rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14 

- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
This commit is contained in:
Daniel J Walsh 2010-01-27 21:52:27 +00:00
parent 88295c72ea
commit dd674534b4
2 changed files with 443 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

467
policycoreutils-rhat.patch
View File

@ -148,6 +148,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ audit2why.init()
app = AuditToPolicy()
app.main()
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.78/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-02-18 16:44:47.000000000 -0500
+++ policycoreutils-2.0.78/audit2allow/audit2allow.1 2010-01-25 15:55:32.000000000 -0500
@@ -44,6 +44,9 @@
Note that all audit messages are not available via dmesg when
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
.TP
+.B "\-D" | "\-\-dontaudit"
+Generate dontaudit rules rather then allow rules
+.TP
.B "\-h" | "\-\-help"
Print a short usage message
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.78/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.78/Makefile 2009-12-08 17:05:49.000000000 -0500
@ -1700,8 +1713,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.78/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-19 11:58:50.000000000 -0500
@@ -0,0 +1,323 @@
+++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-27 16:39:26.000000000 -0500
@@ -0,0 +1,357 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh@redhat.com>
+# Authors: Josh Cogliati
@ -1727,6 +1740,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+import selinux
+import signal
+from tempfile import mkdtemp
+import pwd
+
+PROGNAME = "policycoreutils"
+
@ -1823,7 +1837,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ X_FILES[file] = (dest, os.path.getmtime(dest))
+
+def copyfiles(newhomedir, newtmpdir, files):
+ import pwd
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
+ for f in files:
+ copyfile(f,homedir, newhomedir)
@ -1850,6 +1863,29 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ if(copy):
+ shutil.copy2(new,orig)
+
+def setup_executable(execfile, command):
+ fd = open(execfile, "w+")
+ fd.write("""
+#! /bin/sh
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+/usr/bin/matchbox-window-manager -use_titlebar no &
+WM_PID=$!
+%s
+kill -TERM $WM_PID 2> /dev/null
+""" % command)
+ fd.close()
+ os.chmod(execfile, 0700)
+
+def setup_session(execfile, command="/etc/gdm/Xsession"):
+ fd = open(execfile, "w+")
+ fd.write("""
+#!/bin/sh
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+%s
+""" % command)
+ fd.close()
+ os.chmod(execfile, 0700)
+
+if __name__ == '__main__':
+ setup_sighandlers()
+ if selinux.is_selinux_enabled() != 1:
@ -1859,7 +1895,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+
+ def usage(message = ""):
+ text = _("""
+sandbox [-h] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
+sandbox [-h] [-[X|M] [-S] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
+""")
+ error_exit("%s\n%s" % (message, text))
+
@ -1871,8 +1907,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ newtmpdir = None
+ existing_home = False
+ existing_temp = False
+ session = False
+ try:
+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:ht:XI:MH:T:",
+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:hSt:XI:MH:T:",
+ ["help",
+ "include=",
+ "includefile=",
@ -1880,6 +1917,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ "mount",
+ "homedir=",
+ "tmpdir=",
+ "session",
+ "level="
+ ])
+ for o, a in gopts:
@ -1920,6 +1958,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ newtempdir = a
+ if o == "-h" or o == "--help":
+ usage(_("Usage"));
+
+ if o == "-S" or o == "--session":
+ session = True
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
+
+
+ if len(cmds) == 0:
