Compare commits
43 Commits
Author | SHA1 | Date |
---|---|---|
Petr Lautrbach | d56dce0a5d | |
Petr Lautrbach | c808ccc35c | |
Petr Lautrbach | b0ed1f8d21 | |
Petr Lautrbach | f052664e78 | |
Petr Lautrbach | 7a6b569fa6 | |
Petr Lautrbach | b47cf5c7c2 | |
Petr Lautrbach | f978fdc2d2 | |
Petr Lautrbach | 98cfe16c02 | |
Petr Lautrbach | c65daa990e | |
Fedora Release Engineering | d151b2c053 | |
Fedora Release Engineering | f853c76a5b | |
Tom Stellard | a73719697a | |
Petr Lautrbach | 50de5507f3 | |
Petr Lautrbach | 2af2f550d6 | |
Petr Lautrbach | 44dfe0fd37 | |
Miro Hrončok | efa9d6cac8 | |
Fedora Release Engineering | c00b4867ac | |
Petr Lautrbach | 7ccd1ee567 | |
Petr Lautrbach | ef4795f423 | |
Petr Lautrbach | da2585a281 | |
Petr Lautrbach | d4e16d7c7d | |
Petr Lautrbach | bfe01763d9 | |
Petr Lautrbach | 757b820a2b | |
Petr Lautrbach | d6f96f416d | |
Petr Lautrbach | a2e668e9c9 | |
Petr Lautrbach | 5ea7b37cde | |
Miro Hrončok | 78ffe5c66e | |
Petr Lautrbach | 2dc66df8a9 | |
Petr Lautrbach | 21fff37ccc | |
Petr Lautrbach | 61d9b74e3d | |
Petr Lautrbach | d01ff1b97d | |
Petr Lautrbach | 88ef143cf4 | |
Petr Lautrbach | 18e735df1b | |
Petr Lautrbach | d98f342921 | |
Fedora Release Engineering | d378c732b0 | |
Petr Lautrbach | f62c86f32c | |
Petr Lautrbach | 8008fc1f39 | |
Petr Lautrbach | 8478235a3c | |
Fedora Release Engineering | 67598f5a41 | |
Petr Lautrbach | a21e2f9484 | |
Petr Lautrbach | 3a6c8251f5 | |
Petr Lautrbach | ea40a6c901 | |
Petr Lautrbach | e3a75fa174 |
|
@ -280,3 +280,45 @@ policycoreutils-2.0.83.tgz
|
|||
/policycoreutils-po.tgz
|
||||
/python-po.tgz
|
||||
/sandbox-po.tgz
|
||||
/policycoreutils-2.9-rc1.tar.gz
|
||||
/selinux-python-2.9-rc1.tar.gz
|
||||
/selinux-gui-2.9-rc1.tar.gz
|
||||
/selinux-sandbox-2.9-rc1.tar.gz
|
||||
/selinux-dbus-2.9-rc1.tar.gz
|
||||
/semodule-utils-2.9-rc1.tar.gz
|
||||
/restorecond-2.9-rc1.tar.gz
|
||||
/policycoreutils-2.9-rc2.tar.gz
|
||||
/restorecond-2.9-rc2.tar.gz
|
||||
/selinux-dbus-2.9-rc2.tar.gz
|
||||
/selinux-gui-2.9-rc2.tar.gz
|
||||
/selinux-python-2.9-rc2.tar.gz
|
||||
/selinux-sandbox-2.9-rc2.tar.gz
|
||||
/semodule-utils-2.9-rc2.tar.gz
|
||||
/policycoreutils-2.9.tar.gz
|
||||
/restorecond-2.9.tar.gz
|
||||
/selinux-dbus-2.9.tar.gz
|
||||
/selinux-gui-2.9.tar.gz
|
||||
/selinux-python-2.9.tar.gz
|
||||
/selinux-sandbox-2.9.tar.gz
|
||||
/semodule-utils-2.9.tar.gz
|
||||
/policycoreutils-3.0-rc1.tar.gz
|
||||
/restorecond-3.0-rc1.tar.gz
|
||||
/selinux-dbus-3.0-rc1.tar.gz
|
||||
/selinux-gui-3.0-rc1.tar.gz
|
||||
/selinux-python-3.0-rc1.tar.gz
|
||||
/selinux-sandbox-3.0-rc1.tar.gz
|
||||
/semodule-utils-3.0-rc1.tar.gz
|
||||
/policycoreutils-3.0.tar.gz
|
||||
/restorecond-3.0.tar.gz
|
||||
/selinux-dbus-3.0.tar.gz
|
||||
/selinux-gui-3.0.tar.gz
|
||||
/selinux-python-3.0.tar.gz
|
||||
/selinux-sandbox-3.0.tar.gz
|
||||
/semodule-utils-3.0.tar.gz
|
||||
/policycoreutils-3.1.tar.gz
|
||||
/restorecond-3.1.tar.gz
|
||||
/selinux-dbus-3.1.tar.gz
|
||||
/selinux-gui-3.1.tar.gz
|
||||
/selinux-python-3.1.tar.gz
|
||||
/selinux-sandbox-3.1.tar.gz
|
||||
/semodule-utils-3.1.tar.gz
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
From ccd973f721c48945fc706d8fef6b396580853a9f Mon Sep 17 00:00:00 2001
|
||||
From: "W. Michael Petullo" <mike@flyn.org>
|
||||
Date: Thu, 16 Jul 2020 15:29:20 -0500
|
||||
Subject: [PATCH] python/audit2allow: add #include <limits.h> to
|
||||
sepolgen-ifgen-attr-helper.c
|
||||
|
||||
I found that building on OpenWrt/musl failed with:
|
||||
|
||||
sepolgen-ifgen-attr-helper.c:152:16: error: 'PATH_MAX' undeclared ...
|
||||
|
||||
Musl is less "generous" than glibc in recursively including header
|
||||
files, and I suspect this is the reason for this error. Explicitly
|
||||
including limits.h fixes the problem.
|
||||
|
||||
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
||||
---
|
||||
python/audit2allow/sepolgen-ifgen-attr-helper.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||
index 53f20818722a..f010c9584c1f 100644
|
||||
--- a/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||
+++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c
|
||||
@@ -28,6 +28,7 @@
|
||||
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
+#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From 9e2b8c61bfd275d0f007a736721c557755edf4a0 Mon Sep 17 00:00:00 2001
|
||||
From: Laurent Bigonville <bigon@bigon.be>
|
||||
Date: Thu, 16 Jul 2020 14:22:13 +0200
|
||||
Subject: [PATCH] restorecond: Set X-GNOME-HiddenUnderSystemd=true in
|
||||
restorecond.desktop file
|
||||
|
||||
This completely inactivate the .desktop file incase the user session is
|
||||
managed by systemd as restorecond also provide a service file
|
||||
|
||||
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
|
||||
---
|
||||
restorecond/restorecond.desktop | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/restorecond/restorecond.desktop b/restorecond/restorecond.desktop
|
||||
index af7286801c24..7df854727a3f 100644
|
||||
--- a/restorecond/restorecond.desktop
|
||||
+++ b/restorecond/restorecond.desktop
|
||||
@@ -5,3 +5,4 @@ Comment=Fix file context in owned by the user
|
||||
Type=Application
|
||||
StartupNotify=false
|
||||
X-GNOME-Autostart-enabled=false
|
||||
+X-GNOME-HiddenUnderSystemd=true
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,136 @@
|
|||
From ba2d6c10635a021d2b1a5fc2123fde13b04295a5 Mon Sep 17 00:00:00 2001
|
||||
From: bauen1 <j2468h@googlemail.com>
|
||||
Date: Thu, 6 Aug 2020 16:48:36 +0200
|
||||
Subject: [PATCH] fixfiles: correctly restore context of mountpoints
|
||||
|
||||
By bind mounting every filesystem we want to relabel we can access all
|
||||
files without anything hidden due to active mounts.
|
||||
|
||||
This comes at the cost of user experience, because setfiles only
|
||||
displays the percentage if no path is given or the path is /
|
||||
|
||||
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
policycoreutils/scripts/fixfiles | 29 +++++++++++++++++++++++++----
|
||||
policycoreutils/scripts/fixfiles.8 | 8 ++++++--
|
||||
2 files changed, 31 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 5d7770348349..30dadb4f4cb6 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -112,6 +112,7 @@ FORCEFLAG=""
|
||||
RPMFILES=""
|
||||
PREFC=""
|
||||
RESTORE_MODE=""
|
||||
+BIND_MOUNT_FILESYSTEMS=""
|
||||
SETFILES=/sbin/setfiles
|
||||
RESTORECON=/sbin/restorecon
|
||||
FILESYSTEMSRW=`get_rw_labeled_mounts`
|
||||
@@ -243,7 +244,23 @@ case "$RESTORE_MODE" in
|
||||
if [ -n "${FILESYSTEMSRW}" ]; then
|
||||
LogReadOnly
|
||||
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
|
||||
- ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
|
||||
+
|
||||
+ if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then
|
||||
+ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
|
||||
+ else
|
||||
+ # we bind mount so we can fix the labels of files that have already been
|
||||
+ # mounted over
|
||||
+ for m in `echo $FILESYSTEMSRW`; do
|
||||
+ TMP_MOUNT="$(mktemp -d)"
|
||||
+ test -z ${TMP_MOUNT+x} && echo "Unable to find temporary directory!" && exit 1
|
||||
+
|
||||
+ mkdir -p "${TMP_MOUNT}${m}" || exit 1
|
||||
+ mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1
|
||||
+ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
|
||||
+ umount "${TMP_MOUNT}${m}" || exit 1
|
||||
+ rm -rf "${TMP_MOUNT}" || echo "Error cleaning up."
|
||||
+ done;
|
||||
+ fi
|
||||
else
|
||||
echo >&2 "fixfiles: No suitable file systems found"
|
||||
fi
|
||||
@@ -313,6 +330,7 @@ case "$1" in
|
||||
> /.autorelabel || exit $?
|
||||
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
||||
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
||||
+ [ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel
|
||||
# Force full relabel if SELinux is not enabled
|
||||
selinuxenabled || echo -F > /.autorelabel
|
||||
echo "System will relabel on next boot"
|
||||
@@ -324,7 +342,7 @@ esac
|
||||
}
|
||||
usage() {
|
||||
echo $"""
|
||||
-Usage: $0 [-v] [-F] [-f] relabel
|
||||
+Usage: $0 [-v] [-F] [-M] [-f] relabel
|
||||
or
|
||||
Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify }
|
||||
or
|
||||
@@ -334,7 +352,7 @@ Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify }
|
||||
or
|
||||
Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
|
||||
or
|
||||
-Usage: $0 [-F] [-B] onboot
|
||||
+Usage: $0 [-F] [-M] [-B] onboot
|
||||
"""
|
||||
}
|
||||
|
||||
@@ -353,7 +371,7 @@ set_restore_mode() {
|
||||
}
|
||||
|
||||
# See how we were called.
|
||||
-while getopts "N:BC:FfR:l:v" i; do
|
||||
+while getopts "N:BC:FfR:l:vM" i; do
|
||||
case "$i" in
|
||||
B)
|
||||
BOOTTIME=`/bin/who -b | awk '{print $3}'`
|
||||
@@ -379,6 +397,9 @@ while getopts "N:BC:FfR:l:v" i; do
|
||||
echo "Redirecting output to $OPTARG"
|
||||
exec >>"$OPTARG" 2>&1
|
||||
;;
|
||||
+ M)
|
||||
+ BIND_MOUNT_FILESYSTEMS="-M"
|
||||
+ ;;
|
||||
F)
|
||||
FORCEFLAG="-F"
|
||||
;;
|
||||
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
||||
index 9f447f03d444..123425308416 100644
|
||||
--- a/policycoreutils/scripts/fixfiles.8
|
||||
+++ b/policycoreutils/scripts/fixfiles.8
|
||||
@@ -6,7 +6,7 @@ fixfiles \- fix file SELinux security contexts.
|
||||
.na
|
||||
|
||||
.B fixfiles
|
||||
-.I [\-v] [\-F] [\-f] relabel
|
||||
+.I [\-v] [\-F] [-M] [\-f] relabel
|
||||
|
||||
.B fixfiles
|
||||
.I [\-v] [\-F] { check | restore | verify } dir/file ...
|
||||
@@ -21,7 +21,7 @@ fixfiles \- fix file SELinux security contexts.
|
||||
.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT { check | restore | verify }
|
||||
|
||||
.B fixfiles
|
||||
-.I [-F] [-B] onboot
|
||||
+.I [-F] [-M] [-B] onboot
|
||||
|
||||
.ad
|
||||
|
||||
@@ -68,6 +68,10 @@ Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and
|
||||
Only act on files created after the specified date. Date must be specified in
|
||||
"YYYY\-MM\-DD HH:MM" format. Date field will be passed to find \-\-newermt command.
|
||||
|
||||
+.TP
|
||||
+.B \-M
|
||||
+Bind mount filesystems before relabeling them, this allows fixing the context of files or directories that have been mounted over.
|
||||
+
|
||||
.TP
|
||||
.B -v
|
||||
Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
From 9e239e55692b578ba546b4dff2b07604a2ca6baa Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Wed, 19 Aug 2020 17:05:33 +0200
|
||||
Subject: [PATCH] sepolgen: print extended permissions in hexadecimal
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
All tools like ausearch(8) or sesearch(1) and online documentation[1]
|
||||
use hexadecimal values for extended permissions.
|
||||
Hence use them, e.g. for audit2allow output, as well.
|
||||
|
||||
[1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h
|
||||
|
||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
python/sepolgen/src/sepolgen/refpolicy.py | 5 ++---
|
||||
python/sepolgen/tests/test_access.py | 10 +++++-----
|
||||
python/sepolgen/tests/test_refpolicy.py | 12 ++++++------
|
||||
3 files changed, 13 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
|
||||
index 43cecfc77385..747636875ef7 100644
|
||||
--- a/python/sepolgen/src/sepolgen/refpolicy.py
|
||||
+++ b/python/sepolgen/src/sepolgen/refpolicy.py
|
||||
@@ -407,10 +407,9 @@ class XpermSet():
|
||||
|
||||
# print single value without braces
|
||||
if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
|
||||
- return compl + str(self.ranges[0][0])
|
||||
+ return compl + hex(self.ranges[0][0])
|
||||
|
||||
- vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
|
||||
- self.ranges)
|
||||
+ vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
|
||||
|
||||
return "%s{ %s }" % (compl, " ".join(vals))
|
||||
|
||||
diff --git a/python/sepolgen/tests/test_access.py b/python/sepolgen/tests/test_access.py
|
||||
index 73a5407df617..623588e09aeb 100644
|
||||
--- a/python/sepolgen/tests/test_access.py
|
||||
+++ b/python/sepolgen/tests/test_access.py
|
||||
@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
|
||||
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
||||
|
||||
def text_merge_xperm2(self):
|
||||
"""Test merging AV that does not contain xperms with AV that does"""
|
||||
@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
|
||||
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
||||
|
||||
def test_merge_xperm_diff_op(self):
|
||||
"""Test merging two AVs that contain xperms with different operation"""
|
||||
@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(list(a.perms), ["read"])
|
||||
self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
|
||||
- self.assertEqual(a.xperms["asdf"].to_string(), "23")
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
|
||||
|
||||
def test_merge_xperm_same_op(self):
|
||||
"""Test merging two AVs that contain xperms with same operation"""
|
||||
@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
|
||||
a.merge(b)
|
||||
self.assertEqual(list(a.perms), ["read"])
|
||||
self.assertEqual(list(a.xperms.keys()), ["ioctl"])
|
||||
- self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
|
||||
+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
|
||||
|
||||
class TestUtilFunctions(unittest.TestCase):
|
||||
def test_is_idparam(self):
|
||||
diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
|
||||
index 4b50c8aada96..c7219fd568e9 100644
|
||||
--- a/python/sepolgen/tests/test_refpolicy.py
|
||||
+++ b/python/sepolgen/tests/test_refpolicy.py
|
||||
@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
|
||||
a.complement = True
|
||||
self.assertEqual(a.to_string(), "")
|
||||
a.add(1234)
|
||||
- self.assertEqual(a.to_string(), "~ 1234")
|
||||
+ self.assertEqual(a.to_string(), "~ 0x4d2")
|
||||
a.complement = False
|
||||
- self.assertEqual(a.to_string(), "1234")
|
||||
+ self.assertEqual(a.to_string(), "0x4d2")
|
||||
a.add(2345)
|
||||
- self.assertEqual(a.to_string(), "{ 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
|
||||
a.complement = True
|
||||
- self.assertEqual(a.to_string(), "~ { 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
|
||||
a.add(42,64)
|
||||
- self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
|
||||
a.complement = False
|
||||
- self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
|
||||
+ self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
|
||||
|
||||
class TestSecurityContext(unittest.TestCase):
|
||||
def test_init(self):
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,109 @@
|
|||
From 2a60de8eca6bd91e276b60441a5dc72d85c6eda3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Wed, 19 Aug 2020 17:05:34 +0200
|
||||
Subject: [PATCH] sepolgen: sort extended rules like normal ones
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Currently:
|
||||
|
||||
#============= sshd_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t ptmx_t:chr_file ioctl;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t sshd_devpts_t:chr_file ioctl;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t user_devpts_t:chr_file ioctl;
|
||||
|
||||
#============= user_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t devtty_t:chr_file ioctl;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t user_devpts_t:chr_file ioctl;
|
||||
allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
|
||||
allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
|
||||
allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
|
||||
allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
|
||||
allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
|
||||
|
||||
Changed:
|
||||
|
||||
#============= sshd_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t ptmx_t:chr_file ioctl;
|
||||
allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t sshd_devpts_t:chr_file ioctl;
|
||||
allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow sshd_t user_devpts_t:chr_file ioctl;
|
||||
allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
|
||||
|
||||
#============= user_t ==============
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t devtty_t:chr_file ioctl;
|
||||
allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
|
||||
|
||||
#!!!! This avc is allowed in the current policy
|
||||
#!!!! This av rule may have been overridden by an extended permission av rule
|
||||
allow user_t user_devpts_t:chr_file ioctl;
|
||||
allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
|
||||
|
||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
python/sepolgen/src/sepolgen/output.py | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolgen/src/sepolgen/output.py b/python/sepolgen/src/sepolgen/output.py
|
||||
index 3a21b64c19f7..aeeaafc889e7 100644
|
||||
--- a/python/sepolgen/src/sepolgen/output.py
|
||||
+++ b/python/sepolgen/src/sepolgen/output.py
|
||||
@@ -84,7 +84,7 @@ def avrule_cmp(a, b):
|
||||
return ret
|
||||
|
||||
# At this point, who cares - just return something
|
||||
- return cmp(len(a.perms), len(b.perms))
|
||||
+ return 0
|
||||
|
||||
# Compare two interface calls
|
||||
def ifcall_cmp(a, b):
|
||||
@@ -100,7 +100,7 @@ def rule_cmp(a, b):
|
||||
else:
|
||||
return id_set_cmp([a.args[0]], b.src_types)
|
||||
else:
|
||||
- if isinstance(b, refpolicy.AVRule):
|
||||
+ if isinstance(b, refpolicy.AVRule) or isinstance(b, refpolicy.AVExtRule):
|
||||
return avrule_cmp(a,b)
|
||||
else:
|
||||
return id_set_cmp(a.src_types, [b.args[0]])
|
||||
@@ -130,6 +130,7 @@ def sort_filter(module):
