Fix portspage in system-config-selinux to not crash
More fixes for seunshare from Tomas Hoger
This commit is contained in:
parent
312470de44
commit
b6d72dd04b
|
@ -1,6 +1,6 @@
|
|||
diff -up policycoreutils-2.0.85/gui/booleansPage.py.gui policycoreutils-2.0.85/gui/booleansPage.py
|
||||
--- policycoreutils-2.0.85/gui/booleansPage.py.gui 2011-02-23 14:55:19.198081540 -0500
|
||||
+++ policycoreutils-2.0.85/gui/booleansPage.py 2011-02-23 14:55:19.198081540 -0500
|
||||
--- policycoreutils-2.0.85/gui/booleansPage.py.gui 2011-03-08 17:50:01.451191417 -0500
|
||||
+++ policycoreutils-2.0.85/gui/booleansPage.py 2011-03-08 17:50:01.451191417 -0500
|
||||
@@ -0,0 +1,247 @@
|
||||
+#
|
||||
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
|
||||
|
@ -250,8 +250,8 @@ diff -up policycoreutils-2.0.85/gui/booleansPage.py.gui policycoreutils-2.0.85/g
|
|||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/domainsPage.py.gui policycoreutils-2.0.85/gui/domainsPage.py
|
||||
--- policycoreutils-2.0.85/gui/domainsPage.py.gui 2011-02-23 14:55:19.198081540 -0500
|
||||
+++ policycoreutils-2.0.85/gui/domainsPage.py 2011-02-23 14:55:19.198081540 -0500
|
||||
--- policycoreutils-2.0.85/gui/domainsPage.py.gui 2011-03-08 17:50:01.451191417 -0500
|
||||
+++ policycoreutils-2.0.85/gui/domainsPage.py 2011-03-08 17:50:01.451191417 -0500
|
||||
@@ -0,0 +1,154 @@
|
||||
+## domainsPage.py - show selinux domains
|
||||
+## Copyright (C) 2009 Red Hat, Inc.
|
||||
|
@ -408,8 +408,8 @@ diff -up policycoreutils-2.0.85/gui/domainsPage.py.gui policycoreutils-2.0.85/gu
|
|||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff -up policycoreutils-2.0.85/gui/fcontextPage.py.gui policycoreutils-2.0.85/gui/fcontextPage.py
|
||||
--- policycoreutils-2.0.85/gui/fcontextPage.py.gui 2011-02-23 14:55:19.199081547 -0500
|
||||
+++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-02-23 14:55:19.199081547 -0500
|
||||
--- policycoreutils-2.0.85/gui/fcontextPage.py.gui 2011-03-08 17:50:01.452191430 -0500
|
||||
+++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-03-08 17:50:01.452191430 -0500
|
||||
@@ -0,0 +1,223 @@
|
||||
+## fcontextPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -635,8 +635,8 @@ diff -up policycoreutils-2.0.85/gui/fcontextPage.py.gui policycoreutils-2.0.85/g
|
|||
+ self.store.set_value(iter, FTYPE_COL, ftype)
|
||||
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
|
||||
diff -up policycoreutils-2.0.85/gui/html_util.py.gui policycoreutils-2.0.85/gui/html_util.py
|
||||
--- policycoreutils-2.0.85/gui/html_util.py.gui 2011-02-23 14:55:19.200081554 -0500
|
||||
+++ policycoreutils-2.0.85/gui/html_util.py 2011-02-23 14:55:19.200081554 -0500
|
||||
--- policycoreutils-2.0.85/gui/html_util.py.gui 2011-03-08 17:50:01.453191443 -0500
|
||||
+++ policycoreutils-2.0.85/gui/html_util.py 2011-03-08 17:50:01.453191443 -0500
|
||||
@@ -0,0 +1,164 @@
|
||||
+# Authors: John Dennis <jdennis@redhat.com>
|
||||
+#
|
||||
|
@ -803,8 +803,8 @@ diff -up policycoreutils-2.0.85/gui/html_util.py.gui policycoreutils-2.0.85/gui/
|
|||
+ return doc
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/lockdown.glade.gui policycoreutils-2.0.85/gui/lockdown.glade
|
||||
--- policycoreutils-2.0.85/gui/lockdown.glade.gui 2011-02-23 14:55:19.202081568 -0500
|
||||
+++ policycoreutils-2.0.85/gui/lockdown.glade 2011-02-23 14:55:19.202081568 -0500
|
||||
--- policycoreutils-2.0.85/gui/lockdown.glade.gui 2011-03-08 17:50:01.455191469 -0500
|
||||
+++ policycoreutils-2.0.85/gui/lockdown.glade 2011-03-08 17:50:01.455191469 -0500
|
||||
@@ -0,0 +1,771 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -1578,8 +1578,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.glade.gui policycoreutils-2.0.85/gu
|
|||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.0.85/gui/lockdown.gladep.gui policycoreutils-2.0.85/gui/lockdown.gladep
|
||||
--- policycoreutils-2.0.85/gui/lockdown.gladep.gui 2011-02-23 14:55:19.203081575 -0500
|
||||
+++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-02-23 14:55:19.203081575 -0500
|
||||
--- policycoreutils-2.0.85/gui/lockdown.gladep.gui 2011-03-08 17:50:01.455191469 -0500
|
||||
+++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-03-08 17:50:01.455191469 -0500
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -1589,8 +1589,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.gladep.gui policycoreutils-2.0.85/g
|
|||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.0.85/gui/lockdown.py.gui policycoreutils-2.0.85/gui/lockdown.py
|
||||
--- policycoreutils-2.0.85/gui/lockdown.py.gui 2011-02-23 14:55:19.204081582 -0500
|
||||