+ usage(_("Command required"))
@ -1946,23 +1989,29 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ if existing_home:
+ if not os.path.isdir(newhomedir):
+ raise IOError("Home directory "+newhomedir+" not found")
+ if not level:
+ if not level and not session:
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newhomedir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ else:
+ newhomedir = mkdtemp(dir=".", prefix=".sandbox")
+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
+ if session:
+ chcon = ("/usr/bin/chcon --reference %s %s" %( homedir, (newhomedir))).split()
+ else:
+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
+ if existing_temp:
+ if not os.path.isdir(newtempdir):
+ raise IOError("Temp directory "+newtempdir+" not found")
+ if not level:
+ if not level and not session:
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ else:
+ newtmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
+ if session:
+ chcon = ("/usr/bin/chcon --reference /tmp %s" % (newtmpdir)).split()
+ else:
+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
+ warnings.resetwarnings()
@ -1982,12 +2031,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ xd.close()
+
+ execfile = newhomedir + "/.sandboxrc"
+ fd = open(execfile, "w+")
+ fd.write("""#! /bin/sh
+%s
+""" % " ".join(paths))
+ fd.close()
+ os.chmod(execfile, 0700)
+ if session:
+ setup_session(execfile, " ".join(paths))
+ else:
+ setup_executable(execfile, " ".join(paths))
+
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
+ else:
@ -2019,12 +2067,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+ except KeyError, error:
+ error_exit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
+ error_exit(error.args[1])
+ error_exit(error.message)
+ except KeyboardInterrupt:
+ rc = 0
+
+ sys.exit(rc)
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.78/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/sandbox.8 2009-12-18 07:37:35.000000000 -0500
@ -2079,29 +2126,390 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+.TP
+runcon(1)
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth 2010-01-25 17:24:41.000000000 -0500
@@ -0,0 +1 @@
ïhÊ~©òH||”â#xˆ
\ No newline at end of file
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="hour_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/hour_format"/>
+ <entry name="temperature_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/temperature_unit"/>
+ <entry name="expand_locations" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_locations"/>
+ <entry name="unix_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/unix_time"/>
+ <entry name="show_temperature" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_temperature"/>
+ <entry name="format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/format"/>
+ <entry name="config_tool" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/config_tool"/>
+ <entry name="expand_birthdays" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_birthdays"/>
+ <entry name="show_date" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_date"/>
+ <entry name="expand_appointments" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_appointments"/>
+ <entry name="speed_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/speed_unit"/>
+ <entry name="expand_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_weather"/>
+ <entry name="show_seconds" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_seconds"/>
+ <entry name="internet_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/internet_time"/>
+ <entry name="show_week_numbers" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_week_numbers"/>
+ <entry name="expand_tasks" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_tasks"/>
+ <entry name="show_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_weather"/>
