- Fix sandbox error handling
This commit is contained in:
parent
27aa4ea173
commit
8ceb5eceb9
File diff suppressed because it is too large
Load Diff
64915
policycoreutils-po.patch
64915
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,6 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.83/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/audit2allow/audit2allow 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/audit2allow/audit2allow 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
|
@ -121,7 +121,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
app = AuditToPolicy()
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.83/audit2allow/audit2allow.1
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.1 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -66,6 +66,9 @@
|
||||
.B "\-M <modulename>"
|
||||
Generate loadable module package, conflicts with -o
|
||||
|
@ -134,7 +134,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
.I <outputfile>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.83/audit2allow/sepolgen-ifgen
|
||||
--- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/audit2allow/sepolgen-ifgen 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/audit2allow/sepolgen-ifgen 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
|
@ -230,7 +230,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.83/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/Makefile 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui
|
||||
|
@ -239,7 +239,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.83/newrole/newrole.c
|
||||
--- nsapolicycoreutils/newrole/newrole.c 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/newrole/newrole.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/newrole/newrole.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1334,6 +1334,9 @@
|
||||
|
||||
if (send_audit_message(1, old_context, new_context, ttyn))
|
||||
|
@ -252,7 +252,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
goto err_close_pam_session;
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.83/restorecond/Makefile
|
||||
--- nsapolicycoreutils/restorecond/Makefile 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/Makefile 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,17 +1,28 @@
|
||||
# Installation directories.
|
||||
PREFIX ?= ${DESTDIR}/usr
|
||||
|
@ -301,14 +301,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
/sbin/restorecon $(SBINDIR)/restorecond
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service
|
||||
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/org.selinux.Restorecond.service 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,3 @@
|
||||
+[D-BUS Service]
|
||||
+Name=org.selinux.Restorecond
|
||||
+Exec=/usr/sbin/restorecond -u
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.83/restorecond/restorecond.8
|
||||
--- nsapolicycoreutils/restorecond/restorecond.8 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.8 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -3,7 +3,7 @@
|
||||
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
|
||||
|
||||
|
@ -345,7 +345,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
.BR restorecon (8),
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.83/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -30,9 +30,11 @@
|
||||
* and makes sure that there security context matches the systems defaults
|
||||
*
|
||||
|
@ -850,7 +850,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.83/restorecond/restorecond.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.conf 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.conf 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -4,8 +4,5 @@
|
||||
/etc/mtab
|
||||
/var/run/utmp
|
||||
|
@ -863,7 +863,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
-
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.83/restorecond/restorecond.desktop
|
||||
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.desktop 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.desktop 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+[Desktop Entry]
|
||||
+Name=File Context maintainer
|
||||
|
@ -874,7 +874,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+StartupNotify=false
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.83/restorecond/restorecond.h
|
||||
--- nsapolicycoreutils/restorecond/restorecond.h 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.h 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.h 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -24,7 +24,22 @@
|
||||
#ifndef RESTORED_CONFIG_H
|
||||
#define RESTORED_CONFIG_H
|
||||
|
@ -902,7 +902,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
#endif
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.83/restorecond/restorecond.init
|
||||
--- nsapolicycoreutils/restorecond/restorecond.init 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.init 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond.init 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -26,7 +26,7 @@
