diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index b753318..d45c144 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.22/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.25/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/booleansPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/booleansPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,227 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -229,9 +229,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
+ commands.getstatusoutput(setsebool)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.22/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.25/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/fcontextPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/fcontextPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,210 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -443,9 +443,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.22/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.25/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/loginsPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/loginsPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,180 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -627,9 +627,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.22/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.25/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/Makefile 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/Makefile 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,34 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -665,9 +665,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
+indent:
+
+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.22/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.25/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/mappingsPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/mappingsPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,57 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -726,9 +726,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.22/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.25/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/modulesPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/modulesPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,182 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -912,19 +912,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.22/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/polgen.glade 2007-07-23 10:40:06.000000000 -0400
-@@ -0,0 +1,1168 @@
++++ policycoreutils-2.0.25/gui/polgen.glade 2007-08-28 10:01:36.000000000 -0400
+@@ -0,0 +1,2261 @@
+
+
+
+
+
+
-+
-+ True
-+ Selinux Policy Generation Tool
++
++ 5
++ GTK_FILE_CHOOSER_ACTION_OPEN
++ True
++ True
++ True
++ False
+ GTK_WINDOW_TOPLEVEL
+ GTK_WIN_POS_MOUSE
+ False
@@ -933,35 +937,430 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ True
+ False
+ False
++ GDK_WINDOW_TYPE_HINT_DIALOG
++ GDK_GRAVITY_NORTH_WEST
++ True
++ False
++
++
++
++ True
++ False
++ 24
++
++
++
++ True
++ GTK_BUTTONBOX_END
++
++
++
++ True
++ True
++ True
++ gtk-cancel
++ True
++ GTK_RELIEF_NORMAL
++ True
++ -6
++
++
++
++
++
++ True
++ True
++ True
++ True
++ gtk-add
++ True
++ GTK_RELIEF_NORMAL
++ True
++ -5
++
++
++
++
++ 0
++ False
++ True
++ GTK_PACK_END
++
++
++
++
++
++
++
++ 5
++ False
++ Polgen
++ Red Hat 2007
++ GPL
++ False
++ www.redhat.com
++ Daniel Walsh <dwalsh@redhat.com>
++ translator-credits
++
++
++
++ True
++ SELinux Policy Generation Tool
++ GTK_WINDOW_TOPLEVEL
++ GTK_WIN_POS_NONE
++ False
++ True
++ False
++ True
++ False
++ False
+ GDK_WINDOW_TYPE_HINT_NORMAL
+ GDK_GRAVITY_NORTH_WEST
+ True
+ False
+
+
-+
++
+ True
+ False
+ 0
+
+
-+
-+ 4
++
+ True
-+ False
-+
++ False
++ True
++ GTK_POS_TOP
++ False
++ False
+
+
-+
++
+ True
+ GNOME_EDGE_START
+ SELinux Policy Generation Druid
-+ This tool can be used to generate a policy framework, to confine an application using SELinux. The tool will generate a Type Enforcement File (te), an interface file (if), a File Context File (fc) and a shell script (sh) used to compile the policy.
++ This tool can be used to generate a policy framework, to confine an application or users using SELinux.
++
++The tool generates:
++Type Enforcement File (te)
++Interface file (if)
++File Context File (fc)
++Shell script (sh) - used to compile and install the policy.
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label25
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
++ True
++ Select what you want to confine.
++
++
++
++
++ 16
++ True
++ False
++ 6
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ True
++ Confine an application
++ True
++ GTK_RELIEF_NORMAL
++ True
++ True
++ False
++ True
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ True
++ Confine a user
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++ confine_application_radiobutton
++
++
++ 0
++ False
++ False
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++ False
++ True
++
++
++
++
++
++ True
++ label26
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
++ True
++ Name and Type of user to confine.
++
++
++
++ 16
++ True
++ False
++ 6
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ Select login user, if this is a user who will login to a machine directly
++ True
++ XWindows Login User
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ Select login user, if this is a user who will login to a machine directly
++ True
++ Terminal Login User
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++ xwindows_login_user_radiobutton
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ True
++ Root User
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++ xwindows_login_user_radiobutton
++
++
++ 10
++ False
++ False
++
++
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ Name
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 5
++ False
++ False
++
++
++
++
++
++ True
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 0
++ True
++ True
++
++
++
++
++ 0
++ False
++ True
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++ False
++ True
++
++
++
++
++
++ True
++ label27
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Name of application to be confined
+
@@ -1110,10 +1509,107 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label28
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
++ True
++ Select Application Transitions for this domain
++
++
++
++ 16
++ True
++ False
++ 6
++
++
++
++ True
++ True
++ GTK_POLICY_ALWAYS
++ GTK_POLICY_ALWAYS
++ GTK_SHADOW_IN
++ GTK_CORNER_TOP_LEFT
++
++
++
++ True
++ Select the applications that you would like this domain to transition to.
