* Tue Apr 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-4
- Fix spacing in templates
This commit is contained in:
parent
e2bc231dac
commit
b2b20d2581
@ -217,3 +217,6 @@ policycoreutils-2.0.79.tgz
|
|||||||
policycoreutils-2.0.80.tgz
|
policycoreutils-2.0.80.tgz
|
||||||
policycoreutils-2.0.81.tgz
|
policycoreutils-2.0.81.tgz
|
||||||
sepolgen-1.0.20.tgz
|
sepolgen-1.0.20.tgz
|
||||||
|
sepolgen-1.0.22.tgz
|
||||||
|
policycoreutils-2.0.82.tgz
|
||||||
|
sepolgen-1.0.23.tgz
|
||||||
|
File diff suppressed because it is too large
Load Diff
11379
policycoreutils-po.patch
11379
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.81/audit2allow/audit2allow
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.82/audit2allow/audit2allow
|
||||||
--- nsapolicycoreutils/audit2allow/audit2allow 2010-03-12 09:34:56.000000000 -0500
|
--- nsapolicycoreutils/audit2allow/audit2allow 2010-03-22 14:08:29.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/audit2allow/audit2allow 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/audit2allow/audit2allow 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -28,6 +28,7 @@
|
@@ -28,6 +28,7 @@
|
||||||
import sepolgen.defaults as defaults
|
import sepolgen.defaults as defaults
|
||||||
import sepolgen.module as module
|
import sepolgen.module as module
|
||||||
@ -9,44 +9,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
class AuditToPolicy:
|
class AuditToPolicy:
|
||||||
VERSION = "%prog .1"
|
VERSION = "%prog .1"
|
||||||
@@ -42,6 +43,8 @@
|
@@ -231,63 +232,44 @@
|
||||||
from optparse import OptionParser
|
|
||||||
|
|
||||||
parser = OptionParser(version=self.VERSION)
|
|
||||||
+ parser.add_option("-b", "--boot", action="store_true", dest="boot", default=False,
|
|
||||||
+ help="audit messages since last boot conflicts with -i")
|
|
||||||
parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
|
|
||||||
help="read input from audit log - conflicts with -i")
|
|
||||||
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
|
|
||||||
@@ -83,11 +86,11 @@
|
|
||||||
options, args = parser.parse_args()
|
|
||||||
|
|
||||||
# Make -d, -a, and -i conflict
|
|
||||||
- if options.audit is True:
|
|
||||||
+ if options.audit is True or options.boot:
|
|
||||||
if options.input is not None:
|
|
||||||
- sys.stderr.write("error: --all conflicts with --input\n")
|
|
||||||
+ sys.stderr.write("error: --all/--boot conflicts with --input\n")
|
|
||||||
if options.dmesg is True:
|
|
||||||
- sys.stderr.write("error: --all conflicts with --dmesg\n")
|
|
||||||
+ sys.stderr.write("error: --all/--boot conflicts with --dmesg\n")
|
|
||||||
if options.input is not None and options.dmesg is True:
|
|
||||||
sys.stderr.write("error: --input conflicts with --dmesg\n")
|
|
||||||
|
|
||||||
@@ -132,6 +135,12 @@
|
|
||||||
except OSError, e:
|
|
||||||
sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
|
|
||||||
sys.exit(1)
|
|
||||||
+ elif self.__options.boot:
|
|
||||||
+ try:
|
|
||||||
+ messages = audit.get_audit_boot_msgs()
|
|
||||||
+ except OSError, e:
|
|
||||||
+ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
|
|
||||||
+ sys.exit(1)
|
|
||||||
else:
|
|
||||||
# This is the default if no input is specified
|
|
||||||
f = sys.stdin
|
|
||||||
@@ -223,63 +232,44 @@
|
|
||||||
|
|
||||||
def __output_audit2why(self):
|
def __output_audit2why(self):
|
||||||
import selinux
|
import selinux
|
||||||
@ -122,25 +85,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
print "\t\tMissing role allow rule.\n"
|
print "\t\tMissing role allow rule.\n"
|
||||||
print "\t\tAdd an allow rule for the role pair.\n"
|
print "\t\tAdd an allow rule for the role pair.\n"
|
||||||
continue
|
continue
|
||||||
@@ -349,5 +339,6 @@
|
@@ -357,5 +339,6 @@
|
||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
+ audit2why.init()
|
+ audit2why.init()
|
||||||
app = AuditToPolicy()
|
app = AuditToPolicy()
|
||||||
app.main()
|
app.main()
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.81/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.82/Makefile
|
||||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/Makefile 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/Makefile 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -1,4 +1,4 @@
|
@@ -1,4 +1,4 @@
|
||||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||||
+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||||
|
|
||||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.81/newrole/newrole.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.82/newrole/newrole.c
|
||||||
--- nsapolicycoreutils/newrole/newrole.c 2010-02-16 12:33:05.000000000 -0500
|
--- nsapolicycoreutils/newrole/newrole.c 2010-02-16 12:33:05.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/newrole/newrole.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/newrole/newrole.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -1334,6 +1334,9 @@
|
@@ -1334,6 +1334,9 @@
|
||||||
|
|
||||||
if (send_audit_message(1, old_context, new_context, ttyn))
|
if (send_audit_message(1, old_context, new_context, ttyn))
|
||||||
@ -151,9 +114,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
#ifdef NAMESPACE_PRIV
|
#ifdef NAMESPACE_PRIV
|
||||||
if (transition_to_caller_uid())
|
if (transition_to_caller_uid())
|
||||||
goto err_close_pam_session;
|
goto err_close_pam_session;
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.81/restorecond/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.82/restorecond/Makefile
|
||||||
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/restorecond/Makefile 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/Makefile 2010-03-26 10:15:26.000000000 -0400
|
||||||
@@ -1,17 +1,28 @@
|
@@ -1,17 +1,28 @@
|
||||||
# Installation directories.
|
# Installation directories.
|
||||||
PREFIX ?= ${DESTDIR}/usr
|
PREFIX ?= ${DESTDIR}/usr
|
||||||
@ -200,16 +163,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
relabel: install
|
relabel: install
|
||||||
/sbin/restorecon $(SBINDIR)/restorecond
|
/sbin/restorecon $(SBINDIR)/restorecond
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.81/restorecond/org.selinux.Restorecond.service
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service
|
||||||
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/restorecond/org.selinux.Restorecond.service 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/org.selinux.Restorecond.service 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,3 @@
|
@@ -0,0 +1,3 @@
|
||||||
+[D-BUS Service]
|
+[D-BUS Service]
|
||||||
+Name=org.selinux.Restorecond
|
+Name=org.selinux.Restorecond
|
||||||
+Exec=/usr/sbin/restorecond -u
|
+Exec=/usr/sbin/restorecond -u
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.81/restorecond/restorecond.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.82/restorecond/restorecond.8
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond.8 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond.8 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -3,7 +3,7 @@
|
@@ -3,7 +3,7 @@
|
||||||
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
|
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
|
||||||
|
|
||||||
@ -244,9 +207,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
.BR restorecon (8),
|
.BR restorecon (8),
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.81/restorecond/restorecond.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.82/restorecond/restorecond.c
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -30,9 +30,11 @@
|
@@ -30,9 +30,11 @@
|
||||||
* and makes sure that there security context matches the systems defaults
|
* and makes sure that there security context matches the systems defaults
|
||||||
*
|
*
|
||||||
@ -753,9 +716,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
}
|
}
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.81/restorecond/restorecond.conf
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.82/restorecond/restorecond.conf
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond.conf 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond.conf 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -4,8 +4,5 @@
|
@@ -4,8 +4,5 @@
|
||||||
/etc/mtab
|
/etc/mtab
|
||||||
/var/run/utmp
|
/var/run/utmp
|
||||||
@ -766,9 +729,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
/root/.ssh/*
|
/root/.ssh/*
|
||||||
-
|
-
|
||||||
-
|
-
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.81/restorecond/restorecond.desktop
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.82/restorecond/restorecond.desktop
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond.desktop 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond.desktop 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,7 @@
|
@@ -0,0 +1,7 @@
|
||||||
+[Desktop Entry]
|
+[Desktop Entry]
|
||||||
+Name=File Context maintainer
|
+Name=File Context maintainer
|
||||||
@ -777,9 +740,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+Encoding=UTF-8
|
+Encoding=UTF-8
|
||||||
+Type=Application
|
+Type=Application
|
||||||
+StartupNotify=false
|
+StartupNotify=false
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.81/restorecond/restorecond.h
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.82/restorecond/restorecond.h
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond.h 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond.h 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -24,7 +24,22 @@
|
@@ -24,7 +24,22 @@
|
||||||
#ifndef RESTORED_CONFIG_H
|
#ifndef RESTORED_CONFIG_H
|
||||||
#define RESTORED_CONFIG_H
|
#define RESTORED_CONFIG_H
|
||||||
@ -805,9 +768,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+extern int watch_list_isempty();
|
+extern int watch_list_isempty();
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.81/restorecond/restorecond.init
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.82/restorecond/restorecond.init
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond.init 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond.init 2010-03-24 16:12:21.000000000 -0400