|
||||
# Source function library.
|
||||
. /etc/rc.d/init.d/functions
|
||||
|
@ -933,13 +933,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
-
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.83/restorecond/restorecond_user.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond_user.conf 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/restorecond_user.conf 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,2 @@
|
||||
+~/*
|
||||
+~/public_html/*
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.83/restorecond/user.c
|
||||
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/restorecond/user.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/user.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,239 @@
|
||||
+/*
|
||||
+ * restorecond
|
||||
|
@ -1180,9 +1180,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+ return 0;
|
||||
+}
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.83/restorecond/utmpwatcher.c
|
||||
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/utmpwatcher.c 2010-08-13 10:00:27.000000000 -0400
|
||||
@@ -72,8 +72,8 @@
|
||||
if (utmp_wd == -1)
|
||||
exitApp("Error watching utmp file.");
|
||||
|
||||
+ changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
||||
if (prev_utmp_ptr) {
|
||||
- changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
|
||||
strings_list_free(prev_utmp_ptr);
|
||||
}
|
||||
return changed;
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.83/restorecond/watch.c
|
||||
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/restorecond/watch.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/restorecond/watch.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,260 @@
|
||||
+#define _GNU_SOURCE
|
||||
+#include <sys/inotify.h>
|
||||
|
@ -1446,7 +1459,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+}
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.83/sandbox/deliverables/basicwrapper
|
||||
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/deliverables/basicwrapper 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/deliverables/basicwrapper 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,4 @@
|
||||
+import os, sys
|
||||
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
|
||||
|
@ -1454,7 +1467,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.83/sandbox/deliverables/README
|
||||
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/deliverables/README 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/deliverables/README 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,32 @@
|
||||
+Files:
|
||||
+run-in-sandbox.py:
|
||||
|
@ -1490,7 +1503,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+Chris Pardy
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py
|
||||
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/deliverables/run-in-sandbox.py 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,49 @@
|
||||
+import os
|
||||
+import os.path
|
||||
|
@ -1543,7 +1556,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.83/sandbox/Makefile
|
||||
--- nsapolicycoreutils/sandbox/Makefile 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/Makefile 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -7,8 +7,8 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LOCALEDIR ?= /usr/share/locale
|
||||
|
@ -1576,7 +1589,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
@python test_sandbox.py -v
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.83/sandbox/sandbox
|
||||
--- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox 2010-08-13 15:05:03.000000000 -0400
|
||||
@@ -1,5 +1,6 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
|
@ -1585,7 +1598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
# Authors: Josh Cogliati
|
||||
#
|
||||
# Copyright (C) 2009,2010 Red Hat
|
||||
@@ -19,11 +20,12 @@
|
||||
@@ -19,15 +20,17 @@
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
|
@ -1599,7 +1612,72 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
PROGNAME = "policycoreutils"
|
||||
HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
|
||||
@@ -218,7 +220,7 @@
|
||||
-
|
||||
+SEUNSHARE = "/usr/sbin/seunshare"
|
||||
+SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
|
||||
import gettext
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
@@ -63,15 +66,15 @@
|
||||
sys.stderr.flush()
|
||||
sys.exit(1)
|
||||
|
||||
-def copyfile(file, dir, dest):
|
||||
+def copyfile(file, srcdir, dest):
|
||||
import re
|
||||
- if file.startswith(dir):
|
||||
+ if file.startswith(srcdir):
|
||||
dname = os.path.dirname(file)
|
||||
bname = os.path.basename(file)
|
||||
- if dname == dir:
|
||||
+ if dname == srcdir:
|
||||
dest = dest + "/" + bname
|
||||
else:
|
||||
- newdir = re.sub(dir, dest, dname)
|
||||
+ newdir = re.sub(srcdir, dest, dname)
|
||||
if not os.path.exists(newdir):
|
||||
os.makedirs(newdir)
|
||||
dest = newdir + "/" + bname
|
||||
@@ -83,7 +86,7 @@
|
||||
shutil.copy2(file, dest)
|
||||
except shutil.Error, elist:
|
||||
for e in elist:
|
||||
- sys.stderr.write(e[1])
|
||||
+ sys.stderr.write(str(e[1]))
|
||||
|
||||
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
|
||||
|
||||
@@ -161,10 +164,10 @@
|
||||
if not self.__options.homedir or not self.__options.tmpdir:
|
||||
self.usage(_("Homedir and tempdir required for level mounts"))
|
||||
|
||||
- if not os.path.exists("/usr/sbin/seunshare"):
|
||||
+ if not os.path.exists(SEUNSHARE):
|
||||
raise ValueError(_("""
|
||||
-/usr/sbin/seunshare is required for the action you want to perform.
