* Fri Nov 24 2006 Dan Walsh <dwalsh@redhat.com> 1.33.4-2
- Additional po changes - Added all booleans definitions
This commit is contained in:
parent
1645ebedf1
commit
d92d02a759
File diff suppressed because it is too large
Load Diff
|
@ -1,22 +1,22 @@
|
|||
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.33.4/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2006-11-16 17:14:29.000000000 -0500
|
||||
+++ policycoreutils-1.33.4/audit2allow/audit2allow 2006-11-22 14:51:29.000000000 -0500
|
||||
@@ -25,6 +25,7 @@
|
||||
#
|
||||
#
|
||||
from avc import *
|
||||
+import re
|
||||
|
||||
+++ policycoreutils-1.33.4/audit2allow/audit2allow 2006-11-22 16:16:37.000000000 -0500
|
||||
@@ -29,6 +29,7 @@
|
||||
if __name__ == '__main__':
|
||||
import commands, sys, os, getopt, selinux
|
||||
import gettext
|
||||
+ import re
|
||||
try:
|
||||
gettext.install('policycoreutils')
|
||||
except:
|
||||
@@ -59,6 +60,11 @@
|
||||
print msg
|
||||
sys.exit(1)
|
||||
|
||||
+ def verify_module(module):
|
||||
+ m = re.findall("[^a-zA-Z]", module)
|
||||
+ m = re.findall("[^a-zA-Z0-9]", module)
|
||||
+ if len(m) != 0:
|
||||
+ usage(_("Alphabetic Charaters Only"))
|
||||
+ usage(_("Alphanumeric Charaters Only"))
|
||||
+
|
||||
def errorExit(error):
|
||||
sys.stderr.write("%s: " % sys.argv[0])
|
||||
|
@ -34,7 +34,7 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
outfile = a+".te"
|
||||
buildPP = 1
|
||||
if not os.path.exists("/usr/bin/checkmodule"):
|
||||
@@ -184,22 +192,26 @@
|
||||
@@ -184,22 +192,27 @@
|
||||
output.write(serules.out(requires, module))
|
||||
output.flush()
|
||||
if buildPP:
|
||||
|
@ -48,7 +48,8 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
- cmd = "%s -f %s" % (cmd, fc_file)
|
||||
-
|
||||
+ if ref_ind:
|
||||
+ cmd = "make -f /usr/share/selinux/devel/Makefile %s.pp" % module
|
||||
+ status, type = selinux.selinux_getpolicytype()
|
||||
+ cmd = "make -f /usr/share/selinux/%s/include/Makefile %s.pp" % (type, module)
|
||||
+ print _("Compiling policy")
|
||||
+ print cmd
|
||||
+ rc = commands.getstatusoutput(cmd)
|
||||
|
@ -76,8 +77,8 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
|
||||
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.4/gui/booleansPage.py
|
||||
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.33.4/gui/booleansPage.py 2006-11-22 14:11:25.000000000 -0500
|
||||
@@ -0,0 +1,200 @@
|
||||
+++ policycoreutils-1.33.4/gui/booleansPage.py 2006-11-24 08:54:51.000000000 -0500
|
||||
@@ -0,0 +1,199 @@
|
||||
+#
|
||||
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
|
||||
+#
|
||||
|
@ -108,7 +109,7 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
+import sys
|
||||
+import tempfile
|
||||
+
|
||||
+INSTALLPATH='/usr/share/system-config-securitylevel'
|
||||
+INSTALLPATH='/usr/share/system-config-selinux'
|
||||
+sys.path.append(INSTALLPATH)
|
||||
+
|
||||
+from Conf import *
|
||||
|
@ -116,7 +117,6 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
+ENFORCING=0
|
||||
+PERMISSIVE=1
|
||||
+DISABLED=2
|
||||
+SELINUXDIR="/etc/selinux/"
|
||||
+
|
||||
+##
|
||||
+## I18N
|
||||
|
@ -607,8 +607,8 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
+
|
||||
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.4/gui/Makefile
|
||||
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.33.4/gui/Makefile 2006-11-22 14:11:25.000000000 -0500
|
||||
@@ -0,0 +1,29 @@
|
||||
+++ policycoreutils-1.33.4/gui/Makefile 2006-11-24 08:54:13.000000000 -0500
|
||||
@@ -0,0 +1,30 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
||||
|
@ -624,7 +624,8 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
+statusPage.py \
|
||||
+system-config-selinux.glade \
|
||||
+translationsPage.py \
|
||||
+usersPage.py
|
||||
+usersPage.py \
|
||||
+selinux.tbl
|
||||
+
|
||||
+all: $(TARGETS) system-config-selinux.py
|
||||
+
|
||||
|
@ -1079,6 +1080,275 @@ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolic
|
|||
+ self.store.set_value(iter, MLS_COL, mls)
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-1.33.4/gui/selinux.tbl
|
||||
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.33.4/gui/selinux.tbl 2006-11-24 08:46:20.000000000 -0500
|
||||
@@ -0,0 +1,265 @@
|
||||
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
|
||||
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
|
||||
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /.")