+ <entry name="gmt_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/gmt_time"/>
+ <entry name="show_tooltip" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_tooltip"/>
+ <entry name="custom_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/custom_format"/>
+ <entry name="cities" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/cities"/>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="minimum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/minimum_size"/>
+ <entry name="move_unminimized_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/move_unminimized_windows"/>
+ <entry name="maximum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/maximum_size"/>
+ <entry name="group_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/group_windows"/>
+ <entry name="display_all_workspaces" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/display_all_workspaces"/>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="display_workspace_names" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_workspace_names"/>
+ <entry name="num_rows" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/num_rows"/>
+ <entry name="display_all_workspaces" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_all_workspaces"/>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 2010-01-25 17:24:41.000000000 -0500
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="mousekeys_enable" mtime="1264458281" type="bool" value="false"/>
+ <entry name="stickykeys_two_key_off" mtime="1264458281" type="bool" value="true"/>
+ <entry name="mousekeys_max_speed" mtime="1264458281" type="int" value="750"/>
+ <entry name="timeout" mtime="1264458281" type="int" value="120"/>
+ <entry name="timeout_enable" mtime="1264458281" type="bool" value="false"/>
+ <entry name="bouncekeys_beep_reject" mtime="1264458281" type="bool" value="true"/>
+ <entry name="mousekeys_accel_time" mtime="1264458281" type="int" value="1200"/>
+ <entry name="mousekeys_init_delay" mtime="1264458281" type="int" value="160"/>
+ <entry name="slowkeys_beep_reject" mtime="1264458281" type="bool" value="false"/>
+ <entry name="slowkeys_beep_accept" mtime="1264458281" type="bool" value="true"/>
+ <entry name="slowkeys_enable" mtime="1264458281" type="bool" value="false"/>
+ <entry name="stickykeys_modifier_beep" mtime="1264458281" type="bool" value="true"/>
+ <entry name="bouncekeys_enable" mtime="1264458281" type="bool" value="false"/>
+ <entry name="togglekeys_enable" mtime="1264458281" type="bool" value="false"/>
+ <entry name="stickykeys_enable" mtime="1264458281" type="bool" value="false"/>
+ <entry name="slowkeys_beep_press" mtime="1264458281" type="bool" value="true"/>
+ <entry name="bouncekeys_delay" mtime="1264458281" type="int" value="300"/>
+ <entry name="slowkeys_delay" mtime="1264458281" type="int" value="300"/>
+ <entry name="feature_state_change_beep" mtime="1264458281" type="bool" value="false"/>
+ <entry name="enable" mtime="1264458281" type="bool" value="false"/>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="gtk-im-module" mtime="1264458283" type="string">
+ <stringvalue>gtk-im-context-simple</stringvalue>
+ </entry>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="disable_xmm_and_xkb_warning" mtime="1264458288" type="bool" value="true"/>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 2010-01-25 17:24:41.000000000 -0500
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<gconf>
+ <entry name="known_file_list" mtime="1264458281" type="list" ltype="string">
+ <li type="string">
+ <stringvalue>.xmodmap</stringvalue>
+ </li>
+ </entry>
+</gconf>
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap
--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap 2010-01-25 17:24:30.000000000 -0500
