Compare commits
24 Commits
Author | SHA1 | Date |
---|---|---|
|
a06c71a0d3 | |
|
403559f760 | |
|
9005b5b529 | |
|
531062f702 | |
|
b5aeeb75bc | |
|
d46f9204ff | |
|
ed1c24c9e0 | |
|
cee6334c7e | |
|
fd57d1a218 | |
|
7bf7971a06 | |
|
db27692fd6 | |
|
8c97448739 | |
|
15753a3a4a | |
|
99f84b1b02 | |
|
a422c176e0 | |
|
2be6f439a9 | |
|
5594809617 | |
|
4c6238c984 | |
|
6a5bb95dfd | |
|
ae3cda5138 | |
|
1e7540b5b3 | |
|
27d6dacdb9 | |
|
7fa79b350d | |
|
ae29830097 |
|
@ -197,3 +197,4 @@ policycoreutils-2.0.61.tgz
|
|||
sepolgen-1.0.15.tgz
|
||||
policycoreutils-2.0.62.tgz
|
||||
sepolgen-1.0.16.tgz
|
||||
policycoreutils_man_ru2.tar.bz2
|
2
Makefile
2
Makefile
|
@ -4,7 +4,7 @@ NAME := policycoreutils
|
|||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
|
|
@ -0,0 +1,239 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.62/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2009-02-18 13:45:01.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/restorecond/restorecond.c 2009-09-24 20:03:16.000000000 -0700
|
||||
@@ -315,21 +315,24 @@
|
||||
printf("wd=%d mask=%u cookie=%u len=%u\n",
|
||||
event->wd, event->mask,
|
||||
event->cookie, event->len);
|
||||
- if (event->wd == master_wd)
|
||||
- read_config(fd);
|
||||
- else {
|
||||
- switch (utmpwatcher_handle(fd, event->wd)) {
|
||||
- case -1: /* Message was not for utmpwatcher */
|
||||
- if (event->len)
|
||||
- watch_list_find(event->wd, event->name);
|
||||
- break;
|
||||
|
||||
- case 1: /* utmp has changed need to reload */
|
||||
+ if (event->mask & ~IN_IGNORED) {
|
||||
+ if (event->wd == master_wd)
|
||||
read_config(fd);
|
||||
- break;
|
||||
-
|
||||
- default: /* No users logged in or out */
|
||||
- break;
|
||||
+ else {
|
||||
+ switch (utmpwatcher_handle(fd, event->wd)) {
|
||||
+ case -1: /* Message was not for utmpwatcher */
|
||||
+ if (event->len)
|
||||
+ watch_list_find(event->wd, event->name);
|
||||
+ break;
|
||||
+
|
||||
+ case 1: /* utmp has changed need to reload */
|
||||
+ read_config(fd);
|
||||
+ break;
|
||||
+
|
||||
+ default: /* No users logged in or out */
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2009-05-22 11:10:01.000000000 -0700
|
||||
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -129,7 +129,7 @@
|
||||
if [ ! -z "$FILEPATH" ]; then
|
||||
if [ -x /usr/bin/find ]; then
|
||||
/usr/bin/find "$FILEPATH" \
|
||||
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune -o -print0 | \
|
||||
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
|
||||
else
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.62/scripts/Makefile
|
||||
--- nsapolicycoreutils/scripts/Makefile 2009-02-18 13:45:01.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/scripts/Makefile 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -5,11 +5,12 @@
|
||||
MANDIR ?= $(PREFIX)/share/man
|
||||
LOCALEDIR ?= /usr/share/locale
|
||||
|
||||
-all: fixfiles genhomedircon
|
||||
+all: fixfiles genhomedircon sandbox chcat
|
||||
|
||||
install: all
|
||||
-mkdir -p $(BINDIR)
|
||||
install -m 755 chcat $(BINDIR)
|
||||
+ install -m 755 sandbox $(BINDIR)
|
||||
install -m 755 fixfiles $(DESTDIR)/sbin
|
||||
install -m 755 genhomedircon $(SBINDIR)
|
||||
-mkdir -p $(MANDIR)/man8
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.62/scripts/sandbox
|
||||
--- nsapolicycoreutils/scripts/sandbox 1969-12-31 16:00:00.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/scripts/sandbox 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -0,0 +1,139 @@
|
||||
+#!/usr/bin/python -E
|
||||
+import os, sys, getopt, socket, random, fcntl
|
||||
+import selinux
|
||||
+
|
||||
+PROGNAME = "policycoreutils"
|
||||
+
|
||||
+import gettext
|
||||
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
+gettext.textdomain(PROGNAME)
|
||||
+
|
||||
+try:
|
||||
+ gettext.install(PROGNAME,
|
||||
+ localedir = "/usr/share/locale",
|
||||
+ unicode=False,
|
||||
+ codeset = 'utf-8')
|
||||
+except IOError:
|
||||
+ import __builtin__
|
||||
+ __builtin__.__dict__['_'] = unicode
|
||||
+
|
||||
+
|
||||
+random.seed(None)
|
||||
+
|
||||