+++ policycoreutils-2.0.85/gui/lockdown.py 2011-02-23 14:55:19.204081582 -0500
|
||||
--- policycoreutils-2.0.85/gui/lockdown.py.gui 2011-03-08 17:50:01.457191494 -0500
|
||||
+++ policycoreutils-2.0.85/gui/lockdown.py 2011-03-08 17:50:01.457191494 -0500
|
||||
@@ -0,0 +1,382 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
|
@ -1975,8 +1975,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.py.gui policycoreutils-2.0.85/gui/l
|
|||
+ app = booleanWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.0.85/gui/loginsPage.py.gui policycoreutils-2.0.85/gui/loginsPage.py
|
||||
--- policycoreutils-2.0.85/gui/loginsPage.py.gui 2011-02-23 14:55:19.205081589 -0500
|
||||
+++ policycoreutils-2.0.85/gui/loginsPage.py 2011-02-23 14:55:19.205081589 -0500
|
||||
--- policycoreutils-2.0.85/gui/loginsPage.py.gui 2011-03-08 17:50:01.458191506 -0500
|
||||
+++ policycoreutils-2.0.85/gui/loginsPage.py 2011-03-08 17:50:01.458191506 -0500
|
||||
@@ -0,0 +1,185 @@
|
||||
+## loginsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -2164,8 +2164,8 @@ diff -up policycoreutils-2.0.85/gui/loginsPage.py.gui policycoreutils-2.0.85/gui
|
|||
+ self.store.set_value(iter, 2, seobject.translate(serange))
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/Makefile.gui policycoreutils-2.0.85/gui/Makefile
|
||||
--- policycoreutils-2.0.85/gui/Makefile.gui 2011-02-23 14:55:19.205081589 -0500
|
||||
+++ policycoreutils-2.0.85/gui/Makefile 2011-02-23 14:55:19.205081589 -0500
|
||||
--- policycoreutils-2.0.85/gui/Makefile.gui 2011-03-08 17:50:01.458191506 -0500
|
||||
+++ policycoreutils-2.0.85/gui/Makefile 2011-03-08 17:50:01.458191506 -0500
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
|
@ -2208,8 +2208,8 @@ diff -up policycoreutils-2.0.85/gui/Makefile.gui policycoreutils-2.0.85/gui/Make
|
|||
+
|
||||
+relabel:
|
||||
diff -up policycoreutils-2.0.85/gui/mappingsPage.py.gui policycoreutils-2.0.85/gui/mappingsPage.py
|
||||
--- policycoreutils-2.0.85/gui/mappingsPage.py.gui 2011-02-23 14:55:19.206081596 -0500
|
||||
+++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-02-23 14:55:19.206081596 -0500
|
||||
--- policycoreutils-2.0.85/gui/mappingsPage.py.gui 2011-03-08 17:50:01.459191518 -0500
|
||||
+++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-03-08 17:50:01.459191518 -0500
|
||||
@@ -0,0 +1,56 @@
|
||||
+## mappingsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -2268,8 +2268,8 @@ diff -up policycoreutils-2.0.85/gui/mappingsPage.py.gui policycoreutils-2.0.85/g
|
|||
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/modulesPage.py.gui policycoreutils-2.0.85/gui/modulesPage.py
|
||||
--- policycoreutils-2.0.85/gui/modulesPage.py.gui 2011-02-23 14:55:19.207081603 -0500
|
||||
+++ policycoreutils-2.0.85/gui/modulesPage.py 2011-02-23 14:55:19.207081603 -0500
|
||||
--- policycoreutils-2.0.85/gui/modulesPage.py.gui 2011-03-08 17:50:01.460191530 -0500
|
||||
+++ policycoreutils-2.0.85/gui/modulesPage.py 2011-03-08 17:50:01.460191530 -0500
|
||||
@@ -0,0 +1,190 @@
|
||||
+## modulesPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
|
@ -2462,8 +2462,8 @@ diff -up policycoreutils-2.0.85/gui/modulesPage.py.gui policycoreutils-2.0.85/gu
|
|||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff -up policycoreutils-2.0.85/gui/polgen.glade.gui policycoreutils-2.0.85/gui/polgen.glade
|
||||
--- policycoreutils-2.0.85/gui/polgen.glade.gui 2011-02-23 14:55:19.213081645 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.glade 2011-02-23 14:55:19.214081651 -0500
|
||||
--- policycoreutils-2.0.85/gui/polgen.glade.gui 2011-03-08 17:50:01.466191608 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.glade 2011-03-08 17:50:01.466191608 -0500
|
||||
@@ -0,0 +1,3432 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -5898,8 +5898,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.glade.gui policycoreutils-2.0.85/gui/
|
|||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.0.85/gui/polgen.gladep.gui policycoreutils-2.0.85/gui/polgen.gladep
|
||||
--- policycoreutils-2.0.85/gui/polgen.gladep.gui 2011-02-23 14:55:19.216081664 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.gladep 2011-02-23 14:55:19.216081664 -0500
|
||||
--- policycoreutils-2.0.85/gui/polgen.gladep.gui 2011-03-08 17:50:01.468191632 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.gladep 2011-03-08 17:50:01.468191632 -0500
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -5909,8 +5909,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.gladep.gui policycoreutils-2.0.85/gui
|
|||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.0.85/gui/polgengui.py.gui policycoreutils-2.0.85/gui/polgengui.py