++ True
++ False
++ False
++ False
++ True
++ False
++ False
++ False
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++
++
++
++ True
++ label28
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Application Type
+
@@ -1218,10 +1714,37 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label29
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Incoming Network Port Connections
+
@@ -1233,24 +1756,175 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ 6
+
+
-+
++
+ True
-+ 2
-+ 2
-+ False
-+ 0
-+ 5
++ 0
++ 0.5
++ GTK_SHADOW_NONE
+
+
-+
++
+ True
-+ TCP Ports
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 12
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ Allows confined application to bind to any port
++ True
++ All
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ Use this checkbutton if your app calls bindresvport with 0.
++ True
++ 600-1024
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ Any non defined ports > 1024
++ True
++ Unreserved Ports (> 1024)
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ Select Ports
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 5
++ False
++ False
++
++
++
++
++
++ True
++ Enter a comma separated list of tcp ports that this application binds to.
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 0
++ True
++ True
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++
++
++
++ True
++ <b>TCP Ports</b>
+ False
-+ False
++ True
+ GTK_JUSTIFY_LEFT
+ False
+ False
-+ 0
++ 0.5
+ 0.5
+ 0
+ 0
@@ -1260,25 +1934,187 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ 0
+
+
-+ 0
-+ 1
-+ 0
-+ 1
-+ fill
-+
++ label_item
+
+
++
++
++ 0
++ True
++ True
++
++
++
++
++
++ True
++ 0
++ 0.5
++ GTK_SHADOW_NONE
++
++
++
++ True
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 12
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ Allows confined application to bind to any port
++ True
++ All
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ Use this checkbutton if your app calls bindresvport with 0.
++ True
++ 600-1024
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ Any non defined ports > 1024
++ True
++ Unreserved Ports (>1024)
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ Select Ports
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 5
++ False
++ False
++
++
++
++
++
++ True
++ Enter a comma separated list of tcp ports that this application binds to.
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 0
++ True
++ True
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
+
+
-+
++
+ True
-+ UDP Ports
++ <b>UDP Ports</b>
+ False
-+ False
++ True
+ GTK_JUSTIFY_LEFT
+ False
+ False
-+ 0
++ 0.5
+ 0.5
+ 0
+ 0
@@ -1288,56 +2124,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ 0
+
+
-+ 0
-+ 1
-+ 1
-+ 2
-+ fill
-+
-+
-+
-+
-+
-+
-+ True
-+ Enter a comma separated list of tcp ports that this application binds to.
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+ 1
-+ 2
-+ 0
-+ 1
-+
-+
-+
-+
-+
-+
-+ True
-+ Enter a comma separated list of tcp ports that this application binds to.
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+ 1
-+ 2
-+ 1
-+ 2
-+
++ label_item
+
+
+
@@ -1350,10 +2137,37 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label30
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Outgoing Network Port Connections
+
@@ -1365,24 +2179,135 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ 6
+
+
-+
++
+ True
-+ 2
-+ 2
-+ False
-+ 0
-+ 5
++ 0
++ 0.5
++ GTK_SHADOW_NONE
+
+
-+
++
+ True
-+ TCP Ports
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 12
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 12
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ True
++ All
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ Select Ports
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 5
++ False
++ False
++
++
++
++
++
++ True
++ Enter a comma separated list of udp ports that this application connects to.
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++
++
++
++ True
++ <b>TCP Ports</b>
+ False
-+ False
++ True
+ GTK_JUSTIFY_LEFT
+ False
+ False
-+ 0
++ 0.5
+ 0.5
+ 0
+ 0
@@ -1392,25 +2317,120 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ 0
+
+
-+ 0
-+ 1
-+ 0
-+ 1
-+ fill
-+
++ label_item
+
+
++
++
++ 0
++ True
++ True
++
++
++
++
++
++ True
++ 0
++ 0.5
++ GTK_SHADOW_NONE
++
++
++
++ True
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 12
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ True
++ All
++ True
++ GTK_RELIEF_NORMAL
++ True
++ False
++ False
++ True
++
++
++ 10
++ False
++ False
++
++
++
++
++
++ True
++ Select Ports
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 5
++ False
++ False
++
++
++
++
++
++ True
++ Enter a comma separated list of udp ports that this application connects to.
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
+
+
-+
++
+ True
-+ UDP Ports
++ <b>UDP Ports</b>
+ False
-+ False
++ True
+ GTK_JUSTIFY_LEFT
+ False
+ False
-+ 0
++ 0.5
+ 0.5
+ 0
+ 0
@@ -1420,56 +2440,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ 0
+
+
-+ 0
-+ 1
-+ 1
-+ 2
-+ fill
-+
-+
-+
-+
-+
-+
-+ True
-+ Enter a comma separated list of tcp ports that this application connects to.
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+ 1
-+ 2
-+ 0
-+ 1
-+
-+
-+
-+
-+
-+
-+ True
-+ Enter a comma separated list of udp ports that this application connects to.
