diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 0790960..66c64b7 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -1,7 +1,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.7/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/booleansPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,199 @@ ++++ policycoreutils-2.0.7/gui/booleansPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,202 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# @@ -175,6 +175,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + self.booleansView.append_column(col) + self.refreshBooleans() + ++ def use_menus(self): ++ return False ++ + def get_description(self): + return _("Boolean") + @@ -203,8 +206,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + commands.getstatusoutput(setsebool) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.7/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/fcontextPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,172 @@ ++++ policycoreutils-2.0.7/gui/fcontextPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,185 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -229,8 +232,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli +import libxml2 +import gobject +import seobject ++import commands +from semanagePage import *; + ++SPEC_COL = 0 ++TYPE_COL = 1 ++FTYPE_COL = 2 ++ +class context: + def __init__(self, scontext): + self.scontext = scontext @@ -268,22 +276,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + self.view.set_model(self.store) +# self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + -+ col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=0) ++ col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=SPEC_COL) + col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(250) + -+ col.set_sort_column_id(0) ++ col.set_sort_column_id(SPEC_COL) + col.set_resizable(True) + self.view.append_column(col) -+ col = gtk.TreeViewColumn(_("Selinux\nFile Context"), gtk.CellRendererText(), text=1) ++ col = gtk.TreeViewColumn(_("Selinux\nFile Context"), gtk.CellRendererText(), text=TYPE_COL) + + col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(250) -+ col.set_sort_column_id(1) ++ col.set_sort_column_id(TYPE_COL) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("File\nType"), gtk.CellRendererText(), text=2) -+ col.set_sort_column_id(2) ++ col.set_sort_column_id(FTYPE_COL) + col.set_resizable(True) + self.view.append_column(col) + self.load() @@ -305,8 +313,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + self.store.clear() + for fcon in fcon_list: + iter=self.store.append() -+ self.store.set_value(iter, 0, fcon[0]) -+ self.store.set_value(iter, 2, fcon[1]) ++ self.store.set_value(iter, SPEC_COL, fcon[0]) ++ self.store.set_value(iter, FTYPE_COL, fcon[1]) + if len(fcon) > 3: + rec="%s:%s:%s:%s " % (fcon[2], fcon[3],fcon[4], seobject.translate(fcon[5],False)) + else: @@ -316,13 +324,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() -+ self.fcontextEntry.set_text(store.get_value(iter, 0)) ++ self.fcontextEntry.set_text(store.get_value(iter, SPEC_COL)) + self.fcontextEntry.set_sensitive(False) -+ scontext = store.get_value(iter, 1) ++ scontext = store.get_value(iter, TYPE_COL) + scon=context(scontext) + self.fcontextTypeEntry.set_text(scon.type) + self.fcontextMLSEntry.set_text(scon.mls) -+ type=store.get_value(iter, 2) ++ type=store.get_value(iter, FTYPE_COL) + liststore=self.fcontextFileTypeCombo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != type: @@ -341,9 +349,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: -+ fspec=store.get_value(iter, 0) -+ type=store.get_value(iter, 1) -+ self.fcontext.delete(fspec, type) ++ fspec=store.get_value(iter, SPEC_COL) ++ ftype=store.get_value(iter, FTYPE_COL) ++ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' %s" % (ftype, fspec)) ++ ++ if rc != 0: ++ return self.error(out) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: @@ -356,13 +367,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + list_model=self.fcontextFileTypeCombo.get_model() + iter = self.fcontextFileTypeCombo.get_active_iter() + ftype=list_model.get_value(iter,0) -+ -+ self.fcontext.add(fspec, type, ftype, mls) -+ ++ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec)) ++ if rc != 0: ++ self.error(out) ++ return False ++ + iter=self.store.append() -+ self.store.set_value(iter, 0, fspec) -+ self.store.set_value(iter, 2, ftype) -+ self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) ++ self.store.set_value(iter, SPEC_COL, fspec) ++ self.store.set_value(iter, FTYPE_COL, ftype) ++ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls)) + + def modify(self): + fspec=self.fcontextEntry.get_text().strip() @@ -371,16 +384,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + list_model=self.fcontextFileTypeCombo.get_model() + iter = self.fcontextFileTypeCombo.get_active_iter() + ftype=list_model.get_value(iter,0) -+ self.fcontext.modify(fspec, type, ftype, mls, "") ++ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec)) ++ if rc != 0: ++ self.error(out) ++ return False + + store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, 0, fspec) -+ self.store.set_value(iter, 2, ftype) -+ self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) ++ self.store.set_value(iter, SPEC_COL, fspec) ++ self.store.set_value(iter, FTYPE_COL, ftype) ++ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls)) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.7/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/loginsPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,161 @@ ++++ policycoreutils-2.0.7/gui/loginsPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,173 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -406,6 +422,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy +import libxml2 +import gobject +import sys ++import commands +import seobject +from semanagePage import *; + @@ -508,7 +525,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + if login == "root" or login == "__default__": + raise ValueError(_("Login '%s' is required") % login) + -+ self.login.delete(login) ++ (rc, out) = commands.getstatusoutput("semanage login -d %s" % login) ++ if rc != 0: ++ self.error(out) ++ return False + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: @@ -522,7 +542,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + list_model=self.loginsSelinuxUserCombo.get_model() + iter = self.loginsSelinuxUserCombo.get_active_iter() + seuser = list_model.get_value(iter,0) -+ self.login.add(target, seuser, serange) ++ (rc, out) = commands.getstatusoutput("semanage login -a -s %s -r %s %s" % (seuser, serange, target)) ++ if rc != 0: ++ self.error(out) ++ return False ++ + iter = self.store.append() + self.store.set_value(iter, 0, target) + self.store.set_value(iter, 1, seuser) @@ -536,7 +560,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + list_model = self.loginsSelinuxUserCombo.get_model() + iter = self.loginsSelinuxUserCombo.get_active_iter() + seuser=list_model.get_value(iter,0) -+ self.login.modify(target, seuser, serange) ++ (rc, out) = commands.getstatusoutput("semanage login -m -s %s -r %s %s" % (seuser, serange, target)) ++ if rc != 0: ++ self.error(out) ++ return False ++ + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, target) + self.store.set_value(iter, 1, seuser) @@ -578,7 +606,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu +relabel: diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.7/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/mappingsPage.py 2007-03-01 17:37:41.000000000 -0500 ++++ policycoreutils-2.0.7/gui/mappingsPage.py 2007-03-17 12:13:24.000000000 -0400 @@ -0,0 +1,54 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -636,8 +664,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.7/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/modulesPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,161 @@ ++++ policycoreutils-2.0.7/gui/modulesPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,170 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -697,6 +725,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + self.enable_audit_button.connect("clicked", self.enable_audit) + self.disable_audit_button = xml.get_widget("disableAuditButton") + self.disable_audit_button.connect("clicked", self.disable_audit) ++ self.new_button = xml.get_widget("newModuleButton") ++ self.new_button.connect("clicked", self.new_module) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) @@ -730,11 +760,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + + self.view.get_selection().select_path ((0,)) + ++ ++ def new_module(self, args): ++ try: ++ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/polgengui.py") ++ except ValueError, e: ++ self.error(e.args[0]) ++ + def delete(self): + store, iter = self.view.get_selection().get_selected() + module = store.get_value(iter, 0) + try: -+ status, output =commands.getstatusoutput("semodule -r %s" % module) ++ status, output = commands.getstatusoutput("semodule -r %s" % module) + if status != 0: + self.error(output) + else: @@ -799,10 +836,1746 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + + + +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.7/gui/polgen.glade +--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/polgen.glade 2007-03-19 10:45:44.000000000 -0400 +@@ -0,0 +1,1107 @@ ++ ++ ++ ++ ++ ++ ++ True ++ Selinux Policy Generation Tool ++ GTK_WINDOW_TOPLEVEL ++ GTK_WIN_POS_MOUSE ++ False ++ True ++ False ++ True ++ False ++ False ++ GDK_WINDOW_TYPE_HINT_NORMAL ++ GDK_GRAVITY_NORTH_WEST ++ True ++ False ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ 5 ++ 4 ++ False ++ 0 ++ 0 ++ ++ ++ ++ True ++ Name ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 0 ++ 1 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Executable ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 1 ++ 2 ++ 5 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Application Type ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 2 ++ 3 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ True ++ ... ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ 3 ++ 4 ++ 1 ++ 2 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Enter path to executable to be confined. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 3 ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ ++ True ++ Standard Daemon (init) ++Internet services daemon (inetd) ++User Application ++Web Script (CGI) ++ False ++ True ++ ++ ++ 1 ++ 4 ++ 2 ++ 3 ++ fill ++ fill ++ ++ ++ ++ ++ ++ True ++ Enter unigue policy type name for confined application. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 4 ++ 0 ++ 1 ++ ++ ++ ++ ++ ++ ++ True ++ 0 ++ 0.5 ++ GTK_SHADOW_NONE ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 1 ++ 1 ++ 0 ++ 0 ++ 12 ++ 0 ++ ++ ++ ++ True ++ 2 ++ 2 ++ False ++ 0 ++ 0 ++ ++ ++ ++ True ++ TCP Ports ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 0 ++ 1 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ UDP Ports ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 1 ++ 2 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Enter a comma separated list of network ports. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 2 ++ 0 ++ 1 ++ ++ ++ ++ ++ ++ ++ True ++ Enter a comma separated list of network ports. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 2 ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ True ++ <b>Incoming Network Connections</b> ++ False ++ True ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ label_item ++ ++ ++ ++ ++ 0 ++ 4 ++ 3 ++ 4 ++ fill ++ ++ ++ ++ ++ ++ True ++ 0 ++ 0.5 ++ GTK_SHADOW_NONE ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 1 ++ 1 ++ 0 ++ 0 ++ 12 ++ 0 ++ ++ ++ ++ True ++ 2 ++ 2 ++ False ++ 0 ++ 0 ++ ++ ++ ++ True ++ TCP Ports ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 0 ++ 1 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ UDP Ports ++ False ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ 1 ++ 1 ++ 2 ++ fill ++ ++ ++ ++ ++ ++ ++ True ++ Enter a comma separated list of network ports. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 2 ++ 0 ++ 1 ++ ++ ++ ++ ++ ++ ++ True ++ Enter a comma separated list of network ports. ++ True ++ True ++ True ++ 0 ++ ++ True ++ ++ False ++ ++ ++ 1 ++ 2 ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ True ++ <b>Outgoing Network Connections</b> ++ False ++ True ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ label_item ++ ++ ++ ++ ++ 0 ++ 4 ++ 4 ++ 5 ++ fill ++ ++ ++ ++ ++ 2 ++ False ++ True ++ ++ ++ ++ ++ ++ True ++ True ++ 0 ++ ++ ++ ++ True ++ Generates temporary files in /tmp or /var/tmp. ++ True ++ Uses Tmp Files ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Check this box if your application uses UIDs or GIDs. ++ True ++ Translates UIDs/GIDs ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Check this box it your application uses pam for authentication. ++ True ++ Supports Pam ++ True ++ GTK_RELIEF_NORMAL ++ True ++ False ++ False ++ True ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ True ++ 0 ++ 0.5 ++ GTK_SHADOW_NONE ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 1 ++ 1 ++ 0 ++ 0 ++ 12 ++ 0 ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ ++ ++ ++ True ++ False ++ 2 ++ ++ ++ ++ True ++ gtk-add ++ 4 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Add File ++ True ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ ++ ++ ++ True ++ False ++ 2 ++ ++ ++ ++ True ++ gtk-add ++ 4 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Add Directory ++ True ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ True ++ gtk-delete ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ 4 ++ False ++ True ++ ++ ++ ++ ++ ++ True ++ True ++ GTK_POLICY_NEVER ++ GTK_POLICY_NEVER ++ GTK_SHADOW_IN ++ GTK_CORNER_TOP_LEFT ++ ++ ++ ++ True ++ GTK_SHADOW_IN ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ ++ True ++ True ++ GTK_POLICY_ALWAYS ++ GTK_POLICY_ALWAYS ++ GTK_SHADOW_IN ++ GTK_CORNER_TOP_LEFT ++ ++ ++ ++ True ++ Add Files/Directories that this application will need to "Write" to. Pid Files, Log Files, /var/lib Files ... ++ True ++ False ++ False ++ False ++ True ++ False ++ False ++ False ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ True ++ <b>File/Directories modified by this executable</b> ++ False ++ True ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ label_item ++ ++ ++ ++ ++ 0 ++ True ++ True ++ ++ ++ ++ ++ ++ True ++ GTK_BUTTONBOX_END ++ 0 ++ ++ ++ ++ True ++ True ++ True ++ gtk-close ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ ++ ++ True ++ True ++ True ++ GTK_RELIEF_NORMAL ++ True ++ ++ ++ ++ ++ True ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ 0 ++ ++ ++ ++ True ++ False ++ 2 ++ ++ ++ ++ True ++ gtk-apply ++ 4 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ True ++ Generate ++ True ++ False ++ GTK_JUSTIFY_LEFT ++ False ++ False ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ PANGO_ELLIPSIZE_NONE ++ -1 ++ False ++ 0 ++ ++ ++ 0 ++ False ++ False ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ 7 ++ False ++ True ++ ++ ++ ++ ++ ++ ++ ++ GTK_FILE_CHOOSER_ACTION_OPEN ++ True ++ True ++ True ++ False ++ GTK_WINDOW_TOPLEVEL ++ GTK_WIN_POS_MOUSE ++ False ++ True ++ False ++ True ++ False ++ False ++ GDK_WINDOW_TYPE_HINT_DIALOG ++ GDK_GRAVITY_NORTH_WEST ++ True ++ False ++ ++ ++ ++ True ++ False ++ 24 ++ ++ ++ ++ True ++ GTK_BUTTONBOX_END ++ ++ ++ ++ True ++ True ++ True ++ gtk-cancel ++ True ++ GTK_RELIEF_NORMAL ++ True ++ -6 ++ ++ ++ ++ ++ ++ True ++ True ++ True ++ True ++ gtk-add ++ True ++ GTK_RELIEF_NORMAL ++ True ++ -5 ++ ++ ++ ++ ++ 0 ++ False ++ True ++ GTK_PACK_END ++ ++ ++ ++ ++ ++ ++ ++ False ++ Polgen ++ Red Hat 2007 ++ GPL ++ False ++ www.redhat.com ++ Daniel Walsh <dwalsh@redhat.com> ++ translator-credits ++ ++ ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.7/gui/polgengui.py +--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/polgengui.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,207 @@ ++#!/usr/bin/python ++# ++# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux ++# ++# Dan Walsh ++# ++# Copyright 2007 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++import signal ++import string ++import gtk ++import gtk.glade ++import os ++import libxml2 ++import gobject ++import gnome ++import sys ++import polgen ++ ++## ++## I18N ++## ++PROGNAME="system-config-selinux" ++ ++import gettext ++gettext.bindtextdomain(PROGNAME, "/usr/share/locale") ++gettext.textdomain(PROGNAME) ++try: ++ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) ++except IOError: ++ import __builtin__ ++ __builtin__.