@@ -0,0 +1,248 @@
+keycode 8 =
+keycode 9 = Escape NoSymbol Escape
+keycode 10 = 1 exclam 1 exclam
+keycode 11 = 2 at 2 at
+keycode 12 = 3 numbersign 3 numbersign
+keycode 13 = 4 dollar 4 dollar
+keycode 14 = 5 percent 5 percent
+keycode 15 = 6 asciicircum 6 asciicircum
+keycode 16 = 7 ampersand 7 ampersand
+keycode 17 = 8 asterisk 8 asterisk
+keycode 18 = 9 parenleft 9 parenleft
+keycode 19 = 0 parenright 0 parenright
+keycode 20 = minus underscore minus underscore
+keycode 21 = equal plus equal plus
+keycode 22 = BackSpace NoSymbol BackSpace
+keycode 23 = Tab ISO_Left_Tab Tab ISO_Left_Tab
+keycode 24 = q Q q Q
+keycode 25 = w W w W
+keycode 26 = e E e E
+keycode 27 = r R r R
+keycode 28 = t T t T
+keycode 29 = y Y y Y
+keycode 30 = u U u U
+keycode 31 = i I i I
+keycode 32 = o O o O
+keycode 33 = p P p P
+keycode 34 = bracketleft braceleft bracketleft braceleft
+keycode 35 = bracketright braceright bracketright braceright
+keycode 36 = Return NoSymbol Return
+keycode 37 = Control_L NoSymbol Control_L
+keycode 38 = a A a A
+keycode 39 = s S s S
+keycode 40 = d D d D
+keycode 41 = f F f F
+keycode 42 = g G g G
+keycode 43 = h H h H
+keycode 44 = j J j J
+keycode 45 = k K k K
+keycode 46 = l L l L
+keycode 47 = semicolon colon semicolon colon
+keycode 48 = apostrophe quotedbl apostrophe quotedbl
+keycode 49 = grave asciitilde grave asciitilde
+keycode 50 = Shift_L NoSymbol Shift_L
+keycode 51 = backslash bar backslash bar
+keycode 52 = z Z z Z
+keycode 53 = x X x X
+keycode 54 = c C c C
+keycode 55 = v V v V
+keycode 56 = b B b B
+keycode 57 = n N n N
+keycode 58 = m M m M
+keycode 59 = comma less comma less
+keycode 60 = period greater period greater
+keycode 61 = slash question slash question
+keycode 62 = Shift_R NoSymbol Shift_R
+keycode 63 = KP_Multiply XF86_ClearGrab KP_Multiply XF86_ClearGrab
+keycode 64 = Alt_L Meta_L Alt_L Meta_L
+keycode 65 = space NoSymbol space
+keycode 66 = Caps_Lock NoSymbol Caps_Lock
+keycode 67 = F1 XF86_Switch_VT_1 F1 XF86_Switch_VT_1
+keycode 68 = F2 XF86_Switch_VT_2 F2 XF86_Switch_VT_2
+keycode 69 = F3 XF86_Switch_VT_3 F3 XF86_Switch_VT_3
+keycode 70 = F4 XF86_Switch_VT_4 F4 XF86_Switch_VT_4
+keycode 71 = F5 XF86_Switch_VT_5 F5 XF86_Switch_VT_5
+keycode 72 = F6 XF86_Switch_VT_6 F6 XF86_Switch_VT_6
+keycode 73 = F7 XF86_Switch_VT_7 F7 XF86_Switch_VT_7
+keycode 74 = F8 XF86_Switch_VT_8 F8 XF86_Switch_VT_8
+keycode 75 = F9 XF86_Switch_VT_9 F9 XF86_Switch_VT_9
+keycode 76 = F10 XF86_Switch_VT_10 F10 XF86_Switch_VT_10
+keycode 77 = Num_Lock Pointer_EnableKeys Num_Lock Pointer_EnableKeys
+keycode 78 = Scroll_Lock NoSymbol Scroll_Lock
+keycode 79 = KP_Home KP_7 KP_Home KP_7
+keycode 80 = KP_Up KP_8 KP_Up KP_8
+keycode 81 = KP_Prior KP_9 KP_Prior KP_9
+keycode 82 = KP_Subtract XF86_Prev_VMode KP_Subtract XF86_Prev_VMode
+keycode 83 = KP_Left KP_4 KP_Left KP_4
+keycode 84 = KP_Begin KP_5 KP_Begin KP_5
+keycode 85 = KP_Right KP_6 KP_Right KP_6
+keycode 86 = KP_Add XF86_Next_VMode KP_Add XF86_Next_VMode
+keycode 87 = KP_End KP_1 KP_End KP_1
+keycode 88 = KP_Down KP_2 KP_Down KP_2
+keycode 89 = KP_Next KP_3 KP_Next KP_3
+keycode 90 = KP_Insert KP_0 KP_Insert KP_0
+keycode 91 = KP_Delete KP_Decimal KP_Delete KP_Decimal
+keycode 92 = ISO_Level3_Shift NoSymbol ISO_Level3_Shift
+keycode 93 =
+keycode 94 = less greater less greater bar brokenbar
+keycode 95 = F11 XF86_Switch_VT_11 F11 XF86_Switch_VT_11
+keycode 96 = F12 XF86_Switch_VT_12 F12 XF86_Switch_VT_12
+keycode 97 =
+keycode 98 = Katakana NoSymbol Katakana
+keycode 99 = Hiragana NoSymbol Hiragana
+keycode 100 = Henkan_Mode NoSymbol Henkan_Mode
+keycode 101 = Hiragana_Katakana NoSymbol Hiragana_Katakana
+keycode 102 = Muhenkan NoSymbol Muhenkan
+keycode 103 =
+keycode 104 = KP_Enter NoSymbol KP_Enter
+keycode 105 = Control_R NoSymbol Control_R