|
||||
--- policycoreutils-2.0.85/gui/polgengui.py.gui 2011-02-23 14:55:19.217081671 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgengui.py 2011-02-23 14:55:19.218081678 -0500
|
||||
--- policycoreutils-2.0.85/gui/polgengui.py.gui 2011-03-08 17:50:01.469191644 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgengui.py 2011-03-08 17:50:01.470191656 -0500
|
||||
@@ -0,0 +1,750 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
|
@ -6663,8 +6663,8 @@ diff -up policycoreutils-2.0.85/gui/polgengui.py.gui policycoreutils-2.0.85/gui/
|
|||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.0.85/gui/polgen.py.gui policycoreutils-2.0.85/gui/polgen.py
|
||||
--- policycoreutils-2.0.85/gui/polgen.py.gui 2011-02-23 14:55:19.220081692 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.py 2011-03-07 16:55:17.688869261 -0500
|
||||
--- policycoreutils-2.0.85/gui/polgen.py.gui 2011-03-08 17:50:01.472191682 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.py 2011-03-08 17:50:01.472191682 -0500
|
||||
@@ -0,0 +1,1347 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
|
@ -8014,8 +8014,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.py.gui policycoreutils-2.0.85/gui/pol
|
|||
+ except ValueError, e:
|
||||
+ usage(e)
|
||||
diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/portsPage.py
|
||||
--- policycoreutils-2.0.85/gui/portsPage.py.gui 2011-02-23 14:55:19.221081699 -0500
|
||||
+++ policycoreutils-2.0.85/gui/portsPage.py 2011-02-23 14:55:19.221081699 -0500
|
||||
--- policycoreutils-2.0.85/gui/portsPage.py.gui 2011-03-08 17:50:01.473191695 -0500
|
||||
+++ policycoreutils-2.0.85/gui/portsPage.py 2011-03-09 15:55:17.719020699 -0500
|
||||
@@ -0,0 +1,259 @@
|
||||
+## portsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -8147,9 +8147,9 @@ diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/
|
|||
+ continue
|
||||
+ iter = self.store.append()
|
||||
+ if k[0] == k[1]:
|
||||
+ self.store.set_value(iter, PORT_COL, k[0])
|
||||
+ self.store.set_value(iter, PORT_COL, str(k[0]))
|
||||
+ else:
|
||||
+ rec = "%s-%s" % k[:2]
|
||||
+ rec = "%d-%d" % k[:2]
|
||||
+ self.store.set_value(iter, PORT_COL, rec)
|
||||
+ self.store.set_value(iter, TYPE_COL, dict[k][0])
|
||||
+ self.store.set_value(iter, PROTOCOL_COL, k[2])
|
||||
|
@ -8277,8 +8277,8 @@ diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/
|
|||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/selinux.tbl.gui policycoreutils-2.0.85/gui/selinux.tbl
|
||||
--- policycoreutils-2.0.85/gui/selinux.tbl.gui 2011-02-23 14:55:19.223081713 -0500
|
||||
+++ policycoreutils-2.0.85/gui/selinux.tbl 2011-02-23 14:55:19.223081713 -0500
|
||||
--- policycoreutils-2.0.85/gui/selinux.tbl.gui 2011-03-08 17:50:01.475191721 -0500
|
||||
+++ policycoreutils-2.0.85/gui/selinux.tbl 2011-03-08 17:50:01.475191721 -0500
|
||||
@@ -0,0 +1,234 @@
|
||||
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
|
||||
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
|
||||
|
@ -8515,8 +8515,8 @@ diff -up policycoreutils-2.0.85/gui/selinux.tbl.gui policycoreutils-2.0.85/gui/s
|
|||
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/semanagePage.py.gui policycoreutils-2.0.85/gui/semanagePage.py
|
||||
--- policycoreutils-2.0.85/gui/semanagePage.py.gui 2011-02-23 14:55:19.224081720 -0500
|
||||
+++ policycoreutils-2.0.85/gui/semanagePage.py 2011-02-23 14:55:19.224081720 -0500
|
||||
--- policycoreutils-2.0.85/gui/semanagePage.py.gui 2011-03-08 17:50:01.476191734 -0500
|
||||
+++ policycoreutils-2.0.85/gui/semanagePage.py 2011-03-08 17:50:01.476191734 -0500
|
||||
@@ -0,0 +1,168 @@
|
||||
+## semanagePage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -8687,8 +8687,8 @@ diff -up policycoreutils-2.0.85/gui/semanagePage.py.gui policycoreutils-2.0.85/g
|
|||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/statusPage.py.gui policycoreutils-2.0.85/gui/statusPage.py
|
||||
--- policycoreutils-2.0.85/gui/statusPage.py.gui 2011-02-23 14:55:19.225081727 -0500
|
||||
+++ policycoreutils-2.0.85/gui/statusPage.py 2011-02-23 14:55:19.225081727 -0500
|
||||
--- policycoreutils-2.0.85/gui/statusPage.py.gui 2011-03-08 17:50:01.477191746 -0500
|
||||
+++ policycoreutils-2.0.85/gui/statusPage.py 2011-03-08 17:50:01.477191746 -0500
|
||||
@@ -0,0 +1,190 @@
|
||||
+# statusPage.py - show selinux status
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
|
@ -8881,8 +8881,8 @@ diff -up policycoreutils-2.0.85/gui/statusPage.py.gui policycoreutils-2.0.85/gui
|
|||
+
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/system-config-selinux.glade.gui policycoreutils-2.0.85/gui/system-config-selinux.glade
