rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Fix sandbox error handling

This commit is contained in:
Dan Walsh 2010-08-13 17:02:34 -04:00
parent 27aa4ea173
commit 8ceb5eceb9
6 changed files with 35211 additions and 31724 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1670
policycoreutils-gui.patch
View File

File diff suppressed because it is too large Load Diff

64915
policycoreutils-po.patch
View File

File diff suppressed because it is too large Load Diff

235
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.83/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/audit2allow 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/audit2allow 2010-07-30 13:50:40.000000000 -0400
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@ -121,7 +121,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
app = AuditToPolicy()
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.83/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-07-30 13:50:40.000000000 -0400
@@ -66,6 +66,9 @@
.B "\-M <modulename>"
Generate loadable module package, conflicts with -o
@ -134,7 +134,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.I <outputfile>
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.83/audit2allow/sepolgen-ifgen
--- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/sepolgen-ifgen 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/sepolgen-ifgen 2010-07-30 13:50:40.000000000 -0400
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@ -230,7 +230,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.83/Makefile
--- nsapolicycoreutils/Makefile 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/Makefile 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/Makefile 2010-07-30 13:50:40.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui
@ -239,7 +239,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.83/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/newrole/newrole.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/newrole/newrole.c 2010-07-30 13:50:40.000000000 -0400
@@ -1334,6 +1334,9 @@
if (send_audit_message(1, old_context, new_context, ttyn))
@ -252,7 +252,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
goto err_close_pam_session;
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.83/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/Makefile 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/Makefile 2010-07-30 13:50:40.000000000 -0400
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@ -301,14 +301,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.83/restorecond/restorecond.8
--- nsapolicycoreutils/restorecond/restorecond.8 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.8 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.8 2010-07-30 13:50:40.000000000 -0400
@@ -3,7 +3,7 @@
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
@ -345,7 +345,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.BR restorecon (8),
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.83/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.c 2010-07-30 13:50:40.000000000 -0400
@@ -30,9 +30,11 @@
* and makes sure that there security context matches the systems defaults
*
@ -850,7 +850,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.83/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.conf 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.conf 2010-07-30 13:50:40.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@ -863,7 +863,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.83/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/restorecond/restorecond.desktop 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.desktop 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@ -874,7 +874,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.83/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.h 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.h 2010-07-30 13:50:40.000000000 -0400
@@ -24,7 +24,22 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@ -902,7 +902,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.83/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.init 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond.init 2010-07-30 13:50:40.000000000 -0400
@@ -26,7 +26,7 @@
# Source function library.
. /etc/rc.d/init.d/functions
@ -933,13 +933,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.83/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/restorecond/restorecond_user.conf 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/restorecond_user.conf 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.83/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/restorecond/user.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/user.c 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,239 @@