__dict__['_'] = unicode ++ ++gnome.program_init("SELinux Poligy Generation Tool", "5") ++ ++version = "1.0" ++ ++sys.path.append('/usr/share/system-config-selinux') ++sys.path.append('.') ++ ++## ++## Pull in the Glade file ++## ++if os.access("polgen.glade", os.F_OK): ++ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME) ++else: ++ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME) ++ ++FILE = 1 ++DIR = 2 ++class childWindow: ++ def __init__(self): ++ self.xml = xml ++ xml.signal_connect("on_close_clicked", self.quit) ++ xml.signal_connect("on_delete_clicked", self.delete) ++ xml.signal_connect("on_exec_select_clicked", self.exec_select) ++ xml.signal_connect("on_add_clicked", self.add) ++ xml.signal_connect("on_add_dir_clicked", self.add_dir) ++ xml.signal_connect("on_generate_clicked", self.generate_policy) ++ xml.signal_connect("on_about_clicked", self.on_about_clicked) ++ ++ def verify(self, message, title="" ): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, ++ gtk.BUTTONS_YES_NO, ++ message) ++ dlg.set_title(title) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ rc = dlg.run() ++ dlg.destroy() ++ return rc ++ ++ def info(self, message): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, ++ gtk.BUTTONS_OK, ++ message) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ dlg.run() ++ dlg.destroy() ++ ++ def error(self, message): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, ++ gtk.BUTTONS_CLOSE, ++ message) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ dlg.run() ++ dlg.destroy() ++ ++ def generate_policy(self, args): ++ try: ++ my_policy=polgen.policy(self.name_entry.get_text(), self.exec_entry.get_text(), self.type_combobox.get_active()) ++ my_policy.set_in_tcp(self.in_tcp_entry.get_text()) ++ my_policy.set_in_udp(self.in_udp_entry.get_text()) ++ my_policy.set_out_tcp(self.out_tcp_entry.get_text()) ++ my_policy.set_out_udp(self.out_udp_entry.get_text()) ++ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1) ++ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1) ++ ++ iter= self.store.get_iter_first() ++ while(iter): ++ if self.store.get_value(iter, 1) == FILE: ++ my_policy.add_file(self.store.get_value(iter, 0)) ++ else: ++ my_policy.add_dir(self.store.get_value(iter, 0)) ++ iter= self.store.iter_next(iter) ++ ++ self.info(my_policy.generate()) ++ except ValueError, e: ++ self.error(e.message) ++ ++ def delete(self, args): ++ store, iter = self.view.get_selection().get_selected() ++ if iter != None: ++ store.remove(iter) ++ self.view.get_selection().select_path ((0,)) ++ ++ def __add(self,type): ++ self.file_dialog.set_select_multiple(1) ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ for i in self.file_dialog.get_filenames(): ++ iter = self.store.append() ++ self.store.set_value(iter, 0, i) ++ self.store.set_value(iter, 1, type) ++ ++ def exec_select(self, args): ++ self.file_dialog.set_select_multiple(0) ++ self.file_dialog.set_title(_("Select executable file to be confined.")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE) ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ self.exec_entry.set_text(self.file_dialog.get_filename()) ++ ++ def add(self, args): ++ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE) ++ self.__add(FILE) ++ ++ def add_dir(self, args): ++ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_CREATE_FOLDER) ++ self.__add(DIR) ++ ++ def on_about_clicked(self, args): ++ dlg = xml.get_widget ("about_dialog") ++ dlg.run () ++ dlg.hide () ++ ++ def quit(self, args): ++ gtk.main_quit() ++ ++ def setupScreen(self): ++ # Bring in widgets from glade file. ++ self.mainWindow = self.xml.get_widget("main_window") ++ self.type_combobox = self.xml.get_widget("type_combobox") ++ self.type_combobox.set_active(0) ++ self.name_entry = self.xml.get_widget("name_entry") ++ self.exec_entry = self.xml.get_widget("exec_entry") ++ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry") ++ self.in_udp_entry = self.xml.get_widget("in_udp_entry") ++ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry") ++ self.out_udp_entry = self.xml.get_widget("out_udp_entry") ++ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton") ++ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton") ++ self.view = self.xml.get_widget("write_treeview") ++ self.file_dialog = self.xml.get_widget("filechooserdialog") ++ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT) ++ self.view.set_model(self.store) ++ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) ++ col.set_resizable(True) ++ self.view.append_column(col) ++ self.view.get_selection().select_path ((0,)) ++ ++ def stand_alone(self): ++ desktopName = _("Configue SELinux") ++ ++ self.setupScreen() ++ self.mainWindow.connect("destroy", self.quit) ++ ++ self.mainWindow.show_all() ++ gtk.main() ++ ++if __name__ == "__main__": ++ signal.signal (signal.SIGINT, signal.SIG_DFL) ++ ++ app = childWindow() ++ app.stand_alone() +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.7/gui/polgen.py +--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/polgen.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,410 @@ ++#! /usr/bin/python ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++import os, sys, getopt ++import re ++from templates import executable ++from templates import var_spool ++from templates import var_lib ++from templates import var_log ++from templates import var_run ++from templates import tmp ++from templates import rw ++from templates import network ++from templates import script ++import seobject ++ ++## ++## I18N ++## ++PROGNAME="system-config-selinux" ++ ++import gettext ++gettext.bindtextdomain(PROGNAME, "/usr/share/locale") ++gettext.textdomain(PROGNAME) ++try: ++ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) ++except IOError: ++ import __builtin__ ++ __builtin__.__dict__['_'] = unicode ++ ++ ++class policy: ++ Daemon = 0 ++ INETD = 1 ++ UEER = 2 ++ CGI = 3 ++ def __init__(self, name, program, type): ++ ports = seobject.portRecords() ++ self.dict = ports.get_all() ++ ++ self.DEFAULT_DIRS = {} ++ self.DEFAULT_DIRS["rw"] = ["rw", 0, rw]; ++ self.DEFAULT_DIRS["tmp"] = ["tmp", False, tmp]; ++ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", 0, var_spool]; ++ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", 0, var_lib]; ++ self.DEFAULT_DIRS["/var/log"] = ["var_log", 0, var_log]; ++ self.DEFAULT_DIRS["/var/run"] = ["var_run", 0, var_run]; ++ ++ self.DEFAULT_TYPES = (( self.generate_daemon_types, self.generate_daemon_rules), ( self.generate_inetd_types, self.generate_inetd_rules), ( self.generate_userapp_types, self.generate_userapp_rules), ( self.generate_cgi_types, self.generate_cgi_rules)) ++ if name == "": ++ raise ValueError(_("You must enter a name for your confined process")) ++ if type == self.CGI: ++ self.name = "httpd_%s_script" % name ++ else: ++ self.name = name ++ self.file_name = name ++ if program == "": ++ raise ValueError(_("You must enter the executable path for your confined process")) ++ self.program = program ++ self.type = type ++ self.in_tcp = [] ++ self.in_udp = [] ++ self.out_tcp = [] ++ self.out_udp = [] ++ self.use_tmp = False ++ self.use_uid = False ++ self.files = {} ++ self.dirs = {} ++ self.found_tcp_ports=[] ++ self.found_udp_ports=[] ++ self.need_tcp_type=False ++ self.need_udp_type=False ++ ++ def find_port(self, port): ++ for begin,end in self.dict.keys(): ++ if port >= begin and port <= end: ++ return self.dict[begin,end] ++ return None ++ ++ def __verify_ports(self, ports): ++ if ports == "": ++ return [] ++ max_port=2**16 ++ try: ++ temp = [] ++ for p in ports.split(","): ++ i = int(p.strip()) ++ if i < 1 or i > max_port: ++ raise ValueError() ++ temp.append(i) ++ return temp ++ except ValueError: ++ raise ValueError(_("Ports must be be numbers from 1 to %d " % max_port )) ++ ++ def set_in_tcp(self, ports): ++ self.in_tcp = self.__verify_ports(ports) ++ ++ def set_in_udp(self, ports): ++ self.in_udp = self.__verify_ports(ports) ++ ++ def set_out_tcp(self, ports): ++ self.out_tcp = self.__verify_ports(ports) ++ ++ def set_out_udp(self, ports): ++ self.out_udp = self.