|
||||
# we assume is the first argument for interfaces).
|
||||
rules = []
|
||||
rules.extend(node.avrules())
|
||||
+ rules.extend(node.avextrules())
|
||||
rules.extend(node.interface_calls())
|
||||
rules.sort(key=util.cmp_to_key(rule_cmp))
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
From 8bc865e1fe8f6f734b7306441ccbeec3b7c37f97 Mon Sep 17 00:00:00 2001
|
||||
From: Dominick Grift <dominick.grift@defensec.nl>
|
||||
Date: Tue, 1 Sep 2020 18:16:41 +0200
|
||||
Subject: [PATCH] newrole: support cross-compilation with PAM and audit
|
||||
|
||||
Compilation of newrole with PAM and audit support currently requires that you have the respective headers installed on the host. Instead make the header location customizable to accomodate cross-compilation.
|
||||
|
||||
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
|
||||
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
||||
---
|
||||
policycoreutils/newrole/Makefile | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
|
||||
index 73ebd413da85..0e7ebce3dd56 100644
|
||||
--- a/policycoreutils/newrole/Makefile
|
||||
+++ b/policycoreutils/newrole/Makefile
|
||||
@@ -5,8 +5,9 @@ BINDIR ?= $(PREFIX)/bin
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
ETCDIR ?= /etc
|
||||
LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale
|
||||
-PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
|
||||
-AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
|
||||
+INCLUDEDIR ?= $(PREFIX)/include
|
||||
+PAMH ?= $(shell test -f $(INCLUDEDIR)/security/pam_appl.h && echo y)
|
||||
+AUDITH ?= $(shell test -f $(INCLUDEDIR)/libaudit.h && echo y)
|
||||
# Enable capabilities to permit newrole to generate audit records.
|
||||
# This will make newrole a setuid root program.
|
||||
# The capabilities used are: CAP_AUDIT_WRITE.
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From ea624dcc70d93867f23b94c368b8cf102269c13b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
||||
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
||||
recent Fedoras
|
||||
|
||||
---
|
||||
sandbox/sandboxX.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||
index eaa500d08143..4774528027ef 100644
|
||||
--- a/sandbox/sandboxX.sh
|
||||
+++ b/sandbox/sandboxX.sh
|
||||
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
|
||||
</openbox_config>
|
||||
EOF
|
||||
|
||||
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
#!/bin/sh
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From 932c1244bc98d3a05a238f3f0b333cf8c429113b Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
||||
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
||||
|
||||
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 3e8a3be907e3..a1d70623cff0 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -735,10 +735,13 @@ Default Defined Ports:""")
|
||||
|
||||
def _file_context(self):
|
||||
flist = []
|
||||
+ flist_non_exec = []
|
||||
mpaths = []
|
||||
for f in self.all_file_types:
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
+ if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
||||
+ flist_non_exec.append(f)
|
||||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
if len(mpaths) == 0:
|
||||
@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
SELinux defines the file context types for the %(domainname)s, if you wanted to
|
||||
store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
|
||||
|
||||
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
|
||||
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
|
||||
.br
|
||||
.B restorecon -R -v /srv/my%(domainname)s_content
|
||||
|
||||
Note: SELinux often uses regular expressions to specify labels that match multiple files.
|
||||
-""" % {'domainname': self.domainname, "type": flist[0]})
|
||||
+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
|
||||
|
||||
self.fd.write(r"""
|
||||
.I The following file types are defined for %(domainname)s:
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
From ae3780eb560fa5f00a3dd591c8233c2a9068a348 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Mon, 12 May 2014 14:11:22 +0200
|
||||
Subject: [PATCH] If there is no executable we don't want to print a part of
|
||||
STANDARD FILE CONTEXT
|
||||
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index a1d70623cff0..2d33eabb2536 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
||||
|
||||
- self.fd.write(r"""
|
||||
+ if flist_non_exec:
|
||||
+ self.fd.write(r"""
|
||||
.PP
|
||||
.B STANDARD FILE CONTEXT
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,169 @@
|
|||
From 7d21b9f41c4d00f1e0499a64089a5e13a8f636ab Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Thu, 19 Feb 2015 17:45:15 +0100
|
||||
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
|
||||
system_release is no longer hardcoded and it creates only index.html and html
|
||||
man pages in the directory for the system release.
|
||||
|
||||
---
|
||||
python/sepolicy/sepolicy/__init__.py | 25 +++--------
|
||||
python/sepolicy/sepolicy/manpage.py | 65 +++-------------------------
|
||||
2 files changed, 13 insertions(+), 77 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||
index e4540977d042..ad718797ca68 100644
|
||||
--- a/python/sepolicy/sepolicy/__init__.py
|
||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||
@@ -1208,27 +1208,14 @@ def boolean_desc(boolean):
|
||||
|
||||
|
||||
def get_os_version():
|
||||
- os_version = ""
|
||||
- pkg_name = "selinux-policy"
|
||||
+ system_release = ""
|
||||
try:
|
||||
- try:
|
||||
- from commands import getstatusoutput
|
||||
- except ImportError:
|
||||
- from subprocess import getstatusoutput
|
||||
- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
|
||||
- if rc == 0:
|
||||
- os_version = output.split(".")[-2]
|
||||
- except:
|
||||
- os_version = ""
|
||||
-
|
||||
- if os_version[0:2] == "fc":
|
||||
- os_version = "Fedora" + os_version[2:]
|
||||
- elif os_version[0:2] == "el":
|
||||
- os_version = "RHEL" + os_version[2:]
|
||||
- else:
|
||||
- os_version = ""
|
||||
+ with open('/etc/system-release') as f:
|
||||
+ system_release = f.readline()
|
||||
+ except IOError:
|
||||
+ system_release = "Misc"
|
||||
|
||||
- return os_version
|
||||
+ return system_release
|
||||
|
||||
|
||||
def reinit():
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 2d33eabb2536..acc77f368d95 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -149,10 +149,6 @@ def prettyprint(f, trim):
|
||||
manpage_domains = []
|
||||
manpage_roles = []
|
||||
|
||||
-fedora_releases = ["Fedora17", "Fedora18"]
|
||||
-rhel_releases = ["RHEL6", "RHEL7"]
|
||||
-
|
||||
-
|
||||
def get_alphabet_manpages(manpage_list):
|
||||
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
|
||||
for i in string.ascii_letters:
|
||||
@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage):
|
||||
class HTMLManPages:
|
||||
|
||||
"""
|
||||
- Generate a HHTML Manpages on an given SELinux domains
|
||||
+ Generate a HTML Manpages on an given SELinux domains
|
||||
"""
|
||||
|
||||
def __init__(self, manpage_roles, manpage_domains, path, os_version):
|
||||
@@ -190,9 +186,9 @@ class HTMLManPages:
|
||||
self.manpage_domains = get_alphabet_manpages(manpage_domains)
|
||||
self.os_version = os_version
|
||||
self.old_path = path + "/"
|
||||
- self.new_path = self.old_path + self.os_version + "/"
|
||||
+ self.new_path = self.old_path
|
||||
|
||||
- if self.os_version in fedora_releases or self.os_version in rhel_releases:
|
||||
+ if self.os_version:
|
||||
self.__gen_html_manpages()
|
||||
else:
|
||||
print("SELinux HTML man pages can not be generated for this %s" % os_version)
|
||||
@@ -201,7 +197,6 @@ class HTMLManPages:
|
||||
def __gen_html_manpages(self):
|
||||
self._write_html_manpage()
|
||||
self._gen_index()
|
||||
- self._gen_body()
|
||||
self._gen_css()
|
||||
|
||||
def _write_html_manpage(self):
|
||||
@@ -219,67 +214,21 @@ class HTMLManPages:
|
||||
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
|
||||
|
||||
def _gen_index(self):
|
||||
- index = self.old_path + "index.html"
|
||||
- fd = open(index, 'w')
|
||||
- fd.write("""
|
||||
-<html>
|
||||
-<head>
|
||||
- <link rel=stylesheet type="text/css" href="style.css" title="style">
|
||||
- <title>SELinux man pages online</title>
|
||||
-</head>
|
||||
-<body>
|
||||
-<h1>SELinux man pages</h1>
|
||||
-<br></br>
|
||||
-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
|
||||
-<br></br>
|
||||
-<hr>
|
||||
-<h3>Fedora</h3>
|
||||
-<table><tr>
|
||||
-<td valign="middle">
|
||||
-</td>
|
||||
-</tr></table>
|
||||
-<pre>
|
||||
-""")
|
||||
- for f in fedora_releases:
|
||||
- fd.write("""
|
||||
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
|
||||
-
|
||||
- fd.write("""
|
||||
-</pre>
|
||||
-<hr>
|
||||
-<h3>RHEL</h3>
|
||||
-<table><tr>
|
||||
-<td valign="middle">
|
||||
-</td>
|
||||
-</tr></table>
|
||||
-<pre>
|
||||
-""")
|
||||
- for r in rhel_releases:
|
||||
- fd.write("""
|
||||
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
|
||||
-
|
||||
- fd.write("""
|
||||
-</pre>
|
||||
- """)
|
||||
- fd.close()
|
||||
- print("%s has been created" % index)
|
||||
-
|
||||
- def _gen_body(self):
|
||||
html = self.new_path + self.os_version + ".html"
|
||||
fd = open(html, 'w')
|
||||
fd.write("""
|
||||
<html>
|
||||
<head>
|
||||
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
|
||||
- <title>Linux man-pages online for Fedora18</title>
|
||||
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
|
||||
+ <title>SELinux man pages online</title>
|
||||
</head>
|
||||
<body>
|
||||
-<h1>SELinux man pages for Fedora18</h1>
|
||||
+<h1>SELinux man pages for %s</h1>
|
||||
<hr>
|
||||
<table><tr>
|
||||
<td valign="middle">
|
||||
<h3>SELinux roles</h3>
|
||||
-""")
|
||||
+""" % self.os_version)
|
||||
for letter in self.manpage_roles:
|
||||
if len(self.manpage_roles[letter]):
|
||||
fd.write("""
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
From f0f030495dddb2e633403f360fdaaf6951da11ad Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Fri, 20 Feb 2015 16:42:01 +0100
|
||||
Subject: [PATCH] We want to remove the trailing newline for
|
||||
/etc/system_release.
|
||||
|
||||
---
|
||||
python/sepolicy/sepolicy/__init__.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||
index ad718797ca68..ea05d892bf3b 100644
|
||||
--- a/python/sepolicy/sepolicy/__init__.py
|
||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||
@@ -1211,7 +1211,7 @@ def get_os_version():
|
||||
system_release = ""
|
||||
try:
|
||||
with open('/etc/system-release') as f:
|
||||
- system_release = f.readline()
|
||||
+ system_release = f.readline().rstrip()
|
||||
except IOError:
|
||||
system_release = "Misc"
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
From 4a18939d21c06d036f1063cbfd2d0b5ae9d0010f Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Fri, 20 Feb 2015 16:42:53 +0100
|
||||
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
|
||||
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index acc77f368d95..4aeb3e2e51ba 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -220,7 +220,7 @@ class HTMLManPages:
|
||||
<html>
|
||||
<head>
|
||||
<link rel=stylesheet type="text/css" href="style.css" title="style">
|
||||
- <title>SELinux man pages online</title>
|
||||
+ <title>SELinux man pages</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>SELinux man pages for %s</h1>
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
From ffe429b49874175f5ec1156e9c89e75cc67a0ddd Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Fri, 14 Feb 2014 12:32:12 -0500
|
||||
Subject: [PATCH] Don't be verbose if you are not on a tty
|
||||
|
||||
---
|
||||
policycoreutils/scripts/fixfiles | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||
index 30dadb4f4cb6..e73bb81c3336 100755
|
||||
--- a/policycoreutils/scripts/fixfiles
|
||||
+++ b/policycoreutils/scripts/fixfiles
|
||||
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
||||
fullFlag=0
|
||||
BOOTTIME=""
|
||||
VERBOSE="-p"
|
||||
+[ -t 1 ] || VERBOSE=""
|
||||
FORCEFLAG=""
|
||||
RPMFILES=""
|
||||
PREFC=""
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
From 4a337405da16857dc2a979e4b4963a6fd7b975c6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
||||
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
||||
file_type_is_entrypoint(f)
|
||||
|
||||
- use direct queries
|
||||
- load exec_types and entry_types only once
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
|
||||
1 file changed, 20 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 4aeb3e2e51ba..330b055af214 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -125,8 +125,24 @@ def gen_domains():
|
||||
domains.sort()
|
||||
return domains
|
||||
|
||||
-types = None
|
||||
|
||||
+exec_types = None
|
||||
+
|
||||
+def _gen_exec_types():
|
||||
+ global exec_types
|
||||
+ if exec_types is None:
|
||||
+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
|
||||
+ return exec_types
|
||||
+
|
||||
+entry_types = None
|
||||
+
|
||||
+def _gen_entry_types():
|
||||
+ global entry_types
|
||||
+ if entry_types is None:
|
||||
+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
|
||||
+ return entry_types
|
||||
+
|
||||
+types = None
|
||||
|
||||
def _gen_types():
|
||||
global types
|
||||
@@ -372,6 +388,8 @@ class ManPage:
|
||||
self.all_file_types = sepolicy.get_all_file_types()
|
||||
self.role_allows = sepolicy.get_all_role_allows()
|
||||
self.types = _gen_types()
|
||||
+ self.exec_types = _gen_exec_types()
|
||||
+ self.entry_types = _gen_entry_types()
|
||||
|
||||
if self.source_files:
|
||||
self.fcpath = self.root + "file_contexts"
|
||||
@@ -689,7 +707,7 @@ Default Defined Ports:""")
|
||||
for f in self.all_file_types:
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
||||
+ if not f in self.exec_types or not f in self.entry_types:
|
||||
flist_non_exec.append(f)
|
||||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
From 7c315fff5e7ce74b0598b62d9aa0b21ca6b06b6d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 28 Feb 2017 21:29:46 +0100
|
||||
Subject: [PATCH] sepolicy: Another small optimization for mcs types
|
||||
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
|
||||
1 file changed, 11 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 330b055af214..f8584436960d 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -142,6 +142,15 @@ def _gen_entry_types():
|
||||
entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
|
||||
return entry_types
|
||||
|
||||
+mcs_constrained_types = None
|
||||
+
|
||||
+def _gen_mcs_constrained_types():
|
||||
+ global mcs_constrained_types
|
||||
+ if mcs_constrained_types is None:
|
||||
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
|
||||
+ return mcs_constrained_types
|
||||
+
|
||||
+
|
||||
types = None
|
||||
|
||||
def _gen_types():
|
||||
@@ -390,6 +399,7 @@ class ManPage:
|
||||
self.types = _gen_types()
|
||||
self.exec_types = _gen_exec_types()
|
||||
self.entry_types = _gen_entry_types()
|
||||
+ self.mcs_constrained_types = _gen_mcs_constrained_types()
|
||||
|
||||
if self.source_files:
|
||||
self.fcpath = self.root + "file_contexts"
|
||||
@@ -944,11 +954,7 @@ All executables with the default executable label, usually stored in /usr/bin an
|
||||
%s""" % ", ".join(paths))
|
||||
|
||||
def _mcs_types(self):
|
||||
- try:
|
||||
- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
|
||||
- except StopIteration:
|
||||
- return
|
||||
- if self.type not in mcs_constrained_type['types']:
|
||||
+ if self.type not in self.mcs_constrained_types['types']:
|
||||
return
|
||||
self.fd.write ("""
|
||||
.SH "MCS Constrained"
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,515 @@
|
|||
From a07e9652785c6196d916dfca3d36c898959406b4 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 6 Aug 2018 13:23:00 +0200
|
||||
Subject: [PATCH] Move po/ translation files into the right sub-directories
|
||||
|
||||
When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
|
||||
sub-directories, po/ translation files stayed in policycoreutils/.