+def error_exit(msg):
|
||||
+ sys.stderr.write("%s: " % sys.argv[0])
|
||||
+ sys.stderr.write("%s\n" % msg)
|
||||
+ sys.stderr.flush()
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+def mount(context):
|
||||
+ if os.getuid() != 0:
|
||||
+ usage(_("Mount options require root privileges"))
|
||||
+ destdir = "/mnt/%s" % context
|
||||
+ os.mkdir(destdir)
|
||||
+ rc = os.system('/bin/mount -t tmpfs tmpfs %s' % (destdir))
|
||||
+ selinux.setfilecon(destdir, context)
|
||||
+ if rc != 0:
|
||||
+ sys.exit(rc)
|
||||
+ os.chdir(destdir)
|
||||
+
|
||||
+def umount(dest):
|
||||
+ os.chdir("/")
|
||||
+ destdir = "/mnt/%s" % dest
|
||||
+ os.system('/bin/umount %s' % (destdir))
|
||||
+ os.rmdir(destdir)
|
||||
+
|
||||
+
|
||||
+def reserve(mcs):
|
||||
+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
+ sock.bind("\0%s" % mcs)
|
||||
+ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
|
||||
+
|
||||
+def gen_context(setype):
|
||||
+ while True:
|
||||
+ i1 = random.randrange(0, 1024)
|
||||
+ i2 = random.randrange(0, 1024)
|
||||
+ if i1 == i2:
|
||||
+ continue
|
||||
+ if i1 > i2:
|
||||
+ tmp = i1
|
||||
+ i1 = i2
|
||||
+ i2 = tmp
|
||||
+ mcs = "s0:c%d,c%d" % (i1, i2)
|
||||
+ reserve(mcs)
|
||||
+ try:
|
||||
+ reserve(mcs)
|
||||
+ except:
|
||||
+ continue
|
||||
+ break
|
||||
+ con = selinux.getcon()[1].split(":")
|
||||
+
|
||||
+ execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, mcs)
|
||||
+
|
||||
+ filecon = "%s:%s:%s:%s" % (con[0],
|
||||
+ "object_r",
|
||||
+ "%s_file_t" % setype[:-2],
|
||||
+ mcs)
|
||||
+ return execcon, filecon
|
||||
+
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+ if selinux.is_selinux_enabled() != 1:
|
||||
+ error_exit("Requires an SELinux enabled system")
|
||||
+
|
||||
+ def usage(message = ""):
|
||||
+ text = _("""
|
||||
+sandbox [ -m ] [ -t type ] command
|
||||
+""")
|
||||
+ error_exit("%s\n%s" % (message, text))
|
||||
+
|
||||
+ setype = "sandbox_t"
|
||||
+ mount_ind = False
|
||||
+ try:
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m",
|
||||
+ ["help",
|
||||
+ "type=",
|
||||
+ "mount"])
|
||||
+ for o, a in gopts:
|
||||
+ if o == "-t" or o == "--type":
|
||||
+ setype = a
|
||||
+
|
||||
+ if o == "-m" or o == "--mount":
|
||||
+ mount_ind = True
|
||||
+
|
||||
+ if o == "-h" or o == "--help":
|
||||
+ usage(_("Usage"));
|
||||
+
|
||||
+ if len(cmds) == 0:
|
||||
+ usage(_("Command required"))
|
||||
+
|
||||
+ execcon, filecon = gen_context(setype)
|
||||
+ rc = -1
|
||||
+ if mount_ind:
|
||||
+ mount(filecon)
|
||||
+
|
||||
+ if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
|
||||
+ for i in os.environ["PATH"].split(':'):
|
||||
+ f = "%s/%s" % (i, cmds[0])
|
||||
+ if os.access(f, os.X_OK):
|
||||
+ cmds[0] = f
|
||||
+ break
|
||||
+
|
||||
+ selinux.setexeccon(execcon)
|
||||
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
|
||||
+ selinux.setexeccon(None)
|
||||
+
|
||||
+ if mount_ind:
|
||||
+ umount(filecon)
|
||||
+ except getopt.GetoptError, error:
|
||||
+ usage(_("Options Error %s ") % error.msg)
|
||||
+ except ValueError, error:
|
||||
+ error_exit(error.args[0])
|
||||
+ except KeyError, error:
|
||||
+ error_exit(_("Invalid value %s") % error.args[0])
|
||||
+ except IOError, error:
|
||||
+ error_exit(error.args[1])
|
||||
+ except OSError, error:
|
||||
+ error_exit(error.args[1])
|
||||
+
|
||||
+ sys.exit(rc)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.62/scripts/sandbox.8
|
||||
--- nsapolicycoreutils/scripts/sandbox.8 1969-12-31 16:00:00.000000000 -0800
|
||||
+++ policycoreutils-2.0.62/scripts/sandbox.8 2009-07-14 09:08:10.000000000 -0700
|
||||
@@ -0,0 +1,22 @@
|
||||
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
|
||||
+.SH NAME
|
||||
+sandbox \- Run cmd under an SELinux sandbox
|
||||
+.SH SYNOPSIS
|
||||
+.B sandbox
|
||||
+[ -M ] [ -t type ] cmd
|
||||
+.br
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+Run application within a tightly confined SELinux domain, This application can only read and write stdin and stdout along with files handled to it by the shell.