|
||||
-"""))
|
||||
+%s is required for the action you want to perform.
|
||||
+""") % SEUNSHARE)
|
||||
|
||||
def __mount_callback(self, option, opt, value, parser):
|
||||
self.__mount = True
|
||||
@@ -172,6 +175,15 @@
|
||||
def __x_callback(self, option, opt, value, parser):
|
||||
self.__mount = True
|
||||
setattr(parser.values, option.dest, True)
|
||||
+ if not os.path.exists(SEUNSHARE):
|
||||
+ raise ValueError(_("""
|
||||
+%s is required for the action you want to perform.
|
||||
+""") % SEUNSHARE)
|
||||
+
|
||||
+ if not os.path.exists(SANDBOXSH):
|
||||
+ raise ValueError(_("""
|
||||
+%s is required for the action you want to perform.
|
||||
+""") % SANDBOXSH)
|
||||
|
||||
def __validdir(self, option, opt, value, parser):
|
||||
if not os.path.isdir(value):
|
||||
@@ -218,7 +230,7 @@
|
||||
/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
||||
%s &
|
||||
WM_PID=$!
|
||||
|
@ -1608,7 +1686,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
kill -TERM $WM_PID 2> /dev/null
|
||||
""" % (command, wm, command))
|
||||
fd.close()
|
||||
@@ -230,9 +232,9 @@
|
||||
@@ -230,9 +242,9 @@
|
||||
def __parse_options(self):
|
||||
from optparse import OptionParser
|
||||
usage = _("""
|
||||
|
@ -1620,7 +1698,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
""")
|
||||
|
||||
parser = OptionParser(version=self.VERSION, usage=usage)
|
||||
@@ -276,6 +278,10 @@
|
||||
@@ -276,6 +288,10 @@
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
help=_("MCS/MLS level for the sandbox"))
|
||||
|
||||
|
@ -1631,7 +1709,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
self.__parser=parser
|
||||
|
||||
self.__options, cmds = parser.parse_args()
|
||||
@@ -351,22 +357,24 @@
|
||||
@@ -351,22 +367,24 @@
|
||||
|
||||
def __execute(self):
|
||||
try:
|
||||
|
@ -1647,7 +1725,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
- rc = subprocess.Popen(cmds).wait()
|
||||
- return rc
|
||||
-
|
||||
+ cmds = [ '/usr/sbin/seunshare', "-Z", self.__execcon ]
|
||||
+ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
|
||||
+ if self.__options.usecgroup == True:
|
||||
+ cmds.append('-c')
|
||||
if self.__mount:
|
||||
|
@ -1664,7 +1742,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+
|
||||
+ self.__setup_sandboxrc(self.__options.wm)
|
||||
+
|
||||
+ cmds += [ "--", "/usr/share/sandbox/sandboxX.sh" ]
|
||||
+ cmds += [ "--", SANDBOXSH ]
|
||||
+ else:
|
||||
+ cmds += [ "--" ] + self.__paths
|
||||
+ return subprocess.Popen(cmds).wait()
|
||||
|
@ -1673,7 +1751,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
rc = subprocess.Popen(self.__cmds).wait()
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.83/sandbox/sandbox.8
|
||||
--- nsapolicycoreutils/sandbox/sandbox.8 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-07-26 11:14:40.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,9 +1,12 @@
|
||||
-.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||
+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
|
||||
|
@ -1719,7 +1797,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf policycoreutils-2.0.83/sandbox/sandbox.conf
|
||||
--- nsapolicycoreutils/sandbox/sandbox.conf 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.conf 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.conf 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+# Space separate list of homedirs
|
||||
+HOMEDIRS="/home"
|
||||
|
@ -1730,7 +1808,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+CPUUSAGE=80%
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf.5 policycoreutils-2.0.83/sandbox/sandbox.conf.5
|
||||
--- nsapolicycoreutils/sandbox/sandbox.conf.5 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.conf.5 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.conf.5 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,40 @@
|
||||
+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
|
||||
+.SH NAME
|
||||
|
@ -1778,16 +1856,43 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
@@ -1,2 +0,0 @@
|
||||
-# Space separate list of homedirs
|
||||
-HOMEDIRS="/home"
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.83/sandbox/sandbox.init
|
||||
--- nsapolicycoreutils/sandbox/sandbox.init 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/sandbox.init 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -10,17 +10,12 @@
|
||||
#
|
||||
# chkconfig: 345 1 99
|
||||
#
|
||||
-# Description: sandbox and other apps that want to use pam_namespace
|
||||
-# on /var/tmp, /tmp and home directories, requires this script
|
||||
-# to be run at boot time.
