diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index dcdeb56..06085d7 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -5910,7 +5910,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui + diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/polgengui.py --- policycoreutils-2.0.86/gui/polgengui.py.gui 2011-04-12 10:52:07.513644322 -0400 -+++ policycoreutils-2.0.86/gui/polgengui.py 2011-04-12 10:52:07.514644337 -0400 ++++ policycoreutils-2.0.86/gui/polgengui.py 2011-05-23 17:04:16.377786536 -0400 @@ -0,0 +1,750 @@ +#!/usr/bin/python -Es +# @@ -5918,7 +5918,7 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/ +# +# Dan Walsh +# -+# Copyright 2007, 2008, 2009 Red Hat, Inc. ++# Copyright (C) 2007-2011 Red Hat +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by @@ -6664,11 +6664,11 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/ + app.stand_alone() diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/polgen.py --- policycoreutils-2.0.86/gui/polgen.py.gui 2011-04-12 10:52:07.516644368 -0400 -+++ policycoreutils-2.0.86/gui/polgen.py 2011-04-12 10:52:07.517644384 -0400 ++++ policycoreutils-2.0.86/gui/polgen.py 2011-05-23 17:04:04.539689964 -0400 @@ -0,0 +1,1346 @@ +#!/usr/bin/python -Es +# -+# Copyright (C) 2007-2010 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12111,9 +12111,9 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils + app.stand_alone() diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0.86/gui/templates/boolean.py --- policycoreutils-2.0.86/gui/templates/boolean.py.gui 2011-04-12 10:52:07.543644784 -0400 -+++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-04-29 11:47:41.684099468 -0400 ++++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-05-23 16:59:42.369598714 -0400 @@ -0,0 +1,40 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12130,34 +12130,34 @@ diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### boolean Template File ########################### + +te_boolean=""" +## -+##

-+## DESCRIPTION -+##

++##

++## DESCRIPTION ++##

+## -+gen_tunable(BOOLEAN,false) ++gen_tunable(BOOLEAN, false) +""" + +te_rules=""" +tunable_policy(`BOOLEAN',` +#TRUE -+',` ++',` +#FALSE +') +""" + diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.86/gui/templates/etc_rw.py --- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui 2011-04-12 10:52:07.546644829 -0400 -+++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-04-29 11:47:41.684099468 -0400 ++++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-05-23 16:59:53.369684469 -0400 @@ -0,0 +1,112 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12174,10 +12174,10 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### etc_rw Template File ############################# + +########################### Type Enforcement File ############################# @@ -12227,14 +12227,14 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0. + type TEMPLATETYPE_etc_rw_t; + ') + -+ allow $1 TEMPLATETYPE_etc_rw_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms; + allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms; + files_search_etc($1) +') + +######################################## +## -+## Manage TEMPLATETYPE conf files. ++## Manage TEMPLATETYPE conf files. +## +## +## @@ -12247,14 +12247,14 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0. + type TEMPLATETYPE_etc_rw_t; + ') + -+ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) + files_search_etc($1) +') + +""" + +if_admin_types=""" -+ type TEMPLATETYPE_etc_rw_t;""" ++ type TEMPLATETYPE_etc_rw_t;""" + +if_admin_rules=""" + files_search_etc($1) @@ -12271,9 +12271,9 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0. +""" diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-2.0.86/gui/templates/executable.py --- policycoreutils-2.0.86/gui/templates/executable.py.gui 2011-04-12 10:52:07.548644859 -0400 -+++ policycoreutils-2.0.86/gui/templates/executable.py 2011-04-29 11:53:01.953579440 -0400 -@@ -0,0 +1,448 @@ -+# Copyright (C) 2007-2009 Red Hat ++++ policycoreutils-2.0.86/gui/templates/executable.py 2011-05-23 17:03:10.575251921 -0400 +@@ -0,0 +1,451 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12290,13 +12290,13 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### Type Enforcement File ############################# +te_daemon_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12316,7 +12316,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +""" + +te_dbusd_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12331,7 +12331,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +""" + +te_inetd_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12346,7 +12346,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +""" + +te_userapp_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12362,7 +12362,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +""" + +te_sandbox_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12377,7 +12377,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +""" + +te_cgi_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12446,8 +12446,8 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- + +te_manage_krb5_rcache_rules=""" +optional_policy(` -+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) -+ kerberos_manage_host_rcache(TEMPLATETYPE_t) ++ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) ++ kerberos_manage_host_rcache(TEMPLATETYPE_t) +') +""" + @@ -12492,7 +12492,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +## +## +## -+## Domain allowed access. ++## Domain allowed to transition. +## +## +# @@ -12501,7 +12501,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- + type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; + ') + -+ corecmd_search_bin($1) ++ corecmd_search_bin($1) + domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t) +') + @@ -12515,7 +12515,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +## +## +## -+## Domain allowed access ++## Domain allowed to transition +## +## +## @@ -12550,7 +12550,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +# +interface(`TEMPLATETYPE_role',` + gen_require(` -+ type TEMPLATETYPE_t; ++ type TEMPLATETYPE_t; + ') + + role $1 types TEMPLATETYPE_t; @@ -12571,7 +12571,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +## +## +## -+## Domain allowed access ++## Domain allowed to transition. +## +## +## @@ -12639,6 +12639,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- + + init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t) +') ++ +""" + +if_dbus_rules=""" @@ -12662,6 +12663,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- + allow $1 TEMPLATETYPE_t:dbus send_msg; + allow TEMPLATETYPE_t $1:dbus send_msg; +') ++ +""" + +if_begin_admin=""" @@ -12692,9 +12694,9 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- + allow $1 TEMPLATETYPE_t:process { ptrace signal_perms }; + ps_process_pattern($1, TEMPLATETYPE_t) +""" -+ ++ +if_initscript_admin_types=""" -+ type TEMPLATETYPE_initrc_exec_t;""" ++ type TEMPLATETYPE_initrc_exec_t;""" + +if_initscript_admin=""" + TEMPLATETYPE_initrc_domtrans($1) @@ -12705,6 +12707,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- + +if_end_admin=""" +') ++ +""" + +########################### File Context ################################## @@ -12723,10 +12726,10 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils- +""" diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.0.86/gui/templates/__init__.py --- policycoreutils-2.0.86/gui/templates/__init__.py.gui 2011-04-12 10:52:07.549644874 -0400 -+++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-04-29 11:47:41.685099475 -0400 ++++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-05-23 17:02:40.424008790 -0400 @@ -0,0 +1,18 @@ +# -+# Copyright (C) 2007 Red Hat, Inc. ++# Copyright (C) 2007-2011 Red Hat +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by @@ -12745,8 +12748,30 @@ diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2. + diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0.86/gui/templates/network.py --- policycoreutils-2.0.86/gui/templates/network.py.gui 2011-04-12 10:52:07.556644982 -0400 -+++ policycoreutils-2.0.86/gui/templates/network.py 2011-04-29 11:47:41.686099482 -0400 -@@ -0,0 +1,80 @@ ++++ policycoreutils-2.0.86/gui/templates/network.py 2011-05-23 17:03:09.237241107 -0400 +@@ -0,0 +1,102 @@ ++# Copyright (C) 2007-2011 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### Type Enforcement File ############################# +te_port_types=""" +type TEMPLATETYPE_port_t; +corenet_port(TEMPLATETYPE_port_t) @@ -12829,9 +12854,9 @@ diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0 + diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/gui/templates/rw.py --- policycoreutils-2.0.86/gui/templates/rw.py.gui 2011-04-12 10:52:07.557644997 -0400 -+++ policycoreutils-2.0.86/gui/templates/rw.py 2011-04-29 11:47:41.686099482 -0400 -@@ -0,0 +1,130 @@ -+# Copyright (C) 2007 Red Hat ++++ policycoreutils-2.0.86/gui/templates/rw.py 2011-05-23 16:59:48.308644991 -0400 +@@ -0,0 +1,129 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12848,10 +12873,10 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# + +########################### tmp Template File ############################# +te_types=""" @@ -12900,7 +12925,7 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g + type TEMPLATETYPE_rw_t; + ') + -+ allow $1 TEMPLATETYPE_rw_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_rw_t:file read_file_perms; + allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; + files_search_rw($1) +') @@ -12920,7 +12945,7 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g + type TEMPLATETYPE_rw_t; + ') + -+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +') + +######################################## @@ -12939,20 +12964,19 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g + type TEMPLATETYPE_rw_t; + ') + -+ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +') + +""" + +if_admin_types=""" -+ type TEMPLATETYPE_rw_t;""" ++ type TEMPLATETYPE_rw_t;""" + +if_admin_rules=""" + files_search_etc($1) + admin_pattern($1, TEMPLATETYPE_rw_t) +""" + -+ +########################### File Context ################################## +fc_file=""" +FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) @@ -12963,9 +12987,9 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g +""" diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.86/gui/templates/script.py --- policycoreutils-2.0.86/gui/templates/script.py.gui 2011-04-12 10:52:07.558645012 -0400 -+++ policycoreutils-2.0.86/gui/templates/script.py 2011-04-29 11:47:41.686099482 -0400 ++++ policycoreutils-2.0.86/gui/templates/script.py 2011-05-23 17:02:13.796795073 -0400 @@ -0,0 +1,126 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12982,10 +13006,10 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# + +########################### tmp Template File ############################# +compile="""\ @@ -13071,9 +13095,9 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0. +TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t +_EOF +fi +""" @@ -13084,18 +13108,18 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0. +TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t +_EOF +fi +""" diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.0.86/gui/templates/semodule.py --- policycoreutils-2.0.86/gui/templates/semodule.py.gui 2011-04-12 10:52:07.560645042 -0400 -+++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-04-29 11:47:41.687099489 -0400 ++++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-05-23 17:02:07.466744404 -0400 @@ -0,0 +1,41 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13138,9 +13162,9 @@ diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2. + diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/gui/templates/tmp.py --- policycoreutils-2.0.86/gui/templates/tmp.py.gui 2011-04-12 10:52:07.561645058 -0400 -+++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-04-29 