|
||||
--- policycoreutils-2.0.85/gui/system-config-selinux.glade.gui 2011-02-23 14:55:19.229081755 -0500
|
||||
+++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-02-23 14:55:19.229081755 -0500
|
||||
--- policycoreutils-2.0.85/gui/system-config-selinux.glade.gui 2011-03-08 17:50:01.481191795 -0500
|
||||
+++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-03-08 17:50:01.481191795 -0500
|
||||
@@ -0,0 +1,3024 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -11909,8 +11909,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.glade.gui policycoreut
|
|||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui policycoreutils-2.0.85/gui/system-config-selinux.gladep
|
||||
--- policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui 2011-02-23 14:55:19.231081769 -0500
|
||||
+++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-02-23 14:55:19.231081769 -0500
|
||||
--- policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui 2011-03-08 17:50:01.483191821 -0500
|
||||
+++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-03-08 17:50:01.483191821 -0500
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -11920,8 +11920,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui policycoreu
|
|||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.0.85/gui/system-config-selinux.py.gui policycoreutils-2.0.85/gui/system-config-selinux.py
|
||||
--- policycoreutils-2.0.85/gui/system-config-selinux.py.gui 2011-02-23 14:55:19.232081776 -0500
|
||||
+++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-02-23 14:55:19.232081776 -0500
|
||||
--- policycoreutils-2.0.85/gui/system-config-selinux.py.gui 2011-03-08 17:50:01.484191834 -0500
|
||||
+++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-03-08 17:50:01.484191834 -0500
|
||||
@@ -0,0 +1,187 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
|
@ -12111,8 +12111,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.py.gui policycoreutils
|
|||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.0.85/gui/templates/boolean.py.gui policycoreutils-2.0.85/gui/templates/boolean.py
|
||||
--- policycoreutils-2.0.85/gui/templates/boolean.py.gui 2011-02-23 14:55:19.233081783 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-02-23 14:55:19.233081783 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/boolean.py.gui 2011-03-08 17:50:01.485191847 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-03-08 17:50:01.485191847 -0500
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12155,8 +12155,8 @@ diff -up policycoreutils-2.0.85/gui/templates/boolean.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/templates/etc_rw.py.gui policycoreutils-2.0.85/gui/templates/etc_rw.py
|
||||
--- policycoreutils-2.0.85/gui/templates/etc_rw.py.gui 2011-02-23 14:55:19.234081790 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-02-23 14:55:19.234081790 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/etc_rw.py.gui 2011-03-08 17:50:01.485191847 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-03-08 17:50:01.485191847 -0500
|
||||
@@ -0,0 +1,113 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12272,8 +12272,8 @@ diff -up policycoreutils-2.0.85/gui/templates/etc_rw.py.gui policycoreutils-2.0.
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/executable.py.gui policycoreutils-2.0.85/gui/templates/executable.py
|
||||
--- policycoreutils-2.0.85/gui/templates/executable.py.gui 2011-02-23 14:55:19.235081797 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/executable.py 2011-03-07 16:56:00.542178604 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/executable.py.gui 2011-03-08 17:50:01.486191860 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/executable.py 2011-03-08 17:50:01.486191860 -0500
|
||||
@@ -0,0 +1,444 @@
|
||||
+# Copyright (C) 2007-2009 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12720,8 +12720,8 @@ diff -up policycoreutils-2.0.85/gui/templates/executable.py.gui policycoreutils-
|
|||
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/__init__.py.gui policycoreutils-2.0.85/gui/templates/__init__.py
|
||||
--- policycoreutils-2.0.85/gui/templates/__init__.py.gui 2011-02-23 14:55:19.236081804 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-02-23 14:55:19.236081804 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/__init__.py.gui 2011-03-08 17:50:01.487191872 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-03-08 17:50:01.487191872 -0500
|
||||
@@ -0,0 +1,18 @@
|
||||
+#
|
||||
+# Copyright (C) 2007 Red Hat, Inc.
|
||||
|
@ -12742,8 +12742,8 @@ diff -up policycoreutils-2.0.85/gui/templates/__init__.py.gui policycoreutils-2.
