* Mon Sep 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-11

- Lots of fixes for polgengui
2007-09-10 19:45:03 +00:00 · 2007-09-10 19:45:03 +00:00 · fcb8db4597
parent 162ba434ca
commit fcb8db4597
2 changed files with 112 additions and 30 deletions
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -914,8 +914,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
 --- nsapolicycoreutils/gui/polgen.glade	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.glade	2007-09-10 11:56:01.000000000 -0400
-@@ -0,0 +1,2364 @@
+++ policycoreutils-2.0.25/gui/polgen.glade	2007-09-10 15:42:48.000000000 -0400
+@@ -0,0 +1,2386 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
 +
@ -1028,8 +1028,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +      <child>
 +	<widget class="GtkNotebook" id="notebook1">
 +	  <property name="visible">True</property>
-+	  <property name="can_focus">True</property>
-+	  <property name="show_tabs">True</property>
+	  <property name="show_tabs">False</property>
 +	  <property name="show_border">True</property>
 +	  <property name="tab_pos">GTK_POS_TOP</property>
 +	  <property name="scrollable">False</property>
@ -1080,7 +1079,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  <child>
 +	    <widget class="GnomeDruidPageStandard" id="select_type_page">
 +	      <property name="visible">True</property>
-+	      <property name="title" translatable="yes">Select application or user type that you want to confine.</property>
+	      <property name="title" translatable="yes">Select application or user role to be confined.</property>
 +	      <signal name="next" handler="on_select_type_page_next" last_modification_time="Sat, 04 Aug 2007 11:39:15 GMT"/>
 +
 +	      <child internal-child="vbox">
@ -1773,6 +1772,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
+	    <widget class="GtkLabel" id="label30">
+	      <property name="visible">True</property>
+	      <property name="label" translatable="yes">label30</property>
+	      <property name="use_underline">False</property>
+	      <property name="use_markup">False</property>
+	      <property name="justify">GTK_JUSTIFY_LEFT</property>
+	      <property name="wrap">False</property>
+	      <property name="selectable">False</property>
+	      <property name="xalign">0.5</property>
+	      <property name="yalign">0.5</property>
+	      <property name="xpad">0</property>
+	      <property name="ypad">0</property>
+	      <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+	      <property name="width_chars">-1</property>
+	      <property name="single_line_mode">False</property>
+	      <property name="angle">0</property>
+	    </widget>
+	    <packing>
+	      <property name="type">tab</property>
+	    </packing>
+	  </child>
+
+	  <child>
 +	    <widget class="GnomeDruidPageStandard" id="roles_page">
 +	      <property name="visible">True</property>
 +	      <property name="title" translatable="yes">Select the roles(s) that this user will be able to become</property>
@ -1824,9 +1846,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label30">
+	    <widget class="GtkLabel" id="label31">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label30</property>
+	      <property name="label" translatable="yes">label31</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -2247,9 +2269,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label31">
+	    <widget class="GtkLabel" id="label32">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label31</property>
+	      <property name="label" translatable="yes">label32</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -2563,9 +2585,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label32">
+	    <widget class="GtkLabel" id="label33">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label32</property>
+	      <property name="label" translatable="yes">label33</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -2695,9 +2717,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label33">
+	    <widget class="GtkLabel" id="label34">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label33</property>
+	      <property name="label" translatable="yes">label34</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -3025,9 +3047,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label34">
+	    <widget class="GtkLabel" id="label35">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label34</property>
+	      <property name="label" translatable="yes">label35</property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -3141,9 +3163,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label35">
+	    <widget class="GtkLabel" id="label43">
 +	      <property name="visible">True</property>
-+	      <property name="label" translatable="yes">label35</property>
+	      <property name="label" translatable="yes"></property>
 +	      <property name="use_underline">False</property>
 +	      <property name="use_markup">False</property>
 +	      <property name="justify">GTK_JUSTIFY_LEFT</property>
@ -3181,7 +3203,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +	  </child>
 +
 +	  <child>
-+	    <widget class="GtkLabel" id="label43">