|
||||
+.PP
|
||||
+.TP
|
||||
+\fB\-m\fR
|
||||
+Mount a temporary file system and change working directory to it, files will be removed when job completes.
|
||||
+.TP
|
||||
+\fB\-t type\fR
|
||||
+Use alternate sandbox type, defaults to sandbox_t
|
||||
+.TP
|
||||
+.SH "SEE ALSO"
|
||||
+.TP
|
||||
+runcon(1)
|
||||
+.PP
|
|
@ -1,6 +1,6 @@
|
|||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.62/gui/booleansPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.74/gui/booleansPage.py
|
||||
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/booleansPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/booleansPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,247 @@
|
||||
+#
|
||||
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
|
||||
|
@ -249,9 +249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
|
|||
+ self.load(self.filter)
|
||||
+ return True
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.62/gui/domainsPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.74/gui/domainsPage.py
|
||||
--- nsapolicycoreutils/gui/domainsPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/domainsPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/domainsPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,154 @@
|
||||
+## domainsPage.py - show selinux domains
|
||||
+## Copyright (C) 2009 Red Hat, Inc.
|
||||
|
@ -407,9 +407,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py polic
|
|||
+
|
||||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.62/gui/fcontextPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.74/gui/fcontextPage.py
|
||||
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/fcontextPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/fcontextPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,223 @@
|
||||
+## fcontextPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -634,9 +634,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
|
|||
+ self.store.set_value(iter, SPEC_COL, fspec)
|
||||
+ self.store.set_value(iter, FTYPE_COL, ftype)
|
||||
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.62/gui/html_util.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.74/gui/html_util.py
|
||||
--- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/html_util.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/html_util.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,164 @@
|
||||
+# Authors: John Dennis <jdennis@redhat.com>
|
||||
+#
|
||||
|
@ -802,9 +802,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policyc
|
|||
+ doc += tail
|
||||
+ return doc
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.62/gui/lockdown.glade
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.74/gui/lockdown.glade
|
||||
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/lockdown.glade 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/lockdown.glade 2009-09-28 09:13:55.000000000 -0400
|
||||
@@ -0,0 +1,771 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -1577,9 +1577,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
|
|||
+</widget>
|
||||
+
|
||||
+</glade-interface>
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.62/gui/lockdown.gladep
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.74/gui/lockdown.gladep
|
||||
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/lockdown.gladep 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/lockdown.gladep 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -1588,9 +1588,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep poli
|
|||
+ <name></name>
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.62/gui/lockdown.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.74/gui/lockdown.py
|
||||
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/lockdown.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/lockdown.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,382 @@
|
||||
+#!/usr/bin/python
|
||||
+#
|
||||
|
@ -1974,9 +1974,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
|
|||
+
|
||||
+ app = booleanWindow()
|
||||
+ app.stand_alone()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.62/gui/loginsPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.74/gui/loginsPage.py
|
||||
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/loginsPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/loginsPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,185 @@