|
||||||
|
@@ -26,7 +26,7 @@
|
||||||
|
# Source function library.
|
||||||
|
. /etc/rc.d/init.d/functions
|
||||||
|
|
||||||
|
-[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0
|
||||||
|
+[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
|
||||||
|
|
||||||
|
# Check that we are root ... so non-root users stop here
|
||||||
|
test $EUID = 0 || exit 4
|
||||||
@@ -75,16 +75,15 @@
|
@@ -75,16 +75,15 @@
|
||||||
status restorecond
|
status restorecond
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
@ -827,15 +799,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
exit $RETVAL
|
exit $RETVAL
|
||||||
-
|
-
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.81/restorecond/restorecond_user.conf
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.82/restorecond/restorecond_user.conf
|
||||||
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/restorecond/restorecond_user.conf 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/restorecond_user.conf 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,2 @@
|
@@ -0,0 +1,2 @@
|
||||||
+~/*
|
+~/*
|
||||||
+~/public_html/*
|
+~/public_html/*
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.81/restorecond/user.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.82/restorecond/user.c
|
||||||
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/restorecond/user.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/user.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,239 @@
|
@@ -0,0 +1,239 @@
|
||||||
+/*
|
+/*
|
||||||
+ * restorecond
|
+ * restorecond
|
||||||
@ -1076,9 +1048,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.81/restorecond/watch.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.82/restorecond/watch.c
|
||||||
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/restorecond/watch.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/restorecond/watch.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,260 @@
|
@@ -0,0 +1,260 @@
|
||||||
+#define _GNU_SOURCE
|
+#define _GNU_SOURCE
|
||||||
+#include <sys/inotify.h>
|
+#include <sys/inotify.h>
|
||||||
@ -1340,17 +1312,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ if (master_wd == -1)
|
+ if (master_wd == -1)
|
||||||
+ exitApp("Error watching config file.");
|
+ exitApp("Error watching config file.");
|
||||||
+}
|
+}
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.81/sandbox/deliverables/basicwrapper
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.82/sandbox/deliverables/basicwrapper
|
||||||
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/deliverables/basicwrapper 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/deliverables/basicwrapper 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,4 @@
|
@@ -0,0 +1,4 @@
|
||||||
+import os, sys
|
+import os, sys
|
||||||
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
|
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
|
||||||
+SANDBOX_ARGS.extend(sys.argv[1::])
|
+SANDBOX_ARGS.extend(sys.argv[1::])
|
||||||
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
|
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.81/sandbox/deliverables/README
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.82/sandbox/deliverables/README
|
||||||
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/deliverables/README 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/deliverables/README 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,32 @@
|
@@ -0,0 +1,32 @@
|
||||||
+Files:
|
+Files:
|
||||||
+run-in-sandbox.py:
|
+run-in-sandbox.py:
|
||||||
@ -1384,9 +1356,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+Thanks for a great summer.
|
+Thanks for a great summer.
|
||||||
+Chris Pardy
|
+Chris Pardy
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.81/sandbox/deliverables/run-in-sandbox.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py
|
||||||
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/deliverables/run-in-sandbox.py 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/deliverables/run-in-sandbox.py 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,49 @@
|
@@ -0,0 +1,49 @@
|
||||||
+import os
|
+import os
|
||||||
+import os.path
|
+import os.path
|
||||||
@ -1437,9 +1409,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ def get_background_items(self, window, file):
|
+ def get_background_items(self, window, file):
|
||||||
+ return
|
+ return
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.81/sandbox/deliverables/sandbox
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.82/sandbox/deliverables/sandbox
|
||||||
--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/deliverables/sandbox 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/deliverables/sandbox 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,216 @@
|
@@ -0,0 +1,216 @@
|
||||||
+#!/usr/bin/python -E
|
+#!/usr/bin/python -E
|
||||||
+import os, sys, getopt, socket, random, fcntl, shutil
|
+import os, sys, getopt, socket, random, fcntl, shutil
|
||||||
@ -1657,9 +1629,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+ sys.exit(rc)
|
+ sys.exit(rc)
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.81/sandbox/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.82/sandbox/Makefile
|
||||||
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/Makefile 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/Makefile 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,41 @@
|
@@ -0,0 +1,41 @@
|
||||||
+# Installation directories.
|
+# Installation directories.
|
||||||
+PREFIX ?= ${DESTDIR}/usr
|
+PREFIX ?= ${DESTDIR}/usr
|
||||||
@ -1702,10 +1674,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ ../../scripts/Lindent $(wildcard *.[ch])
|
+ ../../scripts/Lindent $(wildcard *.[ch])
|
||||||
+
|
+
|
||||||
+relabel:
|
+relabel:
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.81/sandbox/sandbox
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.82/sandbox/sandbox
|
||||||
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/sandbox 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/sandbox 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,415 @@
|
@@ -0,0 +1,420 @@
|
||||||
+#! /usr/bin/python -E
|
+#! /usr/bin/python -E
|
||||||
+# Authors: Dan Walsh <dwalsh@redhat.com>
|
+# Authors: Dan Walsh <dwalsh@redhat.com>
|
||||||
+# Authors: Josh Cogliati
|
+# Authors: Josh Cogliati
|
||||||
@ -1918,7 +1890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ copyfile(f, homedir, self.__homedir)
|
+ copyfile(f, homedir, self.__homedir)
|
||||||
+ copyfile(f, "/tmp", self.__tmpdir)
|
+ copyfile(f, "/tmp", self.__tmpdir)
|
||||||
+
|
+
|
||||||
+ def __setup_sandboxrc(self):
|
+ def __setup_sandboxrc(self, wm = "/usr/bin/matchbox-window-manager -use_titlebar no"):
|
||||||
+ execfile =self.__homedir + "/.sandboxrc"
|
+ execfile =self.__homedir + "/.sandboxrc"
|
||||||
+ fd = open(execfile, "w+")
|
+ fd = open(execfile, "w+")
|
||||||
+ if self.__options.session:
|
+ if self.__options.session:
|
||||||
@ -1931,11 +1903,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ fd.write("""#! /bin/sh
|
+ fd.write("""#! /bin/sh
|
||||||
+#TITLE: %s
|
+#TITLE: %s
|
||||||
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
||||||
+/usr/bin/matchbox-window-manager -use_titlebar no &
|
+%s &
|
||||||
+WM_PID=$!
|
+WM_PID=$!