|
||||
-# This script sets up the / mount point and all of its
|
||||
-# subdirectories as shared. The script sets up
|
||||
-# /tmp, /var/tmp, /home and any homedirs listed in
|
||||
-# /etc/sysconfig/sandbox and all of their subdirectories
|
||||
-# as unshared.
|
||||
-# All processes that use pam_namespace will see
|
||||
-# modifications to the global mountspace, except for the
|
||||
-# unshared directories.
|
||||
+# description: sandbox, xguest and other apps that want to use pam_namespace \
|
||||
+# require this script be run at boot. This service script does \
|
||||
+# not actually run any service but sets up: \
|
||||
+# /var/tmp, /tmp and home directories to be used by these tools.\
|
||||
+# If you do not use sandbox, xguest or pam_namespace you can turn \
|
||||
+# this service off.\
|
||||
#
|
||||
|
||||
# Source function library.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.8 policycoreutils-2.0.83/sandbox/seunshare.8
|
||||
--- nsapolicycoreutils/sandbox/seunshare.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.8 2010-07-13 13:32:07.000000000 -0400
|
||||
@@ -0,0 +1,34 @@
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,37 @@
|
||||
+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
|
||||
+.SH NAME
|
||||
+seunshare \- Run cmd under an SELinux context
|
||||
+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
|
||||
+.SH SYNOPSIS
|
||||
+.B seunshare
|
||||
+[ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args]
|
||||
+[ -v ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
|
||||
+.br
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
|
@ -1805,6 +1910,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+\fB\-c cgroups\fR
|
||||
+Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
|
||||
+.TP
|
||||
+\fB\-Z\ context
|
||||
+Use alternate SELinux context while runing the executable.
|
||||
+.TP
|
||||
+\fB\-v\fR
|
||||
+Verbose output
|
||||
+.SH "SEE ALSO"
|
||||
|
@ -1818,7 +1926,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.83/sandbox/seunshare.c
|
||||
--- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sandbox/seunshare.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,13 +1,20 @@
|
||||
+/*
|
||||
+ * Authors: Dan Walsh <dwalsh@redhat.com>
|
||||
|
@ -2180,7 +2288,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
}
|
||||
|
||||
if (display)
|
||||
@@ -308,6 +518,7 @@
|
||||
@@ -308,14 +518,12 @@
|
||||
setsid();
|
||||
execv(argv[optind], argv + optind);
|
||||
free(display);
|
||||
|
@ -2188,9 +2296,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
perror("execv");
|
||||
exit(-1);
|
||||
} else {
|
||||
waitpid(child, &status, 0);
|
||||
}
|
||||
|
||||
- free(tmpdir_s);
|
||||
- free(homedir_s);
|
||||
-
|
||||
return status;
|
||||
}
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.83/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/chcat 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/chcat 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
|
@ -2199,7 +2315,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
#
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.83/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/fixfiles 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/fixfiles 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -21,6 +21,17 @@
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
|
||||
|
@ -2293,7 +2409,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.83/scripts/genhomedircon.8
|
||||
--- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/scripts/genhomedircon.8 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/genhomedircon.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,37 @@
|
||||
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
|
||||
+.\" Copyright (c) 2010 Dan Walsh <dwalsh@redhat.com>
|
||||
|
@ -2334,7 +2450,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+.I Dan Walsh <dwalsh@redhat.com>
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.83/scripts/Makefile
|
||||
--- nsapolicycoreutils/scripts/Makefile 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/Makefile 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/scripts/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -14,6 +14,7 @@
|
||||
install -m 755 genhomedircon $(SBINDIR)
|
||||
-mkdir -p $(MANDIR)/man8
|
||||
|
@ -2345,7 +2461,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
clean:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c
|
||||
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/default_encoding.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,59 @@
|
||||
+/*
|
||||
+ * Authors:
|
||||
|
@ -2408,7 +2524,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+}
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.83/semanage/default_encoding/Makefile
|
||||
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/Makefile 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,8 @@
|
||||
+all:
|
||||
+ LDFLAGS="" python setup.py build
|
||||
|
@ -2420,7 +2536,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+ rm -rf build *~
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py
|
||||
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/policycoreutils/__init__.py 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,17 @@