|
||||
+## loginsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -2163,12 +2163,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
|
|||
+ self.store.set_value(iter, 1, seuser)
|
||||
+ self.store.set_value(iter, 2, seobject.translate(serange))
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.62/gui/Makefile
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.74/gui/Makefile
|
||||
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/Makefile 2009-02-18 16:52:27.000000000 -0500
|
||||
@@ -0,0 +1,38 @@
|
||||
+++ policycoreutils-2.0.74/gui/Makefile 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,41 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
+BINDIR ?= $(PREFIX)/bin
|
||||
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
|
||||
+
|
||||
+TARGETS= \
|
||||
|
@ -2179,7 +2180,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
|
|||
+loginsPage.py \
|
||||
+mappingsPage.py \
|
||||
+modulesPage.py \
|
||||
+polgen.py \
|
||||
+polgen.glade \
|
||||
+portsPage.py \
|
||||
+lockdown.glade \
|
||||
|
@ -2190,12 +2190,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
|
|||
+usersPage.py \
|
||||
+selinux.tbl
|
||||
+
|
||||
+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py
|
||||
+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py polgen.py
|
||||
+
|
||||
+install: all
|
||||
+ -mkdir -p $(SHAREDIR)/templates
|
||||
+ -mkdir -p $(BINDIR)
|
||||
+ install -m 755 system-config-selinux.py $(SHAREDIR)
|
||||
+ install -m 755 polgengui.py $(SHAREDIR)
|
||||
+ install -m 755 polgen.py $(SHAREDIR)
|
||||
+ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen)
|
||||
+ install -m 755 lockdown.py $(SHAREDIR)
|
||||
+ install -m 644 $(TARGETS) $(SHAREDIR)
|
||||
+ install -m 644 templates/*.py $(SHAREDIR)/templates/
|
||||
|
@ -2205,9 +2208,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
|
|||
+indent:
|
||||
+
|
||||
+relabel:
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.62/gui/mappingsPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.74/gui/mappingsPage.py
|
||||
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/mappingsPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/mappingsPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,56 @@
|
||||
+## mappingsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -2265,9 +2268,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
|
|||
+ for k in keys:
|
||||
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.62/gui/modulesPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.74/gui/modulesPage.py
|
||||
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/modulesPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/modulesPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,190 @@
|
||||
+## modulesPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
|
@ -2459,9 +2462,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
|
|||
+
|
||||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.62/gui/polgen.glade
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.74/gui/polgen.glade
|
||||
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/polgen.glade 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/polgen.glade 2009-09-28 09:14:14.000000000 -0400
|
||||
@@ -0,0 +1,3305 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -5768,9 +5771,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
|
|||
+</widget>
|
||||
+
|
||||
+</glade-interface>
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.62/gui/polgen.gladep
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.74/gui/polgen.gladep
|
||||
--- nsapolicycoreutils/gui/polgen.gladep 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/polgen.gladep 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/polgen.gladep 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -5779,10 +5782,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy
|
|||
+ <name></name>
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.62/gui/polgengui.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.74/gui/polgengui.py
|
||||
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/polgengui.py 2009-02-18 16:52:27.000000000 -0500
|
||||
@@ -0,0 +1,626 @@
|
||||
+++ policycoreutils-2.0.74/gui/polgengui.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,627 @@