|
||||
+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys.")
|
||||
+allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
|
||||
+allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
|
||||
+allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
|
||||
+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
|
||||
+allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
|
||||
+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services.")
|
||||
+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services.")
|
||||
+allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack")
|
||||
+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory.")
|
||||
+allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t")
|
||||
+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam.")
|
||||
+allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t")
|
||||
+allow_java_execstack _("Memory Protection") _("Allow java executable stack")
|
||||
+allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files")
|
||||
+allow_mount_anyfile _("Mount") _("Allow mount to mount any file")
|
||||
+allow_mounton_anydir _("Mount") _("Allow mount to mount any dir")
|
||||
+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
|
||||
+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services.")
|
||||
+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support.")
|
||||
+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications)
|
||||
+allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
|
||||
+allow_saslauthd_read_shadow _("sasl authentication server") _("Allow sasl authentication server to read /etc/shadow")
|
||||
+allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
|
||||
+allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign")
|
||||
+allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem")
|
||||
+allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket")
|
||||
+allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket")
|
||||
+allow_write_xshm _("XServer") _("Allow clients to write to X shared memory")
|
||||
+allow_ypbind _("NIS") _("Allow daemons to run with NIS")
|
||||
+allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files")
|
||||
+amanda_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amanda")
|
||||
+amavis_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amavis")
|
||||
+apmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for apmd daemon")
|
||||
+arpwatch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for arpwatch daemon")
|
||||
+auditd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for auditd daemon")
|
||||
+automount_disable_trans _("Mount") _("Disable SELinux protection for automount daemon")
|
||||
+avahi_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for avahi")
|
||||
+bluetooth_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for bluetooth daemon")
|
||||
+canna_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for canna daemon")
|
||||
+cardmgr_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cardmgr daemon")
|
||||
+ccs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Cluster Server")
|
||||
+cdrecord_read_content _("User Privs") _("Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files")
|
||||
+ciped_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ciped daemon")
|
||||
+clamd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamd daemon")
|
||||
+clamscan_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamscan")
|
||||
+clvmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clvmd")
|
||||
+comsat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for comsat daemon")
|
||||
+courier_authdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
|
||||
+courier_pcp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
|
||||
+courier_pop_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
|
||||
+courier_sqwebmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
|
||||
+courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
|
||||
+cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon")
|
||||
+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
|
||||
+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts.")