|
||||
|
||||
This commit split original policycoreutils/po directory into
|
||||
policycoreutils/po
|
||||
python/po
|
||||
gui/po
|
||||
sandbox/po
|
||||
|
||||
See https://github.com/fedora-selinux/selinux/issues/43
|
||||
---
|
||||
gui/Makefile | 3 ++
|
||||
gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
|
||||
gui/po/POTFILES | 17 ++++++++
|
||||
policycoreutils/po/Makefile | 70 ++-----------------------------
|
||||
policycoreutils/po/POTFILES | 9 ++++
|
||||
python/Makefile | 2 +-
|
||||
python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++
|
||||
python/po/POTFILES | 10 +++++
|
||||
sandbox/Makefile | 2 +
|
||||
sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
|
||||
sandbox/po/POTFILES | 1 +
|
||||
11 files changed, 293 insertions(+), 68 deletions(-)
|
||||
create mode 100644 gui/po/Makefile
|
||||
create mode 100644 gui/po/POTFILES
|
||||
create mode 100644 policycoreutils/po/POTFILES
|
||||
create mode 100644 python/po/Makefile
|
||||
create mode 100644 python/po/POTFILES
|
||||
create mode 100644 sandbox/po/Makefile
|
||||
create mode 100644 sandbox/po/POTFILES
|
||||
|
||||
diff --git a/gui/Makefile b/gui/Makefile
|
||||
index ca965c942912..5a5bf6dcae19 100644
|
||||
--- a/gui/Makefile
|
||||
+++ b/gui/Makefile
|
||||
@@ -22,6 +22,7 @@ system-config-selinux.ui \
|
||||
usersPage.py
|
||||
|
||||
all: $(TARGETS) system-config-selinux.py polgengui.py
|
||||
+ (cd po && $(MAKE) $@)
|
||||
|
||||
install: all
|
||||
-mkdir -p $(DESTDIR)$(MANDIR)/man8
|
||||
@@ -54,6 +55,8 @@ install: all
|
||||
install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
|
||||
done
|
||||
install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
||||
+ (cd po && $(MAKE) $@)
|
||||
+
|
||||
clean:
|
||||
|
||||
indent:
|
||||
diff --git a/gui/po/Makefile b/gui/po/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..a0f5439f2d1c
|
||||
--- /dev/null
|
||||
+++ b/gui/po/Makefile
|
||||
@@ -0,0 +1,82 @@
|
||||
+#
|
||||
+# Makefile for the PO files (translation) catalog
|
||||
+#
|
||||
+
|
||||
+PREFIX ?= /usr
|
||||
+
|
||||
+# What is this package?
|
||||
+NLSPACKAGE = gui
|
||||
+POTFILE = $(NLSPACKAGE).pot
|
||||
+INSTALL = /usr/bin/install -c -p
|
||||
+INSTALL_DATA = $(INSTALL) -m 644
|
||||
+INSTALL_DIR = /usr/bin/install -d
|
||||
+
|
||||
+# destination directory
|
||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
||||
+
|
||||
+# PO catalog handling
|
||||
+MSGMERGE = msgmerge
|
||||
+MSGMERGE_FLAGS = -q
|
||||
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
|
||||
+MSGFMT = msgfmt
|
||||
+
|
||||
+# All possible linguas
|
||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
||||
+
|
||||
+# Only the files matching what the user has set in LINGUAS
|
||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
||||
+
|
||||
+# if no valid LINGUAS, build all languages
|
||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
+
|
||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
+
|
||||
+#default:: clean
|
||||
+
|
||||
+all:: $(MOFILES)
|
||||
+
|
||||
+$(POTFILE): $(POTFILES)
|
||||
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
+ rm -f $(NLSPACKAGE).po; \
|
||||
+ else \
|
||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
+ fi; \
|
||||
+
|
||||
+
|
||||
+refresh-po: Makefile
|
||||
+ for cat in $(POFILES); do \
|
||||
+ lang=`basename $$cat .po`; \
|
||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
||||
+ mv -f $$lang.pot $$lang.po ; \
|
||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
||||
+ else \
|
||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
||||
+ rm -f $$lang.pot ; \
|
||||
+ fi \
|
||||
+ done
|
||||
+
|
||||
+clean:
|
||||
+ @rm -fv *mo *~ .depend
|
||||
+ @rm -rf tmp
|
||||
+
|
||||
+install: $(MOFILES)
|
||||
+ @for n in $(MOFILES); do \
|
||||
+ l=`basename $$n .mo`; \
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
||||
+ done
|
||||
+
|
||||
+%.mo: %.po
|
||||
+ $(MSGFMT) -o $@ $<
|
||||
+report:
|
||||
+ @for cat in $(wildcard *.po); do \
|
||||
+ echo -n "$$cat: "; \
|
||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
||||
+ done
|
||||
+
|
||||
+.PHONY: missing depend
|
||||
+
|
||||
+relabel:
|
||||
diff --git a/gui/po/POTFILES b/gui/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..1795c5c1951b
|
||||
--- /dev/null
|
||||
+++ b/gui/po/POTFILES
|
||||
@@ -0,0 +1,17 @@
|
||||
+../booleansPage.py
|
||||
+../domainsPage.py
|
||||
+../fcontextPage.py
|
||||
+../loginsPage.py
|
||||
+../modulesPage.py
|
||||
+../org.selinux.config.policy
|
||||
+../polgengui.py
|
||||
+../polgen.ui
|
||||
+../portsPage.py
|
||||
+../selinux-polgengui.desktop
|
||||
+../semanagePage.py
|
||||
+../sepolicy.desktop
|
||||
+../statusPage.py
|
||||
+../system-config-selinux.desktop
|
||||
+../system-config-selinux.py
|
||||
+../system-config-selinux.ui
|
||||
+../usersPage.py
|
||||
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
|
||||
index 575e143122e6..18bc1dff8d1f 100644
|
||||
--- a/policycoreutils/po/Makefile
|
||||
+++ b/policycoreutils/po/Makefile
|
||||
@@ -3,7 +3,6 @@
|
||||
#
|
||||
|
||||
PREFIX ?= /usr
|
||||
-TOP = ../..
|
||||
|
||||
# What is this package?
|
||||
NLSPACKAGE = policycoreutils
|
||||
@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
|
||||
POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
-POTFILES = \
|
||||
- ../run_init/open_init_pty.c \
|
||||
- ../run_init/run_init.c \
|
||||
- ../semodule_link/semodule_link.c \
|
||||
- ../audit2allow/audit2allow \
|
||||
- ../semanage/seobject.py \
|
||||
- ../setsebool/setsebool.c \
|
||||
- ../newrole/newrole.c \
|
||||
- ../load_policy/load_policy.c \
|
||||
- ../sestatus/sestatus.c \
|
||||
- ../semodule/semodule.c \
|
||||
- ../setfiles/setfiles.c \
|
||||
- ../semodule_package/semodule_package.c \
|
||||
- ../semodule_deps/semodule_deps.c \
|
||||
- ../semodule_expand/semodule_expand.c \
|
||||
- ../scripts/chcat \
|
||||
- ../scripts/fixfiles \
|
||||
- ../restorecond/stringslist.c \
|
||||
- ../restorecond/restorecond.h \
|
||||
- ../restorecond/utmpwatcher.h \
|
||||
- ../restorecond/stringslist.h \
|
||||
- ../restorecond/restorecond.c \
|
||||
- ../restorecond/utmpwatcher.c \
|
||||
- ../gui/booleansPage.py \
|
||||
- ../gui/fcontextPage.py \
|
||||
- ../gui/loginsPage.py \
|
||||
- ../gui/mappingsPage.py \
|
||||
- ../gui/modulesPage.py \
|
||||
- ../gui/polgen.glade \
|
||||
- ../gui/polgengui.py \
|
||||
- ../gui/portsPage.py \
|
||||
- ../gui/semanagePage.py \
|
||||
- ../gui/statusPage.py \
|
||||
- ../gui/system-config-selinux.glade \
|
||||
- ../gui/system-config-selinux.py \
|
||||
- ../gui/usersPage.py \
|
||||
- ../secon/secon.c \
|
||||
- booleans.py \
|
||||
- ../sepolicy/sepolicy.py \
|
||||
- ../sepolicy/sepolicy/communicate.py \
|
||||
- ../sepolicy/sepolicy/__init__.py \
|
||||
- ../sepolicy/sepolicy/network.py \
|
||||
- ../sepolicy/sepolicy/generate.py \
|
||||
- ../sepolicy/sepolicy/sepolicy.glade \
|
||||
- ../sepolicy/sepolicy/gui.py \
|
||||
- ../sepolicy/sepolicy/manpage.py \
|
||||
- ../sepolicy/sepolicy/transition.py \
|
||||
- ../sepolicy/sepolicy/templates/executable.py \
|
||||
- ../sepolicy/sepolicy/templates/__init__.py \
|
||||
- ../sepolicy/sepolicy/templates/network.py \
|
||||
- ../sepolicy/sepolicy/templates/rw.py \
|
||||
- ../sepolicy/sepolicy/templates/script.py \
|
||||
- ../sepolicy/sepolicy/templates/semodule.py \
|
||||
- ../sepolicy/sepolicy/templates/tmp.py \
|
||||
- ../sepolicy/sepolicy/templates/user.py \
|
||||
- ../sepolicy/sepolicy/templates/var_lib.py \
|
||||
- ../sepolicy/sepolicy/templates/var_log.py \
|
||||
- ../sepolicy/sepolicy/templates/var_run.py \
|
||||
- ../sepolicy/sepolicy/templates/var_spool.py
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
|
||||
#default:: clean
|
||||
|
||||
-all:: $(MOFILES)
|
||||
+all:: $(POTFILE) $(MOFILES)
|
||||
|
||||
-booleans.py:
|
||||
- sepolicy booleans -a > booleans.py
|
||||
-
|
||||
-$(POTFILE): $(POTFILES) booleans.py
|
||||
+$(POTFILE): $(POTFILES)
|
||||
$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
||||
@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
rm -f $(NLSPACKAGE).po; \
|
||||
@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
|
||||
mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
fi; \
|
||||
|
||||
-update-po: Makefile $(POTFILE) refresh-po
|
||||
- @rm -f booleans.py
|
||||
|
||||
refresh-po: Makefile
|
||||
for cat in $(POFILES); do \
|
||||
diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..12237dc61ee4
|
||||
--- /dev/null
|
||||
+++ b/policycoreutils/po/POTFILES
|
||||
@@ -0,0 +1,9 @@
|
||||
+../run_init/open_init_pty.c
|
||||
+../run_init/run_init.c
|
||||
+../setsebool/setsebool.c
|
||||
+../newrole/newrole.c
|
||||
+../load_policy/load_policy.c
|
||||
+../sestatus/sestatus.c
|
||||
+../semodule/semodule.c
|
||||
+../setfiles/setfiles.c
|
||||
+../secon/secon.c
|
||||
diff --git a/python/Makefile b/python/Makefile
|
||||
index 9b66d52fbd4d..00312dbdb5c6 100644
|
||||
--- a/python/Makefile
|
||||
+++ b/python/Makefile
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
|
||||
+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
|
||||
|
||||
all install relabel clean indent test:
|
||||
@for subdir in $(SUBDIRS); do \
|
||||
diff --git a/python/po/Makefile b/python/po/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..4e052d5a2bd7
|
||||
--- /dev/null
|
||||
+++ b/python/po/Makefile
|
||||
@@ -0,0 +1,83 @@
|
||||
+#
|
||||
+# Makefile for the PO files (translation) catalog
|
||||
+#
|
||||
+
|
||||
+PREFIX ?= /usr
|
||||
+
|
||||
+# What is this package?
|
||||
+NLSPACKAGE = python
|
||||
+POTFILE = $(NLSPACKAGE).pot
|
||||
+INSTALL = /usr/bin/install -c -p
|
||||
+INSTALL_DATA = $(INSTALL) -m 644
|
||||
+INSTALL_DIR = /usr/bin/install -d
|
||||
+
|
||||
+# destination directory
|
||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
||||
+
|
||||
+# PO catalog handling
|
||||
+MSGMERGE = msgmerge
|
||||
+MSGMERGE_FLAGS = -q
|
||||
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
|
||||
+MSGFMT = msgfmt
|
||||
+
|
||||
+# All possible linguas
|
||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
||||
+
|
||||
+# Only the files matching what the user has set in LINGUAS
|
||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
||||
+
|
||||
+# if no valid LINGUAS, build all languages
|
||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
+
|
||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
+
|
||||
+#default:: clean
|
||||
+
|
||||
+all:: $(MOFILES)
|
||||
+
|
||||
+$(POTFILE): $(POTFILES)
|
||||
+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
|
||||
+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
|
||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
+ rm -f $(NLSPACKAGE).po; \
|
||||
+ else \
|
||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
+ fi; \
|
||||
+
|
||||
+
|
||||
+refresh-po: Makefile
|
||||
+ for cat in $(POFILES); do \
|
||||
+ lang=`basename $$cat .po`; \
|
||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
||||
+ mv -f $$lang.pot $$lang.po ; \
|
||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
||||
+ else \
|
||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
||||
+ rm -f $$lang.pot ; \
|
||||
+ fi \
|
||||
+ done
|
||||
+
|
||||
+clean:
|
||||
+ @rm -fv *mo *~ .depend
|
||||
+ @rm -rf tmp
|
||||
+
|
||||
+install: $(MOFILES)
|
||||
+ @for n in $(MOFILES); do \
|
||||
+ l=`basename $$n .mo`; \
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
||||
+ done
|
||||
+
|
||||
+%.mo: %.po
|
||||
+ $(MSGFMT) -o $@ $<
|
||||
+report:
|
||||
+ @for cat in $(wildcard *.po); do \
|
||||
+ echo -n "$$cat: "; \
|
||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
||||
+ done
|
||||
+
|
||||
+.PHONY: missing depend
|
||||
+
|
||||
+relabel:
|
||||
diff --git a/python/po/POTFILES b/python/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..128eb870a69e
|
||||
--- /dev/null
|
||||
+++ b/python/po/POTFILES
|
||||
@@ -0,0 +1,10 @@
|
||||
+../audit2allow/audit2allow
|
||||
+../chcat/chcat
|
||||
+../semanage/semanage
|
||||
+../semanage/seobject.py
|
||||
+../sepolgen/src/sepolgen/interfaces.py
|
||||
+../sepolicy/sepolicy/generate.py
|
||||
+../sepolicy/sepolicy/gui.py
|
||||
+../sepolicy/sepolicy/__init__.py
|
||||
+../sepolicy/sepolicy/interface.py
|
||||
+../sepolicy/sepolicy.py
|
||||
diff --git a/sandbox/Makefile b/sandbox/Makefile
|
||||
index 9da5e58db9e6..b817824e2102 100644
|
||||
--- a/sandbox/Makefile
|
||||
+++ b/sandbox/Makefile
|
||||
@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
|
||||
SEUNSHARE_OBJS = seunshare.o
|
||||
|
||||
all: sandbox seunshare sandboxX.sh start
|
||||
+ (cd po && $(MAKE) $@)
|
||||
|
||||
seunshare: $(SEUNSHARE_OBJS)
|
||||
|
||||
@@ -39,6 +40,7 @@ install: all
|
||||
install -m 755 start $(DESTDIR)$(SHAREDIR)
|
||||
-mkdir -p $(DESTDIR)$(SYSCONFDIR)
|
||||
install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
|
||||
+ (cd po && $(MAKE) $@)
|
||||
|
||||
test:
|
||||
@$(PYTHON) test_sandbox.py -v
|
||||
diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
|
||||
new file mode 100644
|
||||
index 000000000000..0556bbe953f0
|
||||
--- /dev/null
|
||||
+++ b/sandbox/po/Makefile
|
||||
@@ -0,0 +1,82 @@
|
||||
+#
|
||||
+# Makefile for the PO files (translation) catalog
|
||||
+#
|
||||
+
|
||||
+PREFIX ?= /usr
|
||||
+
|
||||
+# What is this package?