|
||||
+#!/usr/bin/python -E
|
||||
+#
|
||||
+# polgengui.py - GUI for SELinux Config tool in system-config-selinux
|
||||
|
@ -6056,6 +6059,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||
+
|
||||
+ if self.pages[type][self.current_page] in self.finish_page:
|
||||
+ self.generate_policy()
|
||||
+ self.xml.get_widget ("cancel_button").set_label(gtk.STOCK_CLOSE)
|
||||
+ else:
|
||||
+ self.current_page = self.current_page + 1
|
||||
+ self.notebook.set_current_page(self.pages[type][self.current_page])
|
||||
|
@ -6409,10 +6413,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||
+
|
||||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.62/gui/polgen.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.74/gui/polgen.py
|
||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/polgen.py 2009-03-07 12:58:37.000000000 -0500
|
||||
@@ -0,0 +1,954 @@
|
||||
+++ policycoreutils-2.0.74/gui/polgen.py 2009-10-01 11:36:54.000000000 -0400
|
||||
@@ -0,0 +1,1188 @@
|
||||
+#!/usr/bin/python
|
||||
+#
|
||||
+# Copyright (C) 2007, 2008, 2009 Red Hat
|
||||
|
@ -6557,6 +6561,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+EUSER = 9
|
||||
+RUSER = 10
|
||||
+
|
||||
+poltype={}
|
||||
+poltype[DAEMON] = _("Standard Init Daemon")
|
||||
+poltype[DBUS] = _("DBUS System Daemon")
|
||||
+poltype[INETD] = _("Internet Services Daemon")
|
||||
+poltype[CGI] = _("Web Application/Script (CGI)")
|
||||
+poltype[USER] = _("User Application")
|
||||
+poltype[TUSER] = _("Minimal Terminal User Role")
|
||||
+poltype[XUSER] = _("Minimal X Windows User Role")
|
||||
+poltype[LUSER] = _("User Role")
|
||||
+poltype[AUSER] = _("Admin User Role")
|
||||
+poltype[RUSER] = _("Root Admin User Role")
|
||||
+
|
||||
+
|
||||
+APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ]
|
||||
+USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
|
||||
+
|
||||
|
@ -6594,6 +6611,85 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ ports = seobject.portRecords()
|
||||
+ self.ports = ports.get_all()
|
||||
+
|
||||
+ self.symbols = {}
|
||||
+ self.symbols["openlog"] = "set_use_kerberos(True)"
|
||||
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
|
||||
+ self.symbols["openlog"] = "set_use_syslog(True)"
|
||||
+ self.symbols["krb"] = "set_use_kerberos(True)"
|
||||
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
|
||||
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
|
||||
+ self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)"
|
||||
+ self.symbols["__syslog_chk"] = "set_use_syslog(True)"
|
||||
+ self.symbols["getpwnam"] = "set_use_uid(True)"
|
||||
+ self.symbols["getpwuid"] = "set_use_uid(True)"
|
||||
+ self.symbols["dbus_"] = "set_use_dbus(True)"
|
||||
+ self.symbols["pam_"] = "set_use_pam(True)"
|
||||
+ self.symbols["pam_"] = "set_use_audit(True)"
|
||||
+
|
||||
+ self.symbols["fork"] = "add_process('fork')"
|
||||
+ self.symbols["transition"] = "add_process('transition')"
|
||||
+ self.symbols["sigchld"] = "add_process('sigchld')"
|
||||
+ self.symbols["sigkill"] = "add_process('sigkill')"
|
||||
+ self.symbols["sigstop"] = "add_process('sigstop')"
|
||||
+ self.symbols["signull"] = "add_process('signull')"
|
||||
+ self.symbols["signal"] = "add_process('signal')"
|
||||
+ self.symbols["ptrace"] = "add_process('ptrace')"
|
||||
+ self.symbols["getsched"] = "add_process('getsched')"
|
||||
+ self.symbols["setsched"] = "add_process('setsched')"
|
||||
+ self.symbols["getsession"] = "add_process('getsession')"
|
||||
+ self.symbols["getpgid"] = "add_process('getpgid')"
|
||||
+ self.symbols["setpgid"] = "add_process('setpgid')"
|
||||
+ self.symbols["getcap"] = "add_process('getcap')"
|
||||
+ self.symbols["setcap"] = "add_process('setcap')"
|
||||
+ self.symbols["share"] = "add_process('share')"
|
||||
+ self.symbols["getattr"] = "add_process('getattr')"
|
||||
+ self.symbols["setexec"] = "add_process('setexec')"
|
||||
+ self.symbols["setfscreate"] = "add_process('setfscreate')"
|
||||
+ self.symbols["noatsecure"] = "add_process('noatsecure')"
|
||||
+ self.symbols["siginh"] = "add_process('siginh')"
|
||||
+ self.symbols["setrlimit"] = "add_process('setrlimit')"
|
||||
+ self.symbols["rlimitinh"] = "add_process('rlimitinh')"
|
||||
+ self.symbols["dyntransition"] = "add_process('dyntransition')"
|
||||
+ self.symbols["setcurrent"] = "add_process('setcurrent')"