+/*
+ * restorecond
@ -1180,9 +1180,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ return 0;
+}
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.83/restorecond/utmpwatcher.c
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/utmpwatcher.c 2010-08-13 10:00:27.000000000 -0400
@@ -72,8 +72,8 @@
if (utmp_wd == -1)
exitApp("Error watching utmp file.");
+ changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
if (prev_utmp_ptr) {
- changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
strings_list_free(prev_utmp_ptr);
}
return changed;
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.83/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/restorecond/watch.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/restorecond/watch.c 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,260 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@ -1446,7 +1459,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.83/sandbox/deliverables/basicwrapper
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sandbox/deliverables/basicwrapper 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/deliverables/basicwrapper 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,4 @@
+import os, sys
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
@ -1454,7 +1467,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.83/sandbox/deliverables/README
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sandbox/deliverables/README 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/deliverables/README 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,32 @@
+Files:
+run-in-sandbox.py:
@ -1490,7 +1503,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+Chris Pardy
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,49 @@
+import os
+import os.path
@ -1543,7 +1556,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.83/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/Makefile 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/Makefile 2010-07-30 13:50:40.000000000 -0400
@@ -7,8 +7,8 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@ -1576,7 +1589,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
@python test_sandbox.py -v
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-08-13 15:05:03.000000000 -0400
@@ -1,5 +1,6 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@ -1585,7 +1598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
# Authors: Josh Cogliati
#
# Copyright (C) 2009,2010 Red Hat
@@ -19,11 +20,12 @@
@@ -19,15 +20,17 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
@ -1599,7 +1612,72 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
PROGNAME = "policycoreutils"
HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
@@ -218,7 +220,7 @@
-
+SEUNSHARE = "/usr/sbin/seunshare"
+SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -63,15 +66,15 @@
sys.stderr.flush()
sys.exit(1)
-def copyfile(file, dir, dest):
+def copyfile(file, srcdir, dest):
import re
- if file.startswith(dir):
+ if file.startswith(srcdir):
dname = os.path.dirname(file)
bname = os.path.basename(file)
- if dname == dir:
+ if dname == srcdir:
dest = dest + "/" + bname
else:
- newdir = re.sub(dir, dest, dname)
+ newdir = re.sub(srcdir, dest, dname)
if not os.path.exists(newdir):
os.makedirs(newdir)
dest = newdir + "/" + bname
@@ -83,7 +86,7 @@
shutil.copy2(file, dest)
except shutil.Error, elist:
for e in elist:
- sys.stderr.write(e[1])
+ sys.stderr.write(str(e[1]))
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
@@ -161,10 +164,10 @@
if not self.__options.homedir or not self.__options.tmpdir:
self.usage(_("Homedir and tempdir required for level mounts"))
- if not os.path.exists("/usr/sbin/seunshare"):
+ if not os.path.exists(SEUNSHARE):
raise ValueError(_("""
-/usr/sbin/seunshare is required for the action you want to perform.
-"""))
+%s is required for the action you want to perform.
+""") % SEUNSHARE)
def __mount_callback(self, option, opt, value, parser):
self.__mount = True
@@ -172,6 +175,15 @@
def __x_callback(self, option, opt, value, parser):
self.__mount = True
setattr(parser.values, option.dest, True)
+ if not os.path.exists(SEUNSHARE):
+ raise ValueError(_("""
+%s is required for the action you want to perform.
+""") % SEUNSHARE)
+
+ if not os.path.exists(SANDBOXSH):
+ raise ValueError(_("""
+%s is required for the action you want to perform.
+""") % SANDBOXSH)
def __validdir(self, option, opt, value, parser):
if not os.path.isdir(value):
@@ -218,7 +230,7 @@
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
%s &
WM_PID=$!
@ -1608,7 +1686,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
kill -TERM $WM_PID 2> /dev/null
""" % (command, wm, command))
fd.close()
@@ -230,9 +232,9 @@