|
|||
+#
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/templates/network.py.gui policycoreutils-2.0.85/gui/templates/network.py
|
||||
--- policycoreutils-2.0.85/gui/templates/network.py.gui 2011-02-23 14:55:19.237081810 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/network.py 2011-02-23 14:55:19.237081810 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/network.py.gui 2011-03-08 17:50:01.487191872 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/network.py 2011-03-08 17:50:01.488191884 -0500
|
||||
@@ -0,0 +1,80 @@
|
||||
+te_port_types="""
|
||||
+type TEMPLATETYPE_port_t;
|
||||
|
@ -12826,8 +12826,8 @@ diff -up policycoreutils-2.0.85/gui/templates/network.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/templates/rw.py.gui policycoreutils-2.0.85/gui/templates/rw.py
|
||||
--- policycoreutils-2.0.85/gui/templates/rw.py.gui 2011-02-23 14:55:19.238081816 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/rw.py 2011-02-23 14:55:19.238081816 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/rw.py.gui 2011-03-08 17:50:01.488191884 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/rw.py 2011-03-08 17:50:01.488191884 -0500
|
||||
@@ -0,0 +1,131 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12961,8 +12961,8 @@ diff -up policycoreutils-2.0.85/gui/templates/rw.py.gui policycoreutils-2.0.85/g
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/script.py.gui policycoreutils-2.0.85/gui/templates/script.py
|
||||
--- policycoreutils-2.0.85/gui/templates/script.py.gui 2011-02-23 14:55:19.238081816 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/script.py 2011-02-23 14:55:19.238081816 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/script.py.gui 2011-03-08 17:50:01.489191896 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/script.py 2011-03-08 17:50:01.489191896 -0500
|
||||
@@ -0,0 +1,126 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13091,8 +13091,8 @@ diff -up policycoreutils-2.0.85/gui/templates/script.py.gui policycoreutils-2.0.
|
|||
+fi
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/semodule.py.gui policycoreutils-2.0.85/gui/templates/semodule.py
|
||||
--- policycoreutils-2.0.85/gui/templates/semodule.py.gui 2011-02-23 14:55:19.239081823 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-02-23 14:55:19.239081823 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/semodule.py.gui 2011-03-08 17:50:01.489191896 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-03-08 17:50:01.489191896 -0500
|
||||
@@ -0,0 +1,41 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13136,8 +13136,8 @@ diff -up policycoreutils-2.0.85/gui/templates/semodule.py.gui policycoreutils-2.
|
|||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/templates/tmp.py.gui policycoreutils-2.0.85/gui/templates/tmp.py
|
||||
--- policycoreutils-2.0.85/gui/templates/tmp.py.gui 2011-02-23 14:55:19.240081830 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-02-23 14:55:19.240081830 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/tmp.py.gui 2011-03-08 17:50:01.490191908 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-03-08 17:50:01.490191908 -0500
|
||||
@@ -0,0 +1,102 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13242,8 +13242,8 @@ diff -up policycoreutils-2.0.85/gui/templates/tmp.py.gui policycoreutils-2.0.85/
|
|||
+ admin_pattern($1, TEMPLATETYPE_tmp_t)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/user.py.gui policycoreutils-2.0.85/gui/templates/user.py
|
||||
--- policycoreutils-2.0.85/gui/templates/user.py.gui 2011-02-23 14:55:19.240081830 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/user.py 2011-02-23 14:55:19.240081830 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/user.py.gui 2011-03-08 17:50:01.491191921 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/user.py 2011-03-08 17:50:01.491191921 -0500
|
||||
@@ -0,0 +1,205 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13451,8 +13451,8 @@ diff -up policycoreutils-2.0.85/gui/templates/user.py.gui policycoreutils-2.0.85
|
|||
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/var_cache.py.gui policycoreutils-2.0.85/gui/templates/var_cache.py
|
||||
--- policycoreutils-2.0.85/gui/templates/var_cache.py.gui 2011-02-23 14:55:19.241081837 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-02-23 14:55:19.241081837 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/var_cache.py.gui 2011-03-08 17:50:01.492191934 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-03-08 17:50:01.492191934 -0500
|
||||
@@ -0,0 +1,133 @@
|
||||
+# Copyright (C) 2010 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13588,8 +13588,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_cache.py.gui policycoreutils-2
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/var_lib.py.gui policycoreutils-2.0.85/gui/templates/var_lib.py
|
||||
--- policycoreutils-2.0.85/gui/templates/var_lib.py.gui 2011-02-23 14:55:19.242081844 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-02-23 14:55:19.242081844 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/var_lib.py.gui 2011-03-08 17:50:01.493191947 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-03-08 17:50:01.493191947 -0500