|
||||
+ self.symbols["execmem"] = "add_process('execmem')"
|
||||
+ self.symbols["execstack"] = "add_process('execstack')"
|
||||
+ self.symbols["execheap"] = "add_process('execheap')"
|
||||
+ self.symbols["setkeycreate"] = "add_process('setkeycreate')"
|
||||
+ self.symbols["setsockcreate"] = "add_process('setsockcreate')"
|
||||
+
|
||||
+ self.symbols["chown"] = "add_capability('chown')"
|
||||
+ self.symbols["dac_override"] = "add_capability('dac_override')"
|
||||
+ self.symbols["dac_read_search"] = "add_capability('dac_read_search')"
|
||||
+ self.symbols["fowner"] = "add_capability('fowner')"
|
||||
+ self.symbols["fsetid"] = "add_capability('fsetid')"
|
||||
+ self.symbols["kill"] = "add_capability('kill')"
|
||||
+ self.symbols["setgid"] = "add_capability('setgid')"
|
||||
+ self.symbols["setuid"] = "add_capability('setuid')"
|
||||
+ self.symbols["setpcap"] = "add_capability('setpcap')"
|
||||
+ self.symbols["linux_immutable"] = "add_capability('linux_immutable')"
|
||||
+ self.symbols["net_bind_service"] = "add_capability('net_bind_service')"
|
||||
+ self.symbols["net_broadcast"] = "add_capability('net_broadcast')"
|
||||
+ self.symbols["net_admin"] = "add_capability('net_admin')"
|
||||
+ self.symbols["net_raw"] = "add_capability('net_raw')"
|
||||
+ self.symbols["ipc_lock"] = "add_capability('ipc_lock')"
|
||||
+ self.symbols["ipc_owner"] = "add_capability('ipc_owner')"
|
||||
+ self.symbols["sys_module"] = "add_capability('sys_module')"
|
||||
+ self.symbols["sys_rawio"] = "add_capability('sys_rawio')"
|
||||
+ self.symbols["sys_chroot"] = "add_capability('sys_chroot')"
|
||||
+ self.symbols["sys_ptrace"] = "add_capability('sys_ptrace')"
|
||||
+ self.symbols["sys_pacct"] = "add_capability('sys_pacct')"
|
||||
+ self.symbols["sys_admin"] = "add_capability('sys_admin')"
|
||||
+ self.symbols["sys_boot"] = "add_capability('sys_boot')"
|
||||
+ self.symbols["sys_nice"] = "add_capability('sys_nice')"
|
||||
+ self.symbols["sys_resource"] = "add_capability('sys_resource')"
|
||||
+ self.symbols["sys_time"] = "add_capability('sys_time')"
|
||||
+ self.symbols["sys_tty_config"] = "add_capability('sys_tty_config')"
|
||||
+ self.symbols["mknod"] = "add_capability('mknod')"
|
||||
+ self.symbols["lease"] = "add_capability('lease')"
|
||||
+ self.symbols["audit_write"] = "add_capability('audit_write')"
|
||||
+ self.symbols["audit_control"] = "add_capability('audit_control')"
|
||||
+ self.symbols["setfcap"] = "add_capability('setfcap')"
|
||||
+
|
||||
+ self.DEFAULT_DIRS = {}
|
||||
+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
|
||||
+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
|
||||
|
@ -6623,6 +6719,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ self.name = name
|
||||
+ self.file_name = name
|
||||
+
|
||||
+ self.capabilities = []
|
||||
+ self.processes = []
|
||||
+ self.type = type
|
||||
+ self.initscript = ""
|
||||
+ self.program = ""
|
||||
|
@ -6633,6 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ self.use_tmp = False
|
||||
+ self.use_uid = False
|
||||
+ self.use_syslog = False
|
||||
+ self.use_kerberos = False
|
||||
+ self.manage_krb5_rcache = False
|
||||
+ self.use_pam = False
|
||||
+ self.use_dbus = False
|
||||
+ self.use_audit = False
|
||||
|
@ -6647,6 +6747,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ self.need_udp_type=False
|
||||
+ self.admin_domains = []
|
||||
+ self.transition_domains = []
|
||||
+ self.transition_users = []
|
||||
+ self.roles = []
|
||||
+ self.all_roles = get_all_roles()
|
||||
+
|
||||
|
@ -6686,10 +6787,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ def use_network(self):
|
||||
+ return self.use_tcp() or self.use_udp()
|
||||
+
|
||||
+ def find_port(self, port):
|
||||
+ for begin,end in self.ports.keys():
|
||||
+ if port >= begin and port <= end:
|
||||
+ return self.ports[begin,end]
|
||||
+ def find_port(self, port, protocol="tcp"):
|
||||
+ for begin,end,p in self.ports.keys():
|
||||
+ if port >= begin and port <= end and protocol == p:
|
||||
+ return self.ports[begin,end, protocol]
|
||||
+ return None
|
||||
+
|
||||
+ def set_program(self, program):
|
||||
|
@ -6722,6 +6823,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+
|
||||
+ self.use_syslog = val
|
||||
+
|
||||
+ def set_use_kerberos(self, val):
|
||||