@@ -230,9 +242,9 @@
def __parse_options(self):
from optparse import OptionParser
usage = _("""
@ -1620,7 +1698,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
""")
parser = OptionParser(version=self.VERSION, usage=usage)
@@ -276,6 +278,10 @@
@@ -276,6 +288,10 @@
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@ -1631,7 +1709,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
self.__parser=parser
self.__options, cmds = parser.parse_args()
@@ -351,22 +357,24 @@
@@ -351,22 +367,24 @@
def __execute(self):
try:
@ -1647,7 +1725,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- rc = subprocess.Popen(cmds).wait()
- return rc
-
+ cmds = [ '/usr/sbin/seunshare', "-Z", self.__execcon ]
+ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
+ if self.__options.usecgroup == True:
+ cmds.append('-c')
if self.__mount:
@ -1664,7 +1742,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
+ self.__setup_sandboxrc(self.__options.wm)
+
+ cmds += [ "--", "/usr/share/sandbox/sandboxX.sh" ]
+ cmds += [ "--", SANDBOXSH ]
+ else:
+ cmds += [ "--" ] + self.__paths
+ return subprocess.Popen(cmds).wait()
@ -1673,7 +1751,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
rc = subprocess.Popen(self.__cmds).wait()
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.83/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-07-26 11:14:40.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-07-30 13:50:40.000000000 -0400
@@ -1,9 +1,12 @@
-.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
@ -1719,7 +1797,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Thomas Liu <tliu@fedoraproject.org>
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf policycoreutils-2.0.83/sandbox/sandbox.conf
--- nsapolicycoreutils/sandbox/sandbox.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sandbox/sandbox.conf 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox.conf 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,7 @@
+# Space separate list of homedirs
+HOMEDIRS="/home"
@ -1730,7 +1808,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+CPUUSAGE=80%
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf.5 policycoreutils-2.0.83/sandbox/sandbox.conf.5
--- nsapolicycoreutils/sandbox/sandbox.conf.5 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sandbox/sandbox.conf.5 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox.conf.5 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,40 @@
+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
+.SH NAME
@ -1778,16 +1856,43 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
@@ -1,2 +0,0 @@
-# Space separate list of homedirs
-HOMEDIRS="/home"
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.83/sandbox/sandbox.init
--- nsapolicycoreutils/sandbox/sandbox.init 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/sandbox.init 2010-07-30 13:50:40.000000000 -0400
@@ -10,17 +10,12 @@
#
# chkconfig: 345 1 99
#
-# Description: sandbox and other apps that want to use pam_namespace
-# on /var/tmp, /tmp and home directories, requires this script
-# to be run at boot time.
-# This script sets up the / mount point and all of its
-# subdirectories as shared. The script sets up
-# /tmp, /var/tmp, /home and any homedirs listed in
-# /etc/sysconfig/sandbox and all of their subdirectories
-# as unshared.
-# All processes that use pam_namespace will see
-# modifications to the global mountspace, except for the
-# unshared directories.
+# description: sandbox, xguest and other apps that want to use pam_namespace \
+# require this script be run at boot. This service script does \
+# not actually run any service but sets up: \
+# /var/tmp, /tmp and home directories to be used by these tools.\
+# If you do not use sandbox, xguest or pam_namespace you can turn \
+# this service off.\
#
# Source function library.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.8 policycoreutils-2.0.83/sandbox/seunshare.8
--- nsapolicycoreutils/sandbox/seunshare.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sandbox/seunshare.8 2010-07-13 13:32:07.000000000 -0400
@@ -0,0 +1,34 @@
+++ policycoreutils-2.0.83/sandbox/seunshare.8 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,37 @@
+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
+.SH NAME
+seunshare \- Run cmd under an SELinux context
+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
+.SH SYNOPSIS
+.B seunshare
+[ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args]
+[ -v ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
+.br
+.SH DESCRIPTION
+.PP
@ -1805,6 +1910,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+\fB\-c cgroups\fR
+Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
+.TP
+\fB\-Z\ context
+Use alternate SELinux context while runing the executable.