+keycode 106 = KP_Divide XF86_Ungrab KP_Divide XF86_Ungrab
+keycode 107 = Print Sys_Req Print Sys_Req
+keycode 108 = Alt_R Meta_R Alt_R Meta_R
+keycode 109 = Linefeed NoSymbol Linefeed
+keycode 110 = Home NoSymbol Home
+keycode 111 = Up NoSymbol Up
+keycode 112 = Prior NoSymbol Prior
+keycode 113 = Left NoSymbol Left
+keycode 114 = Right NoSymbol Right
+keycode 115 = End NoSymbol End
+keycode 116 = Down NoSymbol Down
+keycode 117 = Next NoSymbol Next
+keycode 118 = Insert NoSymbol Insert
+keycode 119 = Delete NoSymbol Delete
+keycode 120 =
+keycode 121 = XF86AudioMute NoSymbol XF86AudioMute
+keycode 122 = XF86AudioLowerVolume NoSymbol XF86AudioLowerVolume
+keycode 123 = XF86AudioRaiseVolume NoSymbol XF86AudioRaiseVolume
+keycode 124 = XF86PowerOff NoSymbol XF86PowerOff
+keycode 125 = KP_Equal NoSymbol KP_Equal
+keycode 126 = plusminus NoSymbol plusminus
+keycode 127 = Pause Break Pause Break
+keycode 128 =
+keycode 129 = KP_Decimal NoSymbol KP_Decimal
+keycode 130 = Hangul NoSymbol Hangul
+keycode 131 = Hangul_Hanja NoSymbol Hangul_Hanja
+keycode 132 =
+keycode 133 = Super_L NoSymbol Super_L
+keycode 134 = Super_R NoSymbol Super_R
+keycode 135 = Menu NoSymbol Menu
+keycode 136 = Cancel NoSymbol Cancel
+keycode 137 = Redo NoSymbol Redo
+keycode 138 = SunProps NoSymbol SunProps
+keycode 139 = Undo NoSymbol Undo
+keycode 140 = SunFront NoSymbol SunFront
+keycode 141 = XF86Copy NoSymbol XF86Copy
+keycode 142 = SunOpen NoSymbol SunOpen
+keycode 143 = XF86Paste NoSymbol XF86Paste
+keycode 144 = Find NoSymbol Find
+keycode 145 = XF86Cut NoSymbol XF86Cut
+keycode 146 = Help NoSymbol Help
+keycode 147 = XF86MenuKB NoSymbol XF86MenuKB
+keycode 148 = XF86Calculator NoSymbol XF86Calculator
+keycode 149 =
+keycode 150 = XF86Sleep NoSymbol XF86Sleep
+keycode 151 = XF86WakeUp NoSymbol XF86WakeUp
+keycode 152 = XF86Explorer NoSymbol XF86Explorer
+keycode 153 = XF86Send NoSymbol XF86Send
+keycode 154 =
+keycode 155 = XF86Xfer NoSymbol XF86Xfer
+keycode 156 = XF86Launch1 NoSymbol XF86Launch1
+keycode 157 = XF86Launch2 NoSymbol XF86Launch2
+keycode 158 = XF86WWW NoSymbol XF86WWW
+keycode 159 = XF86DOS NoSymbol XF86DOS
+keycode 160 = XF86ScreenSaver NoSymbol XF86ScreenSaver
+keycode 161 =
+keycode 162 = XF86RotateWindows NoSymbol XF86RotateWindows
+keycode 163 = XF86Mail NoSymbol XF86Mail
+keycode 164 = XF86Favorites NoSymbol XF86Favorites
+keycode 165 = XF86MyComputer NoSymbol XF86MyComputer
+keycode 166 = XF86Back NoSymbol XF86Back
+keycode 167 = XF86Forward NoSymbol XF86Forward
+keycode 168 =
+keycode 169 = XF86Eject NoSymbol XF86Eject
+keycode 170 = XF86Eject XF86Eject XF86Eject XF86Eject
+keycode 171 = XF86AudioNext NoSymbol XF86AudioNext
+keycode 172 = XF86AudioPlay XF86AudioPause XF86AudioPlay XF86AudioPause
+keycode 173 = XF86AudioPrev NoSymbol XF86AudioPrev
+keycode 174 = XF86AudioStop XF86Eject XF86AudioStop XF86Eject
+keycode 175 = XF86AudioRecord NoSymbol XF86AudioRecord
+keycode 176 = XF86AudioRewind NoSymbol XF86AudioRewind
+keycode 177 = XF86Phone NoSymbol XF86Phone
+keycode 178 =
+keycode 179 = XF86Tools NoSymbol XF86Tools
+keycode 180 = XF86HomePage NoSymbol XF86HomePage
+keycode 181 = XF86Reload NoSymbol XF86Reload
+keycode 182 = XF86Close NoSymbol XF86Close
+keycode 183 =
+keycode 184 =
+keycode 185 = XF86ScrollUp NoSymbol XF86ScrollUp
+keycode 186 = XF86ScrollDown NoSymbol XF86ScrollDown
+keycode 187 = parenleft NoSymbol parenleft
+keycode 188 = parenright NoSymbol parenright
+keycode 189 = XF86New NoSymbol XF86New
+keycode 190 = Redo NoSymbol Redo
+keycode 191 =
+keycode 192 =
+keycode 193 =
+keycode 194 =
+keycode 195 =
+keycode 196 =
+keycode 197 =
+keycode 198 =
+keycode 199 =
+keycode 200 = XF86TouchpadToggle NoSymbol XF86TouchpadToggle
+keycode 201 =
+keycode 202 =