|
||||
+#
|
||||
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
|
||||
|
@ -2441,7 +2557,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+#
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.83/semanage/default_encoding/setup.py
|
||||
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/setup.py 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/default_encoding/setup.py 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,38 @@
|
||||
+# Authors:
|
||||
+# John Dennis <jdennis@redhat.com>
|
||||
|
@ -2483,7 +2599,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.83/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/semanage 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/semanage 2010-08-13 15:13:19.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/python -E
|
||||
+#! /usr/bin/python -Es
|
||||
|
@ -2498,7 +2614,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
import sys, getopt, re
|
||||
import seobject
|
||||
import selinux
|
||||
@@ -32,25 +33,34 @@
|
||||
@@ -32,27 +33,36 @@
|
||||
try:
|
||||
gettext.install(PROGNAME,
|
||||
localedir="/usr/share/locale",
|
||||
|
@ -2535,8 +2651,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
-semanage fcontext -{a|d|m} [-frst] file_spec
|
||||
+semanage fcontext -{a|d|m} [-efrst] file_spec
|
||||
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
|
||||
semanage permissive -{d|a} type
|
||||
-semanage permissive -{d|a} type
|
||||
+semanage permissive -{d|a|l} type
|
||||
semanage dontaudit [ on | off ]
|
||||
|
||||
Primary Options:
|
||||
@@ -61,7 +71,9 @@
|
||||
-d, --delete Delete a OBJECT record NAME
|
||||
-m, --modify Modify a OBJECT record NAME
|
||||
|
@ -2893,7 +3012,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+ errorExit(error.args[1])
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.83/semanage/semanage.8
|
||||
--- nsapolicycoreutils/semanage/semanage.8 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/semanage.8 2010-07-20 09:10:03.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/semanage.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,29 +1,65 @@
|
||||
-.TH "semanage" "8" "2005111103" "" ""
|
||||
+.TH "semanage" "8" "20100223" "" ""
|
||||
|
@ -3070,7 +3189,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.83/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/seobject.py 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/semanage/seobject.py 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -29,47 +29,12 @@
|
||||
import gettext
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
|
@ -3826,7 +3945,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
if use_file:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.83/sepolgen-ifgen/Makefile
|
||||
--- nsapolicycoreutils/sepolgen-ifgen/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sepolgen-ifgen/Makefile 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sepolgen-ifgen/Makefile 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,25 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
|
@ -3855,7 +3974,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+relabel: ;
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
|
||||
--- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -0,0 +1,230 @@
|
||||
+/* Authors: Frank Mayer <mayerf@tresys.com>
|
||||
+ * and Karl MacMillan <kmacmillan@tresys.com>
|
||||
|
@ -4089,7 +4208,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
+}
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.83/setfiles/restore.c
|
||||
--- nsapolicycoreutils/setfiles/restore.c 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/restore.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/restore.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1,4 +1,5 @@
|
||||
#include "restore.h"
|
||||
+#include <glob.h>
|
||||
|
@ -4273,7 +4392,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.83/setfiles/restorecon.8
|
||||
--- nsapolicycoreutils/setfiles/restorecon.8 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/restorecon.8 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/restorecon.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -4,10 +4,10 @@
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -4299,7 +4418,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
show changes in file labels.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.83/setfiles/restore.h
|
||||
--- nsapolicycoreutils/setfiles/restore.h 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/restore.h 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/restore.h 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -27,6 +27,7 @@
|
||||
int hard_links;
|
||||
int verbose;
|
||||
|
@ -4321,7 +4440,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
#endif
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.83/setfiles/setfiles.8
|
||||
--- nsapolicycoreutils/setfiles/setfiles.8 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/setfiles.8 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/setfiles.8 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -31,6 +31,9 @@
|
||||
.TP
|
||||
.B \-n
|
||||
|
@ -4334,7 +4453,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
suppress non-error output.