+	    <widget class="GtkLabel" id="label44">
 +	      <property name="visible">True</property>
 +	      <property name="label" translatable="yes"></property>
 +	      <property name="use_underline">False</property>
@ -3282,8 +3304,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +</glade-interface>
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
 --- nsapolicycoreutils/gui/polgengui.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgengui.py	2007-09-10 11:58:05.000000000 -0400
-@@ -0,0 +1,452 @@
+++ policycoreutils-2.0.25/gui/polgengui.py	2007-09-10 15:43:11.000000000 -0400
+@@ -0,0 +1,453 @@
 +#!/usr/bin/python
 +#
 +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@ -3572,7 +3594,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +                my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
 +                my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
 +                my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
-+                my_policy.set_init_script(self.script_entry.get_text())
+                if self.get_type() is polgen.DAEMON:
+                    my_policy.set_init_script(self.init_script_entry.get_text())
 +            else:
 +                if self.get_type() == polgen.RUSER:
 +                    selected = []
@ -3738,8 +3761,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
 --- nsapolicycoreutils/gui/polgen.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.py	2007-09-10 12:16:38.000000000 -0400
-@@ -0,0 +1,719 @@
+++ policycoreutils-2.0.25/gui/polgen.py	2007-09-10 15:43:04.000000000 -0400
+@@ -0,0 +1,727 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@ -4207,6 +4230,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +		newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
 +		return newte
 +	
+	def generate_user_if(self):
+                newif = ""
+                if self.type == USER:
+                    newif += re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
+
+                return newif
+                
 +	def generate_if(self):
 +                newif = ""
 +                if self.program != "":
@ -4221,6 +4251,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                                        if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
 +                                            newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
 +                                            break
+                newif += self.generate_user_if()
 +                newif += self.generate_admin_if()
 +                
 +		return newif
@ -8884,8 +8915,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
 --- nsapolicycoreutils/gui/templates/executable.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/executable.py	2007-09-05 22:25:10.000000000 -0400
-@@ -0,0 +1,229 @@
+++ policycoreutils-2.0.25/gui/templates/executable.py	2007-09-10 15:43:29.000000000 -0400
+@@ -0,0 +1,277 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@ -8951,6 +8982,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +type TEMPLATETYPE_t;
 +type TEMPLATETYPE_exec_t;
 +application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
+role system_r types TEMPLATETYPE_t;
+
 +"""
 +
 +te_cgi_types="""\
@ -8995,6 +9028,22 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +"""
 +
 +te_userapp_rules="""
+########################################
+#
+# TEMPLATETYPE local policy
+#
+
+## internal communication is often done using fifo and unix sockets.
+allow TEMPLATETYPE_t self:fifo_file rw_file_perms;
+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
+
+files_read_etc_files(TEMPLATETYPE_t)
+
+libs_use_ld_so(TEMPLATETYPE_t)
+libs_use_shared_libs(TEMPLATETYPE_t)
+
+miscfiles_read_localization(TEMPLATETYPE_t)
+
 +"""
 +
 +te_cgi_rules="""
@ -9032,11 +9081,41 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +                type TEMPLATETYPE_exec_t;
 +	')
 +
-+	domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
+	domtrans_pattern($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
+')
 +
-+	allow TEMPLATETYPE_t $1:fd use;
-+	allow TEMPLATETYPE_t $1:fifo_file rw_file_perms;
-+	allow TEMPLATETYPE_t $1:process sigchld;
+"""
+
+if_user_program_rules="""
+########################################
+## <summary>
+##	Execute TEMPLATETYPE in the TEMPLATETYPE domain, and
+##	allow the specified role the TEMPLATETYPE domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	The role to be allowed the TEMPLATETYPE domain.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the role's terminal.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_run',`
+	gen_require(`
+		type TEMPLATETYPE_t;
+	')
+
+	TEMPLATETYPE_domtrans($1)
+	role $2 types TEMPLATETYPE_t;
+	dontaudit TEMPLATETYPE_t $3:chr_file rw_term_perms;
 +')
 +
 +"""
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.25
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -200,6 +200,9 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Mon Sep 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-11
+- Lots of fixes for polgengui
+
 * Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-10
 - Change Requires /bin/rpm to rpm