semanage_port_list_local(self.sh) ++ else: ++ (rc, self.plist) = semanage_port_list(self.sh) + if rc < 0: + raise ValueError(_("Could not list ports")) + +@@ -814,9 +854,12 @@ + ddict[(low, high)] = (ctype, proto_str, level) + return ddict + +- def get_all_by_type(self): ++ def get_all_by_type(self, locallist = 0): + ddict = {} +- (rc, self.plist) = semanage_port_list(self.sh) ++ if locallist: ++ (rc, self.plist) = semanage_port_list_local(self.sh) ++ else: ++ (rc, self.plist) = semanage_port_list(self.sh) + if rc < 0: + raise ValueError(_("Could not list ports")) + +@@ -837,10 +880,10 @@ + ddict[(ctype,proto_str)].append("%d-%d" % (low, high)) + return ddict + +- def list(self, heading = 1): ++ def list(self, heading = 1, locallist = 0): + if heading: + print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number")) +- ddict = self.get_all_by_type() ++ ddict = self.get_all_by_type(locallist) + keys = ddict.keys() + keys.sort() + for i in keys: +@@ -851,8 +894,8 @@ + print rec + + class interfaceRecords(semanageRecords): +- def __init__(self): +- semanageRecords.__init__(self) ++ def __init__(self, store = ""): ++ semanageRecords.__init__(self, store) + + def add(self, interface, serange, ctype): + if is_mls_enabled == 1: +@@ -995,9 +1038,12 @@ + + semanage_iface_key_free(k) + +- def get_all(self): ++ def get_all(self, locallist = 0): + ddict = {} +- (rc, self.ilist) = semanage_iface_list(self.sh) ++ if locallist: ++ (rc, self.ilist) = semanage_iface_list_local(self.sh) ++ else: ++ (rc, self.ilist) = semanage_iface_list(self.sh) + if rc < 0: + raise ValueError(_("Could not list interfaces")) + +@@ -1007,10 +1053,10 @@ + + return ddict + +- def list(self, heading = 1): ++ def list(self, heading = 1, locallist = 0): + if heading: + print "%-30s %s\n" % (_("SELinux Interface"), _("Context")) +- ddict = self.get_all() ++ ddict = self.get_all(locallist) + keys = ddict.keys() + keys.sort() + if is_mls_enabled: +@@ -1021,17 +1067,40 @@ + print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2]) + + class fcontextRecords(semanageRecords): +- def __init__(self): +- semanageRecords.__init__(self) +- +- def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): ++ def __init__(self, store = ""): ++ semanageRecords.__init__(self, store) ++ ++ def createcon(self, target, seuser = "system_u"): ++ (rc, con) = semanage_context_create(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not create context for %s") % target) + if seuser == "": + seuser = "system_u" ++ ++ rc = semanage_context_set_user(self.sh, con, seuser) ++ if rc < 0: ++ raise ValueError(_("Could not set user in file context for %s") % target) ++ ++ rc = semanage_context_set_role(self.sh, con, "object_r") ++ if rc < 0: ++ raise ValueError(_("Could not set role in file context for %s") % target) ++ + if is_mls_enabled == 1: +- if serange == "": +- serange = "s0" +- else: +- serange = untranslate(serange) ++ rc = semanage_context_set_mls(self.sh, con, "s0") ++ if rc < 0: ++ raise ValueError(_("Could not set mls fields in file context for %s") % target) ++ ++ return con ++ ++ def validate(self, target): ++ if target == "" or target.find("\n") >= 0: ++ raise ValueError(_("Invalid file specification")) ++ ++ def add(self, target, type, ftype = "", serange = "", seuser = "system_u"): ++ self.validate(target) ++ ++ if is_mls_enabled == 1: ++ serange = untranslate(serange) + + if type == "": + raise ValueError(_("SELinux Type is required")) +@@ -1051,33 +1120,23 @@ + raise ValueError(_("Could not create file context for %s") % target) + + rc = semanage_fcontext_set_expr(self.sh, fcontext, target) +- (rc, con) = semanage_context_create(self.sh) +- if rc < 0: +- raise ValueError(_("Could not create context for %s") % target) ++ if type != "<>": ++ con = self.createcon(target, seuser) + +- rc = semanage_context_set_user(self.sh, con, seuser) +- if rc < 0: +- raise ValueError(_("Could not set user in file context for %s") % target) +- +- rc = semanage_context_set_role(self.sh, con, "object_r") +- if rc < 0: +- raise ValueError(_("Could not set role in file context for %s") % target) +- +- rc = semanage_context_set_type(self.sh, con, type) +- if