-+ True
-+ True
-+ True
-+ 0
-+
-+ True
-+ •
-+ False
-+
-+
-+ 1
-+ 2
-+ 1
-+ 2
-+
++ label_item
+
+
+
@@ -1482,10 +2453,37 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label31
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Common Application Traits
+
@@ -1587,10 +2585,37 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label32
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Files and Directories
+
@@ -1890,10 +2915,37 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
+
+
+
-+
++
++ True
++ label33
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++
+ True
+ Generate policy in this directory
+
@@ -1979,6 +3031,33 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ False
++ True
++
++
++
++
++
++ True
++ label34
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
+
+
+
@@ -1992,6 +3071,99 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+Use audit2allow -R to generate additional rules for the te file.
+
+
++
++ False
++ True
++
++
++
++
++
++ True
++ label35
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++ True
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 0
++ 0
++
++
++
++ True
++ GTK_BUTTONBOX_END
++ 0
++
++
++
++ True
++ True
++ True
++ gtk-cancel
++ True
++ GTK_RELIEF_NORMAL
++ True
++
++
++
++
++
++
++ True
++ True
++ True
++ gtk-go-back
++ True
++ GTK_RELIEF_NORMAL
++ True
++
++
++
++
++
++
++ True
++ True
++ True
++ gtk-go-forward
++ True
++ GTK_RELIEF_NORMAL
++ True
++
++
++
++
+
+
+
@@ -2004,90 +3176,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
-+
-+ GTK_FILE_CHOOSER_ACTION_OPEN
-+ True
-+ True
-+ True
-+ False
-+ GTK_WINDOW_TOPLEVEL
-+ GTK_WIN_POS_MOUSE
-+ False
-+ True
-+ False
-+ True
-+ False
-+ False
-+ GDK_WINDOW_TYPE_HINT_DIALOG
-+ GDK_GRAVITY_NORTH_WEST
-+ True
-+ False
-+
-+
-+
-+ True
-+ False
-+ 24
-+
-+
-+
-+ True
-+ GTK_BUTTONBOX_END
-+
-+
-+
-+ True
-+ True
-+ True
-+ gtk-cancel
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ -6
-+
-+
-+
-+
-+
-+ True
-+ True
-+ True
-+ True
-+ gtk-add
-+ True
-+ GTK_RELIEF_NORMAL
-+ True
-+ -5
-+
-+
-+
-+
-+ 0
-+ False
-+ True
-+ GTK_PACK_END
-+
-+
-+
-+
-+
-+
-+
-+ False
-+ Polgen
-+ Red Hat 2007
-+ GPL
-+ False
-+ www.redhat.com
-+ Daniel Walsh <dwalsh@redhat.com>
-+ translator-credits
-+
-+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.22/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/polgengui.py 2007-07-23 10:40:06.000000000 -0400
-@@ -0,0 +1,256 @@
++++ policycoreutils-2.0.25/gui/polgengui.py 2007-08-28 10:01:46.000000000 -0400
+@@ -0,0 +1,392 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@@ -2145,6 +3238,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+sys.path.append('/usr/share/system-config-selinux')
+sys.path.append('.')
+
++# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
++def foreach(model, path, iter, selected):
++ selected.append(model.get_value(iter, 0))
++
+##
+## Pull in the Glade file
+##
@@ -2156,15 +3253,120 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+FILE = 1
+DIR = 2
+class childWindow:
++ START_PAGE = 0
++ SELECT_TYPE_PAGE = 1
++ USER_PAGE = 2
++ APP_PAGE = 3
++ TRANSITION_PAGE = 4
++ APP_TYPE_PAGE = 5
++ IN_NET_PAGE = 6
++ OUT_NET_PAGE = 7
++ COMMON_APPS_PAGE = 8
++ FILES_PAGE = 9
++ GEN_POLCIY_PAGE = 10
++ FINISH_PAGE = 11
++
+ def __init__(self):
+ self.xml = xml
-+ xml.signal_connect("on_druid_cancel", self.quit)
+ xml.signal_connect("on_delete_clicked", self.delete)
+ xml.signal_connect("on_exec_select_clicked", self.exec_select)
+ xml.signal_connect("on_add_clicked", self.add)
+ xml.signal_connect("on_add_dir_clicked", self.add_dir)
+ xml.signal_connect("on_about_clicked", self.on_about_clicked)
++ xml.get_widget ("cancel_button").connect("clicked",self.quit)
++ self.forward_button = xml.get_widget ("forward_button")
++ self.forward_button.connect("clicked",self.forward)
++ self.back_button = xml.get_widget ("back_button")
++ self.back_button.connect("clicked",self.back)
+
++ self.confine_application = xml.get_widget ("confine_application_radiobutton")
++
++ self.notebook = xml.get_widget ("notebook1")
++ self.pages={}
++ self.pages[0] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.USER_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.GEN_POLCIY_PAGE, self.FINISH_PAGE]
++
++ self.pages[1] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.APP_TYPE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLCIY_PAGE, self.FINISH_PAGE ]
++ self.current_page = 0
++ self.back_button.set_sensitive(0)
++
++ self.network_buttons = {}
++
++ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton")
++ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton")
++ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton")
++ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
++ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ]
++
++
++ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton")
++ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton")
++ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton")
++ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
++
++ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ]
++
++ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton")
++ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton")
++ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton")
++ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
++
++ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ]
++
++ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton")
++ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
++ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ]
++
++ for b in self.network_buttons.keys():
++ b.connect("clicked",self.network_all_clicked)
++
++ self.transition_treeview = self.xml.get_widget("transition_treeview")
++ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
++ self.transition_treeview.set_model(self.transition_store)
++ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
++ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
++ self.transition_treeview.append_column(col)
++ # Need to figure out a way to optain these
++ for k in ["mozilla", "ssh"]:
++ iter = self.transition_store.append()
++ self.transition_store.set_value(iter, 0, k)
++
++ def forward(self, arg):
++ type = self.confine_application.get_active()
++ if self.current_page == self.START_PAGE:
++ self.back_button.set_sensitive(1)
++
++ if self.pages[type][self.current_page] == self.APP_PAGE:
++ if self.on_name_page_next():
++ return
++
++ if self.pages[type][self.current_page] == self.USER_PAGE:
++ if self.on_user_page_next():
++ return
++
++ if self.pages[type][self.current_page] == self.FINISH_PAGE:
++ self.generate_policy()
++ else:
++ self.current_page = self.current_page + 1
++ self.notebook.set_current_page(self.pages[type][self.current_page])
++ if self.pages[type][self.current_page] == self.FINISH_PAGE:
++ self.forward_button.set_label(gtk.STOCK_APPLY)
++
++ def back(self,arg):
++ type = self.confine_application.get_active()
++ if self.pages[type][self.current_page] == self.FINISH_PAGE:
++ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
++
++ self.current_page = self.current_page - 1
++ self.notebook.set_current_page(self.pages[type][self.current_page])
++ if self.current_page == 0:
++ self.back_button.set_sensitive(0)
++
++ def network_all_clicked(self, button):
++ active = button.get_active()
++ for b in self.network_buttons[button]:
++ b.set_sensitive(not active)
++
+ def verify(self, message, title="" ):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
+ gtk.BUTTONS_YES_NO,
@@ -2194,28 +3396,49 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ dlg.run()
+ dlg.destroy()
+
++ def get_name(self):
++ if self.confine_application.get_active():
++ return self.name_entry.get_text()
++ else:
++ return self.user_entry.get_text()
++
+ def get_type(self):
-+ if self.cgi_radiobutton.get_active():
-+ return polgen.policy.CGI
-+ if self.user_radiobutton.get_active():
-+ return polgen.policy.USER
-+ if self.init_radiobutton.get_active():
-+ return polgen.policy.Daemon
-+ if self.inetd_radiobutton.get_active():
-+ return polgen.policy.INETD
++ if self.confine_application.get_active():
++ if self.cgi_radiobutton.get_active():
++ return polgen.policy.CGI
++ if self.user_radiobutton.get_active():
++ return polgen.policy.USER
++ if self.init_radiobutton.get_active():
++ return polgen.policy.DAEMON
++ if self.inetd_radiobutton.get_active():
++ return polgen.policy.INETD
++ else:
++ if self.xwindows_login_user_radiobutton.get_active():
++ return polgen.policy.XUSER
++ if self.terminal_login_user_radiobutton.get_active():
++ return polgen.policy.TUSER
++ if self.root_user_radiobutton.get_active():
++ return polgen.policy.RUSER
+
+ def generate_policy(self, *args):
+ try:
-+ my_policy=polgen.policy(self.name_entry.get_text(), self.exec_entry.get_text(), self.get_type())
-+ my_policy.set_in_tcp(self.in_tcp_entry.get_text())
-+ my_policy.set_in_udp(self.in_udp_entry.get_text())
-+ my_policy.set_out_tcp(self.out_tcp_entry.get_text())
-+ my_policy.set_out_udp(self.out_udp_entry.get_text())
-+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
-+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
-+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
-+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
-+
++ my_policy=polgen.policy(self.get_name(), self.get_type())
++ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
++ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
++ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
++ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
++ if self.get_type() in my_policy.APPLICATIONS:
++ my_policy.set_program(self.exec_entry.get_text())
++ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
++ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
++ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
++ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
++ else:
++ selected = []
++ self.transition_treeview.get_selection().selected_foreach(foreach, selected)
++ my_policy.set_transition_apps(selected)
++
++
+ iter= self.store.get_iter_first()
+ while(iter):
+ if self.store.get_value(iter, 1) == FILE:
@@ -2278,17 +3501,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ def setupScreen(self):
+ # Bring in widgets from glade file.