+.TP
+\fB\-v\fR
+Verbose output
+.SH "SEE ALSO"
@ -1818,7 +1926,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Thomas Liu <tliu@fedoraproject.org>
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-07-30 13:50:40.000000000 -0400
@@ -1,13 +1,20 @@
+/*
+ * Authors: Dan Walsh <dwalsh@redhat.com>
@ -2180,7 +2288,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
}
if (display)
@@ -308,6 +518,7 @@
@@ -308,14 +518,12 @@
setsid();
execv(argv[optind], argv + optind);
free(display);
@ -2188,9 +2296,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
perror("execv");
exit(-1);
} else {
waitpid(child, &status, 0);
}
- free(tmpdir_s);
- free(homedir_s);
-
return status;
}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.83/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/scripts/chcat 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/scripts/chcat 2010-07-30 13:50:40.000000000 -0400
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@ -2199,7 +2315,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.83/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/scripts/fixfiles 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/scripts/fixfiles 2010-07-30 13:50:40.000000000 -0400
@@ -21,6 +21,17 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@ -2293,7 +2409,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.83/scripts/genhomedircon.8
--- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/scripts/genhomedircon.8 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/scripts/genhomedircon.8 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,37 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
@ -2334,7 +2450,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Dan Walsh <dwalsh@redhat.com>
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.83/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/scripts/Makefile 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/scripts/Makefile 2010-07-30 13:50:40.000000000 -0400
@@ -14,6 +14,7 @@
install -m 755 genhomedircon $(SBINDIR)
-mkdir -p $(MANDIR)/man8
@ -2345,7 +2461,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
clean:
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,59 @@
+/*
+ * Authors:
@ -2408,7 +2524,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.83/semanage/default_encoding/Makefile
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/semanage/default_encoding/Makefile 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/semanage/default_encoding/Makefile 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,8 @@
+all:
+ LDFLAGS="" python setup.py build
@ -2420,7 +2536,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ rm -rf build *~
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
@ -2441,7 +2557,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+#
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.83/semanage/default_encoding/setup.py
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/semanage/default_encoding/setup.py 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/semanage/default_encoding/setup.py 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,38 @@
+# Authors:
+# John Dennis <jdennis@redhat.com>
@ -2483,7 +2599,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+)
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.83/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/semanage/semanage 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/semanage/semanage 2010-08-13 15:13:19.000000000 -0400
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@ -2498,7 +2614,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
import sys, getopt, re
import seobject
import selinux
@@ -32,25 +33,34 @@
@@ -32,27 +33,36 @@
try:
gettext.install(PROGNAME,
localedir="/usr/share/locale",
@ -2535,8 +2651,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-semanage fcontext -{a|d|m} [-frst] file_spec
+semanage fcontext -{a|d|m} [-efrst] file_spec
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
-semanage permissive -{d|a} type
+semanage permissive -{d|a|l} type
semanage dontaudit [ on | off ]
Primary Options:
@@ -61,7 +71,9 @@
-d, --delete Delete a OBJECT record NAME
-m, --modify Modify a OBJECT record NAME
@ -2893,7 +3012,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ errorExit(error.args[1])
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.83/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/semanage/semanage.8 2010-07-20 09:10:03.000000000 -0400
+++ policycoreutils-2.0.83/semanage/semanage.8 2010-07-30 13:50:40.000000000 -0400
@@ -1,29 +1,65 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
@ -3070,7 +3189,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.83/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/semanage/seobject.py 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/semanage/seobject.py 2010-07-30 13:50:40.000000000 -0400
@@ -29,47 +29,12 @@
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@ -3826,7 +3945,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if use_file:
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.83/sepolgen-ifgen/Makefile
--- nsapolicycoreutils/sepolgen-ifgen/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sepolgen-ifgen/Makefile 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sepolgen-ifgen/Makefile 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,25 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@ -3855,7 +3974,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+relabel: ;
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
--- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-07-30 13:50:40.000000000 -0400
@@ -0,0 +1,230 @@
+/* Authors: Frank Mayer <mayerf@tresys.com>
+ * and Karl MacMillan <kmacmillan@tresys.com>
@ -4089,7 +4208,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.83/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/restore.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/restore.c 2010-07-30 13:50:40.000000000 -0400
@@ -1,4 +1,5 @@
#include "restore.h"
+#include <glob.h>
@ -4273,7 +4392,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.83/setfiles/restorecon.8
--- nsapolicycoreutils/setfiles/restorecon.8 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/restorecon.8 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/restorecon.8 2010-07-30 13:50:40.000000000 -0400
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
@ -4299,7 +4418,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
show changes in file labels.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.83/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/restore.h 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/restore.h 2010-07-30 13:50:40.000000000 -0400
@@ -27,6 +27,7 @@
int hard_links;
int verbose;
@ -4321,7 +4440,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.83/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/setfiles.8 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/setfiles.8 2010-07-30 13:50:40.000000000 -0400
@@ -31,6 +31,9 @@
.TP
.B \-n
@ -4334,7 +4453,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
suppress non-error output.