|
||||||
+%s
|
+%s
|
||||||
+kill -TERM $WM_PID 2> /dev/null
|
+kill -TERM $WM_PID 2> /dev/null
|
||||||
+""" % (command, command))
|
+""" % (command, wm, command))
|
||||||
+ fd.close()
|
+ fd.close()
|
||||||
+ os.chmod(execfile, 0700)
|
+ os.chmod(execfile, 0700)
|
||||||
+
|
+
|
||||||
@ -1945,9 +1917,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ def __parse_options(self):
|
+ def __parse_options(self):
|
||||||
+ from optparse import OptionParser
|
+ from optparse import OptionParser
|
||||||
+ usage = _("""
|
+ usage = _("""
|
||||||
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
|
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
|
||||||
+
|
+
|
||||||
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] -S
|
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
|
||||||
+""")
|
+""")
|
||||||
+
|
+
|
||||||
+ parser = OptionParser(version=self.VERSION, usage=usage)
|
+ parser = OptionParser(version=self.VERSION, usage=usage)
|
||||||
@ -1982,6 +1954,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ action="callback", callback=self.__validdir,
|
+ action="callback", callback=self.__validdir,
|
||||||
+ help="Alternate tempdir to use for mounting")
|
+ help="Alternate tempdir to use for mounting")
|
||||||
+
|
+
|
||||||
|
+ parser.add_option("-W", "--windowmanager", dest="wm",
|
||||||
|
+ type="string",
|
||||||
|
+ default="/usr/bin/matchbox-window-manager -use_titlebar no",
|
||||||
|
+ help="Alternate window maanger")
|
||||||
|
+
|
||||||
+ parser.add_option("-l", "--level", dest="level",
|
+ parser.add_option("-l", "--level", dest="level",
|
||||||
+ help="MCS/MLS Level for the sandbox")
|
+ help="MCS/MLS Level for the sandbox")
|
||||||
+
|
+
|
||||||
@ -2063,7 +2040,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
|
+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
|
||||||
+ xd.close()
|
+ xd.close()
|
||||||
+
|
+
|
||||||
+ self.__setup_sandboxrc()
|
+ self.__setup_sandboxrc(self.__options.wm)
|
||||||
+
|
+
|
||||||
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (self.__tmpdir, self.__homedir, self.__execcon)).split()
|
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (self.__tmpdir, self.__homedir, self.__execcon)).split()
|
||||||
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
|
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
|
||||||
@ -2121,16 +2098,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ rc = 0
|
+ rc = 0
|
||||||
+
|
+
|
||||||
+ sys.exit(rc)
|
+ sys.exit(rc)
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.81/sandbox/sandbox.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.82/sandbox/sandbox.8
|
||||||
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/sandbox.8 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/sandbox.8 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,50 @@
|
@@ -0,0 +1,56 @@
|
||||||
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||||
+.SH NAME
|
+.SH NAME
|
||||||
+sandbox \- Run cmd under an SELinux sandbox
|
+sandbox \- Run cmd under an SELinux sandbox
|
||||||
+.SH SYNOPSIS
|
+.SH SYNOPSIS
|
||||||
+.B sandbox
|
+.B sandbox
|
||||||
+[-l level ] [[-M | -X] -H homedir -T tmpdir ] [-I includefile ] [[-i file ]...] [ -t type ] cmd
|
+[-l level ] [[-M | -X] -H homedir -T tmpdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
|
||||||
+.br
|
+.br
|
||||||
+.SH DESCRIPTION
|
+.SH DESCRIPTION
|
||||||
+.PP
|
+.PP
|
||||||
@ -2147,43 +2124,49 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the directories need to have a matching label.
|
+If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the directories need to have a matching label.
|
||||||
+.PP
|
+.PP
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-t type\fR
|
+\fB\-H\ homedir
|
||||||
+Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
|
+Use alternate homedir to mount. Defaults to temporary. Requires -X or -M.
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-i file\fR
|
+\fB\-i file\fR
|
||||||
+Copy this file into the temporary sandbox appriate. Command can be repeated.
|
+Copy this file into the temporary sandbox appriate. Command can be repeated.
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-I inputfile\fR
|
+\fB\-I inputfile\fR Copy all files listed in inputfile into the
|
||||||
+Copy all files listed in inputfile into the appropriate temporary sandbox direcories.
|
+appropriate temporary sandbox direcories.
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-l\fR
|
+\fB\-l\fR
|
||||||
+Specify the MLS/MCS Security Level to run the sandbox in. Defaults to random.
|
+Specify the MLS/MCS Security Level to run the sandbox in. Defaults to random.
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-X\fR
|
|
||||||
+Create an X based Sandbox for gui apps, temporary files for $HOME and /tmp, seconday Xserver, defaults to sandbox_x_t
|
|
||||||
+.TP
|
|
||||||
+\fB\-M\fR
|
+\fB\-M\fR
|
||||||
+Create a Sandbox with temporary files for $HOME and /tmp, defaults to sandbox_t
|
+Create a Sandbox with temporary files for $HOME and /tmp, defaults to sandbox_t
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-H\ homedir
|
+\fB\-t type\fR
|
||||||
+Use alternate homedir to mount. Defaults to temporary. Requires -X or -M.
|
+Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
|
||||||
+.TP
|
+.TP
|
||||||
+\fB\-T\ tmpdir
|
+\fB\-T\ tmpdir
|
||||||
+Use alternate tempdir to mount. Defaults to temporary. Requires -X or -M.
|
+Use alternate tempdir to mount. Defaults to temporary. Requires -X or -M.
|
||||||
|
+.TP
|
||||||
|
+\fB\-W windowmanager\fR
|
||||||
|
+Select alternative window manager to run within
|
||||||
|
+.B sandbox -X.
|
||||||
|
+Default to /usr/bin/matchbox-window-manager.
|
||||||
|
+.TP
|
||||||
|
+\fB\-X\fR
|
||||||
|
+Create an X based Sandbox for gui apps, temporary files for
|
||||||
|
+$HOME and /tmp, seconday Xserver, defaults to sandbox_x_t
|
||||||
+.PP
|
+.PP
|
||||||
+.SH "SEE ALSO"
|
+.SH "SEE ALSO"
|
||||||
+.TP
|
+.TP
|
||||||
+runcon(1)
|
+runcon(1)
|
||||||
+.PP
|
+.PP
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.81/sandbox/sandbox.config
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.82/sandbox/sandbox.config
|
||||||
--- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/sandbox.config 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/sandbox.config 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,2 @@
|
@@ -0,0 +1,2 @@
|
||||||
+# Space separate list of homedirs
|
+# Space separate list of homedirs
|
||||||
+HOMEDIRS="/home"
|
+HOMEDIRS="/home"
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.81/sandbox/sandbox.init
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.82/sandbox/sandbox.init
|
||||||
--- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/sandbox.init 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/sandbox.init 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,67 @@
|
@@ -0,0 +1,67 @@
|
||||||
+#!/bin/bash
|
+#!/bin/bash
|
||||||
+## BEGIN INIT INFO
|
+## BEGIN INIT INFO
|
||||||
@ -2252,9 +2235,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ exit 3
|
+ exit 3
|
||||||
+ ;;
|
+ ;;
|
||||||
+esac
|
+esac
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.81/sandbox/sandboxX.sh
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.82/sandbox/sandboxX.sh
|
||||||
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/sandboxX.sh 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/sandboxX.sh 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,15 @@
|
@@ -0,0 +1,15 @@
|
||||||
+#!/bin/bash
|
+#!/bin/bash
|
||||||
+context=`id -Z | secon -t -l -P`
|
+context=`id -Z | secon -t -l -P`
|
||||||
@ -2271,9 +2254,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ break
|
+ break
|
||||||
+done
|
+done
|
||||||
+exit 0
|
+exit 0
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.81/sandbox/seunshare.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.82/sandbox/seunshare.c
|
||||||
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/seunshare.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/seunshare.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,265 @@
|
@@ -0,0 +1,265 @@
|
||||||
+#include <signal.h>
|
+#include <signal.h>
|
||||||
+#include <sys/types.h>
|
+#include <sys/types.h>
|
||||||
@ -2540,9 +2523,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+ return status;