__verify_ports(ports) ++ ++ def set_use_tmp(self, val): ++ if val != True and val != False: ++ raise ValueError(_("use_uid must be a boolean value ")) ++ ++ self.DEFAULT_DIRS["tmp"][1] = val; ++ ++ def set_use_uid(self, val): ++ if val != True and val != False: ++ raise ValueError(_("use_uid must be a boolean value ")) ++ ++ self.use_uid = val ++ ++ def generate_uid_rules(self): ++ return re.sub("TEMPLATETYPE", self.name, executbale.te_uid_rules) ++ def generate_network_types(self): ++ for i in self.in_tcp: ++ rec = self.find_port(int(i)) ++ if rec == None: ++ self.need_tcp_type = True; ++ else: ++ port_name = rec[0][:-2] ++ line = "corenet_tcp_bind_%s(%s)\n" % (port_name, self.name) ++ if line not in self.found_tcp_ports: ++ self.found_tcp_ports.append(line) ++ ++ for i in self.out_tcp: ++ rec = self.find_port(int(i)) ++ if rec == None: ++ self.need_tcp_type = True; ++ else: ++ port_name = rec[0][:-2] ++ line = "corenet_tcp_connect_%s(%s)\n" % (port_name, self.name) ++ if line not in self.found_tcp_ports: ++ self.found_tcp_ports.append(line) ++ ++ for i in self.in_udp: ++ rec = self.find_port(int(i)) ++ print i, rec ++ if rec == None: ++ self.need_udp_type = True; ++ else: ++ port_name = rec[0][:-2] ++ line = "corenet_udp_bind_%s(%s)\n" % (port_name, self.name) ++ if line not in self.found_udp_ports: ++ self.found_udp_ports.append(line) ++ ++ if self.need_udp_type == True or self.need_tcp_type == True: ++ return re.sub("TEMPLATETYPE", self.name, network.te_port_types) ++ return "" ++ ++ def __find_path(self, file): ++ for d in self.DEFAULT_DIRS: ++ if file.find(d) == 0: ++ self.DEFAULT_DIRS[d][1] = self.DEFAULT_DIRS[d][1] + 1 ++ return self.DEFAULT_DIRS[d] ++ self.DEFAULT_DIRS["rw"][1] = self.DEFAULT_DIRS["rw"][1] + 1 ++ return self.DEFAULT_DIRS["rw"] ++ ++ def add_file(self, file): ++ self.files[file] = self.__find_path(file) ++ ++ def add_dir(self, file): ++ self.dirs[file] = self.__find_path(file) ++ ++ def generate_network_rules(self): ++ newte = "" ++ tcp = len(self.in_tcp) + len(self.out_tcp) ++ udp = len(self.in_tcp) + len(self.out_tcp) ++ ++ if tcp > 0 or udp > 0: ++ newte = "\n" ++ ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_network) ++ ++ if tcp > 0: ++ newte += "\n" ++ if self.need_tcp_type: ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp) ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp) ++ if len(self.in_tcp) > 0: ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp) ++ for i in self.found_tcp_ports: ++ newte += i ++ ++ if udp > 0: ++ newte += "\n" ++ if self.need_udp_type: ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp) ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp) ++ if len(self.in_udp) > 0: ++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp) ++ for i in self.found_udp_ports: ++ newte += i ++ return newte ++ ++ def generate_cgi_types(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types) ++ return newte ++ ++ def generate_userapp_types(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types) ++ return newte ++ ++ def generate_inetd_types(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types) ++ return newte ++ ++ def generate_daemon_types(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types) ++ return newte ++ ++ def generate_cgi_te(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types) ++ return newte ++ ++ def generate_daemon_rules(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules) ++ return newte ++ ++ def generate_userapp_rules(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules) ++ return newte ++ ++ def generate_inetd_rules(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules) ++ return newte ++ ++ def generate_cgi_rules(self): ++ newte = "" ++ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules) ++ return newte ++ ++ def generate_if(self): ++ newif = re.sub("TEMPLATETYPE", self.name, executable.if_rules) ++ ++ for d in self.DEFAULT_DIRS: ++ if self.DEFAULT_DIRS[d][1] > 0: ++ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules) ++ ++ return newif ++ if self.use_uid: ++ newte += self.generate_uid_rules() ++ newte += re.sub("TEMPLATETYPE", self.name, executbale.te_daemon_rules) ++ ++ def generate_default_types(self): ++ return self.DEFAULT_TYPES[self.type][0]() ++ ++ def generate_default_rules(self): ++ return self.DEFAULT_TYPES[self.type][1]() ++ ++ def generate_te(self): ++ newte = self.generate_default_types() ++ for d in self.DEFAULT_DIRS: ++ if self.DEFAULT_DIRS[d][1] > 0: ++ # CGI scripts already have a rw_t ++ if self.type != self.CGI or d != "rw": ++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) ++ ++ newte += self.generate_network_types() ++ if self.use_tmp: ++ newte += self.generate_tmp_types() ++ ++ newte += self.generate_default_rules() ++ for d in self.DEFAULT_DIRS: ++ if self.DEFAULT_DIRS[d][1] > 0: ++ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules) ++ ++ newte += self.generate_network_rules() ++ if self.use_tmp: ++ newte += self.generate_tmp_rules() ++ ++ return newte ++ ++ def generate_fc(self): ++ newfc = "" ++ t1 = re.sub("EXECUTABLE", self.program, executable.fc_file) ++ newfc += re.sub("TEMPLATETYPE", self.name, t1) ++ ++ for i in self.files.keys(): ++ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file) ++ t2 = re.sub("FILENAME", i, t1) ++ newfc += re.sub("FILETYPE", self.files[i][0], t2) ++ ++ for i in self.dirs.keys(): ++ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir) ++ t2 = re.sub("FILENAME", i, t1) ++ newfc += re.sub("FILETYPE", self.dirs[i][0], t2) ++ ++ return newfc ++ ++ def generate_sh(self): ++ newsh = re.sub("TEMPLATETYPE", self.name, script.compile) ++ newsh = re.sub("PACKAGEFILENAME", self.file_name, newsh) ++ newsh += re.sub("FILENAME", self.program, script.restorecon) ++ ++ for i in self.files.keys(): ++ newsh += re.sub("FILENAME", i, script.restorecon) ++ ++ for i in self.dirs.keys(): ++ newsh += re.sub("FILENAME", i, script.restorecon) ++ for i in self.in_tcp + self.out_tcp: ++ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports) ++ newsh += re.sub("TEMPLATETYPE", self.name, t1) ++ ++ for i in self.in_udp + self.out_udp: ++ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports) ++ newsh += re.sub("TEMPLATETYPE", self.name, t1) ++ ++ return newsh ++ ++ def write_te(self): ++ tefile = "%s.te" % self.file_name ++ fd = open(tefile, "w") ++ fd.write(self.generate_te()) ++ fd.close() ++ return tefile ++ ++ def write_sh(self): ++ shfile = "%s.sh" % self.file_name ++ fd = open(shfile, "w") ++ fd.write(self.generate_sh()) ++ fd.close() ++ return shfile ++ ++ def write_if(self): ++ iffile = "%s.if" % self.file_name ++ fd = open(iffile, "w") ++ fd.write(self.generate_if()) ++ fd.close() ++ return iffile ++ ++ def write_fc(self): ++ fcfile = "%s.fc" % self.file_name ++ fd = open(fcfile, "w") ++ fd.write(self.generate_fc()) ++ fd.close() ++ return fcfile ++ ++ def generate(self): ++ out = "Created the following files:\n" ++ out += "%-25s %s\n" % (_("Type Enforcment file"), self.write_te()) ++ out += "%-25s %s\n" % (_("Interface file"), self.write_if()) ++ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc()) ++ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh()) ++ return out ++ ++def errorExit(error): ++ sys.stderr.write("%s: " % sys.argv[0]) ++ sys.stderr.write("%s\n" % error) ++ sys.stderr.flush() ++ sys.exit(1) ++ ++ ++if __name__ == '__main__': ++ mypolicy = policy("cgi", "/var/www/cgi-bin/cgi", 3) ++ mypolicy.set_out_udp("80") ++ mypolicy.set_in_udp("80, 81") ++ mypolicy.set_out_tcp("881") ++ mypolicy.set_in_tcp("8810") ++ mypolicy.set_use_uid(True) ++ mypolicy.set_use_tmp(True) ++ mypolicy.add_file("/var/run/daemon.pid") ++ mypolicy.add_file("/var/run/daemon.pub") ++ mypolicy.add_file("/var/log/daemon.log") ++ mypolicy.add_dir("/var/lib/daemon") ++ mypolicy.add_dir("/etc/daemon") ++ mypolicy.add_dir("/etc/daemon/special") ++ print mypolicy.generate() ++# mypolicy = policy("inetd", "/usr/sbin/inetd", 1) ++# mypolicy.generate() ++# mypolicy = policy("userapp", "/usr/sbin/userapp", 2) ++# mypolicy.generate() ++# mypolicy = policy("cgi", "cgi", 3) ++# mypolicy.generate() ++ sys.exit(0) ++ ++ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.7/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/portsPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,214 @@ ++++ policycoreutils-2.0.7/gui/portsPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,227 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -829,6 +2602,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc +import gobject +import sys +import seobject ++import commands +from semanagePage import *; + +## @@ -892,7 +2666,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + col.set_sort_column_id(PORT_COL) + col.set_resizable(True) + self.view.append_column(col) -+ self.store.set_sort_func(1,self.sort_int, "") ++ self.store.set_sort_func(PORT_COL,self.sort_int, "") + + def group_toggle(self, button): + self.edit = not button.get_active() @@ -908,7 +2682,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + def sort_int(self, treemodel, iter1, iter2, user_data): + try: + p1 = int(treemodel.get_value(iter1,2)) -+ p2 = int(treemodel.get_value(iter1,2)) ++ p2 = int(treemodel.get_value(iter2,2)) + if p1 > p2: + return 1 + if p1 == p2: @@ -980,7 +2754,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + port = store.get_value(iter, PORT_COL) + protocol = store.get_value(iter, 1) + try: -+ self.port.delete(port, protocol) ++ (rc, out) = commands.getstatusoutput("semanage port -d -p %s %s" % (protocol, port)) ++ if rc != 0: ++ return self.error(out) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: @@ -992,11 +2768,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + port_number = self.ports_number_entry.get_text().strip() + if port_number == "": + port_number = "1" ++ if not port_number.isdigit(): ++ self.error(_("Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 ") % port_number ) ++ return False + list_model = self.ports_protocol_combo.get_model() + iter = self.ports_protocol_combo.get_active_iter() + protocol = list_model.get_value(iter,0) -+ self.port.add(port_number, protocol, mls, target) ++ (rc, out) = commands.getstatusoutput("semanage port -a -p %s -r %s -t %s %s" % (protocol, mls, target, port_number)) ++ if rc != 0: ++ self.error(out) ++ return False + iter = self.store.append() ++ + self.store.set_value(iter, TYPE_COL, target) + self.store.set_value(iter, PORT_COL, port_number) + self.store.set_value(iter, PROTOCOL_COL, protocol) @@ -1009,7 +2792,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + list_model = self.ports_protocol_combo.get_model() + iter = self.ports_protocol_combo.get_active_iter() + protocol = list_model.get_value(iter,0) -+ self.port.modify(port_number, protocol, mls, target) ++ (rc, out) = commands.getstatusoutput("semanage port -m -p %s -r %s -t %s %s" % (protocol, mls, target, port_number)) ++ if rc != 0: ++ self.error(out) ++ return False + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, TYPE_COL, target) + self.store.set_value(iter, PORT_COL, port_number) @@ -1288,8 +3074,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon") diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.7/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/semanagePage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,109 @@ ++++ policycoreutils-2.0.7/gui/semanagePage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,115 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -1373,6 +3159,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(iter, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES: + self.delete() + ++ def use_menus(self): ++ return True ++ + def addDialog(self): + self.dialogClear() + self.dialog.set_title(_("Add %s" % self.description)) @@ -1380,10 +3169,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + + while self.dialog.run() == gtk.RESPONSE_OK: + try: -+ self.add() ++ if self.add() == False: ++ continue + break; + except ValueError, e: + self.error(e.args[0]) ++ print + self.dialog.hide() + + def propertiesDialog(self): @@ -1392,7 +3183,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + self.dialog.set_position(gtk.WIN_POS_MOUSE) + while self.dialog.run() == gtk.RESPONSE_OK: + try: -+ self.modify() ++ if self.modify() == False: ++ continue + break; + except ValueError, e: + self.error(e.args[0]) @@ -1401,8 +3193,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.7/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/statusPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,213 @@ ++++ policycoreutils-2.0.7/gui/statusPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,219 @@ +## statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. + @@ -1502,6 +3294,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy + + self.typeLabel.set_mnemonic_widget(self.selinuxTypeOptionMenu) + ++ def use_menus(self): ++ return False ++ + def get_description(self): + return _("Status") + @@ -1559,9 +3354,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy + if self.initEnabled == DISABLED and enabled < 2: + if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: + return None -+ + self.relabel_checkbutton.set_active(True) + ++ if self.initEnabled != DISABLED and enabled == DISABLED: ++ if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot Do you wish to continue?")) == gtk.RESPONSE_NO: ++ return None ++ + self.conf["SELINUX"] = modearray[enabled] + self.conf["SELINUXTYPE"]=type + self.conf.write() @@ -1618,8 +3416,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.7/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/system-config-selinux.glade 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,2803 @@ ++++ policycoreutils-2.0.7/gui/system-config-selinux.glade 2007-03-17 12:12:49.000000000 -0400 +@@ -0,0 +1,2885 @@ + + + @@ -3027,6 +4825,72 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + ++ ++ True ++ Add ++ True ++ ++ ++ ++ ++ ++ True ++ gtk-add ++ 1 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ ++ ++ ++ ++ ++ True ++ _Properties ++ True ++ ++ ++ ++ ++ ++ True ++ gtk-properties ++ 1 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ ++ ++ ++ ++ ++ True ++ _Delete ++ True ++ ++ ++ ++ ++ ++ True ++ gtk-delete ++ 1 ++ 0.5 ++ 0.5 ++ 0 ++ 0 ++ ++ ++ ++ ++ ++ + + True + GNOMEUIINFO_MENU_EXIT_ITEM @@ -4240,6 +6104,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + True + + ++ ++ True ++ Generate new policy module ++ gtk-new ++ True ++ True ++ False ++ ++ ++ ++ False ++ True ++ ++ ++ ++ + + True + Load policy module @@ -4423,10 +6303,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + +Binary files nsapolicycoreutils/gui/system-config-selinux.png and policycoreutils-2.0.7/gui/system-config-selinux.png differ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.7/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/system-config-selinux.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,156 @@ ++++ policycoreutils-2.0.7/gui/system-config-selinux.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,167 @@ +#!/usr/bin/python +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux @@ -4518,6 +6399,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + xml.signal_connect("on_logging_activate", self.logging) + xml.signal_connect("on_about_activate", self.on_about_activate) + ++ self.add_menu = xml.get_widget("add_menu_item") ++ self.properties_menu = xml.get_widget("properties_menu_item") ++ self.delete_menu = xml.get_widget("delete_menu_item") ++ + def add_page(self, page): + self.tabs.append(page) + @@ -4543,12 +6428,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + def destroy(self, args): + gtk.main_quit() + ++ def use_menus(self, use_menus): ++ self.add_menu.set_sensitive(use_menus) ++ self.properties_menu.set_sensitive(use_menus) ++ self.delete_menu.set_sensitive(use_menus) ++ + def itemSelected(self, selection): + store, rows = selection.get_selected_rows() + if store != None and len(rows) > 0: + self.notebook.set_current_page(rows[0][0]) ++ self.use_menus(self.tabs[rows[0][0]].use_menus()) + else: + self.notebook.set_current_page(0) ++ self.use_menus(self.tabs[0].use_menus()) + + + def setupScreen(self): @@ -4583,10 +6475,1128 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + app = childWindow() + app.stand_alone() +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.7/gui/templates/executable.py +--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/executable.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,150 @@ ++#! /usr/bin/env python ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### Type Enforcement File ############################# ++te_daemon_types="""\ ++policy_module(TEMPLATETYPE,1.0.