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.83/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/setfiles.c 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/setfiles/setfiles.c 2010-07-30 13:50:40.000000000 -0400
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>
@ -4476,7 +4595,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.83/VERSION
--- nsapolicycoreutils/VERSION 2010-06-16 08:03:38.000000000 -0400
+++ policycoreutils-2.0.83/VERSION 2010-07-13 13:32:07.000000000 -0400
+++ policycoreutils-2.0.83/VERSION 2010-07-30 13:50:40.000000000 -0400
@@ -1 +1 @@
-2.0.83
+2.0.82

47
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.83
Release: 7%{?dist}
Release: 18%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -81,6 +81,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
%{__mkdir} -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
%{__mkdir} -p %{buildroot}%{_datadir}/pixmaps
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
@ -91,11 +93,10 @@ install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
tar -jxf %{SOURCE8} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
desktop-file-install --vendor fedora \
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
@ -116,7 +117,7 @@ Requires: audit-libs-python >= %{libauditver}
Requires: /usr/bin/make
Requires(pre): python >= 2.6
Obsoletes: policycoreutils < 2.0.61-2
Requires: setools-libs-python
Requires: setools-libs-python >= setools-3.3.7-6
%description python
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
@ -227,7 +228,6 @@ system-config-selinux is a utility for managing the SELinux environment
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%clean
rm -rf %{buildroot}
@ -295,6 +295,7 @@ rm -rf %{buildroot}
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/seunshare.8*
%{_mandir}/man8/genhomedircon.8*
%doc %{_usr}/share/doc/%{name}-%{version}
%preun
if [ $1 -eq 0 ]; then
@ -314,6 +315,42 @@ fi
exit 0
%changelog
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-18
- Fix sandbox error handling
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-17
- Apply patch to restorecond from Chris Adams, which will cause restorecond
- to watch first user that logs in.
* Thu Aug 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-16
- Add COPYING file to doc dir
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-15
- Update po and translations
Resolves: #610473
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-14
- More fixes for polgen tools
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-13
- Remove requirement to run selinux-polgen as root
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-12
- Update po and translations
- Fix gui policy generation tools
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-11
- Update po and translations
* Sat Jul 31 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.83-10
- rebuild against python 2.7
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
- Update selinux-polgengui to sepolgen policy generation
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-8
- Fix invalid free in seunshare and fix man page
* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-7
- Update translations

34
selinux-polgengui.desktop
View File

@ -1,20 +1,54 @@
[Desktop Entry]
Name=SELinux Policy Generation Tool
Name[bn_IN]="SELinux Policy ি "
Name[de]="Tool zur Erstellung von SELinux-Richtlinien"
Name[es]="Herramienta de Generación de Políticas de SELinux"
Name[fr]="Outil de génération de stratégies SELinux"