|
+ return status;
|
||||||
+}
|
+}
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.81/sandbox/test_sandbox.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.82/sandbox/test_sandbox.py
|
||||||
--- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sandbox/test_sandbox.py 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/sandbox/test_sandbox.py 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,98 @@
|
@@ -0,0 +1,98 @@
|
||||||
+import unittest, os, shutil
|
+import unittest, os, shutil
|
||||||
+from tempfile import mkdtemp
|
+from tempfile import mkdtemp
|
||||||
@ -2642,9 +2625,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ unittest.main()
|
+ unittest.main()
|
||||||
+ else:
|
+ else:
|
||||||
+ print "SELinux must be in enforcing mode for this test"
|
+ print "SELinux must be in enforcing mode for this test"
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.81/scripts/fixfiles
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.82/scripts/fixfiles
|
||||||
--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
|
--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/scripts/fixfiles 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/scripts/fixfiles 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -21,6 +21,17 @@
|
@@ -21,6 +21,17 @@
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
@ -2730,9 +2713,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
restore
|
restore
|
||||||
}
|
}
|
||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.81/semanage/default_encoding/default_encoding.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c
|
||||||
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/default_encoding/default_encoding.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/semanage/default_encoding/default_encoding.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,59 @@
|
@@ -0,0 +1,59 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Authors:
|
+ * Authors:
|
||||||
@ -2793,9 +2776,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ PyUnicode_SetDefaultEncoding("utf-8");
|
+ PyUnicode_SetDefaultEncoding("utf-8");
|
||||||
+ m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
|
+ m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
|
||||||
+}
|
+}
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.81/semanage/default_encoding/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.82/semanage/default_encoding/Makefile
|
||||||
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/default_encoding/Makefile 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/semanage/default_encoding/Makefile 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,8 @@
|
@@ -0,0 +1,8 @@
|
||||||
+all:
|
+all:
|
||||||
+ LDFLAGS="" python setup.py build
|
+ LDFLAGS="" python setup.py build
|
||||||
@ -2805,9 +2788,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+clean:
|
+clean:
|
||||||
+ rm -rf build *~
|
+ rm -rf build *~
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.81/semanage/default_encoding/policycoreutils/__init__.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py
|
||||||
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/default_encoding/policycoreutils/__init__.py 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/semanage/default_encoding/policycoreutils/__init__.py 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,17 @@
|
@@ -0,0 +1,17 @@
|
||||||
+#
|
+#
|
||||||
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
|
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
|
||||||
@ -2826,9 +2809,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+# along with this program; if not, write to the Free Software
|
+# along with this program; if not, write to the Free Software
|
||||||
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
+#
|
+#
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.81/semanage/default_encoding/setup.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.82/semanage/default_encoding/setup.py
|
||||||
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/default_encoding/setup.py 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/semanage/default_encoding/setup.py 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -0,0 +1,38 @@
|
@@ -0,0 +1,38 @@
|
||||||
+# Authors:
|
+# Authors:
|
||||||
+# John Dennis <jdennis@redhat.com>
|
+# John Dennis <jdennis@redhat.com>
|
||||||
@ -2868,9 +2851,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ ext_modules = [default_encoding_utf8],
|
+ ext_modules = [default_encoding_utf8],
|
||||||
+ packages=["policycoreutils"],
|
+ packages=["policycoreutils"],
|
||||||
+)
|
+)
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.81/semanage/semanage
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.82/semanage/semanage
|
||||||
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
|
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/semanage 2010-03-16 14:03:19.000000000 -0400
|
+++ policycoreutils-2.0.82/semanage/semanage 2010-03-31 18:21:52.000000000 -0400
|
||||||
@@ -20,6 +20,7 @@
|
@@ -20,6 +20,7 @@
|
||||||
# 02111-1307 USA
|
# 02111-1307 USA
|
||||||
#
|
#
|
||||||
@ -3103,15 +3086,31 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
target = cmds[0]
|
target = cmds[0]
|
||||||
|
|
||||||
@@ -354,16 +408,20 @@
|
@@ -344,51 +398,79 @@
|
||||||
|
if add:
|
||||||
|
if object == "login":
|
||||||
|
OBJECT.add(target, seuser, serange)
|
||||||
|
+ return
|
||||||
|
|
||||||
|
if object == "user":
|
||||||
|
OBJECT.add(target, roles.split(), selevel, serange, prefix)
|
||||||
|
+ return
|
||||||
|
|
||||||
|
if object == "port":
|
||||||
|
OBJECT.add(target, proto, serange, setype)
|
||||||
|
+ return
|
||||||
|
|
||||||
if object == "interface":
|
if object == "interface":
|
||||||
OBJECT.add(target, serange, setype)
|
OBJECT.add(target, serange, setype)
|
||||||
|
+ return
|
||||||
|
+
|
||||||
+ if object == "module":
|
+ if object == "module":
|
||||||
+ OBJECT.add(target)
|
+ OBJECT.add(target)
|
||||||
+
|
+ return
|
||||||
|
|
||||||
if object == "node":
|
if object == "node":
|
||||||
OBJECT.add(target, mask, proto, serange, setype)
|
OBJECT.add(target, mask, proto, serange, setype)
|
||||||
|
+ return
|
||||||
|
|
||||||
if object == "fcontext":
|
if object == "fcontext":
|
||||||
- OBJECT.add(target, setype, ftype, serange, seuser)
|
- OBJECT.add(target, setype, ftype, serange, seuser)
|
||||||
@ -3119,18 +3118,27 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ OBJECT.add(target, setype, ftype, serange, seuser)
|
+ OBJECT.add(target, setype, ftype, serange, seuser)
|
||||||
+ else:
|
+ else:
|
||||||
+ OBJECT.add_equal(target, equal)
|
+ OBJECT.add_equal(target, equal)
|
||||||
|
+ return
|
||||||
if object == "permissive":
|
if object == "permissive":
|
||||||
OBJECT.add(target)
|
OBJECT.add(target)
|
||||||
|
+ return
|
||||||
|
|
||||||
- return
|
- return
|
||||||
-
|
-
|
||||||
if modify:
|
if modify:
|
||||||
if object == "boolean":
|
if object == "boolean":
|
||||||
OBJECT.modify(target, value, use_file)
|
OBJECT.modify(target, value, use_file)
|
||||||
@@ -375,6 +433,14 @@
|
+ return
|
||||||
|
|
||||||
|
if object == "login":
|
||||||
|
OBJECT.modify(target, seuser, serange)
|
||||||
|
+ return
|
||||||
|
|
||||||
|
if object == "user":
|
||||||
rlist = roles.split()
|
rlist = roles.split()
|
||||||
OBJECT.modify(target, rlist, selevel, serange, prefix)
|
OBJECT.modify(target, rlist, selevel, serange, prefix)
|
||||||
|
+ return
|
||||||
|
+
|
||||||
+ if object == "module":
|
+ if object == "module":
|
||||||
+ if enable:
|
+ if enable:
|
||||||
+ OBJECT.enable(target)
|
+ OBJECT.enable(target)
|
||||||
@ -3138,29 +3146,39 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ OBJECT.disable(target)
|
+ OBJECT.disable(target)
|
||||||
+ else:
|
+ else:
|
||||||
+ OBJECT.modify(target)
|
+ OBJECT.modify(target)
|
||||||
+
|
+ return
|
||||||
|
|
||||||
if object == "port":
|
if object == "port":
|
||||||
OBJECT.modify(target, proto, serange, setype)
|
OBJECT.modify(target, proto, serange, setype)
|
||||||
|
+ return
|
||||||
|
|
||||||
@@ -385,9 +451,10 @@
|
if object == "interface":
|
||||||
|
OBJECT.modify(target, serange, setype)
|
||||||
|
+ return
|
||||||
|
|
||||||
|
if object == "node":
|
||||||
OBJECT.modify(target, mask, proto, serange, setype)
|
OBJECT.modify(target, mask, proto, serange, setype)
|
||||||