|
||||
+NLSPACKAGE = sandbox
|
||||
+POTFILE = $(NLSPACKAGE).pot
|
||||
+INSTALL = /usr/bin/install -c -p
|
||||
+INSTALL_DATA = $(INSTALL) -m 644
|
||||
+INSTALL_DIR = /usr/bin/install -d
|
||||
+
|
||||
+# destination directory
|
||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
||||
+
|
||||
+# PO catalog handling
|
||||
+MSGMERGE = msgmerge
|
||||
+MSGMERGE_FLAGS = -q
|
||||
+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
|
||||
+MSGFMT = msgfmt
|
||||
+
|
||||
+# All possible linguas
|
||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
||||
+
|
||||
+# Only the files matching what the user has set in LINGUAS
|
||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
||||
+
|
||||
+# if no valid LINGUAS, build all languages
|
||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
+
|
||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
+
|
||||
+#default:: clean
|
||||
+
|
||||
+all:: $(POTFILE) $(MOFILES)
|
||||
+
|
||||
+$(POTFILE): $(POTFILES)
|
||||
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
+ rm -f $(NLSPACKAGE).po; \
|
||||
+ else \
|
||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
+ fi; \
|
||||
+
|
||||
+
|
||||
+refresh-po: Makefile
|
||||
+ for cat in $(POFILES); do \
|
||||
+ lang=`basename $$cat .po`; \
|
||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
||||
+ mv -f $$lang.pot $$lang.po ; \
|
||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
||||
+ else \
|
||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
||||
+ rm -f $$lang.pot ; \
|
||||
+ fi \
|
||||
+ done
|
||||
+
|
||||
+clean:
|
||||
+ @rm -fv *mo *~ .depend
|
||||
+ @rm -rf tmp
|
||||
+
|
||||
+install: $(MOFILES)
|
||||
+ @for n in $(MOFILES); do \
|
||||
+ l=`basename $$n .mo`; \
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
||||
+ done
|
||||
+
|
||||
+%.mo: %.po
|
||||
+ $(MSGFMT) -o $@ $<
|
||||
+report:
|
||||
+ @for cat in $(wildcard *.po); do \
|
||||
+ echo -n "$$cat: "; \
|
||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
||||
+ done
|
||||
+
|
||||
+.PHONY: missing depend
|
||||
+
|
||||
+relabel:
|
||||
diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
|
||||
new file mode 100644
|
||||
index 000000000000..deff3f2f4656
|
||||
--- /dev/null
|
||||
+++ b/sandbox/po/POTFILES
|
||||
@@ -0,0 +1 @@
|
||||
+../sandbox
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,306 @@
|
|||
From eab0fc05a38ab2cd47b3e0ff69981850cc7cd538 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 6 Aug 2018 13:37:07 +0200
|
||||
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
|
||||
|
||||
https://github.com/fedora-selinux/selinux/issues/43
|
||||
---
|
||||
gui/booleansPage.py | 2 +-
|
||||
gui/domainsPage.py | 2 +-
|
||||
gui/fcontextPage.py | 2 +-
|
||||
gui/loginsPage.py | 2 +-
|
||||
gui/modulesPage.py | 2 +-
|
||||
gui/polgengui.py | 2 +-
|
||||
gui/portsPage.py | 2 +-
|
||||
gui/semanagePage.py | 2 +-
|
||||
gui/statusPage.py | 2 +-
|
||||
gui/system-config-selinux.py | 2 +-
|
||||
gui/usersPage.py | 2 +-
|
||||
python/chcat/chcat | 2 +-
|
||||
python/semanage/semanage | 2 +-
|
||||
python/semanage/seobject.py | 2 +-
|
||||
python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +-
|
||||
python/sepolicy/sepolicy.py | 2 +-
|
||||
python/sepolicy/sepolicy/__init__.py | 2 +-
|
||||
python/sepolicy/sepolicy/generate.py | 2 +-
|
||||
python/sepolicy/sepolicy/gui.py | 2 +-
|
||||
python/sepolicy/sepolicy/interface.py | 2 +-
|
||||
sandbox/sandbox | 2 +-
|
||||
21 files changed, 21 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/gui/booleansPage.py b/gui/booleansPage.py
|
||||
index 7849bea26a06..dd12b6d6ab86 100644
|
||||
--- a/gui/booleansPage.py
|
||||
+++ b/gui/booleansPage.py
|
||||
@@ -38,7 +38,7 @@ DISABLED = 2
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/domainsPage.py b/gui/domainsPage.py
|
||||
index bad5140d8c59..6bbe4de5884f 100644
|
||||
--- a/gui/domainsPage.py
|
||||
+++ b/gui/domainsPage.py
|
||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
|
||||
index 370bbee40786..e424366da26f 100644
|
||||
--- a/gui/fcontextPage.py
|
||||
+++ b/gui/fcontextPage.py
|
||||
@@ -47,7 +47,7 @@ class context:
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/loginsPage.py b/gui/loginsPage.py
|
||||
index b67eb8bc42af..cbfb0cc23f65 100644
|
||||
--- a/gui/loginsPage.py
|
||||
+++ b/gui/loginsPage.py
|
||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
|
||||
index 0584acf9b3a4..35a0129bab9c 100644
|
||||
--- a/gui/modulesPage.py
|
||||
+++ b/gui/modulesPage.py
|
||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/polgengui.py b/gui/polgengui.py
|
||||
index d284ded65279..01f541bafae8 100644
|
||||
--- a/gui/polgengui.py
|
||||
+++ b/gui/polgengui.py
|
||||
@@ -63,7 +63,7 @@ def get_all_modules():
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/portsPage.py b/gui/portsPage.py
|
||||
index 30f58383bc1d..a537ecc8c0a1 100644
|
||||
--- a/gui/portsPage.py
|
||||
+++ b/gui/portsPage.py
|
||||
@@ -35,7 +35,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/semanagePage.py b/gui/semanagePage.py
|
||||
index 4127804fbbee..5361d69c1313 100644
|
||||
--- a/gui/semanagePage.py
|
||||
+++ b/gui/semanagePage.py
|
||||
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/statusPage.py b/gui/statusPage.py
|
||||
index 766854b19cba..a8f079b9b163 100644
|
||||
--- a/gui/statusPage.py
|
||||
+++ b/gui/statusPage.py
|
||||
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
|
||||
index 3f70122b87e8..8c46c987b974 100644
|
||||
--- a/gui/system-config-selinux.py
|
||||
+++ b/gui/system-config-selinux.py
|
||||
@@ -45,7 +45,7 @@ import selinux
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/gui/usersPage.py b/gui/usersPage.py
|
||||
index 26794ed5c3f3..d15d4c5a71dd 100644
|
||||
--- a/gui/usersPage.py
|
||||
+++ b/gui/usersPage.py
|
||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/chcat/chcat b/python/chcat/chcat
|
||||
index fdd2e46ee3f9..839ddd3b54b6 100755
|
||||
--- a/python/chcat/chcat
|
||||
+++ b/python/chcat/chcat
|
||||
@@ -30,7 +30,7 @@ import getopt
|
||||
import selinux
|
||||
import seobject
|
||||
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index b2fabea67a87..3cc30a160a74 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -27,7 +27,7 @@ import traceback
|
||||
import argparse
|
||||
import seobject
|
||||
import sys
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||
index 6a14f7b47dd5..b51a7e3e7ca3 100644
|
||||
--- a/python/semanage/seobject.py
|
||||
+++ b/python/semanage/seobject.py
|
||||
@@ -29,7 +29,7 @@ import sys
|
||||
import stat
|
||||
import socket
|
||||
from semanage import *
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
import sepolicy
|
||||
import setools
|
||||
import ipaddress
|
||||
diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
||||
index 998c4356415c..56ebd807c69c 100644
|
||||
--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
||||
+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
try:
|
||||
import gettext
|
||||
- t = gettext.translation( 'yumex' )
|
||||
+ t = gettext.translation( 'selinux-python' )
|
||||
_ = t.gettext
|
||||
except:
|
||||
def _(str):
|
||||
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
|
||||
index 7b2230651099..32956e58f52e 100755
|
||||
--- a/python/sepolicy/sepolicy.py
|
||||
+++ b/python/sepolicy/sepolicy.py
|
||||
@@ -28,7 +28,7 @@ import sepolicy
|
||||
from multiprocessing import Pool
|
||||
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
|
||||
import argparse
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
|
||||
index ea05d892bf3b..9a9c2ae9f237 100644
|
||||
--- a/python/sepolicy/sepolicy/__init__.py
|
||||
+++ b/python/sepolicy/sepolicy/__init__.py
|
||||
@@ -13,7 +13,7 @@ import os
|
||||
import re
|
||||
import gzip
|
||||
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||
index 4e1ed4e9dc31..43180ca6fda4 100644
|
||||
--- a/python/sepolicy/sepolicy/generate.py
|
||||
+++ b/python/sepolicy/sepolicy/generate.py
|
||||
@@ -48,7 +48,7 @@ import sepolgen.defaults as defaults
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
|
||||
index 1e86422b864a..c9ca158ddd09 100644
|
||||
--- a/python/sepolicy/sepolicy/gui.py
|
||||
+++ b/python/sepolicy/sepolicy/gui.py
|
||||
@@ -41,7 +41,7 @@ import os
|
||||
import re
|
||||
import unicodedata
|
||||
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
|
||||
index bdffb770f364..9d40aea1498d 100644
|
||||
--- a/python/sepolicy/sepolicy/interface.py
|
||||
+++ b/python/sepolicy/sepolicy/interface.py
|
||||
@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-python"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||
index ca5f1e030a51..16c43b51eaaa 100644
|
||||
--- a/sandbox/sandbox
|
||||
+++ b/sandbox/sandbox
|
||||
@@ -37,7 +37,7 @@ import sepolicy
|
||||
|
||||
SEUNSHARE = "/usr/sbin/seunshare"
|
||||
SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-sandbox"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
--
|
||||
2.29.0
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,30 @@
|
|||
From 4277ef04de699e1939c95c4813de6a78d1ea1656 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Wed, 21 Mar 2018 08:51:31 +0100
|
||||
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
|
||||
|
||||
The "-q" switch is becoming obsolete (completely unused in fedora) and
|
||||
debug output ("-d" switch) makes sense in any scenario. Therefore both
|
||||
options can be specified at once.
|
||||
|
||||
Resolves: rhbz#1271327
|
||||
---
|
||||
policycoreutils/setfiles/setfiles.8 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index e328a5628682..02e0960289d3 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -58,7 +58,7 @@ check the validity of the contexts against the specified binary policy.
|
||||
.TP
|
||||
.B \-d
|
||||
show what specification matched each file (do not abort validation
|
||||
-after ABORT_ON_ERRORS errors).
|
||||
+after ABORT_ON_ERRORS errors). Not affected by "\-q"
|
||||
.TP
|
||||
.BI \-e \ directory
|
||||
directory to exclude (repeat option for more than one directory).
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
From fa94b0faf12a79158d971f363e8ec65227d67de3 Mon Sep 17 00:00:00 2001
|
||||
From: Masatake YAMATO <yamato@redhat.com>
|
||||
Date: Thu, 14 Dec 2017 15:57:58 +0900
|
||||
Subject: [PATCH] sepolicy-generate: Handle more reserved port types
|
||||
|
||||
Currently only reserved_port_t, port_t and hi_reserved_port_t are
|
||||
handled as special when making a ports-dictionary. However, as fas as
|
||||
corenetwork.te.in of serefpolicy, unreserved_port_t and
|
||||
ephemeral_port_t should be handled in the same way, too.
|
||||
|
||||
(Details) I found the need of this change when I was using
|
||||
selinux-polgengui. Though tcp port 12345, which my application may
|
||||
use, was given to the gui, selinux-polgengui generates expected te
|
||||
file and sh file which didn't utilize the tcp port.
|
||||
|
||||
selinux-polgengui checks whether a port given via gui is already typed
|
||||
or not.
|
||||
|
||||
If it is already typed, selinux-polgengui generates a te file having
|
||||
rules to allow the application to use the port. (A)
|
||||
|
||||
If not, it seems for me that selinux-polgengui is designed to generate
|
||||
a te file having rules to allow the application to own(?) the port;
|
||||
and a sh file having a command line to assign the application own type
|
||||
to the port. (B)
|
||||
|
||||
As we can see the output of `semanage port -l' some of ports for
|
||||
specified purpose have types already. The important point is that the
|
||||
rest of ports also have types already:
|
||||
|
||||
hi_reserved_port_t tcp 512-1023
|
||||
hi_reserved_port_t udp 512-1023
|
||||
unreserved_port_t tcp 1024-32767, 61001-65535
|
||||
unreserved_port_t udp 1024-32767, 61001-65535
|
||||
ephemeral_port_t tcp 32768-61000
|
||||
ephemeral_port_t udp 32768-61000
|
||||
|
||||
As my patch shows, the original selinux-polgengui ignored
|
||||
hi_reserved_port_t; though hi_reserved_port_t is assigned,
|
||||
selinux-polgengui considered ports 512-1023 are not used. As the
|
||||
result selinux-polgengui generates file sets of (B).
|
||||
|
||||
For the purpose of selinux-polgengui, I think unreserved_port_t and
|
||||
ephemeral_port_t are treated as the same as hi_reserved_port_t.