Name[gu]="SELinux િ "
Name[hi]="SELinux ि "
Name[it]="Tool di generazione della policy di SELinux"
Name[ja]="SELinux "
Name[kn]="SELinux ಿಿ "
Name[ko]="SELinux "
Name[ml]="SELinux ിി "
Name[mr]="SELinux ि "
Name[nl]="SELinux tactiek generatie gereedschap"
Name[or]="SELinux ି ି "
Name[pa]="SELinux ਿ ਿ "
Name[pl]="Narzędzie tworzenia polityki SELinuksa"
Name[pt]="Ferramenta de Geração de Políticas SELinux"
Name[pt_BR]="Ferramenta de criação de políticas do SELinux"
Name[ru]="Средство создания политики SELinux"
Name[sv]="Genereringsverktyg för SELinuxpolicy"
Name[ta]="SELinux ிி ி ி"
Name[te]="SELinux ి"
Name[zh_CN]="SELinux "
Name[zh_TW]="SELinux SELinux Policy Generation Tool"
Comment=Generate SELinux policy modules
Comment[bn_IN]="SELinux িি ি ি "
Comment[de]="Tool zur Erstellung von SELinux-Richtlinien"
Comment[es]="Generar módulos de política de SELinux"
Comment[fr]="Génére des modules de stratégie SELinux"
Comment[gu]="SELinux િ "
Comment[hi]=" ि "
Comment[it]="Genera moduli della politica di SELinux"
Comment[ja]=""
Comment[kn]="SELinux ಿಿ ಿ"
Comment[ko]="SELinux "
Comment[ml]="SELinux ിി "
Comment[mr]="SELinux ि "
Comment[nl]="Maak een SELinux tactiek module aan"
Comment[or]="SELinux ି ି"
Comment[pa]="SELinux ਿ ਿ "
Comment[pl]="Tworzenie nowych modułów polityki SELinuksa"
Comment[pt]="Gerar módulos de políticas SELinux"
Comment[pt_BR]="Gerar módulos de política do SELinux"
Comment[ru]="Генерация модулей политики SELinux"
Comment[sv]="Generera SELinux-policymoduler"
Comment[ta]="SELinux ி "
Comment[te]="SELinux ి"
Comment[zh_CN]=" SELinux "
Comment[zh_TW]=" SELinux "
StartupNotify=true
Icon=system-config-selinux
Exec=/usr/bin/selinux-polgengui

34
system-config-selinux.desktop
View File

@ -1,20 +1,54 @@
[Desktop Entry]
Name=SELinux Management
Name[bn_IN]="SELinux ি"
Name[de]="SELinux-Management"
Name[es]="Administración de SELinux"
Name[fr]="Gestion de SELinux"
Name[gu]="SELinux "
Name[hi]="SELinux "
Name[jp]="SELinux "
Name[it]="Gestione di SELinux"
Name[kn]="SELinux "
Name[ko]="SELinux "
Name[ml]="SELinux "
Name[mr]="SELinux "
Name[nl]="SELinux beheer"
Name[or]="SELinux ି"
Name[pa]="SELinux "
Name[pl]="Zarządzanie SELinuksem"
Name[pt_BR]="Gerenciamento do SELinux"
Name[pt]="Gestão de SELinux"
Name[ru]="Управление SELinux"
Name[sv]="SELinux-hantering"
Name[ta]="SELinux "
Name[te]="SELinux ి"
Name[zh_CN]="SELinux "
Name[zh_TW]="SELinux "
Comment=Configure SELinux in a graphical setting
Comment[bn_IN]="ি ি SELinux ি "
Comment[de]="SELinux in einer grafischen Einstellung konfigurieren"
Comment[es]="Defina SELinux en una configuración de interfaz gráfica"
Comment[fr]="Configure SELinux dans un environnement graphique"
Comment[gu]="િ SELinux િ "
Comment[hi]="SELinux ि ि "
Comment[it]="Configura SELinux in una impostazione grafica"
Comment[jp]=" SELinux "
Comment[ko]="SELinux "
Comment[kn]="SELinux ಿ ಿಿ ಿಿ"
Comment[ml]=" ി ി SELinux ി"
Comment[mr]="ि ि SELinux "
Comment[nl]="Configureer SELinux in een grafische omgeving"
Comment[or]="SELinux ି ି "
Comment[pa]="SELinux ਿ ਿ ਿ "
Comment[pl]="Konfiguracja SELinuksa w trybie graficznym"
Comment[pt]="Configurar o SELinux num ambiente gráfico"
Comment[pt_BR]="Configure o SELinux em uma configuração gráfica"
Comment[ru]="Настройка SELinux в графическом режиме"
Comment[sv]="Konfigurera SELinux i en grafisk miljö"
Comment[ta]="SELinux ி "
Comment[te]="SELinux ి ి"
Comment[zh_CN]=" SELinux"
Comment[zh_TW]=" SELinux"
StartupNotify=true
Icon=system-config-selinux
Exec=/usr/bin/system-config-selinux