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++type TEMPLATETYPE_t; ++type TEMPLATETYPE_exec_t; ++domain_type(TEMPLATETYPE_t) ++init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) ++""" ++ ++te_inetd_types="""\ ++policy_module(TEMPLATETYPE,1.0.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++type TEMPLATETYPE_t; ++type TEMPLATETYPE_exec_t; ++inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) ++""" ++ ++te_userapp_types="""\ ++policy_module(TEMPLATETYPE,1.0.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++type TEMPLATETYPE_exec_t; ++corecmd_executable_file(TEMPLATETYPE_exec_t) ++""" ++ ++te_cgi_types="""\ ++policy_module(TEMPLATETYPE,1.0.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++apache_content_template(TEMPLATETYPE) ++""" ++ ++te_daemon_rules=""" ++######################################## ++# ++# TEMPLATETYPE local policy ++# ++# Check in /usr/share/selinux/devel/include for macros to use instead of allow rules. ++ ++# Init script handling ++init_use_fds(TEMPLATETYPE_t) ++init_use_script_ptys(TEMPLATETYPE_t) ++domain_use_interactive_fds(TEMPLATETYPE_t) ++ ++## internal communication is often done using fifo and unix sockets. ++allow TEMPLATETYPE_t self:fifo_file rw_file_perms; ++allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; ++ ++# Some common macros (you might be able to remove some) ++files_read_etc_files(TEMPLATETYPE_t) ++ ++libs_use_ld_so(TEMPLATETYPE_t) ++libs_use_shared_libs(TEMPLATETYPE_t) ++ ++miscfiles_read_localization(TEMPLATETYPE_t) ++ ++ifdef(`targeted_policy',` ++ term_dontaudit_use_unallocated_ttys(TEMPLATETYPE_t) ++ term_dontaudit_use_generic_ptys(TEMPLATETYPE_t) ++') ++ ++""" ++ ++te_inetd_rules=""" ++""" ++ ++te_userapp_rules=""" ++""" ++ ++te_cgi_rules=""" ++""" ++ ++te_uid_rules=""" ++auth_use_nsswitch(TEMPLATETYPE_t) ++""" ++ ++########################### Interface File ############################# ++if_rules=""" ++## policy for TEMPLATETYPE ++ ++######################################## ++## ++## Execute a domain transition to run TEMPLATETYPE. ++## ++## ++## ++## Domain allowed to transition. ++## ++## ++# ++interface(`TEMPLATETYPE_domtrans',` ++ gen_require(` ++ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; ++ ') ++ ++ domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t) ++ ++ allow TEMPLATETYPE_t $1:fd use; ++ allow TEMPLATETYPE_t $1:fifo_file rw_file_perms; ++ allow TEMPLATETYPE_t $1:process sigchld; ++') ++""" ++ ++########################### File Context ################################## ++fc_file="""\ ++ ++EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0) ++""" ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/general.py policycoreutils-2.0.7/gui/templates/general.py +--- nsapolicycoreutils/gui/templates/general.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/general.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,195 @@ ++#! /usr/bin/env python ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### Interface File ############################# ++interface="""\ ++## policy for TEMPLATETYPE ++ ++######################################## ++## ++## Execute a domain transition to run TEMPLATETYPE. ++## ++## ++## ++## Domain allowed to transition. ++## ++## ++# ++interface(`TEMPLATETYPE_domtrans',` ++ gen_require(` ++ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; ++ ') ++ ++ domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t) ++ ++ allow TEMPLATETYPE_t $1:fd use; ++ allow TEMPLATETYPE_t $1:fifo_file rw_file_perms; ++ allow TEMPLATETYPE_t $1:process sigchld; ++') ++""" ++ ++########################### Type Enforcement File ############################# ++te_daemon_types="""\ ++policy_module(TEMPLATETYPE,1.0.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++type TEMPLATETYPE_t; ++type TEMPLATETYPE_exec_t; ++domain_type(TEMPLATETYPE_t) ++init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) ++""" ++te_var_log_types=""" ++# log files ++type TEMPLATETYPE_var_log_t; ++logging_log_file(TEMPLATETYPE_var_log_t) ++""" ++ ++te_tmp_types=""" ++# log files ++type TEMPLATETYPE_tmp_t; ++logging_log_file(TEMPLATETYPE_tmp_t) ++""" ++ ++te_var_run_types=""" ++# pid files ++type TEMPLATETYPE_var_run_t; ++files_pid_file(TEMPLATETYPE_var_run_t) ++""" ++te_var_lib_types=""" ++# var/lib files ++type TEMPLATETYPE_var_lib_t; ++files_type(TEMPLATETYPE_var_lib_t) ++""" ++te_sep=""" ++######################################## ++# ++# TEMPLATETYPE local policy ++# ++# Check in /usr/share/selinux/devel/include for macros to use instead of allow rules. ++ ++## internal communication is often done using fifo and unix sockets. ++allow TEMPLATETYPE_t self:fifo_file rw_file_perms; ++allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; ++ ++# Some common macros (you might be able to remove some) ++files_read_etc_files(TEMPLATETYPE_t) ++ ++libs_use_ld_so(TEMPLATETYPE_t) ++libs_use_shared_libs(TEMPLATETYPE_t) ++ ++miscfiles_read_localization(TEMPLATETYPE_t) ++ ++""" ++ ++te_var_run_rules=""" ++# pid file ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:dir rw_dir_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, { file sock_file }) ++""" ++ ++te_tmp_rules=""" ++# tmp files ++allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:dir create_dir_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_tmp_t, { file dir }) ++""" ++ ++te_var_log_rules=""" ++# log files ++allow TEMPLATETYPE_t TEMPLATETYPE_var_log_t:file create_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_log_t:dir { rw_dir_perms setattr }; ++logging_log_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_log_t,{ file dir }) ++""" ++ ++te_var_lib_rules=""" ++# var/lib files for TEMPLATETYPE ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file create_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file create_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir create_dir_perms; ++files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir sock_file }) ++""" ++ ++te_network=""" ++# Default Networking ++sysnet_dns_name_resolve(TEMPLATETYPE_t) ++corenet_non_ipsec_sendrecv(TEMPLATETYPE_t) ++""" ++ ++te_tcp=""" ++corenet_tcp_sendrecv_all_if(TEMPLATETYPE_t) ++corenet_tcp_sendrecv_all_nodes(TEMPLATETYPE_t) ++corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t) ++""" ++ ++te_in_tcp=""" ++## Networking basics (adjust to your needs!) ++corenet_tcp_bind_all_nodes(TEMPLATETYPE_t) ++allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms; ++""" ++ ++te_out_tcp=""" ++""" ++ ++te_udp=""" ++corenet_udp_sendrecv_all_if(TEMPLATETYPE_t) ++corenet_udp_sendrecv_all_nodes(TEMPLATETYPE_t) ++corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t) ++""" ++ ++te_in_udp=""" ++corenet_udp_bind_all_ports(TEMPLATETYPE_t) ++allow TEMPLATETYPE_t self:udp_socket create_socket_perms; ++""" ++ ++te_out_udp=""" ++""" ++ ++te_daemon_rules=""" ++# Init script handling ++init_use_fds(TEMPLATETYPE_t) ++init_use_script_ptys(TEMPLATETYPE_t) ++domain_use_interactive_fds(TEMPLATETYPE_t) ++""" ++ ++te_uid_rules=""" ++auth_use_nsswitch(TEMPLATETYPE_t) ++""" ++ ++########################### File Context ################################## ++fc_program="""\ ++ ++EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0) ++""" ++ ++fc_file="""\ ++FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_FILETYPE_t,s0) ++""" ++ ++fc_dir="""\ ++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_FILETYPE_t,s0) ++""" +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.7/gui/templates/__init__.py +--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/__init__.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,18 @@ ++# ++# Copyright (C) 2007 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.7/gui/templates/network.py +--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/network.