|
||||
|
||||
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
|
||||
|
||||
Fedora only patch:
|
||||
https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redhat.com/
|
||||
---
|
||||
python/sepolicy/sepolicy/generate.py | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
|
||||
index 43180ca6fda4..d60a08e1d72c 100644
|
||||
--- a/python/sepolicy/sepolicy/generate.py
|
||||
+++ b/python/sepolicy/sepolicy/generate.py
|
||||
@@ -99,7 +99,9 @@ def get_all_ports():
|
||||
for p in sepolicy.info(sepolicy.PORT):
|
||||
if p['type'] == "reserved_port_t" or \
|
||||
p['type'] == "port_t" or \
|
||||
- p['type'] == "hi_reserved_port_t":
|
||||
+ p['type'] == "hi_reserved_port_t" or \
|
||||
+ p['type'] == "ephemeral_port_t" or \
|
||||
+ p['type'] == "unreserved_port_t":
|
||||
continue
|
||||
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
|
||||
return dict
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
From 122e35c4d11b5b623e8bc463f81c6792385523cb Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 8 Nov 2018 09:20:58 +0100
|
||||
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
|
||||
|
||||
---
|
||||
semodule-utils/semodule_package/semodule_package.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
|
||||
index 3515234e36de..7b75b3fd9bb4 100644
|
||||
--- a/semodule-utils/semodule_package/semodule_package.c
|
||||
+++ b/semodule-utils/semodule_package/semodule_package.c
|
||||
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
|
||||
}
|
||||
if (!sb.st_size) {
|
||||
*len = 0;
|
||||
+ close(fd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,74 @@
|
|||
From e63814eb18bdbb48a7e6bf79b17d79d6a9ca56d6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 18 Jul 2018 09:09:35 +0200
|
||||
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
|
||||
|
||||
---
|
||||
sandbox/sandbox | 4 ++--
|
||||
sandbox/sandbox.8 | 2 +-
|
||||
sandbox/sandboxX.sh | 14 --------------
|
||||
3 files changed, 3 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/sandbox/sandbox b/sandbox/sandbox
|
||||
index 16c43b51eaaa..7709a6585665 100644
|
||||
--- a/sandbox/sandbox
|
||||
+++ b/sandbox/sandbox
|
||||
@@ -268,7 +268,7 @@ class Sandbox:
|
||||
copyfile(f, "/tmp", self.__tmpdir)
|
||||
copyfile(f, "/var/tmp", self.__tmpdir)
|
||||
|
||||
- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
|
||||
+ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
|
||||
execfile = self.__homedir + "/.sandboxrc"
|
||||
fd = open(execfile, "w+")
|
||||
if self.__options.session:
|
||||
@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||
|
||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||
type="string",
|
||||
- default="/usr/bin/openbox",
|
||||
+ default="/usr/bin/matchbox-window-manager",
|
||||
help=_("alternate window manager"))
|
||||
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
|
||||
index d83fee76f335..90ef4951c8c2 100644
|
||||
--- a/sandbox/sandbox.8
|
||||
+++ b/sandbox/sandbox.8
|
||||
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||
\fB\-W\fR \fB\-\-windowmanager\fR
|
||||
Select alternative window manager to run within
|
||||
.B sandbox \-X.
|
||||
-Default to /usr/bin/openbox.
|
||||
+Default to /usr/bin/matchbox-window-manager.
|
||||
.TP
|
||||
\fB\-X\fR
|
||||
Create an X based Sandbox for gui apps, temporary files for
|
||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||
index 4774528027ef..c211ebc14549 100644
|
||||
--- a/sandbox/sandboxX.sh
|
||||
+++ b/sandbox/sandboxX.sh
|
||||
@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
|
||||
[ -z $2 ] && export DPI="96" || export DPI="$2"
|
||||
trap "exit 0" HUP
|
||||
|
||||
-mkdir -p ~/.config/openbox
|
||||
-cat > ~/.config/openbox/rc.xml << EOF
|
||||
-<openbox_config xmlns="http://openbox.org/3.4/rc"
|
||||
- xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
-<applications>
|
||||
- <application class="*">
|
||||
- <decor>no</decor>
|
||||
- <desktop>all</desktop>
|
||||
- <maximized>yes</maximized>
|
||||
- </application>
|
||||
-</applications>
|
||||
-</openbox_config>
|
||||
-EOF
|
||||
-
|
||||
(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From b1f380c75f8a4ea7a4062d3735d190a1dcbc3aaa Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Tue, 28 Jul 2020 14:37:13 +0200
|
||||
Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
|
||||
|
||||
Fixes:
|
||||
$ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
|
||||
Analyzing 187 Python scripts
|
||||
./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
|
||||
./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:774:17: E117 over-indented
|
||||
./python/sepolicy/build/lib/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
|
||||
./python/sepolicy/build/lib/sepolicy/manpage.py:774:17: E117 over-indented
|
||||
./python/sepolicy/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
|
||||
./python/sepolicy/sepolicy/manpage.py:774:17: E117 over-indented
|
||||
The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index f8584436960d..6a3e08fca58c 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -717,7 +717,7 @@ Default Defined Ports:""")
|
||||
for f in self.all_file_types:
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
- if not f in self.exec_types or not f in self.entry_types:
|
||||
+ if f not in self.exec_types or f not in self.entry_types:
|
||||
flist_non_exec.append(f)
|
||||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
@@ -771,7 +771,7 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
||||
|
||||
if flist_non_exec:
|
||||
- self.fd.write(r"""
|
||||
+ self.fd.write(r"""
|
||||
.PP
|
||||
.B STANDARD FILE CONTEXT
|
||||
|
||||
--
|
||||
2.29.0
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Wed, 11 Nov 2020 17:23:40 +0100
|
||||
Subject: [PATCH] selinux_config(5): add a note that runtime disable is
|
||||
deprecated
|
||||
|
||||
...and refer to selinux(8), which explains it further.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
---
|
||||
policycoreutils/man/man5/selinux_config.5 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
|
||||
index 1ffade150128..58b42a0e234d 100644
|
||||
--- a/policycoreutils/man/man5/selinux_config.5
|
||||
+++ b/policycoreutils/man/man5/selinux_config.5
|
||||
@@ -48,7 +48,7 @@ SELinux security policy is enforced.
|
||||
.IP \fIpermissive\fR 4
|
||||
SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
|
||||
.IP \fIdisabled\fR
|
||||
-SELinux is disabled and no policy is loaded.
|
||||
+No SELinux policy is loaded. This option was used to disable SELinux completely, which is now deprecated. Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
|
||||
.RE
|
||||
.sp
|
||||
The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
|
||||
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||
Date: Fri, 30 Oct 2020 22:53:09 +0100
|
||||
Subject: [PATCH] python/sepolicy: allow to override manpage date
|
||||
|
||||
in order to make builds reproducible.
|
||||
See https://reproducible-builds.org/ for why this is good
|
||||
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||
for the definition of this variable.
|
||||
|
||||
This patch was done while working on reproducible builds for openSUSE.
|
||||
|
||||
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 6a3e08fca58c..c013c0d48502 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -39,6 +39,8 @@ typealias_types = {
|
||||
equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
|
||||
|
||||
equiv_dirs = ["/var"]
|
||||
+man_date = time.strftime("%y-%m-%d", time.gmtime(
|
||||
+ int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
|
||||
modules_dict = None
|
||||
|
||||
|
||||
@@ -546,7 +548,7 @@ class ManPage:
|
||||
|
||||
def _typealias(self,typealias):
|
||||
self.fd.write('.TH "%(typealias)s_selinux" "8" "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
|
||||
- % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
|
||||
+ % {'typealias':typealias, 'date': man_date})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
%(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
|
||||
@@ -565,7 +567,7 @@ man page for more details.
|
||||
|
||||
def _header(self):
|
||||
self.fd.write('.TH "%(domainname)s_selinux" "8" "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
|
||||
- % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
|
||||
+ % {'domainname': self.domainname, 'date': man_date})
|
||||
self.fd.write(r"""
|
||||
.SH "NAME"
|
||||
%(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
|
||||
--
|
||||
2.29.2
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
|
||||
|
|
@ -1,152 +0,0 @@
|
|||
diff --git policycoreutils-2.8/newrole/newrole.1 policycoreutils-2.8/newrole/newrole.1
|
||||
index 0d9738a..893c42f 100644
|
||||
--- policycoreutils-2.8/newrole/newrole.1
|
||||
+++ policycoreutils-2.8/newrole/newrole.1
|
||||
@@ -44,7 +44,7 @@ specified by that range. If the
|
||||
or
|
||||
.B --preserve-environment
|
||||
option is specified, the shell with the new SELinux context will preserve environment variables,
|
||||
-otherwise a new minimal enviroment is created.
|
||||
+otherwise a new minimal environment is created.
|
||||
.PP
|
||||
Additional arguments
|
||||
.I ARGS
|
||||
diff --git policycoreutils-2.8/po/Makefile policycoreutils-2.8/po/Makefile
|
||||
index 575e143..18bc1df 100644
|
||||
--- policycoreutils-2.8/po/Makefile
|
||||
+++ policycoreutils-2.8/po/Makefile
|
||||
@@ -3,7 +3,6 @@
|
||||
#
|
||||
|
||||
PREFIX ?= /usr
|
||||
-TOP = ../..
|
||||
|
||||
# What is this package?
|
||||
NLSPACKAGE = policycoreutils
|
||||
@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
|
||||
POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
-POTFILES = \
|
||||
- ../run_init/open_init_pty.c \
|
||||
- ../run_init/run_init.c \
|
||||
- ../semodule_link/semodule_link.c \
|
||||
- ../audit2allow/audit2allow \
|
||||
- ../semanage/seobject.py \
|
||||
- ../setsebool/setsebool.c \
|
||||
- ../newrole/newrole.c \
|
||||
- ../load_policy/load_policy.c \
|
||||
- ../sestatus/sestatus.c \
|
||||
- ../semodule/semodule.c \
|
||||
- ../setfiles/setfiles.c \
|
||||
- ../semodule_package/semodule_package.c \
|
||||
- ../semodule_deps/semodule_deps.c \
|
||||
- ../semodule_expand/semodule_expand.c \
|
||||
- ../scripts/chcat \
|
||||
- ../scripts/fixfiles \
|
||||
- ../restorecond/stringslist.c \
|
||||
- ../restorecond/restorecond.h \
|
||||
- ../restorecond/utmpwatcher.h \
|
||||
- ../restorecond/stringslist.h \
|
||||
- ../restorecond/restorecond.c \
|
||||
- ../restorecond/utmpwatcher.c \
|
||||
- ../gui/booleansPage.py \
|
||||
- ../gui/fcontextPage.py \
|
||||
- ../gui/loginsPage.py \
|
||||
- ../gui/mappingsPage.py \
|
||||
- ../gui/modulesPage.py \
|
||||
- ../gui/polgen.glade \
|
||||
- ../gui/polgengui.py \
|
||||
- ../gui/portsPage.py \
|
||||
- ../gui/semanagePage.py \
|
||||
- ../gui/statusPage.py \
|
||||
- ../gui/system-config-selinux.glade \
|
||||
- ../gui/system-config-selinux.py \
|
||||
- ../gui/usersPage.py \
|
||||
- ../secon/secon.c \
|
||||
- booleans.py \
|
||||
- ../sepolicy/sepolicy.py \
|
||||
- ../sepolicy/sepolicy/communicate.py \
|
||||
- ../sepolicy/sepolicy/__init__.py \
|
||||
- ../sepolicy/sepolicy/network.py \
|
||||
- ../sepolicy/sepolicy/generate.py \
|
||||
- ../sepolicy/sepolicy/sepolicy.glade \
|
||||
- ../sepolicy/sepolicy/gui.py \
|
||||
- ../sepolicy/sepolicy/manpage.py \
|
||||
- ../sepolicy/sepolicy/transition.py \
|
||||
- ../sepolicy/sepolicy/templates/executable.py \
|
||||
- ../sepolicy/sepolicy/templates/__init__.py \
|
||||
- ../sepolicy/sepolicy/templates/network.py \
|
||||
- ../sepolicy/sepolicy/templates/rw.py \
|
||||
- ../sepolicy/sepolicy/templates/script.py \
|
||||
- ../sepolicy/sepolicy/templates/semodule.py \
|
||||
- ../sepolicy/sepolicy/templates/tmp.py \
|
||||
- ../sepolicy/sepolicy/templates/user.py \
|
||||
- ../sepolicy/sepolicy/templates/var_lib.py \
|
||||
- ../sepolicy/sepolicy/templates/var_log.py \
|
||||
- ../sepolicy/sepolicy/templates/var_run.py \
|
||||
- ../sepolicy/sepolicy/templates/var_spool.py
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
|
||||
#default:: clean
|
||||
|
||||
-all:: $(MOFILES)
|
||||
+all:: $(POTFILE) $(MOFILES)
|
||||
|
||||
-booleans.py:
|
||||
- sepolicy booleans -a > booleans.py
|
||||
-
|
||||
-$(POTFILE): $(POTFILES) booleans.py
|
||||
+$(POTFILE): $(POTFILES)
|
||||
$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
||||
@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
rm -f $(NLSPACKAGE).po; \
|
||||
@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
|
||||
mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
fi; \
|
||||
|
||||
-update-po: Makefile $(POTFILE) refresh-po
|
||||
- @rm -f booleans.py
|
||||
|
||||
refresh-po: Makefile
|
||||
for cat in $(POFILES); do \
|
||||
diff --git policycoreutils-2.8/po/POTFILES policycoreutils-2.8/po/POTFILES
|
||||
new file mode 100644
|
||||
index 0000000..12237dc
|
||||
--- /dev/null
|
||||
+++ policycoreutils-2.8/po/POTFILES
|
||||
@@ -0,0 +1,9 @@
|
||||
+../run_init/open_init_pty.c
|
||||
+../run_init/run_init.c
|
||||
+../setsebool/setsebool.c
|
||||
+../newrole/newrole.c
|
||||
+../load_policy/load_policy.c
|
||||
+../sestatus/sestatus.c
|
||||
+../semodule/semodule.c
|
||||
+../setfiles/setfiles.c
|
||||
+../secon/secon.c
|
||||
diff --git policycoreutils-2.8/scripts/fixfiles policycoreutils-2.8/scripts/fixfiles
|
||||
index b277958..53d28c7 100755
|
||||
--- policycoreutils-2.8/scripts/fixfiles
|
||||
+++ policycoreutils-2.8/scripts/fixfiles
|
||||
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
|
||||
fullFlag=0
|
||||
BOOTTIME=""
|
||||
VERBOSE="-p"
|
||||
+[ -t 1 ] || VERBOSE=""
|
||||
FORCEFLAG=""
|
||||
RPMFILES=""
|
||||
PREFC=""
|
||||
diff --git policycoreutils-2.8/setfiles/setfiles.8 policycoreutils-2.8/setfiles/setfiles.8
|
||||
index ccaaf4d..a8a76c8 100644
|
||||
--- policycoreutils-2.8/setfiles/setfiles.8
|
||||
+++ policycoreutils-2.8/setfiles/setfiles.8
|
||||
@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
|
||||
.TP
|
||||
.B \-d
|
||||
show what specification matched each file (do not abort validation
|
||||
-after ABORT_ON_ERRORS errors).
|
||||
+after ABORT_ON_ERRORS errors). Not affected by "\-q"
|
||||
.TP
|
||||
.BI \-e \ directory
|
||||
directory to exclude (repeat option for more than one directory).
|
|
@ -1,8 +1,7 @@
|
|||
%global libauditver 2.1.3-4
|
||||
%global libsepolver 2.8-3
|
||||
%global libsemanagever 2.8-6
|
||||
%global libselinuxver 2.8-5
|
||||
%global sepolgenver 2.8
|
||||
%global libauditver 3.0
|
||||
%global libsepolver 3.1-5
|
||||
%global libsemanagever 3.1-5
|
||||
%global libselinuxver 3.1-5
|
||||
|
||||
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
||||
|
||||
|
@ -11,19 +10,18 @@
|
|||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.8
|
||||
Release: 14%{?dist}
|
||||
Version: 3.1
|
||||
Release: 8%{?dist}
|
||||
License: GPLv2
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
|
||||
Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz
|
||||
Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-gui-2.8.tar.gz
|
||||
Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-sandbox-2.8.tar.gz
|
||||
Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-dbus-2.8.tar.gz
|
||||
Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/semodule-utils-2.8.tar.gz
|
||||
Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/restorecond-2.8.tar.gz
|
||||
URL: https://github.com/SELinuxProject
|
||||
Source12: policycoreutils_man_ru2.tar.bz2
|
||||
Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
|
||||
Source1: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-python-3.1.tar.gz
|
||||
Source2: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-gui-3.1.tar.gz
|
||||
Source3: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-sandbox-3.1.tar.gz
|
||||
Source4: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-dbus-3.1.tar.gz
|
||||
Source5: https://github.com/SELinuxProject/selinux/releases/download/20200710/semodule-utils-3.1.tar.gz
|
||||
Source6: https://github.com/SELinuxProject/selinux/releases/download/20200710/restorecond-3.1.tar.gz
|
||||
URL: https://github.com/SELinuxProject/selinux
|
||||
Source13: system-config-selinux.png
|
||||
Source14: sepolicy-icons.tgz
|
||||
Source15: selinux-autorelabel
|
||||
|
@ -35,19 +33,37 @@ Source20: policycoreutils-po.tgz
|
|||
Source21: python-po.tgz
|
||||
Source22: gui-po.tgz
|
||||
Source23: sandbox-po.tgz
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/15b521e6d24b1cb3a004d49f630f1d33f3e11466
|
||||
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
|
||||
# VERSION=2.8 ./make-fedora-selinux-patch.sh $i
|
||||
# done
|
||||
Patch: policycoreutils-fedora.patch
|
||||
Patch1: selinux-python-fedora.patch
|
||||
Patch2: selinux-gui-fedora.patch
|
||||
Patch3: selinux-sandbox-fedora.patch
|
||||
Patch4: selinux-dbus-fedora.patch
|
||||
Patch5: semodule-utils-fedora.patch
|
||||
Patch6: restorecond-fedora.patch
|
||||
# https://github.com/fedora-selinux/selinux
|
||||
# $ git format-patch -N 20200710 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
||||
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
||||
# Patch list start
|
||||
Patch0001: 0001-python-audit2allow-add-include-limits.h-to-sepolgen-.patch
|
||||
Patch0002: 0002-restorecond-Set-X-GNOME-HiddenUnderSystemd-true-in-r.patch
|
||||
Patch0003: 0003-fixfiles-correctly-restore-context-of-mountpoints.patch
|
||||
Patch0004: 0004-sepolgen-print-extended-permissions-in-hexadecimal.patch
|
||||
Patch0005: 0005-sepolgen-sort-extended-rules-like-normal-ones.patch
|
||||
Patch0006: 0006-newrole-support-cross-compilation-with-PAM-and-audit.patch
|
||||
Patch0007: 0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
||||
Patch0008: 0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
||||
Patch0009: 0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
||||
Patch0010: 0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
||||
Patch0011: 0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
||||
Patch0012: 0012-Fix-title-in-manpage.py-to-not-contain-online.patch
|
||||
Patch0013: 0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
||||
Patch0014: 0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
||||
Patch0015: 0015-sepolicy-Another-small-optimization-for-mcs-types.patch
|
||||
Patch0016: 0016-Move-po-translation-files-into-the-right-sub-directo.patch
|
||||
Patch0017: 0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
||||
Patch0018: 0018-Initial-.pot-files-for-gui-python-sandbox.patch
|
||||
Patch0019: 0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
||||
Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
|
||||
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
||||
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
||||
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
|
||||
Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
|
||||
Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
|
||||
# Patch list end
|
||||
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
||||
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
||||
|
@ -55,11 +71,12 @@ Conflicts: initscripts < 9.66
|
|||
Provides: /sbin/fixfiles
|
||||
Provides: /sbin/restorecon
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
BuildRequires: gcc make
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||
BuildRequires: python2-devel python3-devel
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: systemd
|
||||
BuildRequires: git-core
|
||||
Requires: util-linux grep gawk diffutils rpm sed
|
||||
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
|
||||
|
||||
|
@ -79,44 +96,49 @@ for basic operation of a SELinux system. These utilities include
|
|||
load_policy to load policies, setfiles to label filesystems, newrole
|
||||
to switch roles.