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.83/setfiles/setfiles.c
|
||||
--- nsapolicycoreutils/setfiles/setfiles.c 2010-05-19 14:45:51.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/setfiles.c 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/setfiles/setfiles.c 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -5,7 +5,6 @@
|
||||
#include <ctype.h>
|
||||
#include <regex.h>
|
||||
|
@ -4476,7 +4595,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
|
|||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/VERSION policycoreutils-2.0.83/VERSION
|
||||
--- nsapolicycoreutils/VERSION 2010-06-16 08:03:38.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/VERSION 2010-07-13 13:32:07.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/VERSION 2010-07-30 13:50:40.000000000 -0400
|
||||
@@ -1 +1 @@
|
||||
-2.0.83
|
||||
+2.0.82
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.83
|
||||
Release: 7%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -81,6 +81,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
|
|||
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
|
||||
%{__mkdir} -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
|
||||
%{__mkdir} -p %{buildroot}%{_datadir}/pixmaps
|
||||
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
||||
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
||||
|
||||
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
|
@ -91,11 +93,10 @@ install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
|
|||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
|
||||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
|
||||
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
|
||||
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
|
||||
tar -jxf %{SOURCE8} -C %{buildroot}/
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
|
||||
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
|
||||
|
||||
desktop-file-install --vendor fedora \
|
||||
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
|
||||
|
@ -116,7 +117,7 @@ Requires: audit-libs-python >= %{libauditver}
|
|||
Requires: /usr/bin/make
|
||||
Requires(pre): python >= 2.6
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Requires: setools-libs-python
|
||||
Requires: setools-libs-python >= setools-3.3.7-6
|
||||
|
||||
%description python
|
||||
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
||||
|
@ -227,7 +228,6 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
@ -295,6 +295,7 @@ rm -rf %{buildroot}
|
|||
%{_mandir}/ru/man1/secon.1*
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/man8/genhomedircon.8*
|
||||
%doc %{_usr}/share/doc/%{name}-%{version}
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
|
@ -314,6 +315,42 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-18
|
||||
- Fix sandbox error handling
|
||||
|
||||
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-17
|
||||
- Apply patch to restorecond from Chris Adams, which will cause restorecond
|
||||
- to watch first user that logs in.