|
||||
+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
|
||||
+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server")
|
||||
+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
|
||||
+cupsd_lpd_disable_trans _("Printing") _("Disable SELinux protection for cupsd_lpd")
|
||||
+cvs_disable_trans _("CVS") _("Disable SELinux protection for cvs daemon")
|
||||
+cyrus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cyrus daemon")
|
||||
+dbskkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbskkd daemon")
|
||||
+dbusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbusd daemon")
|
||||
+dccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccd")
|
||||
+dccifd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccifd")
|
||||
+dccm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccm")
|
||||
+ddt_client_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ddt daemon")
|
||||
+devfsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for devfsd daemon")
|
||||
+dhcpc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpc daemon")
|
||||
+dhcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpd daemon")
|
||||
+dictd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dictd daemon")
|
||||
+direct_sysadm_daemon _("Admin") _("Allow sysadm_t to directly start daemons")
|
||||
+disable_evolution_trans _("Web Applications") _("Disable SELinux protection for Evolution")
|
||||
+disable_games_trans _("Games") _("Disable SELinux protection for games")
|
||||
+disable_mozilla_trans _("Web Applications") _("Disable SELinux protection for the web browsers")
|
||||
+disable_thunderbird_trans _("Web Applications") _("Disable SELinux protection for Thunderbird")
|
||||
+distccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for distccd daemon")
|
||||
+dmesg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dmesg daemon")
|
||||
+dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon")
|
||||
+dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon")
|
||||
+entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon")
|
||||
+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron.")
|
||||
+fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail")
|
||||
+fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon")
|
||||
+freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon")
|
||||
+fsdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fsdaemon daemon")
|
||||
+ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon")
|
||||
+ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd")
|
||||
+ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
|
||||
+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.")
|
||||
+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
|
||||
+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
|
||||
+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon")
|
||||
+hide_broken_symptoms _("Compatibility") _("Do not audit things that we know to be broken but which are not security risks")
|
||||
+hostname_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hostname daemon")
|
||||
+hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon")
|
||||
+howl_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for howl daemon")
|
||||
+hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon")
|
||||
+httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
|
||||
+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases.")
|
||||
+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network.")
|
||||
+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay.")
|
||||
+httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
|
||||
+httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
|
||||
+httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server")
|
||||
+httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
|
||||
+httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs")
|
||||
+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts.")
|
||||
+httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
|
||||
+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates.")
|
||||
+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files.")
|
||||
+hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon")
|
||||
+i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon")
|
||||
+imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon")
|
||||
+inetd_child_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd child daemons")
|
||||
+inetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd daemon")
|
||||
+innd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for innd daemon")
|
||||
+iptables_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iptables daemon")
|
||||
+ircd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ircd daemon")
|
||||
+irqbalance_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for irqbalance daemon")
|
||||
+iscsid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iscsi daemon")
|
||||
+jabberd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for jabberd daemon")
|
||||
+kadmind_disable_trans _("Kerberos") _("Disable SELinux protection for kadmind daemon")
|
||||
+klogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for klogd daemon")
|
||||
+krb5kdc_disable_trans _("Kerberos") _("Disable SELinux protection for krb5kdc daemon")
|
||||
+ktalkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ktalk daemons")
|
||||
+kudzu_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for kudzu daemon")
|
||||
+locate_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for locate daemon")
|
||||
+lpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lpd daemon")
|
||||
+lrrd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lrrd daemon")
|
||||
+lvm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lvm daemon")
|
||||
+mailman_mail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mailman")
|
||||
+mail_read_content _("Web Applications") _("Allow evolution and thunderbird to read user files")
|
||||
+mdadm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mdadm daemon")
|
||||
+monopd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for monopd daemon")
|
||||
+mozilla_read_content _("Web Applications") _("Allow the mozilla browser to read user files")
|
||||
+mrtg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mrtg daemon")
|
||||
+mysqld_disable_trans _("Databases") _("Disable SELinux protection for mysqld daemon")
|
||||
+nagios_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nagios daemon")
|
||||
+named_disable_trans _("Name Service") _("Disable SELinux protection for named daemon")
|
||||
+named_write_master_zones _("Name Service") _("Allow named to overwrite master zone files")
|
||||
+nessusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nessusd daemon")
|
||||
+NetworkManager_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for NetworkManager")
|
||||
+nfsd_disable_trans _("NFS") _("Disable SELinux protection for nfsd daemon")
|
||||
+nfs_export_all_ro _("NFS") _("Allow the reading on any NFS file system")
|
||||
+nfs_export_all_rw _("NFS") _("Allow the read/write/create on any NFS file system")
|
||||
+nmbd_disable_trans _("Samba") _("Disable SELinux protection for nmbd daemon")
|
||||
+nrpe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nrpe daemon")
|
||||
+nscd_disable_trans _("Name Service") _("Disable SELinux protection for nscd daemon")
|
||||
+nsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nsd daemon")
|
||||
+ntpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ntpd daemon")
|
||||
+oddjob_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob")
|
||||
+oddjob_mkhomedir_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob_mkhomedir")
|
||||
+openvpn_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for openvpn daemon")
|
||||
+pam_console_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pam daemon")
|
||||
+pegasus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pegasus")
|
||||
+perdition_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for perdition daemon")
|
||||
+portmap_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portmap daemon")
|
||||
+portslave_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portslave daemon")
|
||||
+postfix_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for postfix")
|
||||
+postgresql_disable_trans _("Databases") _("Disable SELinux protection for postgresql daemon")
|
||||
+pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel")
|
||||
+pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon")
|
||||
+pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon")
|
||||
+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user.")