rc < 0: +- raise ValueError(_("Could not set type in file context for %s") % target) +- +- if serange != "": +- rc = semanage_context_set_mls(self.sh, con, serange) +- if rc < 0: +- raise ValueError(_("Could not set mls fields in file context for %s") % target) ++ rc = semanage_context_set_type(self.sh, con, type) ++ if rc < 0: ++ raise ValueError(_("Could not set type in file context for %s") % target) ++ ++ if serange != "": ++ rc = semanage_context_set_mls(self.sh, con, serange) ++ if rc < 0: ++ raise ValueError(_("Could not set mls fields in file context for %s") % target) ++ rc = semanage_fcontext_set_con(self.sh, fcontext, con) ++ if rc < 0: ++ raise ValueError(_("Could not set file context for %s") % target) + + semanage_fcontext_set_type(fcontext, file_types[ftype]) + +- rc = semanage_fcontext_set_con(self.sh, fcontext, con) +- if rc < 0: +- raise ValueError(_("Could not set file context for %s") % target) +- + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) +@@ -1090,13 +1149,15 @@ + if rc < 0: + raise ValueError(_("Could not add file context for %s") % target) + +- semanage_context_free(con) ++ if type != "<>": ++ semanage_context_free(con) + semanage_fcontext_key_free(k) + semanage_fcontext_free(fcontext) + + def modify(self, target, setype, ftype, serange, seuser): + if serange == "" and setype == "" and seuser == "": + raise ValueError(_("Requires setype, serange or seuser")) ++ self.validate(target) + + (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) + if rc < 0: +@@ -1112,16 +1173,29 @@ + if rc < 0: + raise ValueError(_("Could not query file context for %s") % target) + +- con = semanage_fcontext_get_con(fcontext) ++ if setype != "<>": ++ con = semanage_fcontext_get_con(fcontext) + +- if serange != "": +- semanage_context_set_mls(self.sh, con, untranslate(serange)) +- if seuser != "": +- semanage_context_set_user(self.sh, con, seuser) +- if setype != "": +- semanage_context_set_type(self.sh, con, setype) +- +- rc = semanage_begin_transaction(self.sh) ++ if con == None: ++ con = self.createcon(target) ++ ++ if serange != "": ++ semanage_context_set_mls(self.sh, con, untranslate(serange)) ++ if seuser != "": ++ semanage_context_set_user(self.sh, con, seuser) ++ ++ if setype != "": ++ semanage_context_set_type(self.sh, con, setype) ++ ++ rc = semanage_fcontext_set_con(self.sh, fcontext, con) ++ if rc < 0: ++ raise ValueError(_("Could not set file context for %s") % target) ++ else: ++ rc = semanage_fcontext_set_con(self.sh, fcontext, None) ++ if rc < 0: ++ raise ValueError(_("Could not set file context for %s") % target) ++ ++ rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + +@@ -1136,6 +1210,32 @@ + semanage_fcontext_key_free(k) + semanage_fcontext_free(fcontext) + ++ def deleteall(self): ++ (rc, flist) = semanage_fcontext_list_local(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not list the file contexts")) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not start semanage transaction")) ++ ++ for fcontext in flist: ++ target = semanage_fcontext_get_expr(fcontext) ++ ftype = semanage_fcontext_get_type(fcontext) ++ ftype_str = semanage_fcontext_get_type_str(ftype) ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str]) ++ if rc < 0: ++ raise ValueError(_("Could not create a key for %s") % target) ++ ++ rc = semanage_fcontext_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError(_("Could not delete the file context %s") % target) ++ semanage_fcontext_key_free(k) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not delete the file context %s") % target) ++ + def delete(self, target, ftype): + (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) + if rc < 0: +@@ -1167,17 +1267,20 @@ + + semanage_fcontext_key_free(k) + +- def get_all(self): ++ def get_all(self, locallist = 0): + l = [] +- (rc, self.flist) = semanage_fcontext_list(self.sh) +- if rc < 0: +- raise ValueError(_("Could not list file contexts")) ++ if locallist: ++ (rc, self.flist) = semanage_fcontext_list_local(self.sh) ++ else: ++ (rc, self.flist) = semanage_fcontext_list(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not