+ self.mainWindow = self.xml.get_widget("main_window")
++ self.druid = self.xml.get_widget("druid")
+ self.type = 0
++ self.user_entry = self.xml.get_widget("user_entry")
+ self.name_entry = self.xml.get_widget("name_entry")
+ self.exec_entry = self.xml.get_widget("exec_entry")
-+ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
-+ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
-+ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
+ self.output_entry = self.xml.get_widget("output_entry")
+ self.output_entry.set_text(os.getcwd())
+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
+
-+ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
++ self.xwindows_login_user_radiobutton = self.xml.get_widget("xwindows_login_user_radiobutton")
++ self.terminal_login_user_radiobutton = self.xml.get_widget("terminal_login_user_radiobutton")
++ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
++
+ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
+ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
+ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
@@ -2299,8 +3524,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
+ self.view = self.xml.get_widget("write_treeview")
+ self.file_dialog = self.xml.get_widget("filechooserdialog")
-+ self.xml.get_widget("name_page").connect("next",self.on_name_page_next)
-+ self.xml.get_widget("finish_page").connect("finish",self.generate_policy)
+
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
+ self.view.set_model(self.store)
@@ -2330,6 +3553,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.error(_("You must enter a executable"))
+ return True
+
++ def on_user_page_next(self, *args):
++ name=self.user_entry.get_text()
++ if name == "":
++ self.error(_("You must enter a name"))
++ return True
++
+ def stand_alone(self):
+ desktopName = _("Configue SELinux")
+
@@ -2344,10 +3573,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.22/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/polgen.py 2007-07-23 10:40:06.000000000 -0400
-@@ -0,0 +1,457 @@
++++ policycoreutils-2.0.25/gui/polgen.py 2007-08-28 10:01:32.000000000 -0400
+@@ -0,0 +1,560 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -2369,7 +3598,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+# 02111-1307 USA
+#
+#
-+import os, sys, getopt, stat
++import os, sys, stat
+import re
+from templates import executable
+from templates import var_spool
@@ -2380,6 +3609,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+from templates import rw
+from templates import network
+from templates import script
++from templates import user
+import seobject
+
+##
@@ -2399,13 +3629,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
++ALL = 0
++RESERVED = 1
++UNRESERVED = 2
++PORTS = 3
+
+class policy:
-+ Daemon = 0
++ DAEMON = 0
+ INETD = 1
+ USER = 2
+ CGI = 3
-+ def __init__(self, name, program, type):
++ XUSER = 4
++ TUSER = 5
++ RUSER = 6
++ APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
++ USERS = [ XUSER, TUSER, RUSER ]
++
++ def __init__(self, name, type):
+ ports = seobject.portRecords()
+ self.dict = ports.get_all()
+
@@ -2417,7 +3657,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
+
-+ self.DEFAULT_TYPES = (( self.generate_daemon_types, self.generate_daemon_rules), ( self.generate_inetd_types, self.generate_inetd_rules), ( self.generate_userapp_types, self.generate_userapp_rules), ( self.generate_cgi_types, self.generate_cgi_rules))
++ self.DEFAULT_TYPES = (( self.generate_daemon_types, self.generate_daemon_rules), ( self.generate_inetd_types, self.generate_inetd_rules), ( self.generate_userapp_types, self.generate_userapp_rules), ( self.generate_cgi_types, self.generate_cgi_rules), ( self.generate_x_login_user_types, self.generate_x_login_user_rules), ( self.generate_login_user_types, self.generate_login_user_rules), ( self.generate_root_user_types, self.generate_root_user_rules))
+ if name == "":
+ raise ValueError(_("You must enter a name for your confined process"))
+ if type == self.CGI:
@@ -2425,14 +3665,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ else:
+ self.name = name
+ self.file_name = name
-+ if program == "":
-+ raise ValueError(_("You must enter the executable path for your confined process"))
-+ self.program = program
++
+ self.type = type
-+ self.in_tcp = []
-+ self.in_udp = []
-+ self.out_tcp = []
-+ self.out_udp = []
++ self.program = ""
++ self.in_tcp = [False, False, False, []]
++ self.in_udp = [False, False, False, []]
++ self.out_tcp = [False, False, False, []]
++ self.out_udp = [False, False, False, []]
+ self.use_tmp = False
+ self.use_uid = False
+ self.use_pam = False
@@ -2443,7 +3682,35 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.found_udp_ports=[]
+ self.need_tcp_type=False
+ self.need_udp_type=False
-+
++ self.transitions = []
++
++ def __isnetset(self, l):
++ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
++
++ def set_transition_apps(self, transitions):
++ self.transitions = transitions
++
++ def use_in_udp(self):
++ return self.__isnetset(self.in_udp)
++
++ def use_out_udp(self):
++ return self.__isnetset(self.out_udp)
++
++ def use_udp(self):
++ return self.use_in_udp() or self.use_out_udp()
++
++ def use_in_tcp(self):
++ return self.__isnetset(self.in_tcp)
++
++ def use_out_tcp(self):
++ return self.__isnetset(self.out_tcp)
++
++ def use_tcp(self):
++ return self.use_in_tcp() or self.use_out_tcp()
++
++ def use_network(self):
++ return self.use_tcp() or self.use_udp()
++
+ def find_port(self, port):
+ for begin,end in self.dict.keys():
+ if port >= begin and port <= end:
@@ -2465,17 +3732,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ except ValueError:
+ raise ValueError(_("Ports must be be numbers from 1 to %d " % max_port ))
+
-+ def set_in_tcp(self, ports):
-+ self.in_tcp = self.__verify_ports(ports)
++ def set_program(self, program):
++ if self.type in self.APPLICATIONS:
++ raise ValueError(_("USER Types are not allowed executables"))
+
-+ def set_in_udp(self, ports):
-+ self.in_udp = self.__verify_ports(ports)
++ self.program = program
+
-+ def set_out_tcp(self, ports):
-+ self.out_tcp = self.__verify_ports(ports)
++ def set_in_tcp(self, all, reserved, unreserved, ports):
++ self.in_tcp = [ all, reserved, unreserved, self.__verify_ports(ports)]
+
-+ def set_out_udp(self, ports):
-+ self.out_udp = self.__verify_ports(ports)