+keycode 203 = Mode_switch NoSymbol Mode_switch
+keycode 204 = NoSymbol Alt_L NoSymbol Alt_L
+keycode 205 = NoSymbol Meta_L NoSymbol Meta_L
+keycode 206 = NoSymbol Super_L NoSymbol Super_L
+keycode 207 = NoSymbol Hyper_L NoSymbol Hyper_L
+keycode 208 = XF86AudioPlay NoSymbol XF86AudioPlay
+keycode 209 = XF86AudioPause NoSymbol XF86AudioPause
+keycode 210 = XF86Launch3 NoSymbol XF86Launch3
+keycode 211 = XF86Launch4 NoSymbol XF86Launch4
+keycode 212 =
+keycode 213 = XF86Suspend NoSymbol XF86Suspend
+keycode 214 = XF86Close NoSymbol XF86Close
+keycode 215 = XF86AudioPlay NoSymbol XF86AudioPlay
+keycode 216 = XF86AudioForward NoSymbol XF86AudioForward
+keycode 217 =
+keycode 218 = Print NoSymbol Print
+keycode 219 =
+keycode 220 = XF86WebCam NoSymbol XF86WebCam
+keycode 221 =
+keycode 222 =
+keycode 223 = XF86Mail NoSymbol XF86Mail
+keycode 224 =
+keycode 225 = XF86Search NoSymbol XF86Search
+keycode 226 =
+keycode 227 = XF86Finance NoSymbol XF86Finance
+keycode 228 =
+keycode 229 = XF86Shop NoSymbol XF86Shop
+keycode 230 =
+keycode 231 = Cancel NoSymbol Cancel
+keycode 232 = XF86MonBrightnessDown NoSymbol XF86MonBrightnessDown
+keycode 233 = XF86MonBrightnessUp NoSymbol XF86MonBrightnessUp
+keycode 234 = XF86AudioMedia NoSymbol XF86AudioMedia
+keycode 235 = XF86Display NoSymbol XF86Display
+keycode 236 = XF86KbdLightOnOff NoSymbol XF86KbdLightOnOff
+keycode 237 = XF86KbdBrightnessDown NoSymbol XF86KbdBrightnessDown
+keycode 238 = XF86KbdBrightnessUp NoSymbol XF86KbdBrightnessUp
+keycode 239 = XF86Send NoSymbol XF86Send
+keycode 240 = XF86Reply NoSymbol XF86Reply
+keycode 241 = XF86MailForward NoSymbol XF86MailForward
+keycode 242 = XF86Save NoSymbol XF86Save
+keycode 243 = XF86Documents NoSymbol XF86Documents
+keycode 244 = XF86Battery NoSymbol XF86Battery
+keycode 245 = XF86Bluetooth NoSymbol XF86Bluetooth
+keycode 246 = XF86WLAN NoSymbol XF86WLAN
+keycode 247 =
+keycode 248 =
+keycode 249 =
+keycode 250 =
+keycode 251 =
+keycode 252 =
+keycode 253 =
+keycode 254 =
+keycode 255 =
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.78/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-19 12:20:41.000000000 -0500
@@ -0,0 +1,19 @@
+++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-27 16:49:23.000000000 -0500
@@ -0,0 +1,14 @@
+#!/bin/bash
+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
+
+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70` Running as `secon -t -l -P`"
+export SCREENSIZE="1000x700"
+#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+trap "exit 0" HUP
+
+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
+ (/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap) &
+ /usr/bin/matchbox-window-manager -use_titlebar no &
+ WM_PID=$!
+ ~/.sandboxrc &
+ CLIENT_PID=$!
+ wait $CLIENT_PID
+ python -c 'import gtk, os; os.system("%s/.sandboxrc" % os.environ["HOME"])'
+ export EXITCODE=$?
+ kill -TERM $WM_PID 2> /dev/null
+ kill -HUP 0
+ break
+done
+exit 0
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.78/sandbox/seunshare differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.78/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/seunshare.c 2010-01-19 12:15:41.000000000 -0500
@ -2371,6 +2779,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
+
+ return status;
+}
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.78/sandbox/seunshare.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.78/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.78/semanage/semanage 2010-01-08 09:24:07.000000000 -0500

6
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.78
Release: 13%{?dist}
Release: 14%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -297,6 +297,10 @@ fi
exit 0
%changelog
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-13
- Fix executable template for fifo files