|
||||
@@ -0,0 +1,161 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13753,8 +13753,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_lib.py.gui policycoreutils-2.0
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/var_log.py.gui policycoreutils-2.0.85/gui/templates/var_log.py
|
||||
--- policycoreutils-2.0.85/gui/templates/var_log.py.gui 2011-02-23 14:55:19.243081851 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-02-23 14:55:19.243081851 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/var_log.py.gui 2011-03-08 17:50:01.493191947 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-03-08 17:50:01.493191947 -0500
|
||||
@@ -0,0 +1,116 @@
|
||||
+# Copyright (C) 2007,2010 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13873,8 +13873,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_log.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.85/gui/templates/var_run.py.gui policycoreutils-2.0.85/gui/templates/var_run.py
|
||||
--- policycoreutils-2.0.85/gui/templates/var_run.py.gui 2011-02-23 14:55:19.243081851 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-02-23 14:55:19.243081851 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/var_run.py.gui 2011-03-08 17:50:01.494191960 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-03-08 17:50:01.494191960 -0500
|
||||
@@ -0,0 +1,101 @@
|
||||
+# Copyright (C) 2007,2010 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13978,8 +13978,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_run.py.gui policycoreutils-2.0
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/templates/var_spool.py.gui policycoreutils-2.0.85/gui/templates/var_spool.py
|
||||
--- policycoreutils-2.0.85/gui/templates/var_spool.py.gui 2011-02-23 14:55:19.244081858 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-02-23 14:55:19.244081858 -0500
|
||||
--- policycoreutils-2.0.85/gui/templates/var_spool.py.gui 2011-03-08 17:50:01.495191973 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-03-08 17:50:01.495191973 -0500
|
||||
@@ -0,0 +1,133 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -14115,8 +14115,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_spool.py.gui policycoreutils-2
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.85/gui/usersPage.py.gui policycoreutils-2.0.85/gui/usersPage.py
|
||||
--- policycoreutils-2.0.85/gui/usersPage.py.gui 2011-02-23 14:55:19.245081865 -0500
|
||||
+++ policycoreutils-2.0.85/gui/usersPage.py 2011-02-23 14:55:19.245081865 -0500
|
||||
--- policycoreutils-2.0.85/gui/usersPage.py.gui 2011-03-08 17:50:01.495191973 -0500
|
||||
+++ policycoreutils-2.0.85/gui/usersPage.py 2011-03-08 17:50:01.495191973 -0500
|
||||
@@ -0,0 +1,150 @@
|
||||
+## usersPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
|
||||
|
|
|
@ -2079,7 +2079,7 @@ index 0000000..6063d6a
|
|||
+and
|
||||
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
||||
index ec692e7..b79e781 100644
|
||||
index ec692e7..7df3167 100644
|
||||
--- a/policycoreutils/sandbox/seunshare.c
|
||||
+++ b/policycoreutils/sandbox/seunshare.c
|
||||
@@ -1,28 +1,34 @@
|
||||
|
@ -2122,7 +2122,7 @@ index ec692e7..b79e781 100644
|
|||
#ifdef USE_NLS
|
||||
#include <locale.h> /* for setlocale() */
|
||||
#include <libintl.h> /* for gettext() */
|
||||
@@ -39,29 +45,45 @@
|
||||
@@ -39,29 +45,47 @@
|
||||
#define MS_PRIVATE 1<<18
|
||||
#endif
|
||||
|
||||
|
@ -2146,6 +2146,8 @@ index ec692e7..b79e781 100644
|
|||
-static int drop_capabilities(uid_t uid)
|
||||
+static int drop_caps()
|
||||
{
|
||||
+ if (capng_have_capabilities(CAPNG_SELECT_BOTH) == CAPNG_NONE)
|
||||
+ return 0;
|
||||
capng_clear(CAPNG_SELECT_BOTH);
|
||||
-
|
||||
- if (capng_lock() < 0)
|
||||
|
@ -2181,7 +2183,7 @@ index ec692e7..b79e781 100644
|
|||
*/
|
||||
static int set_signal_handles(void)
|
||||
{
|
||||
@@ -75,8 +97,8 @@ static int set_signal_handles(void)
|
||||
@@ -75,8 +99,8 @@ static int set_signal_handles(void)
|
||||
|
||||
(void)sigprocmask(SIG_SETMASK, &empty, NULL);
|
||||
|
||||
|
@ -2192,7 +2194,7 @@ index ec692e7..b79e781 100644
|
|||
perror("Unable to set SIGHUP handler");
|
||||
return -1;
|
||||
}
|
||||
@@ -84,23 +106,100 @@ static int set_signal_handles(void)
|
||||
@@ -84,23 +108,103 @@ static int set_signal_handles(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2207,14 +2209,10 @@ index ec692e7..b79e781 100644
|
|||
+ retval = -1; \
|
||||
+ } while(0)
|
||||
+
|
||||
/**
|
||||
- * This function makes sure the mounted directory is owned by the user executing
|
||||
- * seunshare.
|
||||
- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
|
||||
+/**
|
||||
+ * Spawn external command using system() with dropped privileges.
|
||||
+ * TODO: avoid system() and use exec*() instead
|
||||
*/
|
||||
-static int verify_mount(const char *mntdir, struct passwd *pwd) {
|
||||
+ */
|
||||
+static int spawn_command(const char *cmd, uid_t uid){
|
||||
+ int child;
|
||||
+ int status = -1;
|
||||
|
@ -2245,25 +2243,28 @@ index ec692e7..b79e781 100644
|
|||
+ * Check file/directory ownership, struct stat * must be passed to the
|
||||
+ * functions.