++ def set_in_udp(self, all, reserved, unreserved, ports):
++ self.in_udp = [ all, reserved, unreserved, self.__verify_ports(ports)]
++
++ def set_out_tcp(self, all, ports):
++ self.out_tcp = [ all , False, False, self.__verify_ports(ports) ]
++
++ def set_out_udp(self, all, ports):
++ self.out_udp = [ all , False, False, self.__verify_ports(ports) ]
+
+ def set_use_syslog(self, val):
+ if val != True and val != False:
@@ -2490,6 +3763,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.use_pam = val
+
+ def set_use_tmp(self, val):
++ if self.type in self.APPLICATIONS:
++ raise ValueError(_("USER Types autoomatically get a tmp type"))
++
+ if val == True:
+ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
+ return
@@ -2506,15 +3782,25 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.use_uid = val
+
+ def generate_uid_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
++ if self.use_uid:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
++ else:
++ return ""
++
+ def generate_syslog_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
++ if self.use_syslog:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
++ else:
++ return ""
+
+ def generate_pam_rules(self):
-+ return re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
++ newte =""
++ if self.use_pam:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
++ return newte
+
+ def generate_network_types(self):
-+ for i in self.in_tcp:
++ for i in self.in_tcp[PORTS]:
+ rec = self.find_port(int(i))
+ if rec == None:
+ self.need_tcp_type = True;
@@ -2524,7 +3810,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ if line not in self.found_tcp_ports:
+ self.found_tcp_ports.append(line)
+
-+ for i in self.out_tcp:
++ for i in self.out_tcp[PORTS]:
+ rec = self.find_port(int(i))
+ if rec == None:
+ self.need_tcp_type = True;
@@ -2534,7 +3820,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ if line not in self.found_tcp_ports:
+ self.found_tcp_ports.append(line)
+
-+ for i in self.in_udp:
++ for i in self.in_udp[PORTS]:
+ rec = self.find_port(int(i))
+ if rec == None:
+ self.need_udp_type = True;
@@ -2564,75 +3850,122 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+ def generate_network_rules(self):
+ newte = ""
-+ tcp = len(self.in_tcp) + len(self.out_tcp)
-+ udp = len(self.in_udp) + len(self.out_udp)
-+ if tcp > 0 or udp > 0:
++ if self.use_network():
+ newte = "\n"
+
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
+
-+ if tcp > 0:
++ if self.use_tcp():
+ newte += "\n"
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
-+ if self.need_tcp_type and len(self.out_tcp) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
-+ if self.need_tcp_type and len(self.in_tcp) > 0:
-+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
-+ if len(self.in_tcp) > 0:
++
++ if self.use_in_tcp():
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
++
++ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
++
++ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
++
++
++ if self.in_tcp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
++ if self.in_tcp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
++ if self.in_tcp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
++
++ if self.out_tcp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
++ if self.out_tcp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
++ if self.out_tcp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
++
+ for i in self.found_tcp_ports:
+ newte += i
+
-+ if udp > 0:
++ if self.use_udp():
+ newte += "\n"
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
-+ if self.need_udp_type and len(self.in_udp) > 0:
++
++ if self.need_udp_type:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
-+ if len(self.in_udp) > 0:
++ if self.use_in_udp():
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
++ if self.in_udp[ALL]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
++ if self.in_udp[RESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
++ if self.in_udp[UNRESERVED]:
++ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
++
+ for i in self.found_udp_ports:
+ newte += i
+ return newte
+
++ def generate_transition_rules(self):
++ newte = ""
++ for app in self.transitions:
++ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
++ newte += re.sub("APPLICATION", app, tmp)
++ return newte
++
+ def generate_cgi_types(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
+
+ def generate_userapp_types(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
+
+ def generate_inetd_types(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
++
++ def generate_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
++
++ def generate_x_login_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
++
++ def generate_root_user_types(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
+
+ def generate_daemon_types(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
++
++ def generate_tmp_types(self):
++ if self.use_tmp:
++ return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
++ else:
++ return ""
+
+ def generate_cgi_te(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
+
+ def generate_daemon_rules(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
++ return re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
++
++ def generate_login_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
++
++ def generate_x_login_user_rules(self):
++ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
++
++ def generate_root_user_rules(self):
++ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
+ return newte
+
+ def generate_userapp_rules(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
+
+ def generate_inetd_rules(self):
-+ newte = ""
-+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
-+ return newte
++ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
++
++ def generate_tmp_rules(self):
++ if self.use_tmp:
++ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
++ else:
++ return ""
+
+ def generate_cgi_rules(self):
+ newte = ""
@@ -2666,10 +3999,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
+
+ newte += self.generate_network_types()
-+ if self.use_tmp:
-+ newte += self.generate_tmp_types()
-+
++ newte += self.generate_tmp_types()
+ newte += self.generate_default_rules()
++
+ for d in self.DEFAULT_DIRS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
@@ -2679,17 +4011,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ break