|
+ return
|
||||||
|
|
||||||
if object == "fcontext":
|
if object == "fcontext":
|
||||||
- OBJECT.modify(target, setype, ftype, serange, seuser)
|
- OBJECT.modify(target, setype, ftype, serange, seuser)
|
||||||
-
|
-
|
||||||
- return
|
- return
|
||||||
|
-
|
||||||
+ if equal == "":
|
+ if equal == "":
|
||||||
+ OBJECT.modify(target, setype, ftype, serange, seuser)
|
+ OBJECT.modify(target, setype, ftype, serange, seuser)
|
||||||
+ else:
|
+ else:
|
||||||
+ OBJECT.modify_equal(target, equal)
|
+ OBJECT.modify_equal(target, equal)
|
||||||
|
+ return
|
||||||
if delete:
|
if delete:
|
||||||
if object == "port":
|
if object == "port":
|
||||||
@@ -402,14 +469,13 @@
|
OBJECT.delete(target, proto)
|
||||||
|
@@ -401,15 +483,14 @@
|
||||||
|
|
||||||
else:
|
else:
|
||||||
OBJECT.delete(target)
|
OBJECT.delete(target)
|
||||||
|
-
|
||||||
- return
|
return
|
||||||
-
|
-
|
||||||
- raise ValueError(_("Invalid command") % " ".join(argv))
|
- raise ValueError(_("Invalid command") % " ".join(argv))
|
||||||
+ raise ValueError(_("Invalid command: semanage %s") % " ".join(argv))
|
+ raise ValueError(_("Invalid command: semanage %s") % " ".join(argv))
|
||||||
@ -3173,7 +3191,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
input = None
|
input = None
|
||||||
store = ""
|
store = ""
|
||||||
|
|
||||||
@@ -417,7 +483,7 @@
|
@@ -417,7 +498,7 @@
|
||||||
usage(_("Requires 2 or more arguments"))
|
usage(_("Requires 2 or more arguments"))
|
||||||
|
|
||||||
gopts, cmds = getopt.getopt(sys.argv[1:],
|
gopts, cmds = getopt.getopt(sys.argv[1:],
|
||||||
@ -3182,7 +3200,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
['add',
|
['add',
|
||||||
'delete',
|
'delete',
|
||||||
'deleteall',
|
'deleteall',
|
||||||
@@ -431,6 +497,7 @@
|
@@ -431,6 +512,7 @@
|
||||||
'localist',
|
'localist',
|
||||||
'off',
|
'off',
|
||||||
'on',
|
'on',
|
||||||
@ -3190,7 +3208,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
'proto=',
|
'proto=',
|
||||||
'seuser=',
|
'seuser=',
|
||||||
'store=',
|
'store=',
|
||||||
@@ -438,6 +505,7 @@
|
@@ -438,6 +520,7 @@
|
||||||
'level=',
|
'level=',
|
||||||
'roles=',
|
'roles=',
|
||||||
'type=',
|
'type=',
|
||||||
@ -3198,7 +3216,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
'prefix='
|
'prefix='
|
||||||
])
|
])
|
||||||
for o, a in gopts:
|
for o, a in gopts:
|
||||||
@@ -445,6 +513,16 @@
|
@@ -445,6 +528,16 @@
|
||||||
store = a
|
store = a
|
||||||
if o == "-i" or o == '--input':
|
if o == "-i" or o == '--input':
|
||||||
input = a
|
input = a
|
||||||
@ -3215,7 +3233,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
if input != None:
|
if input != None:
|
||||||
if input == "-":
|
if input == "-":
|
||||||
@@ -454,6 +532,7 @@
|
@@ -454,6 +547,7 @@
|
||||||
trans = seobject.semanageRecords(store)
|
trans = seobject.semanageRecords(store)
|
||||||
trans.start()
|
trans.start()
|
||||||
for l in fd.readlines():
|
for l in fd.readlines():
|
||||||
@ -3223,15 +3241,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
process_args(mkargv(l))
|
process_args(mkargv(l))
|
||||||
trans.finish()
|
trans.finish()
|
||||||
else:
|
else:
|
||||||
@@ -467,3 +546,5 @@
|
@@ -467,3 +561,5 @@
|
||||||
errorExit(_("Invalid value %s") % error.args[0])
|
errorExit(_("Invalid value %s") % error.args[0])
|
||||||
except IOError, error:
|
except IOError, error:
|
||||||
errorExit(error.args[1])
|
errorExit(error.args[1])
|
||||||
+ except OSError, error:
|
+ except OSError, error:
|
||||||
+ errorExit(error.args[1])
|
+ errorExit(error.args[1])
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.81/semanage/semanage.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.82/semanage/semanage.8
|
||||||
--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500
|
--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/semanage.8 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/semanage/semanage.8 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -1,27 +1,58 @@
|
@@ -1,27 +1,58 @@
|
||||||
-.TH "semanage" "8" "2005111103" "" ""
|
-.TH "semanage" "8" "2005111103" "" ""
|
||||||
+.TH "semanage" "8" "20100223" "" ""
|
+.TH "semanage" "8" "20100223" "" ""
|
||||||
@ -3392,9 +3410,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+and Russell Coker <rcoker@redhat.com>.
|
+and Russell Coker <rcoker@redhat.com>.
|
||||||
+.br
|
+.br
|
||||||
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.81/semanage/seobject.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.82/semanage/seobject.py
|
||||||
--- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500
|
--- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/semanage/seobject.py 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/semanage/seobject.py 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -29,47 +29,12 @@
|
@@ -29,47 +29,12 @@
|
||||||
import gettext
|
import gettext
|
||||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||||
@ -3406,7 +3424,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
- __builtin__.__dict__['_'] = unicode
|
- __builtin__.__dict__['_'] = unicode
|
||||||
-
|
-
|
||||||
-import syslog
|
-import syslog
|
||||||
|
-
|
||||||
-handle = None
|
-handle = None
|
||||||
-
|
-
|
||||||
-def get_handle(store):
|
-def get_handle(store):
|
||||||
@ -3419,7 +3437,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
-
|
-
|
||||||
- if store != "":
|
- if store != "":
|
||||||
- semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
|
- semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
|
||||||
-
|
|
||||||
- if not semanage_is_managed(handle):
|
- if not semanage_is_managed(handle):
|
||||||
- semanage_handle_destroy(handle)
|
- semanage_handle_destroy(handle)
|
||||||
- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
|
- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
|
||||||
@ -3614,7 +3632,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
class dontauditClass(semanageRecords):
|
class dontauditClass(semanageRecords):
|
||||||
def __init__(self, store):
|
def __init__(self, store):
|
||||||
semanageRecords.__init__(self, store)
|
semanageRecords.__init__(self, store)
|
||||||
@@ -259,6 +331,7 @@
|
@@ -259,14 +331,23 @@
|
||||||
name = semanage_module_get_name(mod)
|
name = semanage_module_get_name(mod)
|
||||||
if name and name.startswith("permissive_"):
|
if name and name.startswith("permissive_"):
|
||||||
l.append(name.split("permissive_")[1])
|
l.append(name.split("permissive_")[1])
|
||||||
@ -3622,7 +3640,27 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
return l
|
return l
|
||||||
|
|
||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
@@ -343,7 +416,9 @@
|
- if heading:
|
||||||
|
- print "\n%-25s\n" % (_("Permissive Types"))
|
||||||
|
- for t in self.get_all():
|
||||||
|
- print t
|
||||||
|
+ import setools
|
||||||
|
+ all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE)))
|
||||||
|
|
||||||
|
+ if heading:
|
||||||
|
+ print "\n%-25s\n" % (_("Builtin Permissive Types"))
|
||||||
|
+ customized = self.get_all()
|
||||||
|
+ for t in all:
|
||||||
|
+ if t not in customized:
|
||||||
|
+ print t
|
||||||
|
+ if heading:
|
||||||
|
+ print "\n%-25s\n" % (_("Customized Permissive Types"))
|
||||||
|
+ for t in customized:
|
||||||
|
+ print t
|
||||||
|
|
||||||
|
def add(self, type):
|
||||||
|
import glob
|
||||||
|
@@ -343,7 +424,9 @@
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||||
if exists:
|
if exists:
|
||||||
@ -3633,7 +3671,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
if name[0] == '%':
|
if name[0] == '%':
|
||||||
try:
|
try:
|
||||||
grp.getgrnam(name[1:])
|
grp.getgrnam(name[1:])
|
||||||
@@ -475,6 +550,16 @@
|
@@ -475,6 +558,16 @@
|
||||||
|
|
||||||
mylog.log(1, "delete SELinux user mapping", name);
|
mylog.log(1, "delete SELinux user mapping", name);
|
||||||
|
|
||||||
@ -3650,7 +3688,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def get_all(self, locallist = 0):
|
def get_all(self, locallist = 0):
|
||||||
ddict = {}
|
ddict = {}
|
||||||
if locallist:
|
if locallist:
|
||||||
@@ -489,6 +574,15 @@
|
@@ -489,6 +582,15 @@
|
||||||
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
|
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
@ -3666,7 +3704,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def list(self,heading = 1, locallist = 0):
|
def list(self,heading = 1, locallist = 0):
|
||||||