|
||||
+pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp")
|
||||
+prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon")
|
||||
+privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon")
|
||||
+ptal_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ptal daemon")
|
||||
+pxe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pxe daemon")
|
||||
+pyzord_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pyzord")
|
||||
+quota_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for quota daemon")
|
||||
+radiusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radiusd daemon")
|
||||
+radvd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radvd daemon")
|
||||
+rdisc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rdisc")
|
||||
+readahead_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for readahead")
|
||||
+read_default_t _("Admin") _("Allow programs to read files in non-standard locations (default_t)")
|
||||
+read_untrusted_content _("Web Applications") _("Allow programs to read untrusted content without relabel")
|
||||
+restorecond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for restorecond")
|
||||
+rhgb_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rhgb daemon")
|
||||
+ricci_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci")
|
||||
+ricci_modclusterd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci_modclusterd")
|
||||
+rlogind_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rlogind daemon")
|
||||
+rpcd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rpcd daemon")
|
||||
+rshd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rshd")
|
||||
+rsync_disable_trans _("rsync") _("Disable SELinux protection for rsync daemon")
|
||||
+run_ssh_inetd _("SSH") _("Allow ssh to run from inetd instead of as a daemon")
|
||||
+samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories")
|
||||
+samba_share_nfs _("Samba") _("Allow Samba to share nfs directories")
|
||||
+saslauthd_disable_trans _("sasl authentications server") _("Disable SELinux protection for saslauthd daemon")
|
||||
+scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon")
|
||||
+secure_mode _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected")
|
||||
+secure_mode_insmod _("Admin") _("Do not allow any processes to load kernel modules")
|
||||
+secure_mode_policyload _("Admin") _("Do not allow any processes to modify kernel SELinux policy")
|
||||
+sendmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sendmail daemon")
|
||||
+setrans_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setrans")
|
||||
+setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroublesoot daemon")
|
||||
+slapd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slapd daemon")
|
||||
+slrnpull_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slrnpull daemon")
|
||||
+smbd_disable_trans _("Samba") _("Disable SELinux protection for smbd daemon")
|
||||
+snmpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snmpd daemon")
|
||||
+snort_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snort daemon")
|
||||
+soundd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for soundd daemon")
|
||||
+sound_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sound daemon")
|
||||
+spamassasin_can_network _("Spam Assassin") _("Allow Spam Assasin daemon network access")
|
||||
+spamd_disable_trans _("spam Protection") _("Disable SELinux protection for spamd daemon")
|
||||
+spamd_enable_home_dirs _("spam Protection") _("Allow spamd to access home directories")
|
||||
+spammassasin_can_network _("spam Protection") _("Allow spammassasin to access the network")
|
||||
+speedmgmt_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for speedmgmt daemon")
|
||||
+squid_connect_any _("Squid") _("Allow squid daemon to connect to the network")
|
||||
+squid_disable_trans _("Squid") _("Disable SELinux protection for squid daemon")
|
||||
+ssh_keygen_disable_trans _("SSH") _("Disable SELinux protection for ssh daemon")
|
||||
+ssh_sysadm_login _("SSH") _("Allow ssh logins as sysadm_r:sysadm_t")
|
||||
+staff_read_sysadm_file _("Admin") _("Allow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)")
|
||||
+stunnel_disable_trans _("Universal SSL tunnel") _("Disable SELinux protection for stunnel daemon")
|
||||
+stunnel_is_daemon _("Universal SSL tunnel") _("Allow stunnel daemon to run as standalone, outside of xinetd")
|
||||
+swat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for swat daemon")
|
||||
+sxid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sxid daemon")
|
||||
+syslogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for syslogd daemon")
|
||||
+system_crond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for system cron jobs")
|
||||
+tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tcp daemon")
|
||||
+telnetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for telnet daemon")
|
||||
+tftpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tftpd daemon")
|
||||
+transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon")
|
||||
+udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon")
|
||||
+uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon")
|
||||
+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined.")