|
||||
+ */
|
||||
+#define check_owner_common(f,st) do { \
|
||||
+ if (lstat(f, st) == -1) { \
|
||||
+ fprintf(stderr, _("Failed to stat %s: %s\n"), f, strerror(errno)); \
|
||||
+ return -1; \
|
||||
+ } \
|
||||
+ if (S_ISLNK(st->st_mode)) { \
|
||||
+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), f); \
|
||||
+ return -1; \
|
||||
+ } \
|
||||
+ } while(0)
|
||||
+
|
||||
+static int check_owner_uid(uid_t uid, const char *file, struct stat *st) {
|
||||
+ check_owner_common(file, st);
|
||||
+ return (st->st_uid == uid ? 0 : -1);
|
||||
+ if (S_ISLNK(st->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (st->st_uid != uid) {
|
||||
+ fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int check_owner_gid(gid_t gid, const char *file, struct stat *st) {
|
||||
+ check_owner_common(file, st);
|
||||
+ return (st->st_gid == gid ? 0 : -1);
|
||||
+ if (S_ISLNK(st->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (st->st_gid != gid) {
|
||||
+ fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#define equal_stats(one,two) \
|
||||
|
@ -2271,11 +2272,15 @@ index ec692e7..b79e781 100644
|
|||
+ (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \
|
||||
+ (one)->st_mode == (two)->st_mode)
|
||||
+
|
||||
+/**
|
||||
/**
|
||||
- * This function makes sure the mounted directory is owned by the user executing
|
||||
- * seunshare.
|
||||
- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
|
||||
+ * Sanity check specified directory. Store stat info for future comparison, or
|
||||
+ * compare with previously saved info to detect replaced directories.
|
||||
+ * Note: This function does not perform owner checks.
|
||||
+ */
|
||||
*/
|
||||
-static int verify_mount(const char *mntdir, struct passwd *pwd) {
|
||||
+static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) {
|
||||
struct stat sb;
|
||||
- if (stat(mntdir, &sb) == -1) {
|
||||
|
@ -2285,25 +2290,25 @@ index ec692e7..b79e781 100644
|
|||
+
|
||||
+ if (lstat(dir, st_out) == -1) {
|
||||
+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (! S_ISDIR(st_out->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
- if (sb.st_uid != pwd->pw_uid) {
|
||||
- errno = EPERM;
|
||||
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
|
||||
- perror(_("Invalid mount point, reporting to administrator"));
|
||||
+ if (st_in && !equal_stats(st_in, st_out)) {
|
||||
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
|
||||
+ if (! S_ISDIR(st_out->st_mode)) {
|
||||
+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
+ if (st_in && !equal_stats(st_in, st_out)) {
|
||||
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -123,7 +222,7 @@ static int verify_shell(const char *shell_name)
|
||||
@@ -123,7 +227,7 @@ static int verify_shell(const char *shell_name)
|
||||
|
||||
/* check the shell skipping newline char */
|
||||
if (!strcmp(shell_name, buf)) {
|
||||
|
@ -2312,7 +2317,7 @@ index ec692e7..b79e781 100644
|
|||
break;
|
||||
}
|
||||
}
|
||||
@@ -131,45 +230,443 @@ static int verify_shell(const char *shell_name)
|
||||
@@ -131,45 +235,439 @@ static int verify_shell(const char *shell_name)
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -2642,8 +2647,9 @@ index ec692e7..b79e781 100644
|
|||
+ struct stat tmp_st;
|
||||
+ security_context_t con = NULL;
|
||||
+
|
||||
+ /* copy selinux context */
|
||||
+ /* get selinux context */
|
||||
+ if (execcon) {
|
||||
+ setfsuid(pwd->pw_uid);
|
||||
+ if ((fd_s = open(src, O_RDONLY)) < 0) {
|
||||
+ fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
|
||||
+ goto err;
|
||||
|
@ -2660,9 +2666,10 @@ index ec692e7..b79e781 100644
|
|||
+ fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ /* ok to not reach this if there is an error */
|
||||
+ setfsuid(0);
|
||||
+ }
|
||||
+
|
||||
+ setfsuid(0);
|
||||
+ if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
|
||||
+ fprintf(stderr, _("Out of memory\n"));
|
||||
+ tmpdir = NULL;
|
||||
|
@ -2677,14 +2684,8 @@ index ec692e7..b79e781 100644
|
|||
+ if (verify_directory(tmpdir, NULL, out_st) < 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (check_owner_uid(0, tmpdir, out_st) < 0) {
|
||||
+ fprintf(stderr, _("Error: %s not owned by UID %d\n"), tmpdir, 0);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) {
|
||||
+ fprintf(stderr, _("Error: %s not owned by GID %d\n"), tmpdir, getgid());
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (check_owner_uid(0, tmpdir, out_st) < 0) goto err;
|
||||
+ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err;
|
||||
+
|
||||
+ /* change permissions of the temporary directory */