ddict = self.get_all(locallist)
|
ddict = self.get_all(locallist)
|
||||||
keys = ddict.keys()
|
keys = ddict.keys()
|
||||||
@@ -531,7 +625,8 @@
|
@@ -531,7 +633,8 @@
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
||||||
if exists:
|
if exists:
|
||||||
@ -3676,7 +3714,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
(rc, u) = semanage_user_create(self.sh)
|
(rc, u) = semanage_user_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -682,6 +777,16 @@
|
@@ -682,6 +785,16 @@
|
||||||
|
|
||||||
mylog.log(1,"delete SELinux user record", name)
|
mylog.log(1,"delete SELinux user record", name)
|
||||||
|
|
||||||
@ -3693,7 +3731,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def get_all(self, locallist = 0):
|
def get_all(self, locallist = 0):
|
||||||
ddict = {}
|
ddict = {}
|
||||||
if locallist:
|
if locallist:
|
||||||
@@ -702,6 +807,15 @@
|
@@ -702,6 +815,15 @@
|
||||||
|
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
@ -3709,7 +3747,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
ddict = self.get_all(locallist)
|
ddict = self.get_all(locallist)
|
||||||
keys = ddict.keys()
|
keys = ddict.keys()
|
||||||
@@ -740,12 +854,16 @@
|
@@ -740,12 +862,16 @@
|
||||||
low = int(ports[0])
|
low = int(ports[0])
|
||||||
high = int(ports[1])
|
high = int(ports[1])
|
||||||
|
|
||||||
@ -3726,7 +3764,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
if serange == "":
|
if serange == "":
|
||||||
serange = "s0"
|
serange = "s0"
|
||||||
@@ -808,6 +926,7 @@
|
@@ -808,6 +934,7 @@
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
def __modify(self, port, proto, serange, setype):
|
def __modify(self, port, proto, serange, setype):
|
||||||
@ -3734,7 +3772,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
raise ValueError(_("Requires setype or serange"))
|
raise ValueError(_("Requires setype or serange"))
|
||||||
@@ -942,6 +1061,18 @@
|
@@ -942,6 +1069,18 @@
|
||||||
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
|
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
@ -3753,7 +3791,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
if heading:
|
if heading:
|
||||||
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
|
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
|
||||||
@@ -958,7 +1089,8 @@
|
@@ -958,7 +1097,8 @@
|
||||||
class nodeRecords(semanageRecords):
|
class nodeRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self,store)
|
semanageRecords.__init__(self,store)
|
||||||
@ -3763,7 +3801,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def __add(self, addr, mask, proto, serange, ctype):
|
def __add(self, addr, mask, proto, serange, ctype):
|
||||||
if addr == "":
|
if addr == "":
|
||||||
raise ValueError(_("Node Address is required"))
|
raise ValueError(_("Node Address is required"))
|
||||||
@@ -966,14 +1098,11 @@
|
@@ -966,14 +1106,11 @@
|
||||||
if mask == "":
|
if mask == "":
|
||||||
raise ValueError(_("Node Netmask is required"))
|
raise ValueError(_("Node Netmask is required"))
|
||||||
|
|
||||||
@ -3781,7 +3819,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
if is_mls_enabled == 1:
|
if is_mls_enabled == 1:
|
||||||
if serange == "":
|
if serange == "":
|
||||||
serange = "s0"
|
serange = "s0"
|
||||||
@@ -991,7 +1120,8 @@
|
@@ -991,7 +1128,8 @@
|
||||||
|
|
||||||
(rc, exists) = semanage_node_exists(self.sh, k)
|
(rc, exists) = semanage_node_exists(self.sh, k)
|
||||||
if exists:
|
if exists:
|
||||||
@ -3791,7 +3829,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
(rc, node) = semanage_node_create(self.sh)
|
(rc, node) = semanage_node_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1047,13 +1177,10 @@
|
@@ -1047,13 +1185,10 @@
|
||||||
|
|
||||||
if mask == "":
|
if mask == "":
|
||||||
raise ValueError(_("Node Netmask is required"))
|
raise ValueError(_("Node Netmask is required"))
|
||||||
@ -3809,7 +3847,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
raise ValueError(_("Requires setype or serange"))
|
raise ValueError(_("Requires setype or serange"))
|
||||||
@@ -1098,11 +1225,9 @@
|
@@ -1098,11 +1233,9 @@
|
||||||
if mask == "":
|
if mask == "":
|
||||||
raise ValueError(_("Node Netmask is required"))
|
raise ValueError(_("Node Netmask is required"))
|
||||||
|
|
||||||
@ -3824,7 +3862,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
raise ValueError(_("Unknown or missing protocol"))
|
raise ValueError(_("Unknown or missing protocol"))
|
||||||
|
|
||||||
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
||||||
@@ -1132,6 +1257,16 @@
|
@@ -1132,6 +1265,16 @@
|
||||||
self.__delete(addr, mask, proto)
|
self.__delete(addr, mask, proto)
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
@ -3841,7 +3879,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def get_all(self, locallist = 0):
|
def get_all(self, locallist = 0):
|
||||||
ddict = {}
|
ddict = {}
|
||||||
if locallist :
|
if locallist :
|
||||||
@@ -1145,15 +1280,20 @@
|
@@ -1145,15 +1288,20 @@
|
||||||
con = semanage_node_get_con(node)
|
con = semanage_node_get_con(node)
|
||||||
addr = semanage_node_get_addr(self.sh, node)
|
addr = semanage_node_get_addr(self.sh, node)
|
||||||
mask = semanage_node_get_mask(self.sh, node)
|
mask = semanage_node_get_mask(self.sh, node)
|
||||||
@ -3867,7 +3905,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
if heading:
|
if heading:
|
||||||
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
|
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
|
||||||
@@ -1193,7 +1333,8 @@
|
@@ -1193,7 +1341,8 @@
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||||
if exists:
|
if exists:
|
||||||
@ -3877,7 +3915,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
(rc, iface) = semanage_iface_create(self.sh)
|
(rc, iface) = semanage_iface_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1307,6 +1448,16 @@
|
@@ -1307,6 +1456,16 @@
|
||||||
self.__delete(interface)
|
self.__delete(interface)
|
||||||
self.commit()
|
self.commit()
|
||||||
|
|
||||||
@ -3894,7 +3932,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def get_all(self, locallist = 0):
|
def get_all(self, locallist = 0):
|
||||||
ddict = {}
|
ddict = {}
|
||||||
if locallist:
|
if locallist:
|
||||||
@@ -1322,6 +1473,15 @@
|
@@ -1322,6 +1481,15 @@
|
||||||
|
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
@ -3910,7 +3948,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
if heading:
|
if heading:
|
||||||
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
|
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
|
||||||
@@ -1338,6 +1498,48 @@
|
@@ -1338,6 +1506,48 @@
|
||||||
class fcontextRecords(semanageRecords):
|
class fcontextRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self, store)
|
semanageRecords.__init__(self, store)
|
||||||
@ -3959,7 +3997,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
def createcon(self, target, seuser = "system_u"):
|
def createcon(self, target, seuser = "system_u"):
|
||||||
(rc, con) = semanage_context_create(self.sh)
|
(rc, con) = semanage_context_create(self.sh)
|
||||||
@@ -1364,6 +1566,8 @@
|
@@ -1364,6 +1574,8 @@
|
||||||
def validate(self, target):
|
def validate(self, target):
|
||||||
if target == "" or target.find("\n") >= 0:
|
if target == "" or target.find("\n") >= 0:
|
||||||
raise ValueError(_("Invalid file specification"))
|
raise ValueError(_("Invalid file specification"))
|
||||||
@ -3968,7 +4006,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
||||||
self.validate(target)
|
self.validate(target)
|
||||||
@@ -1388,7 +1592,8 @@
|
@@ -1388,7 +1600,8 @@
|
||||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
|
||||||
if exists:
|
if exists:
|
||||||
@ -3978,7 +4016,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1504,9 +1709,16 @@
|
@@ -1504,9 +1717,16 @@
|
||||||
raise ValueError(_("Could not delete the file context %s") % target)
|
raise ValueError(_("Could not delete the file context %s") % target)
|
||||||
semanage_fcontext_key_free(k)
|
semanage_fcontext_key_free(k)
|
||||||
|
|
||||||
@ -3995,7 +4033,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create a key for %s") % target)
|
raise ValueError(_("Could not create a key for %s") % target)
|
||||||
@@ -1561,12 +1773,22 @@
|
@@ -1561,12 +1781,22 @@
|
||||||
|
|
||||||
return ddict
|
return ddict
|
||||||
|
|
||||||
@ -4020,7 +4058,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
for k in keys:
|
for k in keys:
|
||||||
if fcon_dict[k]:
|
if fcon_dict[k]:
|
||||||
if is_mls_enabled:
|
if is_mls_enabled:
|
||||||
@@ -1575,6 +1797,12 @@
|
@@ -1575,6 +1805,12 @@
|
||||||
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||||
else:
|
else:
|
||||||
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||||
@ -4033,7 +4071,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
class booleanRecords(semanageRecords):
|
class booleanRecords(semanageRecords):
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
@@ -1706,6 +1934,16 @@
|
@@ -1706,6 +1942,16 @@
|
||||||
else:
|
else:
|
||||||
return _("unknown")
|
return _("unknown")
|
||||||
|
|
||||||
@ -4050,9 +4088,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
def list(self, heading = True, locallist = False, use_file = False):
|
def list(self, heading = True, locallist = False, use_file = False):
|
||||||
on_off = (_("off"), _("on"))
|
on_off = (_("off"), _("on"))
|
||||||
if use_file:
|
if use_file:
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.81/setfiles/restore.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.82/setfiles/restore.c
|
||||||
--- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500
|
--- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/setfiles/restore.c 2010-03-22 14:05:56.000000000 -0400
|
+++ policycoreutils-2.0.82/setfiles/restore.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -1,4 +1,5 @@
|
@@ -1,4 +1,5 @@
|
||||||
#include "restore.h"
|
#include "restore.h"
|
||||||
+#include <glob.h>
|
+#include <glob.h>
|
||||||
@ -4234,9 +4272,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
+ free(buf);
|
+ free(buf);
|
||||||
+}
|
+}
|
||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.81/setfiles/restorecon.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.82/setfiles/restorecon.8
|
||||||
--- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/setfiles/restorecon.8 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/setfiles/restorecon.8 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -4,10 +4,10 @@
|
@@ -4,10 +4,10 @@
|
||||||
|
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
@ -4260,9 +4298,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
.TP
|
.TP
|
||||||
.B \-v
|
.B \-v
|
||||||
show changes in file labels.
|
show changes in file labels.
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.81/setfiles/restore.h
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.82/setfiles/restore.h
|
||||||
--- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
|
--- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/setfiles/restore.h 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/setfiles/restore.h 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -27,6 +27,7 @@
|
@@ -27,6 +27,7 @@
|
||||||
int hard_links;
|
int hard_links;
|
||||||
int verbose;
|
int verbose;
|
||||||
@ -4282,9 +4320,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
+void exclude_non_seclabel_mounts();
|
+void exclude_non_seclabel_mounts();
|
||||||
#endif
|
#endif
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.81/setfiles/setfiles.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.82/setfiles/setfiles.8
|
||||||
--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
|
--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/setfiles/setfiles.8 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/setfiles/setfiles.8 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -31,6 +31,9 @@
|
@@ -31,6 +31,9 @@
|
||||||
.TP
|
.TP
|
||||||
.B \-n
|
.B \-n
|
||||||
@ -4295,9 +4333,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po
|
|||||||
.TP
|
.TP
|
||||||
.B \-q
|
.B \-q
|
||||||
suppress non-error output.
|
suppress non-error output.
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.81/setfiles/setfiles.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.82/setfiles/setfiles.c
|
||||||
--- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
|
--- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/setfiles/setfiles.c 2010-03-12 10:04:13.000000000 -0500
|
+++ policycoreutils-2.0.82/setfiles/setfiles.c 2010-03-24 16:12:21.000000000 -0400
|
||||||
@@ -5,7 +5,6 @@
|
@@ -5,7 +5,6 @@
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <regex.h>
|
#include <regex.h>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/access.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py
|
||||||
--- nsasepolgen/src/sepolgen/access.py 2009-05-18 13:53:14.000000000 -0400
|
--- nsasepolgen/src/sepolgen/access.py 2010-03-22 14:08:29.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/access.py 2010-03-12 09:57:04.000000000 -0500
|
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py 2010-03-24 16:11:37.000000000 -0400
|
||||||
@@ -32,6 +32,7 @@
|
@@ -32,6 +32,7 @@
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@ -18,15 +18,6 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
|
|||||||
|
|
||||||
# The direction of the information flow represented by this
|
# The direction of the information flow represented by this
|
||||||
# access vector - used for matching
|
# access vector - used for matching
|
||||||
@@ -127,7 +130,7 @@
|
|
||||||
return self.to_string()
|
|
||||||
|
|
||||||
def to_string(self):
|
|
||||||
- return "allow %s %s : %s %s;" % (self.src_type, self.tgt_type,
|
|
||||||
+ return "allow %s %s:%s %s;" % (self.src_type, self.tgt_type,
|
|
||||||
self.obj_class, self.perms.to_space_str())
|
|
||||||
|
|
||||||
def __cmp__(self, other):
|
|
||||||
@@ -253,20 +256,22 @@
|
@@ -253,20 +256,22 @@
|
||||||
for av in l:
|
for av in l:
|
||||||
self.add_av(AccessVector(av))
|
self.add_av(AccessVector(av))
|
||||||
@ -54,38 +45,10 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
|
|||||||
|
|
||||||
access.perms.update(perms)
|
access.perms.update(perms)
|
||||||
if audit_msg:
|
if audit_msg:
|
||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/audit.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py
|
||||||
--- nsasepolgen/src/sepolgen/audit.py 2009-12-01 15:46:50.000000000 -0500
|
--- nsasepolgen/src/sepolgen/audit.py 2010-03-22 14:08:29.000000000 -0400
|
||||||
+++ policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/audit.py 2010-03-12 09:59:05.000000000 -0500
|
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py 2010-03-24 16:11:37.000000000 -0400
|
||||||
@@ -23,6 +23,27 @@
|
@@ -68,6 +68,17 @@
|
||||||
|
|
||||||
# Convenience functions
|
|
||||||
|
|
||||||
+def get_audit_boot_msgs():
|
|
||||||
+ """Obtain all of the avc and policy load messages from the audit
|
|
||||||
+ log. This function uses ausearch and requires that the current
|
|
||||||
+ process have sufficient rights to run ausearch.
|
|
||||||
+
|
|
||||||
+ Returns:
|
|
||||||
+ string contain all of the audit messages returned by ausearch.
|
|
||||||
+ """
|
|
||||||
+ import subprocess
|
|
||||||
+ import time
|
|
||||||
+ fd=open("/proc/uptime", "r")
|
|
||||||
+ off=float(fd.read().split()[0])
|
|
||||||
+ fd.close
|
|
||||||
+ s = time.localtime(time.time() - off)
|
|
||||||
+ date = time.strftime("%D/%Y", s).split("/")
|
|
||||||
+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
|
|
||||||
+ boottime = time.strftime("%X", s)
|
|
||||||
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
|
||||||
+ stdout=subprocess.PIPE).communicate()[0]
|
|
||||||
+ return output
|
|
||||||
+
|
|
||||||
def get_audit_msgs():
|
|
||||||
"""Obtain all of the avc and policy load messages from the audit
|
|
||||||
log. This function uses ausearch and requires that the current
|
|
||||||
@@ -47,6 +68,17 @@
|
|
||||||
stdout=subprocess.PIPE).communicate()[0]
|
stdout=subprocess.PIPE).communicate()[0]
|
||||||
return output
|
return output
|
||||||
|
|
||||||
@ -103,7 +66,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||||||
# Classes representing audit messages
|
# Classes representing audit messages
|
||||||
|
|
||||||
class AuditMessage:
|
class AuditMessage:
|
||||||
@@ -106,6 +138,9 @@
|
@@ -127,6 +138,9 @@
|
||||||
if fields[0] == "path":
|
if fields[0] == "path":
|
||||||
self.path = fields[1][1:-1]
|
self.path = fields[1][1:-1]
|
||||||
return
|
return
|
||||||
@ -113,7 +76,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||||||
|
|
||||||
class AVCMessage(AuditMessage):
|
class AVCMessage(AuditMessage):
|
||||||
"""AVC message representing an access denial or granted message.