11:47:41.687099489 -0400 ++++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-05-23 17:01:55.736650663 -0400 @@ -0,0 +1,102 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13157,10 +13181,10 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/ +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### tmp Template File ############################# + +te_types=""" @@ -13177,7 +13201,7 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/ +if_rules=""" +######################################## +## -+## Do not audit attempts to read, ++## Do not audit attempts to read, +## TEMPLATETYPE tmp files +## +## @@ -13228,25 +13252,25 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/ + type TEMPLATETYPE_tmp_t; + ') + -+ files_search_tmp($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ files_search_tmp($1) ++ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_tmp_t;""" ++ type TEMPLATETYPE_tmp_t;""" + +if_admin_rules=""" -+ files_search_tmp($1) ++ files_search_tmp($1) + admin_pattern($1, TEMPLATETYPE_tmp_t) +""" diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86/gui/templates/user.py --- policycoreutils-2.0.86/gui/templates/user.py.gui 2011-04-12 10:52:07.562645074 -0400 -+++ policycoreutils-2.0.86/gui/templates/user.py 2011-04-29 11:47:41.687099489 -0400 -@@ -0,0 +1,205 @@ -+# Copyright (C) 2007 Red Hat ++++ policycoreutils-2.0.86/gui/templates/user.py 2011-05-23 17:01:46.816579501 -0400 +@@ -0,0 +1,204 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13263,14 +13287,14 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### Type Enforcement File ############################# + +te_login_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13281,7 +13305,7 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +""" + +te_admin_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13292,7 +13316,7 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +""" + +te_min_login_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13303,7 +13327,7 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +""" + +te_x_login_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13314,18 +13338,17 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +""" + +te_existing_user_types="""\ -+policy_module(myTEMPLATETYPE,1.0.0) ++policy_module(myTEMPLATETYPE, 1.0.0) + +gen_require(` -+ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; -+ role TEMPLATETYPE_r; ++ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; ++ role TEMPLATETYPE_r; +') + +""" + +te_root_user_types="""\ -+ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13407,20 +13430,20 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +bool TEMPLATETYPE_manage_user_files false; + +if (TEMPLATETYPE_read_user_files) { -+ userdom_read_user_home_content_files(TEMPLATETYPE_t) -+ userdom_read_user_tmp_files(TEMPLATETYPE_t) ++ userdom_read_user_home_content_files(TEMPLATETYPE_t) ++ userdom_read_user_tmp_files(TEMPLATETYPE_t) +} + +if (TEMPLATETYPE_manage_user_files) { -+ userdom_manage_user_home_content(TEMPLATETYPE_t) -+ userdom_manage_user_tmp_files(TEMPLATETYPE_t) ++ userdom_manage_user_home_content(TEMPLATETYPE_t) ++ userdom_manage_user_tmp_files(TEMPLATETYPE_t) +} + +""" + +te_admin_trans_rules=""" +gen_require(` -+ role USER_r; ++ role USER_r; +') + +allow USER_r TEMPLATETYPE_r; @@ -13453,9 +13476,9 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86 +""" diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2.0.86/gui/templates/var_cache.py --- policycoreutils-2.0.86/gui/templates/var_cache.py.gui 2011-04-12 10:52:07.566645136 -0400 -+++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-04-29 11:47:41.688099497 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-05-23 17:01:38.793515591 -0400 @@ -0,0 +1,132 @@ -+# Copyright (C) 2010 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13472,10 +13495,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### cache Template File ############################# + +########################### Type Enforcement File ############################# @@ -13527,7 +13550,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2 + ') + + files_search_var($1) -+ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t) ++ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t) +') + +######################################## @@ -13547,7 +13570,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2 + ') + + files_search_var($1) -+ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) ++ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) +') + +######################################## @@ -13566,13 +13589,13 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2 + ') + + files_search_var($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) +') + +""" + +if_admin_types=""" -+ type TEMPLATETYPE_cache_t;""" ++ type TEMPLATETYPE_cache_t;""" + +if_admin_rules=""" + files_search_var($1) @@ -13589,9 +13612,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2 +""" diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0.86/gui/templates/var_lib.py --- policycoreutils-2.0.86/gui/templates/var_lib.py.gui 2011-04-12 10:52:07.567645151 -0400 -+++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-04-29 11:47:41.688099497 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-05-23 17:01:31.516457701 -0400 @@ -0,0 +1,160 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13608,10 +13631,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_lib Template File ############################# + +########################### Type Enforcement File ############################# @@ -13622,7 +13645,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 +te_rules=""" +manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file } ) ++files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file }) +""" + +te_stream_rules="""\ @@ -13668,7 +13691,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 + ') + + files_search_var_lib($1) -+ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +######################################## @@ -13687,7 +13710,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 + ') + + files_search_var_lib($1) -+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +######################################## @@ -13706,7 +13729,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 + ') + + files_search_var_lib($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +""" @@ -13727,12 +13750,12 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 + type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t; + ') + -+ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_var_lib_t;""" ++ type TEMPLATETYPE_var_lib_t;""" + +if_admin_rules=""" + files_search_var_lib($1) @@ -13753,9 +13776,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0 +""" diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0.86/gui/templates/var_log.py --- policycoreutils-2.0.86/gui/templates/var_log.py.gui 2011-04-12 10:52:07.568645166 -0400 -+++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-04-29 11:47:41.688099497 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-05-23 17:01:22.948389639 -0400 @@ -0,0 +1,114 @@ -+# Copyright (C) 2007,2010 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13772,10 +13795,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_log Template File ############################# + +########################### Type Enforcement File ############################# @@ -13787,7 +13810,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 +te_rules=""" +manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file } ) ++logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file }) +""" + +########################### Interface File ############################# @@ -13809,7 +13832,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 + ') + + logging_search_logs($1) -+ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') + +######################################## @@ -13817,9 +13840,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 +## Append to TEMPLATETYPE log files. +## +## -+## -+## Domain allowed to transition. -+## ++## ++## Domain allowed access. ++## +## +# +interface(`TEMPLATETYPE_append_log',` @@ -13828,7 +13851,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 + ') + + logging_search_logs($1) -+ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') + +######################################## @@ -13837,7 +13860,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 +## +## +## -+## Domain to not audit. ++## Domain allowed access. +## +## +# @@ -13847,14 +13870,14 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 + ') + + logging_search_logs($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_log_t;""" ++ type TEMPLATETYPE_log_t;""" + +if_admin_rules=""" + logging_search_logs($1) @@ -13871,9 +13894,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0 +""" diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0.86/gui/templates/var_run.py --- policycoreutils-2.0.86/gui/templates/var_run.py.gui 2011-04-12 10:52:07.569645181 -0400 -+++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-04-29 11:47:41.689099505 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-05-23 17:01:11.639299961 -0400 @@ -0,0 +1,101 @@ -+# Copyright (C) 2007,2010 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13890,10 +13913,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_run Template File ############################# + +te_types=""" @@ -13951,12 +13974,12 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0 + ') + + files_search_pids($1) -+ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) ++ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_var_run_t;""" ++ type TEMPLATETYPE_var_run_t;""" + +if_admin_rules=""" + files_search_pids($1) @@ -13976,9 +13999,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0 +""" diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py --- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-04-12 10:52:07.573645242 -0400 -+++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-04-29 11:47:41.689099505 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-25 16:09:23.350352658 -0400 @@ -0,0 +1,131 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13995,10 +14018,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2 +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_spool Template File ############################# + +########################### Type Enforcement File ############################# @@ -14050,7 +14073,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2 + ') + + files_search_spool($1) -+ read_files_pattern($1, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t) ++ read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) +') + +######################################## @@ -14094,7 +14117,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2 +""" + +if_admin_types=""" -+ type TEMPLATETYPE_spool_t;""" ++ type TEMPLATETYPE_spool_t;""" + +if_admin_rules=""" + files_search_spool($1) diff --git a/policycoreutils.spec b/policycoreutils.spec index e4c2645..02deed6 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.86 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -25,6 +25,7 @@ Patch: policycoreutils-rhat.patch Patch1: policycoreutils-po.patch Patch3: policycoreutils-gui.patch Patch4: policycoreutils-sepolgen.patch +Patch5: policycoreutils-sandbox.patch Obsoletes: policycoreutils < 2.0.61-2 %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)") @@ -63,6 +64,7 @@ context. %patch1 -p1 -b .rhatpo %patch3 -p1 -b .gui %patch4 -p1 -b .sepolgen +%patch5 -p1 -b .sandbox %build make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all @@ -331,6 +333,12 @@ fi exit 0 %changelog +* Mon Jun 13 2011 Dan Walsh 2.0.86-8 +- Do not drop capability bounding set in seunshare, this allows sandbox to +- run setuid apps. +- Cleanup policy generation template +- Pass dpi settings to sandbox + * Fri Apr 29 2011 Dan Walsh 2.0.86-7 - Clean up some of the templates for sepolgen