Allow user to specify DPI when running sandbox

2011-11-07 15:56:15 -05:00 · 2011-11-07 15:56:15 -05:00 · e71cb0d5d0
parent 6119a6b9f8
commit e71cb0d5d0
2 changed files with 189 additions and 3 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -42,6 +42,19 @@ index 99d0ed7..19e20a8 100644
 	if (set_signal_handles())
 		return -1;
 
+diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
+index 554262a..a52e4b0 100644
+--- a/policycoreutils/po/Makefile
+++ b/policycoreutils/po/Makefile
+@@ -7,7 +7,7 @@ TOP	 = ../..
+ # What is this package?
+ NLSPACKAGE	= policycoreutils
+ POTFILE		= $(NLSPACKAGE).pot
+-INSTALL		= /usr/bin/install -c
+INSTALL		= /usr/bin/install -c -p
+ INSTALL_DATA	= $(INSTALL) -m 644
+ INSTALL_DIR	= /usr/bin/install -d
+ 
 diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c
 index 89f5d97..dfd9629 100644
 --- a/policycoreutils/restorecond/restorecond.c
@ -85,7 +98,7 @@ index 9db766c..068e24c 100644
 
 }				/* main() */
 diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile
-index 1c458f1..36042a2 100644
+index 1c458f1..96c6795 100644
 --- a/policycoreutils/sandbox/Makefile
 +++ b/policycoreutils/sandbox/Makefile
@@ -23,7 +23,7 @@ install: all
@ -93,10 +106,180 @@ index 1c458f1..36042a2 100644
 	install -m 644 seunshare.8 $(MANDIR)/man8/
 	-mkdir -p $(MANDIR)/man5
 -	install -m 644 sandbox.conf.5 $(MANDIR)/man5/
-+	install -m 644 sandbox.conf.5 $(MANDIR)/man5/sandbox.5
+	install -m 644 sandbox.5 $(MANDIR)/man5/sandbox.5
 	-mkdir -p $(SBINDIR)
 	install -m 4755 seunshare $(SBINDIR)/
 	-mkdir -p $(SHAREDIR)
+diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
+index 486cd4e..cdd4293 100644
+--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
+@@ -160,6 +160,17 @@ class Sandbox:
+         self.__level = None
+         self.__homedir = None
+         self.__tmpdir = None
+        self.__set_dpi()
+    
+    def __set_dpi(self):
+        rc, out = commands.getstatusoutput("/usr/bin/xrdb -query")
+        if rc != 0:
+               self.dpi = 96
+        else:
+               for i in out.split("\n"):
+                      if i.startswith("Xft.dpi:"):
+                             self.dpi = i.split()[1]
+                             break;
+ 
+     def __validate_mount(self):
+            if self.__options.level:
+@@ -278,6 +289,9 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+                           action="callback", callback=self.__mount_callback, 
+                           help=_("mount new home and/or tmp directory"))
+ 
+        parser.add_option("-d", "--dpi", 
+                          dest="dpi", action="store",default=self.dpi,
+                          help=_("dots per inch for X display: (%s)" % self.dpi))
+         parser.add_option("-S", "--session", action="store_true",  dest="session", 
+                           default=False,  help=_("run complete desktop session within sandbox"))
+ 
+@@ -322,7 +336,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+ 
+         if self.__options.X_ind:
+                self.setype = DEFAULT_X_TYPE
+-               self.dpi=commands.getoutput("xrdb -query | grep dpi  | /bin/cut -f 2")
+
+         if self.__options.setype:
+                self.setype = self.__options.setype
+ 
+@@ -408,7 +422,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+ 
+                                 self.__setup_sandboxrc(self.__options.wm)
+ 
+-                                cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
+                                cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.__options.dpi ]
+                          else:
+                                 cmds += [ "--" ] + self.__paths
+                          return subprocess.Popen(cmds).wait()
+diff --git a/policycoreutils/sandbox/sandbox.5 b/policycoreutils/sandbox/sandbox.5
+new file mode 100644
+index 0000000..b3ee67d
+--- /dev/null
+++ b/policycoreutils/sandbox/sandbox.5