|
"""AVC message representing an access denial or granted message.
|
||||||
@@ -146,6 +181,8 @@
|
@@ -167,6 +181,8 @@
|
||||||
self.path = ""
|
self.path = ""
|
||||||
self.accesses = []
|
self.accesses = []
|
||||||
self.denial = True
|
self.denial = True
|
||||||
@ -122,7 +85,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||||||
|
|
||||||
def __parse_access(self, recs, start):
|
def __parse_access(self, recs, start):
|
||||||
# This is kind of sucky - the access that is in a space separated
|
# This is kind of sucky - the access that is in a space separated
|
||||||
@@ -205,7 +242,31 @@
|
@@ -226,7 +242,31 @@
|
||||||
|
|
||||||
if not found_src or not found_tgt or not found_class or not found_access:
|
if not found_src or not found_tgt or not found_class or not found_access:
|
||||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||||
@ -138,7 +101,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||||||
+ else:
|
+ else:
|
||||||
+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
|
+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
|
||||||
+ if self.type == audit2why.NOPOLICY:
|
+ if self.type == audit2why.NOPOLICY:
|
||||||
+ raise ValueError("Must call policy_init first")
|
+ self.type = audit2why.TERULE
|
||||||
+ if self.type == audit2why.BADTCON:
|
+ if self.type == audit2why.BADTCON:
|
||||||
+ raise ValueError("Invalid Target Context %s\n" % tcontext)
|
+ raise ValueError("Invalid Target Context %s\n" % tcontext)
|
||||||
+ if self.type == audit2why.BADSCON:
|
+ if self.type == audit2why.BADSCON:
|
||||||
@ -149,13 +112,13 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||||||
+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
|
+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
|
||||||
+ if self.type == audit2why.BADCOMPUTE:
|
+ if self.type == audit2why.BADCOMPUTE:
|
||||||
+ raise ValueError("Error during access vector computation")
|
+ raise ValueError("Error during access vector computation")
|
||||||
+
|
+
|
||||||
+ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
|
+ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
|
||||||
+
|
+
|
||||||
class PolicyLoadMessage(AuditMessage):
|
class PolicyLoadMessage(AuditMessage):
|
||||||
"""Audit message indicating that the policy was reloaded."""
|
"""Audit message indicating that the policy was reloaded."""
|
||||||
def __init__(self, message):
|
def __init__(self, message):
|
||||||
@@ -448,10 +509,10 @@
|
@@ -469,10 +509,10 @@
|
||||||
if avc_filter:
|
if avc_filter:
|
||||||
if avc_filter.filter(avc):
|
if avc_filter.filter(avc):
|
||||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||||
@ -168,9 +131,9 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||||||
return av_set
|
return av_set
|
||||||
|
|
||||||
class AVCTypeFilter:
|
class AVCTypeFilter:
|
||||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/policygen.py
|
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
|
||||||
--- nsasepolgen/src/sepolgen/policygen.py 2010-03-12 09:34:56.000000000 -0500
|
--- nsasepolgen/src/sepolgen/policygen.py 2010-03-12 09:34:56.000000000 -0500
|
||||||
+++ policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/policygen.py 2010-03-12 09:53:30.000000000 -0500
|
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-03-24 16:11:37.000000000 -0400
|
||||||
@@ -29,6 +29,8 @@
|
@@ -29,6 +29,8 @@
|
||||||
import access
|
import access
|
||||||
import interfaces
|
import interfaces
|
||||||
@ -188,7 +151,7 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
|
|||||||
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
||||||
"""Set whether reference policy interfaces are generated.
|
"""Set whether reference policy interfaces are generated.
|
||||||
|
|
||||||
@@ -151,8 +154,35 @@
|
@@ -151,8 +154,37 @@
|
||||||
rule = refpolicy.AVRule(av)
|
rule = refpolicy.AVRule(av)
|
||||||
if self.dontaudit:
|
if self.dontaudit:
|
||||||
rule.rule_type = rule.DONTAUDIT
|
rule.rule_type = rule.DONTAUDIT
|
||||||
@ -207,6 +170,8 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py polic
|
|||||||
+
|
+
|
||||||
+ if av.type == audit2why.CONSTRAINT:
|
+ if av.type == audit2why.CONSTRAINT:
|
||||||
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
||||||
|
+ rule.comment += "#Contraint rule: "
|
||||||
|
+
|
||||||
+ if av.type == audit2why.TERULE:
|
+ if av.type == audit2why.TERULE:
|
||||||
+ if "write" in av.perms:
|
+ if "write" in av.perms:
|
||||||
+ if "dir" in av.obj_class or "open" in av.perms:
|
+ if "dir" in av.obj_class or "open" in av.perms:
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 1.4.2-1
|
||||||
%define libsepolver 2.0.38-1
|
%define libsepolver 2.0.41-3
|
||||||
%define libsemanagever 2.0.39-1
|
%define libsemanagever 2.0.43-4
|
||||||
%define libselinuxver 2.0.87-1
|
%define libselinuxver 2.0.90-3
|
||||||
%define sepolgenver 1.0.20
|
%define sepolgenver 1.0.23
|
||||||
|
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.81
|
Version: 2.0.82
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -30,7 +30,7 @@ Obsoletes: policycoreutils < 2.0.61-2
|
|||||||
|
|
||||||
%global pkgpythondir %{python_sitelib}/%{name}
|
%global pkgpythondir %{python_sitelib}/%{name}
|
||||||
|
|
||||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||||
BuildRequires: python-devel
|
BuildRequires: python-devel
|
||||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||||
@ -305,9 +305,28 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-4
|
||||||
|
- Fix spacing in templates
|
||||||
|
|
||||||
|
* Wed Mar 31 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-3
|
||||||
|
- Fix semanage return codes
|
||||||
|
|
||||||
|
* Tue Mar 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-2
|
||||||
|
- Fix sepolgen to confirm to the "Reference Policy Style Guide"
|
||||||
|
|
||||||
|
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-1
|
||||||
|
- Update to upstream
|
||||||
|
* Add avc's since boot from Dan Walsh.
|
||||||
|
* Fix unit tests from Dan Walsh.
|
||||||
|
|
||||||
|
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-4
|
||||||
|
- Update to upstream - sepolgen
|
||||||
|
* Add since-last-boot option to audit2allow from Dan Walsh.
|
||||||
|
* Fix sepolgen output to match what Chris expects for upstream
|
||||||
|
refpolicy from Dan Walsh.
|
||||||
|
|
||||||
* Mon Mar 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-3
|
* Mon Mar 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-3
|
||||||
- Allow restorecon on > 2 Gig files
|
- Allow restorecon on > 2 Gig files
|
||||||
Resolves: #574070
|
|
||||||
|
|
||||||
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-2
|
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-2
|
||||||
- Fix semanage handling of boolean options
|
- Fix semanage handling of boolean options
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
64e37bf9a411c7c3993839155a30301c policycoreutils-2.0.81.tgz
|
e4deacb4df1e2ec081a91fd59da1dcc5 policycoreutils-2.0.82.tgz
|
||||||
|
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
||||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||||
962e1a1348276188bdff673ab3b711e0 sepolgen-1.0.20.tgz
|
|
||||||
|
Loading…
Reference in New Issue
Block a user