+
+ newte += self.generate_network_rules()
-+ if self.use_tmp:
-+ newte += self.generate_tmp_rules()
-+
-+ if self.use_uid:
-+ newte += self.generate_uid_rules()
-+
-+ if self.use_syslog:
-+ newte += self.generate_syslog_rules()
-+
-+ if self.use_pam:
-+ newte += self.generate_pam_rules()
++ newte += self.generate_tmp_rules()
++ newte += self.generate_uid_rules()
++ newte += self.generate_syslog_rules()
++ newte += self.generate_pam_rules()
++ newte += self.generate_transition_rules()
+
+ return newte
+
@@ -2724,12 +4050,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ for i in self.dirs.keys():
+ newsh += re.sub("FILENAME", i, script.restorecon)
+
-+ for i in self.in_tcp + self.out_tcp:
++ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
+ if self.find_port(i) == None:
+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
-+ for i in self.in_udp + self.out_udp:
++ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
+ if self.find_port(i) == None:
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
@@ -2759,12 +4085,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+ def write_fc(self,out_dir):
+ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
-+ fd = open(fcfile, "w")
-+ fd.write(self.generate_fc())
-+ fd.close()
++ if self.type in self.APPLICATIONS:
++ fd = open(fcfile, "w")
++ fd.write(self.generate_fc())
++ fd.close()
+ return fcfile
+
+ def generate(self, out_dir = "."):
++ if self.type in self.APPLICATIONS and self.program == "":
++ raise ValueError(_("You must enter the executable path for your confined process"))
++
+ out = "Created the following files:\n"
+ out += "%-25s %s\n" % (_("Type Enforcment file"), self.write_te(out_dir))
+ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir))
@@ -2780,9 +4110,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+
+if __name__ == '__main__':
-+ mypolicy = policy("cgi", "/var/www/cgi-bin/cgi", 3)
-+ mypolicy.set_in_tcp("513")
-+ mypolicy.set_in_udp("513")
++ mypolicy = policy("cgi", policy.XUSER)
++ mypolicy.set_program("/var/www/cgi-bin/cgi")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_in_udp(1, 0, 0, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(True)
+ mypolicy.set_use_syslog(True)
@@ -2794,7 +4125,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ mypolicy.add_dir("/var/lib/daemon")
+ mypolicy.add_dir("/etc/daemon")
+ mypolicy.add_dir("/etc/daemon/special")
-+ mypolicy.set_out_tcp("8000")
++ mypolicy.set_out_tcp(0,"8000")
++ mypolicy.set_transition_apps(["mozilla", "ssh"])
+ print mypolicy.generate()
+# mypolicy = policy("inetd", "/usr/sbin/inetd", 1)
+# mypolicy.generate()
@@ -2805,9 +4137,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ sys.exit(0)
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.22/gui/portsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.25/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/portsPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/portsPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,248 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -3057,9 +4389,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+ self.store.set_value(iter, MLS_COL, mls)
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.22/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.25/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/selinux.tbl 2007-07-28 11:01:13.000000000 -0400
++++ policycoreutils-2.0.25/gui/selinux.tbl 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,296 @@
+allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390")
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
@@ -3357,9 +4689,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.22/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.25/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/semanagePage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/semanagePage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,137 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -3498,9 +4830,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
+ self.dialog.hide()
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.22/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.25/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/statusPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/statusPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,220 @@
+## statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@@ -3722,9 +5054,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.22/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.25/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/system-config-selinux.glade 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/system-config-selinux.glade 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,3326 @@
+
+
@@ -7052,9 +8384,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.22/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.25/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/system-config-selinux.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/system-config-selinux.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,172 @@
+#!/usr/bin/python
+#
@@ -7228,9 +8560,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.22/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/executable.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/executable.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,153 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7385,9 +8717,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.22/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.25/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/__init__.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/__init__.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -7407,18 +8739,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.22/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.25/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/network.py 2007-07-23 10:40:06.000000000 -0400
-@@ -0,0 +1,44 @@
-+te_port_types="""\
++++ policycoreutils-2.0.25/gui/templates/network.py 2007-08-28 10:02:33.000000000 -0400
+@@ -0,0 +1,80 @@
++te_port_types="""
+type TEMPLATETYPE_port_t;
+corenet_port(TEMPLATETYPE_port_t)
+"""
+
+te_network="""\
+sysnet_dns_name_resolve(TEMPLATETYPE_t)
-+corenet_non_ipsec_sendrecv(TEMPLATETYPE_t)