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,46 @@ ++te_port_types="""\ ++# Default Networking ++type TEMPLATETYPE_port_t; ++corenet_port_type(TEMPLATETYPE_port_t) ++""" ++ ++te_network="""\ ++# Default Networking ++sysnet_dns_name_resolve(TEMPLATETYPE_t) ++corenet_non_ipsec_sendrecv(TEMPLATETYPE_t) ++""" ++ ++te_tcp="""\ ++allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms; ++corenet_tcp_sendrecv_all_if(TEMPLATETYPE_t) ++corenet_tcp_sendrecv_all_nodes(TEMPLATETYPE_t) ++corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t) ++""" ++ ++te_in_tcp="""\ ++corenet_tcp_bind_all_nodes(TEMPLATETYPE_t) ++""" ++ ++te_in_need_port_tcp="""\ ++allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_bind; ++""" ++ ++te_out_need_port_tcp="""\ ++allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_connect; ++""" ++ ++te_udp="""\ ++allow TEMPLATETYPE_t self:udp_socket create_socket_perms; ++corenet_udp_sendrecv_all_if(TEMPLATETYPE_t) ++corenet_udp_sendrecv_all_nodes(TEMPLATETYPE_t) ++corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t) ++""" ++ ++te_in_udp="""\ ++corenet_udp_bind_all_nodes(TEMPLATETYPE_t) ++""" ++ ++te_in_need_port_udp="""\ ++allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind; ++""" ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.7/gui/templates/rw.py +--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/rw.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,106 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++ ++########################### tmp Template File ############################# ++te_types=""" ++# log files ++type TEMPLATETYPE_rw_t; ++file_type(TEMPLATETYPE_rw_t) ++""" ++ ++te_rules=""" ++# tmp files ++allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:dir create_dir_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_rw_t, { file dir }) ++""" ++ ++########################### Interface File ############################# ++if_rules=""" ++######################################## ++## ++## Search TEMPLATETYPE rw directories. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_search_rw_dir',` ++ gen_require(` ++ type TEMPLATETYPE_rw_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms; ++ files_search_rw($1) ++') ++ ++######################################## ++## ++## Read TEMPLATETYPE rw files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_read_rw_files',` ++ gen_require(` ++ type TEMPLATETYPE_rw_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_rw_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; ++ files_search_rw($1) ++') ++ ++######################################## ++## ++## Create, read, write, and delete ++## TEMPLATETYPE rw files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_manage_rw_files',` ++ gen_require(` ++ type TEMPLATETYPE_rw_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_rw_t:file manage_file_perms; ++ allow $1 TEMPLATETYPE_rw_t:dir rw_dir_perms; ++') ++""" ++ ++########################### File Context ################################## ++fc_file=""" ++FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) ++""" ++ ++fc_dir=""" ++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) ++""" +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.7/gui/templates/script.py +--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/script.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,42 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++ ++########################### tmp Template File ############################# ++compile=""" ++#!/bin/sh ++make -f /usr/share/selinux/devel/Makefile ++semodule -i PACKAGEFILENAME.pp ++ ++""" ++ ++restorecon="""\ ++restorecon -R -v FILENAME ++""" ++ ++tcp_ports="""\ ++semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM ++""" ++ ++udp_ports="""\ ++semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM ++""" ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.7/gui/templates/semodule.py +--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/semodule.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,41 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++ ++########################### tmp Template File ############################# ++compile=""" ++#!/bin/sh ++make -f /usr/share/selinux/devel/Makefile ++semodule -i TEMPLATETYPE.pp ++""" ++ ++restorecon=""" ++restorecon -R -v FILENAME ++""" ++ ++tcp_ports=""" ++semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM ++""" ++ ++udp_ports=""" ++semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM ++""" ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.7/gui/templates/tmp.py +--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/tmp.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,74 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### tmp Template File ############################# ++ ++te_types=""" ++# log files ++type TEMPLATETYPE_tmp_t; ++files_tmp_file(TEMPLATETYPE_tmp_t) ++""" ++ ++te_rules=""" ++# tmp files ++allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:dir create_dir_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_tmp_t, { file dir }) ++""" ++ ++if_rules=""" ++######################################## ++## ++## Do not audit attempts to read, ++## TEMPLATETYPE tmp files ++## ++## ++## ++## Domain to not audit. ++## ++## ++# ++interface(`TEMPLATETYPE_dontaudit_read_tmp_files',` ++ gen_require(` ++ type TEMPLATETYPE_tmp_t; ++ ') ++ ++ dontaudit $1 TEMPLATETYPE_tmp_t:file r_file_perms; ++') ++ ++######################################## ++## ++## Allow domain to read, TEMPLATETYPE tmp files ++## ++## ++## ++## Domain to not audit. ++## ++## ++# ++interface(`TEMPLATETYPE_read_tmp_files',` ++ gen_require(` ++ type TEMPLATETYPE_tmp_t; ++ ') ++ ++ dontaudit $1 TEMPLATETYPE_tmp_t:file r_file_perms; ++') ++""" +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.7/gui/templates/var_lib.py +--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/var_lib.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,107 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### var_lib Template File ############################# ++ ++########################### Type Enforcement File ############################# ++te_types=""" ++# var/lib files ++type TEMPLATETYPE_var_lib_t; ++files_type(TEMPLATETYPE_var_lib_t) ++""" ++te_rules=""" ++# var/lib files for TEMPLATETYPE ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file create_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file create_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir create_dir_perms; ++files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir sock_file }) ++""" ++ ++########################### Interface File ############################# ++if_rules=""" ++######################################## ++## ++## Search TEMPLATETYPE lib directories. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_search_lib',` ++ gen_require(` ++ type TEMPLATETYPE_var_lib_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms; ++ files_search_var_lib($1) ++') ++ ++######################################## ++## ++## Read TEMPLATETYPE lib files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_read_lib_files',` ++ gen_require(` ++ type TEMPLATETYPE_var_lib_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_var_lib_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_var_lib_t:dir list_dir_perms; ++ files_search_var_lib($1) ++') ++ ++######################################## ++## ++## Create, read, write, and delete ++## TEMPLATETYPE lib files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_manage_lib_files',` ++ gen_require(` ++ type TEMPLATETYPE_var_lib_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_var_lib_t:file manage_file_perms; ++ allow $1 TEMPLATETYPE_var_lib_t:dir rw_dir_perms; ++ files_search_var_lib($1) ++') ++""" ++########################### File Context ################################## ++fc_file="""\ ++FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) ++""" ++ ++fc_dir="""\ ++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) ++""" +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.7/gui/templates/var_log.py +--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/var_log.