list file contexts")) ++ ++ (rc, fclocal) = semanage_fcontext_list_local(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not list local file contexts")) + +- (rc, fclocal) = semanage_fcontext_list_local(self.sh) +- if rc < 0: +- raise ValueError(_("Could not list local file contexts")) +- +- self.flist += fclocal ++ self.flist += fclocal + + for fcontext in self.flist: + expr = semanage_fcontext_get_expr(fcontext) +@@ -1191,10 +1294,10 @@ + + return l + +- def list(self, heading = 1): ++ def list(self, heading = 1, locallist = 0 ): + if heading: + print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")) +- fcon_list = self.get_all() ++ fcon_list = self.get_all(locallist) + for fcon in fcon_list: + if len(fcon) > 3: + if is_mls_enabled: +@@ -1205,9 +1308,9 @@ + print "%-50s %-18s <>" % (fcon[0], fcon[1]) + + class booleanRecords(semanageRecords): +- def __init__(self): +- semanageRecords.__init__(self) +- ++ def __init__(self, store = ""): ++ semanageRecords.__init__(self, store) ++ + def modify(self, name, value = ""): + if value == "": + raise ValueError(_("Requires value")) +@@ -1266,34 +1369,62 @@ + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + +- rc = semanage_fcontext_del_local(self.sh, k) ++ rc = semanage_bool_del_local(self.sh, k) + if rc < 0: + raise ValueError(_("Could not delete boolean %s") % name) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError(_("Could not delete boolean %s") % name) +- + semanage_bool_key_free(k) + +- def get_all(self): ++ def deleteall(self): ++ (rc, self.blist) = semanage_bool_list_local(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not list booleans")) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not start semanage transaction")) ++ ++ for boolean in self.blist: ++ name = semanage_bool_get_name(boolean) ++ (rc,k) = semanage_bool_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError(_("Could not create a key for %s") % name) ++ ++ rc = semanage_bool_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError(_("Could not delete boolean %s") % name) ++ semanage_bool_key_free(k) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError(_("Could not delete boolean %s") % name) ++ def get_all(self, locallist = 0): + ddict = {} +- (rc, self.blist) = semanage_bool_list(self.sh) ++ if locallist: ++ (rc, self.blist) = semanage_bool_list_local(self.sh) ++ else: ++ (rc, self.blist) = semanage_bool_list(self.sh) + if rc < 0: raise ValueError(_("Could not list booleans")) for boolean in self.blist: @@ -244,13 +936,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po - ddict[name] = value + value = [] + name = semanage_bool_get_name(boolean) -+ value[0] = semanage_bool_get_value(boolean) -+ value[1] = selinux.security_get_boolean_pending(boolean) -+ value[2] = selinux.security_get_boolean_active(boolean) ++ value.append(semanage_bool_get_value(boolean)) ++ value.append(selinux.security_get_boolean_pending(name)) ++ value.append(selinux.security_get_boolean_active(name)) + ddict[name] = value return ddict +- def list(self, heading = 1): ++ def list(self, heading = 1, locallist = 0): + if heading: +- print "%-50s %-18s\n" % (_("SELinux boolean"), _("value")) +- ddict = self.get_all() ++ print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") ) ++ ddict = self.get_all(locallist) + keys = ddict.keys() + for k in keys: + if ddict[k]: +- print "%-50s %-18s " % (k[0], ddict[k][0]) ++ print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2]) diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setsebool/setsebool.c policycoreutils-2.0.16/setsebool/setsebool.c --- nsapolicycoreutils/setsebool/setsebool.c 2007-05-04 09:14:48.000000000 -0400 +++ policycoreutils-2.0.16/setsebool/setsebool.c 2007-09-18 14:18:45.000000000 -0400 diff --git a/policycoreutils.spec b/policycoreutils.spec index 27bb8e3..937b3a7 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 2.0.16 -Release: 13%{?dist} +Release: 14{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Tue Oct 31 2007 Dan Walsh 2.0.16-14 +- Update to latest semanage and system-config-selinux + * Tue Sep 18 2007 Dan Walsh 2.0.16-13 - More changes to gui