+@@ -0,0 +1,40 @@
+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
+.SH NAME
+sandbox.conf \- user config file for the SELinux sandbox
+.SH DESCRIPTION
+.PP
+When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.
+
+.PP
+Everything after "#" is ignored, as are empty lines.  All arguments should be separated by and equals sign ("=").
+
+.PP
+These keywords are allowed.
+
+.RS
+.TP
+.B NAME
+The name of the sandbox control group.  Default is "sandbox".
+
+.TP
+.B CPUAFFINITY
+Which cpus to assign sandbox to.  The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges.  Ex: 0-2,5
+
+.TP
+.B MEMUSAGE
+How much memory to allow sandbox to use.  The default is 80%.  Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively.  Ex: 50% or 100M
+
+.TP
+.B CPUUSAGE
+Percentage of cpu sandbox should be allowed to use.  The default is 80%.  Specify a value followed by a percent sign ("%"). Ex: 50%
+
+
+
+.SH "SEE ALSO"
+.TP
+sandbox(8)
+.PP
+
+.SH AUTHOR
+This manual page was written by
+.I Thomas Liu <tliu@fedoraproject.org>
+diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
+index 2b37e63..3f05c79 100644
+--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
+@@ -3,11 +3,11 @@
+ sandbox \- Run cmd under an SELinux sandbox
+ .SH SYNOPSIS
+ .B sandbox
+-[-C] [-c] [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+[-C] [-c] [ -d DPI ] [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+ 
+ .br
+ .B sandbox
+-[-C] [-c] [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
+[-C] [-c] [ -d DPI ] [-l level ] [[-M | -X]  -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
+ .br
+ .SH DESCRIPTION
+ .PP
+@@ -60,6 +60,9 @@ Default to /usr/bin/matchbox-window-manager.
+ Create an X based Sandbox for gui apps, temporary files for
+ $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
+ .TP
+\fB\-d\fR
+Set the DPI value for the sanbox X Server. Defaults to the current X Sever DPI.
+.TP
+ \fB\-c\fR
+ Use control groups to control this copy of sandbox.  Specify parameters in /etc/sysconfig/sandbox.  Max memory usage and cpu usage are to be specified in percent.  You can specify which CPUs to use by numbering them 0,1,2... etc.
+ .TP
+diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5
+deleted file mode 100644
+index b3ee67d..0000000
+--- a/policycoreutils/sandbox/sandbox.conf.5
+++ /dev/null
+@@ -1,40 +0,0 @@
+-.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
+-.SH NAME
+-sandbox.conf \- user config file for the SELinux sandbox
+-.SH DESCRIPTION
+-.PP
+-When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.
+-
+-.PP
+-Everything after "#" is ignored, as are empty lines.  All arguments should be separated by and equals sign ("=").
+-
+-.PP
+-These keywords are allowed.
+-
+-.RS
+-.TP
+-.B NAME
+-The name of the sandbox control group.  Default is "sandbox".
+-
+-.TP
+-.B CPUAFFINITY
+-Which cpus to assign sandbox to.  The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges.  Ex: 0-2,5
+-
+-.TP
+-.B MEMUSAGE
+-How much memory to allow sandbox to use.  The default is 80%.  Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively.  Ex: 50% or 100M
+-
+-.TP
+-.B CPUUSAGE
+-Percentage of cpu sandbox should be allowed to use.  The default is 80%.  Specify a value followed by a percent sign ("%"). Ex: 50%
+-
+-
+-
+-.SH "SEE ALSO"
+-.TP
+-sandbox(8)
+-.PP
+-
+-.SH AUTHOR
+-This manual page was written by
+-.I Thomas Liu <tliu@fedoraproject.org>
 diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
 index d1ccdc2..11c391c 100644
 --- a/policycoreutils/sandbox/sandbox.init
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -352,6 +352,9 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Mon Nov 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
+- Allow user to specify DPI when running sandbox
+
 * Mon Nov 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2
 - Add Miroslav patch to return all attributes