|
||||
|
||||
%prep
|
||||
%prep -p /usr/bin/bash
|
||||
# create selinux/ directory and extract sources
|
||||
%setup -q -c -n selinux
|
||||
%setup -q -T -D -a 1 -n selinux
|
||||
%setup -q -T -D -a 2 -n selinux
|
||||
%setup -q -T -D -a 3 -n selinux
|
||||
%setup -q -T -D -a 4 -n selinux
|
||||
%setup -q -T -D -a 5 -n selinux
|
||||
%setup -q -T -D -a 6 -n selinux
|
||||
%patch -p0 -b .policycoreutils-fedora
|
||||
%autosetup -S git -N -c -n selinux
|
||||
%autosetup -S git -N -T -D -a 1 -n selinux
|
||||
%autosetup -S git -N -T -D -a 2 -n selinux
|
||||
%autosetup -S git -N -T -D -a 3 -n selinux
|
||||
%autosetup -S git -N -T -D -a 4 -n selinux
|
||||
%autosetup -S git -N -T -D -a 5 -n selinux
|
||||
%autosetup -S git -N -T -D -a 6 -n selinux
|
||||
|
||||
cp %{SOURCE13} selinux-gui-%{version}/
|
||||
tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
|
||||
%patch1 -p0 -b .selinux-python
|
||||
%patch2 -p0 -b .selinux-gui
|
||||
%patch3 -p0 -b .selinux-sandbox
|
||||
%patch4 -p0 -b .selinux-dbus
|
||||
#%%patch5 -p0 -b .semodule-utils
|
||||
#%%patch6 -p0 -b .restorecond
|
||||
for i in *; do
|
||||
git mv $i ${i/-%{version}/}
|
||||
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
|
||||
done
|
||||
|
||||
for i in selinux-*; do
|
||||
git mv $i ${i#selinux-}
|
||||
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i#selinux-}"
|
||||
done
|
||||
|
||||
git am %{_sourcedir}/[0-9]*.patch
|
||||
|
||||
cp %{SOURCE13} gui/
|
||||
tar -xvf %{SOURCE14} -C python/sepolicy/
|
||||
|
||||
# Since patches containing translation changes were too big, translations were moved to separate tarballs
|
||||
# For more information see README.translations
|
||||
tar -x -f %{SOURCE20} -C policycoreutils-%{version} -z
|
||||
tar -x -f %{SOURCE21} -C selinux-python-%{version} -z
|
||||
tar -x -f %{SOURCE22} -C selinux-gui-%{version} -z
|
||||
tar -x -f %{SOURCE23} -C selinux-sandbox-%{version} -z
|
||||
tar -x -f %{SOURCE20} -C policycoreutils -z
|
||||
tar -x -f %{SOURCE21} -C python -z
|
||||
tar -x -f %{SOURCE22} -C gui -z
|
||||
tar -x -f %{SOURCE23} -C sandbox -z
|
||||
|
||||
%build
|
||||
%set_build_flags
|
||||
export PYTHON=%{__python3}
|
||||
|
||||
make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C selinux-python-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}%{_bindir}
|
||||
|
@ -126,28 +148,28 @@ mkdir -p %{buildroot}%{_mandir}/man5
|
|||
mkdir -p %{buildroot}%{_mandir}/man8
|
||||
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
|
||||
|
||||
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
make -C selinux-python-%{version} PYTHON=%{__python2} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
||||
%make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
|
||||
|
||||
# Fix perms on newrole so that objcopy can process it
|
||||
chmod 0755 %{buildroot}%{_bindir}/newrole
|
||||
|
||||
# Systemd
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
||||
|
||||
tar -jxf %{SOURCE12} -C %{buildroot}/
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8*
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
|
||||
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
|
||||
rm -f %{buildroot}/usr/sbin/open_init_pty
|
||||
|
@ -156,27 +178,6 @@ rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
|
|||
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
|
||||
rm -f %{buildroot}/etc/pam.d/run_init*
|
||||
|
||||
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
|
||||
|
||||
desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
|
||||
|
||||
desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
|
||||
|
||||
desktop-file-install --dir %{buildroot}%{_datadir}/applications \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
|
||||
|
||||
rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
|
||||
rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
|
||||
rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1566618
|
||||
# we don't need python2 sepolicy gui files anymore
|
||||
rm -f %{buildroot}%{python2_sitelib}/sepolicy/gui.*
|
||||
rm -f %{buildroot}%{python2_sitelib}/sepolicy/sepolicy.glade
|
||||
rm -rf %{buildroot}%{python2_sitelib}/sepolicy/help
|
||||
|
||||
mkdir -m 755 -p %{buildroot}/%{generatorsdir}
|
||||
install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
|
||||
install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
|
||||
|
@ -184,9 +185,6 @@ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
|
|||
install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
|
||||
install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
|
||||
|
||||
# change /usr/bin/python3? to /usr/bin/python2 in policycoreutils-python/python2-policycoreutils
|
||||
pathfix.py -i "%{__python2} -Es" -p %{buildroot}%{python2_sitelib}
|
||||
|
||||
# change /usr/bin/python to %%{__python3} in policycoreutils-python3
|
||||
pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
|
||||
|
||||
|
@ -201,12 +199,10 @@ pathfix.py -i "%{__python3} -Es" -p \
|
|||
%{buildroot}%{_bindir}/sepolgen-ifgen \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
|
||||
%{buildroot}%{_datadir}/system-config-selinux/polgengui.py \
|
||||
%nil
|
||||
|
||||
# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
|
||||
find %{buildroot}%{python2_sitelib} %{buildroot}%{python2_sitearch} \
|
||||
%{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
|
||||
find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
|
||||
%{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
|
||||
-type f -name '*~' | xargs rm -f
|
||||
|
||||
|
@ -232,24 +228,24 @@ an SELinux environment.
|
|||
%files python-utils
|
||||
%{_sbindir}/semanage
|
||||
%{_bindir}/chcat
|
||||
%{_bindir}/sandbox
|
||||
%{_bindir}/audit2allow
|
||||
%{_bindir}/audit2why
|
||||
%{_mandir}/man1/audit2allow.1*
|
||||
%{_mandir}/ru/man1/audit2allow.1*
|
||||
%{_mandir}/man1/audit2why.1*
|
||||
%{_mandir}/ru/man1/audit2why.1*
|
||||
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
|
||||
%{_mandir}/man8/chcat.8*
|
||||
%{_mandir}/ru/man8/chcat.8*
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
%{_mandir}/man8/semanage*.8*
|
||||
%{_mandir}/ru/man8/semanage.8*
|
||||
%{_mandir}/ru/man8/semanage*.8*
|
||||
%{_datadir}/bash-completion/completions/semanage
|
||||
|
||||
%package dbus
|
||||
Summary: SELinux policy core DBUS api
|
||||
Requires: python3-policycoreutils = %{version}-%{release}
|
||||
Requires: python3-slip-dbus
|
||||
Requires: python3-gobject-base
|
||||
BuildArch: noarch
|
||||
|
||||
%description dbus
|
||||
|
@ -277,7 +273,7 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
|
|||
# no python3-audit-libs yet
|
||||
Requires:audit-libs-python3 >= %{libauditver}
|
||||
Requires: checkpolicy
|
||||
Requires: python3-setools >= 4.1.1
|
||||
Requires: python3-setools >= 4.4.0
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n python3-policycoreutils
|
||||
|
@ -304,43 +300,6 @@ by python 3 in an SELinux environment.
|
|||
%{python3_sitelib}/sepolicy*.egg-info
|
||||
%{python3_sitelib}/sepolicy/__pycache__
|
||||
|
||||
%package -n python2-policycoreutils
|
||||
%{?python_provide:%python_provide python2-policycoreutils}
|
||||
# Remove before F30
|
||||
Provides: %{name}-python = %{version}-%{release}
|
||||
Provides: %{name}-python = %{version}-%{release}
|
||||
Obsoletes: %{name}-python < %{version}-%{release}
|
||||
Summary: SELinux policy core python2 utilities
|
||||
Requires:policycoreutils = %{version}-%{release}
|
||||
Requires:python2-libsemanage >= %{libsemanagever} python2-libselinux
|
||||
# no python2-audit-libs yet
|
||||
Requires:audit-libs-python2 >= %{libauditver}
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Requires: python2-IPy
|
||||
Requires: checkpolicy
|
||||
Requires: python2-setools >= 4.1.1
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n python2-policycoreutils
|
||||
The policycoreutils-python package contains the management tools use to manage
|
||||
an SELinux environment.
|
||||
|
||||
%files -n python2-policycoreutils
|
||||
%{python2_sitelib}/seobject.py*
|
||||
%{python2_sitelib}/sepolgen
|
||||
%dir %{python2_sitelib}/sepolicy
|
||||
%{python2_sitelib}/sepolicy/templates
|
||||
%{python2_sitelib}/sepolicy/__init__.py*
|
||||
%{python2_sitelib}/sepolicy/booleans.py*
|
||||
%{python2_sitelib}/sepolicy/communicate.py*
|
||||
%{python2_sitelib}/sepolicy/generate.py*
|
||||
%{python2_sitelib}/sepolicy/interface.py*
|
||||
%{python2_sitelib}/sepolicy/manpage.py*
|
||||
%{python2_sitelib}/sepolicy/network.py*
|
||||
%{python2_sitelib}/sepolicy/transition.py*
|
||||
%{python2_sitelib}/sepolicy/sedbus.py*
|
||||
%{python2_sitelib}/sepolicy*.egg-info
|
||||
|
||||
%package devel
|
||||
Summary: SELinux policy core policy devel utilities
|
||||
Requires: policycoreutils-python-utils = %{version}-%{release}
|
||||
|
@ -358,6 +317,7 @@ The policycoreutils-devel package contains the management tools use to develop p
|
|||
/var/lib/sepolgen/perm_map
|
||||
%{_bindir}/sepolicy
|
||||
%{_mandir}/man8/sepolgen.8*
|
||||
%{_mandir}/ru/man8/sepolgen.8*
|
||||
%{_mandir}/man8/sepolicy-booleans.8*
|
||||
%{_mandir}/man8/sepolicy-generate.8*
|
||||
%{_mandir}/man8/sepolicy-interface.8*
|
||||
|
@ -366,6 +326,7 @@ The policycoreutils-devel package contains the management tools use to develop p
|
|||
%{_mandir}/man8/sepolicy-communicate.8*
|
||||
%{_mandir}/man8/sepolicy-manpage.8*
|
||||
%{_mandir}/man8/sepolicy-transition.8*
|
||||
%{_mandir}/ru/man8/sepolicy*.8*
|
||||
%{_usr}/share/bash-completion/completions/sepolicy
|
||||
|
||||
|
||||
|
@ -386,7 +347,12 @@ sandboxes
|
|||
%{_datadir}/sandbox/start
|
||||
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/ru/man8/seunshare.8*
|
||||
%{_bindir}/sandbox
|
||||
%{_mandir}/man5/sandbox.5*
|
||||
%{_mandir}/ru/man5/sandbox.5*
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
%{_mandir}/ru/man8/sandbox.8*
|
||||
|
||||
%package newrole
|
||||
Summary: The newrole application for RBAC/MLS
|
||||
|
@ -399,6 +365,7 @@ or level of a logged in user.