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,91 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### var_log Template File ############################# ++ ++########################### Type Enforcement File ############################# ++te_types=""" ++# log files ++type TEMPLATETYPE_log_t; ++logging_log_file(TEMPLATETYPE_log_t) ++""" ++ ++te_rules=""" ++# log files ++allow TEMPLATETYPE_t TEMPLATETYPE_log_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_log_t:dir { rw_dir_perms setattr }; ++logging_log_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_log_t,{ file dir }) ++""" ++ ++########################### Interface File ############################# ++if_rules=""" ++######################################## ++## ++## Allow the specified domain to read TEMPLATETYPE's log files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++## ++# ++interface(`TEMPLATETYPE_read_log',` ++ gen_require(` ++ type TEMPLATETYPE_log_t; ++ ') ++ ++ logging_search_logs($1) ++ allow $1 TEMPLATETYPE_log_t:dir r_dir_perms; ++ allow $1 TEMPLATETYPE_log_t:file { read getattr lock }; ++') ++ ++######################################## ++## ++## Allow the specified domain to append ++## TEMPLATETYPE log files. ++## ++## ++## ++## Domain allowed to transition. ++## ++## ++# ++interface(`TEMPLATETYPE_append_log',` ++ gen_require(` ++ type var_log_t, TEMPLATETYPE_log_t; ++ ') ++ ++ logging_search_logs($1) ++ allow $1 TEMPLATETYPE_log_t:dir r_dir_perms; ++ allow $1 TEMPLATETYPE_log_t:file { getattr append }; ++') ++ ++""" ++ ++########################### File Context ################################## ++fc_file="""\ ++FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) ++""" ++ ++fc_dir="""\ ++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) ++""" +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.7/gui/templates/var_run.py +--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/var_run.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,93 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### var_run Template File ############################# ++ ++te_types=""" ++# pid files ++type TEMPLATETYPE_var_run_t; ++files_pid_file(TEMPLATETYPE_var_run_t) ++""" ++ ++te_rules=""" ++# pid file ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:dir rw_dir_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, file) ++""" ++ ++te_stream_rules=""" ++allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_file_perms; ++files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, sock_file) ++""" ++ ++if_rules=""" ++######################################## ++## ++## Read TEMPLATETYPE PID files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_read_pid_files',` ++ gen_require(` ++ type TEMPLATETYPE_var_run_t; ++ ') ++ ++ files_search_pids($1) ++ allow $1 TEMPLATETYPE_var_run_t:file r_file_perms; ++') ++ ++""" ++ ++if_stream_rules=""" ++######################################## ++## ++## Connect to TEMPLATETYPE over an unix stream socket. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_stream_connect',` ++ gen_require(` ++ type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t; ++ ') ++ ++ files_search_pids($1) ++ allow $1 TEMPLATETYPE_var_run_t:sock_file write; ++ allow $1 TEMPLATETYPE_t:unix_stream_socket connectto; ++') ++""" ++ ++fc_file="""\ ++FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) ++""" ++ ++fc_dir="""\ ++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) ++""" ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.7/gui/templates/var_spool.py +--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.7/gui/templates/var_spool.py 2007-03-17 12:13:32.000000000 -0400 +@@ -0,0 +1,107 @@ ++# Copyright (C) 2007 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### var_spool Template File ############################# ++ ++########################### Type Enforcement File ############################# ++te_types=""" ++# var/spool files ++type TEMPLATETYPE_spool_t; ++files_type(TEMPLATETYPE_spool_t) ++""" ++te_rules=""" ++# var/spool files for TEMPLATETYPE ++allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:dir manage_dir_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:file manage_file_perms; ++allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:sock_file create_file_perms; ++files_spool_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_spool_t, { file dir sock_file }) ++""" ++ ++########################### Interface File ############################# ++if_rules=""" ++######################################## ++## ++## Search TEMPLATETYPE spool directories. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_search_spool',` ++ gen_require(` ++ type TEMPLATETYPE_spool_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms; ++ files_search_spool($1) ++') ++ ++######################################## ++## ++## Read TEMPLATETYPE spool files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_read_spool_files',` ++ gen_require(` ++ type TEMPLATETYPE_spool_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_spool_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_spool_t:dir list_dir_perms; ++ files_search_spool($1) ++') ++ ++######################################## ++## ++## Create, read, write, and delete ++## TEMPLATETYPE spool files. ++## ++## ++## ++## Domain allowed access. ++## ++## ++# ++interface(`TEMPLATETYPE_manage_spool_files',` ++ gen_require(` ++ type TEMPLATETYPE_spool_t; ++ ') ++ ++ allow $1 TEMPLATETYPE_spool_t:file manage_file_perms; ++ allow $1 TEMPLATETYPE_spool_t:dir rw_dir_perms; ++ files_search_spool($1) ++') ++""" ++########################### File Context ################################## ++fc_file="""\ ++FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) ++""" ++ ++fc_dir="""\ ++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) ++""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.7/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/translationsPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,109 @@ ++++ policycoreutils-2.0.7/gui/translationsPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,111 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. + @@ -4637,7 +7647,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Sensitvity Level"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) ++ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_resizable(True) ++ col.set_fixed_width(250) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("Translation"), gtk.CellRendererText(), text = 1) + col.set_sort_column_id(1) @@ -4698,8 +7710,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py + self.store.set_value(iter, 1, translation) diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.7/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.7/gui/usersPage.py 2007-03-01 17:37:41.000000000 -0500 -@@ -0,0 +1,155 @@ ++++ policycoreutils-2.0.7/gui/usersPage.py 2007-03-17 12:13:24.000000000 -0400 +@@ -0,0 +1,166 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + @@ -4725,6 +7737,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policyc +import libxml2 +import gobject +import sys ++import commands +import seobject +from semanagePage import *; + @@ -4818,7 +7831,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policyc + range = self.mlsRangeEntry.get_text() + roles = self.selinuxRolesEntry.get_text() + -+ self.user.add(user, roles.split(), level, range, prefix) ++ (rc, out) = commands.getstatusoutput("semanage user -a -R '%s' -r %s-%s -P %s %s" % (roles, level, range, prefix, user)) ++ if rc != 0: ++ self.error(out) ++ return False + iter = self.store.append() + self.store.set_value(iter, 0, user) + self.store.set_value(iter, 1, prefix) @@ -4833,7 +7849,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policyc + range = self.mlsRangeEntry.get_text() + roles = self.selinuxRolesEntry.get_text() + -+ self.user.modify(user, roles.split(), level, range, prefix) ++ (rc, out) = commands.getstatusoutput("semanage user -m -R '%s' -r %s-%s -P %s %s" % (roles, level, range, prefix, user)) ++ ++ if rc != 0: ++ self.error(out) ++ return False + store, iter = self.view.get_selection().get_selected() + iter = self.store.append() + self.store.set_value(iter, 0, user) @@ -4849,7 +7869,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policyc + if user == "root" or user == "user_u": + raise ValueError(_("SELinux user '%s' is required") % user) + -+ self.user.delete(user) ++ (rc, out) = commands.getstatusoutput("semanage user -d %s" % user) ++ if rc != 0: ++ self.error(out) ++ return False + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: diff --git a/policycoreutils.spec b/policycoreutils.spec index 23392f9..87da16a 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 2.0.7 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -186,6 +186,10 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Mon Mar 19 2007 Dan Walsh 2.0.7-4 +- Add polgen gui +- Many fixes to system-config-selinux + * Mon Mar 12 2007 Dan Walsh 2.0.7-3 - service restorecond status needs to set exit value correctly