|
||||
|
||||
* Thu Aug 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-16
|
||||
- Add COPYING file to doc dir
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-15
|
||||
- Update po and translations
|
||||
Resolves: #610473
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-14
|
||||
- More fixes for polgen tools
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-13
|
||||
- Remove requirement to run selinux-polgen as root
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-12
|
||||
- Update po and translations
|
||||
- Fix gui policy generation tools
|
||||
|
||||
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-11
|
||||
- Update po and translations
|
||||
|
||||
* Sat Jul 31 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.83-10
|
||||
- rebuild against python 2.7
|
||||
|
||||
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
|
||||
- Update selinux-polgengui to sepolgen policy generation
|
||||
|
||||
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-8
|
||||
- Fix invalid free in seunshare and fix man page
|
||||
|
||||
* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-7
|
||||
- Update translations
|
||||
|
||||
|
|
|
@ -1,20 +1,54 @@
|
|||
[Desktop Entry]
|
||||
Name=SELinux Policy Generation Tool
|
||||
Name[bn_IN]="SELinux Policy নির্মাণের সামগ্রী"
|
||||
Name[de]="Tool zur Erstellung von SELinux-Richtlinien"
|
||||
Name[es]="Herramienta de Generación de Políticas de SELinux"
|
||||
Name[fr]="Outil de génération de stratégies SELinux"
|
||||
Name[gu]="SELinux પોલિસી બનાવટ સાધન"
|
||||
Name[hi]="SELinux पॉलिसी जनन औजार"
|
||||
Name[it]="Tool di generazione della policy di SELinux"
|
||||
Name[ja]="SELinux ポリシー生成ツール"
|
||||
Name[kn]="SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ"
|
||||
Name[ko]="SELinux 정책 생성 도구"
|
||||
Name[ml]="SELinux പോളിസി ഉത്പാദന പ്രയോഗം"
|
||||
Name[mr]="SELinux करार निर्माण साधन"
|
||||
Name[nl]="SELinux tactiek generatie gereedschap"
|
||||
Name[or]="SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ"
|
||||
Name[pa]="SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ"
|
||||
Name[pl]="Narzędzie tworzenia polityki SELinuksa"
|
||||
Name[pt]="Ferramenta de Geração de Políticas SELinux"
|
||||
Name[pt_BR]="Ferramenta de criação de políticas do SELinux"
|
||||
Name[ru]="Средство создания политики SELinux"
|
||||
Name[sv]="Genereringsverktyg för SELinuxpolicy"
|
||||
Name[ta]="SELinux பாலிசி உற்பத்தி கருவி"
|
||||
Name[te]="SELinux నిర్వహణ"
|
||||
Name[zh_CN]="SELinux 策略生成工具"
|
||||
Name[zh_TW]="SELinux 政策產生工具(SELinux Policy Generation Tool)"
|
||||
Comment=Generate SELinux policy modules
|
||||
Comment[bn_IN]="SELinux নিয়মনীতির মডিউল নির্মাণ করুন"
|
||||
Comment[de]="Tool zur Erstellung von SELinux-Richtlinien"
|
||||
Comment[es]="Generar módulos de política de SELinux"
|
||||
Comment[fr]="Génére des modules de stratégie SELinux"
|
||||
Comment[gu]="SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો"
|
||||
Comment[hi]="नया पॉलिसी मॉड्यूल उत्पन्न करें"
|
||||
Comment[it]="Genera moduli della politica di SELinux"
|
||||
Comment[ja]="新しいポリシーモジュールの作成"
|
||||
Comment[kn]="SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು"
|
||||
Comment[ko]="SELinux 정책 모듈 생성"
|
||||
Comment[ml]="SELinux യ പോളിസി ഘങ്ങള് തയ്യാറാക്കുക"
|
||||
Comment[mr]="SELinux करार घटके निर्माण करा"
|
||||
Comment[nl]="Maak een SELinux tactiek module aan"
|
||||
Comment[or]="SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ"