|
|||
%files newrole
|
||||
%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
|
||||
%{_mandir}/man1/newrole.1.gz
|
||||
%{_mandir}/ru/man1/newrole.1.gz
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/newrole
|
||||
|
||||
%package gui
|
||||
|
@ -425,10 +392,6 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%{_datadir}/system-config-selinux/system-config-selinux.png
|
||||
%{_datadir}/system-config-selinux/*Page.py
|
||||
%{_datadir}/system-config-selinux/__pycache__/*Page.*
|
||||
%{_datadir}/system-config-selinux/html_util.py
|
||||
%{_datadir}/system-config-selinux/__pycache__/html_util.*
|
||||
%{_datadir}/system-config-selinux/polgengui.py
|
||||
%{_datadir}/system-config-selinux/__pycache__/polgengui.*
|
||||
%{_datadir}/system-config-selinux/system-config-selinux.py
|
||||
%{_datadir}/system-config-selinux/__pycache__/system-config-selinux.*
|
||||
%{_datadir}/system-config-selinux/*.ui
|
||||
|
@ -437,8 +400,11 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%{_datadir}/icons/hicolor/*/apps/sepolicy.png
|
||||
%{_datadir}/pixmaps/sepolicy.png
|
||||
%{_mandir}/man8/system-config-selinux.8*
|
||||
%{_mandir}/ru/man8/system-config-selinux.8*
|
||||
%{_mandir}/man8/selinux-polgengui.8*
|
||||
%{_mandir}/ru/man8/selinux-polgengui.8*
|
||||
%{_mandir}/man8/sepolicy-gui.8*
|
||||
%{_mandir}/ru/man8/sepolicy-gui.8*
|
||||
|
||||
%files -f %{name}.lang
|
||||
%{_sbindir}/restorecon
|
||||
|
@ -463,7 +429,9 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%{generatorsdir}/selinux-autorelabel-generator.sh
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
%{_mandir}/man5/selinux_config.5.gz
|
||||
%{_mandir}/ru/man5/selinux_config.5.gz
|
||||
%{_mandir}/man5/sestatus.conf.5.gz
|
||||
%{_mandir}/ru/man5/sestatus.conf.5.gz
|
||||
%{_mandir}/man8/fixfiles.8*
|
||||
%{_mandir}/ru/man8/fixfiles.8*
|
||||
%{_mandir}/man8/load_policy.8*
|
||||
|
@ -471,6 +439,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%{_mandir}/man8/restorecon.8*
|
||||
%{_mandir}/ru/man8/restorecon.8*
|
||||
%{_mandir}/man8/restorecon_xattr.8*
|
||||
%{_mandir}/ru/man8/restorecon_xattr.8*
|
||||
%{_mandir}/man8/semodule.8*
|
||||
%{_mandir}/ru/man8/semodule.8*
|
||||
%{_mandir}/man8/sestatus.8*
|
||||
|
@ -482,17 +451,19 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%{_mandir}/man1/secon.1*
|
||||
%{_mandir}/ru/man1/secon.1*
|
||||
%{_mandir}/man8/genhomedircon.8*
|
||||
%{_mandir}/ru/man8/genhomedircon.8*
|
||||
%{_mandir}/man8/semodule_expand.8*
|
||||
%{_mandir}/ru/man8/semodule_expand.8*
|
||||
%{_mandir}/man8/semodule_link.8*
|
||||
%{_mandir}/ru/man8/semodule_link.8*
|
||||
%{_mandir}/man8/semodule_unpackage.8*
|
||||
%{_mandir}/ru/man8/semodule_unpackage.8*
|
||||
%{_mandir}/man8/semodule_package.8*
|
||||
%{_mandir}/ru/man8/semodule_package.8*
|
||||
%dir %{_datadir}/bash-completion
|
||||
%{_datadir}/bash-completion/completions/setsebool
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license policycoreutils-%{version}/COPYING
|
||||
%license policycoreutils/COPYING
|
||||
%doc %{_usr}/share/doc/%{name}
|
||||
|
||||
%package restorecond
|
||||
|
@ -505,14 +476,52 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%files restorecond
|
||||
%{_sbindir}/restorecond
|
||||
%{_unitdir}/restorecond.service
|
||||
%{_userunitdir}/restorecond_user.service
|
||||
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
|
||||
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
|
||||
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
||||
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
||||
%{_mandir}/man8/restorecond.8*
|
||||
%{_mandir}/ru/man8/restorecond.8*
|
||||
/usr/share/man/ru/man1/audit2why.1.gz
|
||||
/usr/share/man/ru/man1/newrole.1.gz
|
||||
/usr/share/man/ru/man5/sandbox.5.gz
|
||||
/usr/share/man/ru/man5/selinux_config.5.gz
|
||||
/usr/share/man/ru/man5/sestatus.conf.5.gz
|
||||
/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||
/usr/share/man/ru/man8/restorecon_xattr.8.gz
|
||||
/usr/share/man/ru/man8/sandbox.8.gz
|
||||
/usr/share/man/ru/man8/selinux-polgengui.8.gz
|
||||
/usr/share/man/ru/man8/semanage-boolean.8.gz
|
||||
/usr/share/man/ru/man8/semanage-dontaudit.8.gz
|
||||
/usr/share/man/ru/man8/semanage-export.8.gz
|
||||
/usr/share/man/ru/man8/semanage-fcontext.8.gz
|
||||
/usr/share/man/ru/man8/semanage-ibendport.8.gz
|
||||
/usr/share/man/ru/man8/semanage-ibpkey.8.gz
|
||||
/usr/share/man/ru/man8/semanage-import.8.gz
|
||||
/usr/share/man/ru/man8/semanage-interface.8.gz
|
||||
/usr/share/man/ru/man8/semanage-login.8.gz
|
||||
/usr/share/man/ru/man8/semanage-module.8.gz
|
||||
/usr/share/man/ru/man8/semanage-node.8.gz
|
||||
/usr/share/man/ru/man8/semanage-permissive.8.gz
|
||||
/usr/share/man/ru/man8/semanage-port.8.gz
|
||||
/usr/share/man/ru/man8/semanage-user.8.gz
|
||||
/usr/share/man/ru/man8/semodule_unpackage.8.gz
|
||||
/usr/share/man/ru/man8/sepolgen.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-booleans.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-communicate.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-generate.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-gui.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-interface.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-manpage.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-network.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy-transition.8.gz
|
||||
/usr/share/man/ru/man8/sepolicy.8.gz
|
||||
/usr/share/man/ru/man8/seunshare.8.gz
|
||||
/usr/share/man/ru/man8/system-config-selinux.8.gz
|
||||
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license policycoreutils-%{version}/COPYING
|
||||
%license policycoreutils/COPYING
|
||||
|
||||
%post
|
||||
%systemd_post selinux-autorelabel-mark.service
|
||||
|
@ -530,6 +539,97 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||
%systemd_postun_with_restart restorecond.service
|
||||
|
||||
%changelog
|
||||
* Tue Nov 24 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-8
|
||||
- Fix BuildRequires to libsemanage-devel
|
||||
|
||||
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
|
||||
- python/sepolicy: allow to override manpage date
|
||||
- selinux_config(5): add a note that runtime disable is deprecated
|
||||
|
||||
* Mon Nov 9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
|
||||
- Require latest setools
|
||||
|
||||
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
|
||||
- Build with libsepol.so.1 and libsemanage.so.2
|
||||
- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
|
||||
- fixfiles: correctly restore context of mountpoints
|
||||
- sepolgen: print extended permissions in hexadecimal
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-4
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||
- SELinux userspace 3.1 release
|
||||
|
||||
* Mon Jun 1 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-4
|
||||
- policycoreutils-dbus requires python3-gobject-base
|
||||
|
||||
* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-3
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||
- SELinux userspace 3.0 release
|
||||
|
||||
* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
|
||||
- semanage: Do not use default s0 range in "semanage login -a" (#1312283)
|
||||
|
||||
* Thu Aug 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
|
||||
- gui: Fix remove module in system-config-selinux (#1740936)
|
||||
|
||||
* Fri Aug 23 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
|
||||
- fixfiles: Fix unbound variable problem
|
||||
|
||||
* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-4
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Mon Aug 5 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
|
||||
- Drop python2-policycoreutils
|
||||
- Update ru man page translations
|
||||
- fixfiles: Fix [-B] [-F] onboot
|
||||
|
||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
||||
- SELinux userspace 2.9 release
|
||||
|
||||
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
|
||||
- SELinux userspace 2.9-rc2 release
|
||||
|
||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
|
||||
- SELinux userspace 2.9-rc1 release candidate
|
||||
|
||||
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-17
|
||||
- python2-policycoreutils requires python2-ipaddress (#1669230)
|
||||
|
||||
* Tue Jan 22 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-16
|
||||
- restorecond: Install DBUS service file with 644 permissions
|
||||
|
||||
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-15
|
||||
- setsebool: support use of -P on SELinux-disabled hosts
|
||||
- sepolicy: initialize mislabeled_files in __init__()
|
||||
- audit2allow: use local sepolgen-ifgen-attr-helper for tests
|
||||
- audit2allow: allow using audit2why as non-root user
|
||||
- audit2allow/sepolgen-ifgen: show errors on stderr
|
||||
- audit2allow/sepolgen-ifgen: add missing \n to error message
|
||||
- sepolgen: close /etc/selinux/sepolgen.conf after parsing it
|
||||
- sepolicy: Make policy files sorting more robust
|
||||
- semanage: Load a store policy and set the store SELinux policy root
|
||||
|
||||
* Thu Dec 20 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-14
|
||||
- chcat: fix removing categories on users with Fedora default setup
|
||||
- semanage: Include MCS/MLS range when exporting local customizations
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
diff --git restorecond-2.8/restorecond.c restorecond-2.8/restorecond.c
|
||||
index 6fbbd35..e1d26cb 100644
|
||||
--- restorecond-2.8/restorecond.c
|
||||
+++ restorecond-2.8/restorecond.c
|
||||
@@ -105,6 +105,7 @@ static int write_pid_file(void)
|
||||
}
|
||||
if (write(pidfd, val, (unsigned int)len) != len) {
|
||||
syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
|
||||
+ close(pidfd);
|
||||
return 1;
|
||||
}
|
||||
close(pidfd);
|
|
@ -11,4 +11,4 @@ ExecStart=/usr/libexec/selinux/selinux-autorelabel
|
|||
Type=oneshot
|
||||
TimeoutSec=0
|
||||
RemainAfterExit=yes
|
||||
StandardInput=tty
|
||||
StandardOutput=journal+console
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
diff --git selinux-dbus-2.8/org.selinux.conf selinux-dbus-2.8/org.selinux.conf
|
||||
index a350978..1ae079d 100644
|
||||
--- selinux-dbus-2.8/org.selinux.conf
|
||||
+++ selinux-dbus-2.8/org.selinux.conf
|
||||
@@ -12,12 +12,8 @@
|
||||
|
||||
<!-- Allow anyone to invoke methods on the interfaces,
|
||||
authorization is performed by PolicyKit -->
|
||||
- <policy at_console="true">
|
||||
- <allow send_destination="org.selinux"/>
|
||||
- </policy>
|
||||
<policy context="default">
|
||||
- <allow send_destination="org.selinux"
|
||||
- send_interface="org.freedesktop.DBus.Introspectable"/>
|
||||
+ <allow send_destination="org.selinux"/>
|
||||
</policy>
|
||||
|
||||
</busconfig>
|
||||
diff --git selinux-dbus-2.8/org.selinux.policy selinux-dbus-2.8/org.selinux.policy
|
||||
index 0126610..9772127 100644
|
||||
--- selinux-dbus-2.8/org.selinux.policy
|
||||
+++ selinux-dbus-2.8/org.selinux.policy
|
||||
@@ -70,9 +70,9 @@
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
- <action id="org.selinux.change_policy_type">
|
||||
- <description>SELinux write access</description>
|
||||
- <message>System policy prevents change_policy_type access to SELinux</message>
|
||||
+ <action id="org.selinux.change_default_mode">
|
||||
+ <description>Change SELinux default enforcing mode</description>
|
||||
+ <message>System policy prevents change_default_policy access to SELinux</message>
|
||||
<defaults>
|
||||
<allow_any>no</allow_any>
|
||||
<allow_inactive>no</allow_inactive>
|
|
@ -1,306 +0,0 @@
|
|||
diff --git selinux-gui-2.8/Makefile selinux-gui-2.8/Makefile
|
||||
index a72e58c..ffe8b97 100644
|
||||
--- selinux-gui-2.8/Makefile
|
||||
+++ selinux-gui-2.8/Makefile
|
||||
@@ -21,6 +21,7 @@ system-config-selinux.ui \
|
||||
usersPage.py
|
||||
|
||||
all: $(TARGETS) system-config-selinux.py polgengui.py
|
||||
+ (cd po && $(MAKE) $@)
|
||||
|
||||
install: all
|
||||
-mkdir -p $(DESTDIR)$(MANDIR)/man8
|
||||
@@ -46,6 +47,8 @@ install: all
|
||||
install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
|
||||
done
|
||||
install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
|
||||
+ (cd po && $(MAKE) $@)
|
||||
+
|
||||
clean:
|
||||
|
||||
indent:
|
||||
diff --git selinux-gui-2.8/booleansPage.py selinux-gui-2.8/booleansPage.py
|
||||
index 7849bea..dd12b6d 100644
|
||||
--- selinux-gui-2.8/booleansPage.py
|
||||
+++ selinux-gui-2.8/booleansPage.py
|
||||
@@ -38,7 +38,7 @@ DISABLED = 2
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/domainsPage.py selinux-gui-2.8/domainsPage.py
|
||||
index bad5140..6bbe4de 100644
|
||||
--- selinux-gui-2.8/domainsPage.py
|
||||
+++ selinux-gui-2.8/domainsPage.py
|
||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/fcontextPage.py selinux-gui-2.8/fcontextPage.py
|
||||
index 370bbee..e424366 100644
|
||||
--- selinux-gui-2.8/fcontextPage.py
|
||||
+++ selinux-gui-2.8/fcontextPage.py
|
||||
@@ -47,7 +47,7 @@ class context:
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/loginsPage.py selinux-gui-2.8/loginsPage.py
|
||||
index b67eb8b..cbfb0cc 100644
|
||||
--- selinux-gui-2.8/loginsPage.py
|
||||
+++ selinux-gui-2.8/loginsPage.py
|
||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/modulesPage.py selinux-gui-2.8/modulesPage.py
|
||||
index 34c5d9e..627ad95 100644
|
||||
--- selinux-gui-2.8/modulesPage.py
|
||||
+++ selinux-gui-2.8/modulesPage.py
|
||||
@@ -30,7 +30,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/po/Makefile selinux-gui-2.8/po/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..a0f5439
|
||||
--- /dev/null
|
||||
+++ selinux-gui-2.8/po/Makefile
|
||||
@@ -0,0 +1,82 @@
|
||||
+#
|
||||
+# Makefile for the PO files (translation) catalog
|
||||
+#
|
||||
+
|
||||
+PREFIX ?= /usr
|
||||
+
|
||||
+# What is this package?
|
||||
+NLSPACKAGE = gui
|
||||
+POTFILE = $(NLSPACKAGE).pot
|
||||
+INSTALL = /usr/bin/install -c -p
|
||||
+INSTALL_DATA = $(INSTALL) -m 644
|
||||
+INSTALL_DIR = /usr/bin/install -d
|
||||
+
|
||||
+# destination directory
|
||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
||||
+
|
||||
+# PO catalog handling
|
||||
+MSGMERGE = msgmerge
|
||||
+MSGMERGE_FLAGS = -q
|
||||
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
|
||||
+MSGFMT = msgfmt
|
||||
+
|
||||
+# All possible linguas
|
||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
||||
+
|
||||
+# Only the files matching what the user has set in LINGUAS
|
||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
||||
+
|
||||
+# if no valid LINGUAS, build all languages
|
||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
+
|
||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
+
|
||||
+#default:: clean
|
||||
+
|
||||
+all:: $(MOFILES)
|
||||
+
|
||||
+$(POTFILE): $(POTFILES)
|
||||
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
+ rm -f $(NLSPACKAGE).po; \
|
||||
+ else \
|
||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
+ fi; \
|
||||
+
|
||||
+
|
||||
+refresh-po: Makefile
|
||||
+ for cat in $(POFILES); do \
|
||||
+ lang=`basename $$cat .po`; \
|
||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
||||
+ mv -f $$lang.pot $$lang.po ; \
|
||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
||||
+ else \
|
||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
||||
+ rm -f $$lang.pot ; \
|
||||
+ fi \
|
||||
+ done
|
||||
+
|
||||
+clean:
|
||||
+ @rm -fv *mo *~ .depend
|
||||
+ @rm -rf tmp
|
||||
+
|
||||
+install: $(MOFILES)
|
||||
+ @for n in $(MOFILES); do \
|
||||
+ l=`basename $$n .mo`; \
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
||||
+ done
|
||||
+
|
||||
+%.mo: %.po
|
||||
+ $(MSGFMT) -o $@ $<
|
||||
+report:
|
||||
+ @for cat in $(wildcard *.po); do \
|
||||
+ echo -n "$$cat: "; \
|
||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
||||
+ done
|
||||
+
|
||||
+.PHONY: missing depend
|
||||
+
|
||||
+relabel:
|
||||
diff --git selinux-gui-2.8/po/POTFILES selinux-gui-2.8/po/POTFILES
|
||||
new file mode 100644
|
||||
index 0000000..1795c5c
|
||||
--- /dev/null
|
||||
+++ selinux-gui-2.8/po/POTFILES
|
||||
@@ -0,0 +1,17 @@
|
||||
+../booleansPage.py
|
||||
+../domainsPage.py
|
||||
+../fcontextPage.py
|
||||
+../loginsPage.py
|
||||
+../modulesPage.py
|
||||
+../org.selinux.config.policy
|
||||
+../polgengui.py
|
||||
+../polgen.ui
|
||||
+../portsPage.py
|
||||
+../selinux-polgengui.desktop
|
||||
+../semanagePage.py
|
||||
+../sepolicy.desktop
|
||||
+../statusPage.py
|
||||
+../system-config-selinux.desktop
|
||||
+../system-config-selinux.py
|
||||
+../system-config-selinux.ui
|
||||
+../usersPage.py
|
||||
diff --git selinux-gui-2.8/polgen.ui selinux-gui-2.8/polgen.ui
|
||||
index aa4c70a..6a8c067 100644
|
||||
--- selinux-gui-2.8/polgen.ui
|
||||
+++ selinux-gui-2.8/polgen.ui
|
||||
@@ -1975,7 +1975,7 @@ Tab</property>
|
||||
<object class="GtkLabel" id="label17">
|
||||
<property name="visible">True</property>
|
||||
<property name="can_focus">False</property>
|
||||
- <property name="label">Add File</property>
|
||||
+ <property name="label" translatable="yes">Add File</property>
|
||||
<property name="use_underline">True</property>
|
||||
</object>
|
||||
<packing>
|
||||
@@ -2028,7 +2028,7 @@ Tab</property>
|
||||
<object class="GtkLabel" id="label16">
|
||||
<property name="visible">True</property>
|
||||
<property name="can_focus">False</property>
|
||||
- <property name="label">Add Directory</property>
|
||||
+ <property name="label" translatable="yes">Add Directory</property>
|
||||
<property name="use_underline">True</property>
|
||||
</object>
|
||||
<packing>
|
||||
@@ -2176,7 +2176,7 @@ Tab</property>
|
||||
<object class="GtkLabel" id="label3">
|
||||
<property name="visible">True</property>
|
||||
<property name="can_focus">False</property>
|
||||
- <property name="label">Add Boolean</property>
|
||||
+ <property name="label" translatable="yes">Add Boolean</property>
|
||||
<property name="use_underline">True</property>
|
||||
</object>
|
||||
<packing>
|
||||
diff --git selinux-gui-2.8/polgengui.py selinux-gui-2.8/polgengui.py
|
||||
index 1601dbe..7e0d9d0 100644
|
||||
--- selinux-gui-2.8/polgengui.py
|
||||
+++ selinux-gui-2.8/polgengui.py
|
||||
@@ -63,7 +63,7 @@ def get_all_modules():
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/portsPage.py selinux-gui-2.8/portsPage.py
|
||||
index 30f5838..a537ecc 100644
|
||||
--- selinux-gui-2.8/portsPage.py
|
||||
+++ selinux-gui-2.8/portsPage.py
|
||||
@@ -35,7 +35,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/semanagePage.py selinux-gui-2.8/semanagePage.py
|
||||
index 4127804..5361d69 100644
|
||||
--- selinux-gui-2.8/semanagePage.py
|
||||
+++ selinux-gui-2.8/semanagePage.py
|
||||
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/statusPage.py selinux-gui-2.8/statusPage.py
|
||||
index 766854b..a8f079b 100644
|
||||
--- selinux-gui-2.8/statusPage.py
|
||||
+++ selinux-gui-2.8/statusPage.py
|
||||
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/system-config-selinux.py selinux-gui-2.8/system-config-selinux.py
|
||||
index ce7c74b..a81e9dd 100644
|
||||
--- selinux-gui-2.8/system-config-selinux.py
|
||||
+++ selinux-gui-2.8/system-config-selinux.py
|
||||
@@ -45,7 +45,7 @@ import selinux
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
diff --git selinux-gui-2.8/usersPage.py selinux-gui-2.8/usersPage.py
|
||||
index 26794ed..d15d4c5 100644
|
||||
--- selinux-gui-2.8/usersPage.py
|
||||
+++ selinux-gui-2.8/usersPage.py
|
||||
@@ -29,7 +29,7 @@ from semanagePage import *
|
||||
##
|
||||
## I18N
|
||||
##
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-gui"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
File diff suppressed because it is too large
Load Diff
|
@ -1,186 +0,0 @@
|
|||
diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile
|
||||
index 49c1d3f..9e45329 100644
|
||||
--- selinux-sandbox-2.8/Makefile
|
||||
+++ selinux-sandbox-2.8/Makefile
|
||||
@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng
|
||||
SEUNSHARE_OBJS = seunshare.o
|
||||
|
||||
all: sandbox seunshare sandboxX.sh start
|
||||
+ (cd po && $(MAKE) $@)
|
||||
|
||||
seunshare: $(SEUNSHARE_OBJS)
|
||||
|
||||
@@ -30,6 +31,7 @@ install: all
|
||||
install -m 755 start $(DESTDIR)$(SHAREDIR)
|
||||
-mkdir -p $(DESTDIR)$(SYSCONFDIR)
|
||||
install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
|
||||
+ (cd po && $(MAKE) $@)
|
||||
|
||||
test:
|
||||
@$(PYTHON) test_sandbox.py -v
|
||||
diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..0556bbe
|
||||
--- /dev/null
|
||||
+++ selinux-sandbox-2.8/po/Makefile
|
||||
@@ -0,0 +1,82 @@
|
||||
+#
|
||||
+# Makefile for the PO files (translation) catalog
|
||||
+#
|
||||
+
|
||||
+PREFIX ?= /usr
|
||||
+
|
||||
+# What is this package?