|
||||
+ if ((fd_t = open(tmpdir, O_RDONLY)) < 0) {
|
||||
|
@ -2709,6 +2710,7 @@ index ec692e7..b79e781 100644
|
|||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* copy selinux context */
|
||||
+ if (execcon) {
|
||||
+ if (fsetfilecon(fd_t, con) == -1) {
|
||||
+ fprintf(stderr, _("Failed to set context of the directory %s: %s\n"), tmpdir, strerror(errno));
|
||||
|
@ -2732,11 +2734,10 @@ index ec692e7..b79e781 100644
|
|||
+
|
||||
+ goto good;
|
||||
+err:
|
||||
+ free(tmpdir);
|
||||
+ tmpdir = NULL;
|
||||
+ free(tmpdir); tmpdir = NULL;
|
||||
+good:
|
||||
+ free(cmdbuf); cmdbuf = NULL;
|
||||
+ freecon(con);
|
||||
+ freecon(con); con = NULL;
|
||||
+ if (fd_t >= 0) close(fd_t);
|
||||
+ if (fd_s >= 0) close(fd_s);
|
||||
+ return tmpdir;
|
||||
|
@ -2771,7 +2772,7 @@ index ec692e7..b79e781 100644
|
|||
{NULL, 0, 0, 0}
|
||||
};
|
||||
|
||||
@@ -180,6 +677,12 @@ int main(int argc, char **argv) {
|
||||
@@ -180,6 +678,12 @@ int main(int argc, char **argv) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -2784,7 +2785,7 @@ index ec692e7..b79e781 100644
|
|||
struct passwd *pwd=getpwuid(uid);
|
||||
if (!pwd) {
|
||||
perror(_("getpwduid failed"));
|
||||
@@ -187,34 +690,30 @@ int main(int argc, char **argv) {
|
||||
@@ -187,34 +691,30 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
if (verify_shell(pwd->pw_shell) < 0) {
|
||||
|
@ -2830,7 +2831,7 @@ index ec692e7..b79e781 100644
|
|||
break;
|
||||
default:
|
||||
fprintf(stderr, "%s\n", USAGE_STRING);
|
||||
@@ -223,76 +722,81 @@ int main(int argc, char **argv) {
|
||||
@@ -223,76 +723,84 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
if (! homedir_s && ! tmpdir_s) {
|
||||
|
@ -2872,15 +2873,17 @@ index ec692e7..b79e781 100644
|
|||
- if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (drop_capabilities(uid)) {
|
||||
- perror(_("Failed to drop all capabilities"));
|
||||
+ if (set_signal_handles()) return -1;
|
||||
+
|
||||
+ if (usecgroups && setup_cgroups() < 0) return -1;
|
||||
|
||||
- if (drop_capabilities(uid)) {
|
||||
- perror(_("Failed to drop all capabilities"));
|
||||
+ /* On NFS machines you need to setfsuid to be able to access files
|
||||
+ on homedir, if this fails on a non NFS machine, we don't care,
|
||||
+ if it fails on an NFS machine, the code below will fail. */
|
||||
+
|
||||
+ /* set fsuid to ruid */
|
||||
+ /* Changing fsuid is usually required when user-specified directory is
|
||||
+ * on an NFS mount. It's also desired to avoid leaking info about
|
||||
+ * existence of the files not accessible to the user. */
|
||||
+ setfsuid(uid);
|
||||
+
|
||||
+ /* verify homedir and tmpdir */
|
||||
|
@ -2890,6 +2893,7 @@ index ec692e7..b79e781 100644
|
|||
+ if (tmpdir_s && (
|
||||
+ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
|
||||
+ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
|
||||
+ setfsuid(0);
|
||||
+
|
||||
+ /* create runtime tmpdir */
|
||||
+ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
|
||||
|
@ -2929,6 +2933,7 @@ index ec692e7..b79e781 100644
|
|||
- perror(_("Unable to clear environment"));
|
||||
- free(display);
|
||||
- exit(-1);
|
||||
+ /* assume fsuid==ruid after this point */
|
||||
+ setfsuid(uid);
|
||||
+
|
||||
+ /* mount homedir and tmpdir, in this order */
|
||||
|
@ -2960,7 +2965,7 @@ index ec692e7..b79e781 100644
|
|||
if (display)
|
||||
rc |= setenv("DISPLAY", display, 1);
|
||||
rc |= setenv("HOME", pwd->pw_dir, 1);
|
||||
@@ -300,22 +804,41 @@ int main(int argc, char **argv) {
|
||||
@@ -300,22 +808,41 @@ int main(int argc, char **argv) {
|
||||
rc |= setenv("USER", pwd->pw_name, 1);
|
||||
rc |= setenv("LOGNAME", pwd->pw_name, 1);
|
||||
rc |= setenv("PATH", DEFAULT_PATH, 1);
|
||||
|
@ -2995,7 +3000,7 @@ index ec692e7..b79e781 100644
|
|||
|
||||
- free(tmpdir_s);
|
||||
- free(homedir_s);
|
||||
+ // XXX: drop some caps here?
|
||||
+ drop_caps();
|
||||
|
||||
+ /* parent waits for child exit to do the cleanup */
|
||||
+ waitpid(child, &status, 0);
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.85
|
||||
Release: 18%{?dist}
|
||||
Release: 19%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
|
@ -331,6 +331,10 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Wed Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
||||
- Fix portspage in system-config-selinux to not crash
|
||||
- More fixes for seunshare from Tomas Hoger
|
||||
|
||||
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
|
||||
- put back in old handling of -T in sandbox command
|
||||
- Put back setsid in seunshare
|
||||
|
|
Loading…
Reference in New Issue