|
||||
+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined.")
|
||||
+unlimitedRPM _("Admin") _("Allow rpm to run unconfined.")
|
||||
+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined.")
|
||||
+updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon")
|
||||
+uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon")
|
||||
+use_lpd_server _("Printing") _("Use lpd server instead of cups")
|
||||
+use_nfs_home_dirs _("NFS") _("Support NFS home directories")
|
||||
+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so.")
|
||||
+user_can_mount _("Mount") _("Allow users to execute the mount command")
|
||||
+user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)")
|
||||
+user_dmesg _("User Privs") _("Allow users to run the dmesg command")
|
||||
+user_net_control _("User Privs") _("Allow users to control network interfaces (also needs USERCTL=true)")
|
||||
+user_ping _("User Privs") _("Allow normal user to execute ping")
|
||||
+user_rw_noexattrfile _("User Privs") _("Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)")
|
||||
+user_rw_usb _("User Privs") _("Allow users to rw usb devices")
|
||||
+user_tcp_server _("User Privs") _("Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols")
|
||||
+user_ttyfile_stat _("User Privs") _("Allow user to stat ttyfiles")
|
||||
+use_samba_home_dirs _("Samba") _("Allow users to login with CIFS home directories")
|
||||
+uucpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uucpd daemon")
|
||||
+vmware_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for vmware daemon")
|
||||
+watchdog_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for watchdog daemon")
|
||||
+winbind_disable_trans _("Samba") _("Disable SELinux protection for winbind daemon")
|
||||
+write_untrusted_content _("Web Applications") _("Allow web applications to write untrusted content to disk (implies read)")
|
||||
+xdm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xdm daemon")
|
||||
+xdm_sysadm_login _("XServer") _("Allow xdm logins as sysadm_r:sysadm_t")
|
||||
+xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon")
|
||||
+xen_use_raw_disk _("XEN") _("Allow xen to read/write physical disk devices")
|
||||
+xfs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xfs daemon")
|
||||
+xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen constrol")
|
||||
+ypbind_disable_trans _("NIS") _("Disable SELinux protection for ypbind daemon")
|
||||
+yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon")
|
||||
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
|
||||
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
|
||||
+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
|
||||
diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.4/gui/semanagePage.py
|
||||
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.33.4/gui/semanagePage.py 2006-11-22 14:11:25.000000000 -0500
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.33.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -168,6 +168,10 @@ fi
|
|||
[ -x /sbin/service ] && /sbin/service restorecond condrestart
|
||||
|
||||
%changelog
|
||||
* Fri Nov 24 2006 Dan Walsh <dwalsh@redhat.com> 1.33.4-2
|
||||
- Additional po changes
|
||||
- Added all booleans definitions
|
||||
|
||||
* Wed Nov 22 2006 Dan Walsh <dwalsh@redhat.com> 1.33.4-1
|
||||
- Upstream accepted my patches
|
||||
* Merged setsebool patch from Karl MacMillan.
|
||||
|
|
Loading…
Reference in New Issue