|
||||
+NLSPACKAGE = sandbox
|
||||
+POTFILE = $(NLSPACKAGE).pot
|
||||
+INSTALL = /usr/bin/install -c -p
|
||||
+INSTALL_DATA = $(INSTALL) -m 644
|
||||
+INSTALL_DIR = /usr/bin/install -d
|
||||
+
|
||||
+# destination directory
|
||||
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
|
||||
+
|
||||
+# PO catalog handling
|
||||
+MSGMERGE = msgmerge
|
||||
+MSGMERGE_FLAGS = -q
|
||||
+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
|
||||
+MSGFMT = msgfmt
|
||||
+
|
||||
+# All possible linguas
|
||||
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
|
||||
+
|
||||
+# Only the files matching what the user has set in LINGUAS
|
||||
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
|
||||
+
|
||||
+# if no valid LINGUAS, build all languages
|
||||
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
|
||||
+
|
||||
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
|
||||
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
|
||||
+POTFILES = $(shell cat POTFILES)
|
||||
+
|
||||
+#default:: clean
|
||||
+
|
||||
+all:: $(POTFILE) $(MOFILES)
|
||||
+
|
||||
+$(POTFILE): $(POTFILES)
|
||||
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
|
||||
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
|
||||
+ rm -f $(NLSPACKAGE).po; \
|
||||
+ else \
|
||||
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
|
||||
+ fi; \
|
||||
+
|
||||
+
|
||||
+refresh-po: Makefile
|
||||
+ for cat in $(POFILES); do \
|
||||
+ lang=`basename $$cat .po`; \
|
||||
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
|
||||
+ mv -f $$lang.pot $$lang.po ; \
|
||||
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
|
||||
+ else \
|
||||
+ echo "$(MSGMERGE) of $$lang failed" ; \
|
||||
+ rm -f $$lang.pot ; \
|
||||
+ fi \
|
||||
+ done
|
||||
+
|
||||
+clean:
|
||||
+ @rm -fv *mo *~ .depend
|
||||
+ @rm -rf tmp
|
||||
+
|
||||
+install: $(MOFILES)
|
||||
+ @for n in $(MOFILES); do \
|
||||
+ l=`basename $$n .mo`; \
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
|
||||
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
|
||||
+ done
|
||||
+
|
||||
+%.mo: %.po
|
||||
+ $(MSGFMT) -o $@ $<
|
||||
+report:
|
||||
+ @for cat in $(wildcard *.po); do \
|
||||
+ echo -n "$$cat: "; \
|
||||
+ msgfmt -v --statistics -o /dev/null $$cat; \
|
||||
+ done
|
||||
+
|
||||
+.PHONY: missing depend
|
||||
+
|
||||
+relabel:
|
||||
diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES
|
||||
new file mode 100644
|
||||
index 0000000..deff3f2
|
||||
--- /dev/null
|
||||
+++ selinux-sandbox-2.8/po/POTFILES
|
||||
@@ -0,0 +1 @@
|
||||
+../sandbox
|
||||
diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox
|
||||
index c07a1d8..948496d 100644
|
||||
--- selinux-sandbox-2.8/sandbox
|
||||
+++ selinux-sandbox-2.8/sandbox
|
||||
@@ -37,7 +37,7 @@ import sepolicy
|
||||
|
||||
SEUNSHARE = "/usr/sbin/seunshare"
|
||||
SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
|
||||
-PROGNAME = "policycoreutils"
|
||||
+PROGNAME = "selinux-sandbox"
|
||||
try:
|
||||
import gettext
|
||||
kwargs = {}
|
||||
@@ -268,7 +268,7 @@ class Sandbox:
|
||||
copyfile(f, "/tmp", self.__tmpdir)
|
||||
copyfile(f, "/var/tmp", self.__tmpdir)
|
||||
|
||||
- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
|
||||
+ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
|
||||
execfile = self.__homedir + "/.sandboxrc"
|
||||
fd = open(execfile, "w+")
|
||||
if self.__options.session:
|
||||
@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
|
||||
|
||||
parser.add_option("-W", "--windowmanager", dest="wm",
|
||||
type="string",
|
||||
- default="/usr/bin/openbox",
|
||||
+ default="/usr/bin/matchbox-window-manager",
|
||||
help=_("alternate window manager"))
|
||||
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8
|
||||
index d83fee7..90ef495 100644
|
||||
--- selinux-sandbox-2.8/sandbox.8
|
||||
+++ selinux-sandbox-2.8/sandbox.8
|
||||
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||
\fB\-W\fR \fB\-\-windowmanager\fR
|
||||
Select alternative window manager to run within
|
||||
.B sandbox \-X.
|
||||
-Default to /usr/bin/openbox.
|
||||
+Default to /usr/bin/matchbox-window-manager.
|
||||
.TP
|
||||
\fB\-X\fR
|
||||
Create an X based Sandbox for gui apps, temporary files for
|
||||
diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh
|
||||
index eaa500d..c211ebc 100644
|
||||
--- selinux-sandbox-2.8/sandboxX.sh
|
||||
+++ selinux-sandbox-2.8/sandboxX.sh
|
||||
@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
|
||||
[ -z $2 ] && export DPI="96" || export DPI="$2"
|
||||
trap "exit 0" HUP
|
||||
|
||||
-mkdir -p ~/.config/openbox
|
||||
-cat > ~/.config/openbox/rc.xml << EOF
|
||||
-<openbox_config xmlns="http://openbox.org/3.4/rc"
|
||||
- xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
-<applications>
|
||||
- <application class="*">
|
||||
- <decor>no</decor>
|
||||
- <desktop>all</desktop>
|
||||
- <maximized>yes</maximized>
|
||||
- </application>
|
||||
-</applications>
|
||||
-</openbox_config>
|
||||
-EOF
|
||||
-
|
||||
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
#!/bin/sh
|
|
@ -1,12 +0,0 @@
|
|||
diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c
|
||||
index 3515234..7b75b3f 100644
|
||||
--- semodule-utils-2.8/semodule_package/semodule_package.c
|
||||
+++ semodule-utils-2.8/semodule_package/semodule_package.c
|
||||
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
|
||||
}
|
||||
if (!sb.st_size) {
|
||||
*len = 0;
|
||||
+ close(fd);
|
||||
return 0;
|
||||
}
|
||||
|
23
sources
23
sources
|
@ -1,12 +1,11 @@
|
|||
SHA512 (policycoreutils_man_ru2.tar.bz2) = 7272801da169b8d7dd3f8b7e368a63a4fbb7ae94599f9384bc450d142e6b2a3805ab542d650cbe9c8978c2d8e5c56ef4c11f361abfefeaf184ec3a4b0d2afb4c
|
||||
SHA512 (policycoreutils-2.8.tar.gz) = 2b4a70836fd8727a16b8f8d4afcc39c9461ab6f5bc1ba5ce5833d41150da921ebb3c9bdbd1cfa7dd31fd382ba18b5433ca9b63bce58bd290db81fa9bedfe29f3
|
||||
SHA512 (restorecond-2.8.tar.gz) = 5d72336782c3ad095746f8e6fa67e36448e5e76ca29586d8fe4962c64e505fa95c1458e8fc8f7d5bd589fff71b4be3758fb0cee3dacd2ccd0bc8476423e2540e
|
||||
SHA512 (selinux-dbus-2.8.tar.gz) = 241b308a4754fdc618466fc0f60234c1a80583eaeca22fab96f2d2779ac91ae03437cdfa8320fcfe5f142cdab543f025425c90eded5ff55d06960f55704a99f2
|
||||
SHA512 (selinux-gui-2.8.tar.gz) = 616323d0516cda80cdc13b8e66890b2c872695c276587304dd88a0948420011f5967ef46053f769f39863a9a9194f6e203102308c89f938ed66331f37c8a8d25
|
||||
SHA512 (selinux-python-2.8.tar.gz) = e695c11122f7f8105b75d1ef98355fd2b82b40d93c2fd9e733dcd95d4d7c392f60b646df81203c43ad2a0e8447f9901083007e1572b78e17368ad2764ffa1aad
|
||||
SHA512 (selinux-sandbox-2.8.tar.gz) = d86582639d1afc532998c2e94e0cc1fe9f7ce1daaa912a39b1b5dddf52c33965c063abe0cdcbcbe4017d5cbcabe351dcd9861323753dffc755de355b87c821b2
|
||||
SHA512 (semodule-utils-2.8.tar.gz) = 13d79a22115f5448dafc5202dc3dec66b9ad826051d61d7c126defe823407959511db35713d97c7dfe9e79de96193fec91a10b98c13743e06a1213f5734f4ae7
|
||||
SHA512 (gui-po.tgz) = 8b4a2ed5f246ea3d6086e2f8b7df37b0e43318b1a1d4dc5aae7cfa32ee6b4e0a39fc0b8f08ff062fd776d54a4c9b88f641d3109f7d8b5ec11b44383c902fefa5
|
||||
SHA512 (policycoreutils-po.tgz) = 8dd151bc67345106fec5daae1a133e74202484509357883e21e1eaccb8283098dc153a8f77e2d4dd0e899995eb07dedf0f7fca68507df35593a7f95482a4cb28
|
||||
SHA512 (python-po.tgz) = c9d88b9523f41b13f53403c0a98fe2fd6ba67afa51d41b56a856340e387eee00d6bd5416cd595a4bf657eaa02797ac3fe25a2a5de17b5f6bb6a2566d14c6c63f
|
||||
SHA512 (sandbox-po.tgz) = 5843f85fb30f802857e5b5914ab8f99ece4e2639b54c8663a3994e612801b6a55a996907c1050965dd3e6b6169d6ec468cc2ae9f65dafbba24ae1dea72a9573b
|
||||
SHA512 (policycoreutils-3.1.tar.gz) = 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140
|
||||
SHA512 (restorecond-3.1.tar.gz) = cdcf299f48b89a7c641ded9507b9b966bf648497394f8e988a9cb1ceb3224c86369706027f3416a4f9750836f7a8f4580a4b3df76673e03f897b383d7ed0e2c8
|
||||
SHA512 (selinux-dbus-3.1.tar.gz) = d5e1715539ec9aeef2285fc141617b7c25f39ddacc3968d2d19722553b97b873632545a2c7002faef44b671604b2cfca52e9624c57cedbae64d616a080cc955f
|
||||
SHA512 (selinux-gui-3.1.tar.gz) = c8bd618da3bd1dcc8aeb470e8410765ea7d38e861b0be78aaddaa5384ec3de12d364de1b63e2d9e3262e1179463f0ee78cb60f11ab72c996899bd72af137ae7c
|
||||
SHA512 (selinux-python-3.1.tar.gz) = 5dd98f77ae8ea8bac6a89ec7def76e12496b9a9f8c9612c4cc1dac7a8e8c60380a00c857426bfefbcb4273706addd2594e9b467f69408ef284f082a09d45bd49
|
||||
SHA512 (selinux-sandbox-3.1.tar.gz) = e9a772c720704de3fc33a70316780d5995442a1e25ba7df6dc68dd7b7a4eb59dfd2b68e4576051053fe81fbea207fcb1648baad3ea2d56d5b3005e9ca4b8ceb7
|
||||
SHA512 (semodule-utils-3.1.tar.gz) = b92794bbfbce5834ee7f62fddb40b5506e9291e8fa7c5d669b2e281089b8f8dc40c4522ea287ac5deffdaee751442ba8e691e2ac45fdd378b60d5d6b2527d157
|
||||
SHA512 (gui-po.tgz) = 8e0855256b825eea422b8e2b82cc0decf66b902c9930840905c5ad5dda7bef3679943a22db62709907d48f8a331d67edc5efed3e2638b53e379959b14077b4ea
|
||||
SHA512 (policycoreutils-po.tgz) = 66b908f7a167225bebded46f9cf92f42eb194daa2a083d48de43c2a5d33fa42724c5add0a9d029ac9d62c500f6f1c8d3bc138dd598b1fd97e609d7cc7160be72
|
||||
SHA512 (python-po.tgz) = 7f2a082b77c7b4417d5d3dac35d86dd635635a9c05a80e5f9284d03604e2f2a06ec879fb29b056d1a46d3fc448cd76e6fd25196834c18a161fd6677f2e11b2be
|
||||
SHA512 (sandbox-po.tgz) = 3d4b389b56bab1a6dddce9884dcebdefbefd1017fec6d987ac22a0705f409ed56722387aaca8fe7d9c468862136387bc703062e2b6de8fd102e13fed04ce811b
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
repositories:
|
||||
- repo: "https://src.fedoraproject.org/tests/selinux.git"
|
||||
dest: "selinux"
|
||||
fmf_filter: "tier: 1 | component: policycoreutils"
|
||||
fmf_filter: "tier: 1 | component: policycoreutils & tags: generic, fedora"
|
||||
|
||||
# Tests for atomic host
|
||||
- hosts: localhost
|
||||
|
|
Loading…
Reference in New Issue