++corenet_all_recvfrom_unlabeled(TEMPLATETYPE_t)
+"""
+
+te_tcp="""\
@@ -7455,9 +8787,45 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind;
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.22/gui/templates/rw.py
++te_out_all_ports_tcp="""\
++corenet_tcp_connect_all_ports(TEMPLATETYPE_t)
++"""
++
++te_out_reserved_ports_tcp="""\
++corenet_tcp_connect_all_rpc_ports(TEMPLATETYPE_t)
++"""
++
++te_out_unreserved_ports_tcp="""\
++corenet_tcp_connect_all_unreserved_ports(TEMPLATETYPE_t)
++"""
++
++te_in_all_ports_tcp="""\
++corenet_tcp_bind_all_ports(TEMPLATETYPE_t)
++"""
++
++te_in_reserved_ports_tcp="""\
++corenet_tcp_bind_all_rpc_ports(TEMPLATETYPE_t)
++"""
++
++te_in_unreserved_ports_tcp="""\
++corenet_tcp_bind_all_unreserved_ports(TEMPLATETYPE_t)
++"""
++
++te_in_all_ports_udp="""\
++corenet_udp_bind_all_ports(TEMPLATETYPE_t)
++"""
++
++te_in_reserved_ports_udp="""\
++corenet_udp_bind_all_rpc_ports(TEMPLATETYPE_t)
++"""
++
++te_in_unreserved_ports_udp="""\
++corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
++"""
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.25/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/rw.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/rw.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,104 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7563,9 +8931,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.22/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/script.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/script.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,42 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7609,9 +8977,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.22/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/semodule.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7654,9 +9022,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.22/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.25/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/tmp.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/tmp.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,72 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7730,9 +9098,102 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
+ dontaudit $1 TEMPLATETYPE_tmp_t:file r_file_perms;
+')
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.22/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
+--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.25/gui/templates/user.py 2007-08-28 10:02:19.000000000 -0400
+@@ -0,0 +1,89 @@
++# Copyright (C) 2007 Red Hat
++# see file 'COPYING' for use and warranty information
++#
++# policygentool is a tool for the initial generation of SELinux policy
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of
++# the License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# 02111-1307 USA
++#
++#
++########################### Type Enforcement File #############################
++te_login_user_types="""\
++policy_module(TEMPLATETYPE,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++userdom_unpriv_login_user(TEMPLATETYPE)
++"""
++
++te_x_login_user_types="""\
++policy_module(TEMPLATETYPE,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++userdom_unpriv_xwindows_login_user(TEMPLATETYPE)
++"""
++
++te_root_user_types="""\
++
++policy_module(TEMPLATETYPE,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++userdom_base_user_template(TEMPLATETYPE)
++"""
++
++te_login_user_rules="""\
++
++########################################
++#
++# TEMPLATETYPE local policy
++#
++
++"""
++
++te_x_login_user_rules="""\
++
++########################################
++#
++# TEMPLATETYPE local policy
++#
++
++"""
++
++te_root_user_rules="""\
++
++########################################
++#
++# TEMPLATETYPE local policy
++#
++
++"""
++
++te_transition_rules="""
++optional_policy(`
++ APPLICATION_per_role_template(TEMPLATETYPE,TEMPLATETYPE_t,TEMPLATETYPE_r)
++')
++"""
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/var_lib.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/var_lib.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,137 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7871,9 +9332,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.22/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.25/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/var_log.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/var_log.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,89 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -7964,9 +9425,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.22/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.25/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/var_run.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/var_run.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,95 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -8063,9 +9524,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.22/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.25/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/templates/var_spool.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/templates/var_spool.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,105 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -8172,9 +9633,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.22/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.25/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/translationsPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/translationsPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,119 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8295,9 +9756,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.22/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.25/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/usersPage.py 2007-07-23 10:40:06.000000000 -0400
++++ policycoreutils-2.0.25/gui/usersPage.py 2007-08-28 09:22:17.000000000 -0400
@@ -0,0 +1,173 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 26b3d9c..d27aabc 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.25
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -200,6 +200,9 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
+* Tue Aug 28 2007 Dan Walsh 2.0.25-5
+- Update genpolgui to add creation of user domains
+
* Mon Aug 27 2007 Dan Walsh 2.0.25-4
- Fix location of sepolgen-ifgen