|
||||
Comment[pa]="SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ"
|
||||
Comment[pl]="Tworzenie nowych modułów polityki SELinuksa"
|
||||
Comment[pt]="Gerar módulos de políticas SELinux"
|
||||
Comment[pt_BR]="Gerar módulos de política do SELinux"
|
||||
Comment[ru]="Генерация модулей политики SELinux"
|
||||
Comment[sv]="Generera SELinux-policymoduler"
|
||||
Comment[ta]="SELinux கொள்கை தொகுதியை உருவாக்கவும்"
|
||||
Comment[te]="SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము"
|
||||
Comment[zh_CN]="生成 SELinux 策略模块"
|
||||
Comment[zh_TW]="產生 SELinux 政策模組"
|
||||
StartupNotify=true
|
||||
Icon=system-config-selinux
|
||||
Exec=/usr/bin/selinux-polgengui
|
||||
|
|
|
@ -1,20 +1,54 @@
|
|||
[Desktop Entry]
|
||||
Name=SELinux Management
|
||||
Name[bn_IN]="SELinux পরিচালনা"
|
||||
Name[de]="SELinux-Management"
|
||||
Name[es]="Administración de SELinux"
|
||||
Name[fr]="Gestion de SELinux"
|
||||
Name[gu]="SELinux સંચાલન"
|
||||
Name[hi]="SELinux प्रबंधन"
|
||||
Name[jp]="SELinux 管理"
|
||||
Name[it]="Gestione di SELinux"
|
||||
Name[kn]="SELinux ವ್ಯವಸ್ಥಾಪನೆ"
|
||||
Name[ko]="SELinux 관리"
|
||||
Name[ml]="SELinux മാനേജ്മെന്റ്"
|
||||
Name[mr]="SELinux मॅनेजमेंट"
|
||||
Name[nl]="SELinux beheer"
|
||||
Name[or]="SELinux ପରିଚାଳନା"
|
||||
Name[pa]="SELinux ਮੈਨੇਜਮੈਂਟ"
|
||||
Name[pl]="Zarządzanie SELinuksem"
|
||||
Name[pt_BR]="Gerenciamento do SELinux"
|
||||
Name[pt]="Gestão de SELinux"
|
||||
Name[ru]="Управление SELinux"
|
||||
Name[sv]="SELinux-hantering"
|
||||
Name[ta]="SELinux மேலாண்மை"
|
||||
Name[te]="SELinux నిర్వహణ"
|
||||
Name[zh_CN]="SELinux 管理"
|
||||
Name[zh_TW]="SELinux 管理"
|
||||
Comment=Configure SELinux in a graphical setting
|
||||
Comment[bn_IN]="গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন"
|
||||
Comment[de]="SELinux in einer grafischen Einstellung konfigurieren"
|
||||
Comment[es]="Defina SELinux en una configuración de interfaz gráfica"
|
||||
Comment[fr]="Configure SELinux dans un environnement graphique"
|
||||
Comment[gu]="ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો"
|
||||
Comment[hi]="SELinux को आलेखी सेटिंग में विन्यस्त करें"
|
||||
Comment[it]="Configura SELinux in una impostazione grafica"
|
||||
Comment[jp]="グラフィカルな設定画面で SELinux を設定する"
|
||||
Comment[ko]="SELinux를 그래픽 사용자 인터페이스로 설정"
|
||||
Comment[kn]="SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ"
|
||||
Comment[ml]="ഒരു ഗ്രാഫിക്കല് സജ്ജീകരണത്തില് SELinux ക്രമീകരിയ്ക്കുക"
|
||||
Comment[mr]="ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा"
|
||||
Comment[nl]="Configureer SELinux in een grafische omgeving"
|
||||
Comment[or]="SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ"
|
||||
Comment[pa]="SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ"
|
||||
Comment[pl]="Konfiguracja SELinuksa w trybie graficznym"
|
||||
Comment[pt]="Configurar o SELinux num ambiente gráfico"
|
||||
Comment[pt_BR]="Configure o SELinux em uma configuração gráfica"
|
||||
Comment[ru]="Настройка SELinux в графическом режиме"
|
||||
Comment[sv]="Konfigurera SELinux i en grafisk miljö"
|
||||
Comment[ta]="SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும்"
|
||||
Comment[te]="SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము"
|
||||
Comment[zh_CN]="在图形设置中配置 SELinux"
|
||||
Comment[zh_TW]="在圖形話設定中配置 SELinux"
|
||||
StartupNotify=true
|
||||
Icon=system-config-selinux
|
||||
Exec=/usr/bin/system-config-selinux
|
||||
|
|
Loading…
Reference in New Issue