+ if val != True and val != False:
|
||||
+ raise ValueError(_("use_kerberos must be a boolean value "))
|
||||
+
|
||||
+ self.use_kerberos = val
|
||||
+
|
||||
+ def set_manage_krb5_rcache(self, val):
|
||||
+ if val != True and val != False:
|
||||
+ raise ValueError(_("manage_krb5_rcache must be a boolean value "))
|
||||
+
|
||||
+ self.manage_krb5_rcache = val
|
||||
+
|
||||
+ def set_use_pam(self, val):
|
||||
+ self.use_pam = val == True
|
||||
+
|
||||
|
@ -6761,6 +6874,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ else:
|
||||
+ return ""
|
||||
+
|
||||
+ def generate_kerberos_rules(self):
|
||||
+ if self.use_kerberos:
|
||||
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
|
||||
+ else:
|
||||
+ return ""
|
||||
+
|
||||
+ def generate_manage_krb5_rcache_rules(self):
|
||||
+ if self.manage_krb5_rcache:
|
||||
+ return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules)
|
||||
+ else:
|
||||
+ return ""
|
||||
+
|
||||
+ def generate_pam_rules(self):
|
||||
+ newte =""
|
||||
+ if self.use_pam:
|
||||
|
@ -6801,7 +6926,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+
|
||||
+ def generate_network_types(self):
|
||||
+ for i in self.in_tcp[PORTS]:
|
||||
+ rec = self.find_port(int(i))
|
||||
+ rec = self.find_port(int(i), "tcp")
|
||||
+ if rec == None:
|
||||
+ self.need_tcp_type = True;
|
||||
+ else:
|
||||
|
@ -6812,7 +6937,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ self.found_tcp_ports.append(line)
|
||||
+
|
||||
+ for i in self.out_tcp[PORTS]:
|
||||
+ rec = self.find_port(int(i))
|
||||
+ rec = self.find_port(int(i), "tcp")
|
||||
+ if rec == None:
|
||||
+ self.need_tcp_type = True;
|
||||
+ else:
|
||||
|
@ -6823,7 +6948,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ self.found_tcp_ports.append(line)
|
||||
+
|
||||
+ for i in self.in_udp[PORTS]:
|
||||
+ rec = self.find_port(int(i))
|
||||
+ rec = self.find_port(int(i),"udp")
|
||||
+ if rec == None:
|
||||
+ self.need_udp_type = True;
|
||||
+ else:
|
||||
|
@ -6845,6 +6970,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ self.DEFAULT_DIRS["rw"][1].append(file)
|
||||
+ return self.DEFAULT_DIRS["rw"]
|
||||
+
|
||||
+ def add_capability(self, capability):
|
||||
+ self.capabilities.append(capability)
|
||||
+
|
||||
+ def add_process(self, process):
|
||||
+ self.processes.append(process)
|
||||
+
|
||||
+ def add_boolean(self, name, description):
|
||||
+ self.booleans[name] = description
|
||||
+
|
||||
|
@ -6854,6 +6985,21 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ def add_dir(self, file):
|
||||
+ self.dirs[file] = self.__find_path(file)
|
||||
+
|
||||
+ def generate_capabilities(self):
|
||||
+ newte = ""
|
||||
+ self.capabilities.sort()
|
||||
+ if len(self.capabilities) > 0:
|
||||
+ newte = "allow %s_t self:capability { %s };\n" % (self.name, " ".join(self.capabilities))
|
||||
+ return newte
|
||||
+
|
||||
+ def generate_process(self):
|
||||
+ newte = ""
|
||||
+ self.processes.sort()
|
||||
+ if len(self.processes) > 0:
|
||||
+ newte = "allow %s_t self:process { %s };\n" % (self.name, " ".join(self.processes))
|
||||
+ return newte
|
||||
+
|
||||
+
|
||||
+ def generate_network_rules(self):
|
||||
+ newte = ""
|
||||
+ if self.use_network():
|
||||
|
@ -7111,6 +7257,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ if self.type != CGI or d != "rw":
|
||||
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
|
||||
+
|
||||
+ newte +="""
|
||||
+########################################
|
||||
+#
|
||||
+# %s local policy
|
||||
+#
|
||||
+
|
||||
+""" % self.name
|
||||
+ newte += self.generate_capabilities()
|
||||
+ newte += self.generate_process()
|
||||
+ newte += self.generate_network_types()
|
||||
+ newte += self.generate_tmp_types()
|
||||
+ newte += self.generate_booleans()
|
||||
|
@ -7136,6 +7291,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ newte += self.generate_roles_rules()
|
||||
+ newte += self.generate_transition_rules()
|
||||
+ newte += self.generate_admin_rules()
|
||||
+ newte += self.generate_kerberos_rules()
|
||||
+ newte += self.generate_manage_krb5_rcache_rules()
|
||||
+ return newte
|
||||
+
|
||||
+ def generate_fc(self):
|
||||
|
@ -7203,12 +7360,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ newsh += re.sub("FILENAME", i, script.restorecon)
|
||||
+
|
||||
+ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
|
||||
+ if self.find_port(i) == None:
|
||||
+ if self.find_port(i,"tcp") == None:
|
||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
|
||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||
+
|
||||
+ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
|
||||
+ if self.find_port(i) == None:
|
||||
+ if self.find_port(i,"udp") == None:
|
||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||
+
|
||||
|
@ -7272,8 +7429,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ sys.stderr.flush()
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+def test():
|
||||
+ mypolicy = policy("mycgi", CGI)
|
||||
+ mypolicy.set_program("/var/www/cgi-bin/cgi")
|
||||
+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
|
||||
|
@ -7364,12 +7520,94 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+
|
||||
+import os, sys, getopt, socket, random, fcntl
|
||||
+
|
||||
+def gen_writeable(cmd):
|
||||
+ fd = os.popen("rpm -qlf %s" % cmd)
|
||||
+ rec = fd.read().split()
|
||||
+ fd.close()
|
||||
+ return rec
|
||||
+
|
||||
+def gen_symbols(cmd):
|
||||
+ fd = os.popen("nm -D %s | grep U" % cmd)
|
||||
+ rec = fd.read().split()
|
||||
+ fd.close()
|
||||
+ return rec
|
||||
+
|
||||
+def usage(msg):
|
||||
+ print _("""
|
||||
+%s
|
||||
+
|
||||
+polgen [ -m ] [ -t type ] executable
|
||||
+valid Types:
|
||||
+""") % msg
|
||||
+ keys=poltype.keys()
|
||||
+ for i in keys:
|
||||
+ print "\t%s\t%s" % (i, poltype[i])
|
||||
+ sys.exit(-1)
|
||||
+
|
||||
+if __name__ == '__main__':
|
||||
+ setype = DAEMON
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m",
|
||||
+ ["type=",
|
||||
+ "mount",
|
||||
+ "test",
|
||||
+ "help"])
|
||||
+ for o, a in gopts:
|
||||
+ if o == "-t" or o == "--type":
|
||||
+ try:
|
||||
+ if int(a) not in poltype:
|
||||
+ usage ("invalid type %s" % a )
|
||||
+ except:
|
||||
+ usage ("invalid type %s" % a )
|
||||
+
|
||||
+ setype = int(a)
|
||||
+
|
||||
+ if o == "-m" or o == "--mount":
|
||||
+ mount_ind = True
|
||||
+
|
||||
+ if o == "-h" or o == "--help":
|
||||
+ usage("")
|
||||
+
|
||||
+ if o == "--test":
|
||||
+ test()
|
||||
+ sys.exit(0)
|
||||
+
|
||||
+ if len(cmds) == 0:
|
||||
+ usage(_("Executable required"))
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.62/gui/portsPage.py
|
||||
+ name = os.path.basename(cmds[0]).replace("-","_")
|
||||
+ cmd = cmds[0]
|
||||
+ mypolicy = policy(name, setype)
|
||||
+ mypolicy.set_program(cmd)
|
||||
+ for f in gen_writeable(cmd):
|
||||
+ for b in mypolicy.DEFAULT_DIRS:
|
||||
+ if b == "/etc":
|
||||
+ continue
|
||||
+ if f.startswith(b):
|
||||
+ if os.path.isfile(f):
|
||||
+ mypolicy.add_file(f)
|
||||
+ else:
|
||||
+ mypolicy.add_dir(f)
|
||||
+
|
||||
+ if os.path.isfile("/var/run/%s.pid" % name):
|
||||
+ mypolicy.add_file("/var/run/%s.pid" % name)
|
||||
+
|
||||
+ if os.path.isfile("/etc/rc.d/init.d/%s" % name):
|
||||
+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
|
||||
+
|
||||
+ symbols = gen_symbols(cmd)
|
||||
+ for s in symbols:
|
||||
+ for b in mypolicy.symbols:
|
||||
+ if s.startswith(b):
|
||||
+ exec "mypolicy.%s" % mypolicy.symbols[b]
|
||||
+
|
||||
+ print mypolicy.generate()
|
||||
+ sys.exit(0)
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.74/gui/portsPage.py
|
||||
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/portsPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/portsPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,259 @@
|
||||
+## portsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -7497,17 +7735,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
|
|||
+ keys.sort()
|
||||
+ self.store.clear()
|
||||
+ for k in keys:
|
||||
+ if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(dict[k][1], filter) or self.match(dict[k][2], filter)):
|
||||
+ if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(k[2], filter) or self.match(dict[k][1], filter) or self.match(dict[k][1], filter)):
|
||||
+ continue
|
||||
+ iter = self.store.append()
|
||||
+ if k[0] == k[1]:
|
||||
+ self.store.set_value(iter, PORT_COL, k[0])
|
||||
+ else:
|
||||
+ rec = "%s-%s" % k
|
||||
+ rec = "%s-%s" % k[:2]
|
||||
+ self.store.set_value(iter, PORT_COL, rec)
|
||||
+ self.store.set_value(iter, TYPE_COL, dict[k][0])
|
||||
+ self.store.set_value(iter, PROTOCOL_COL, dict[k][1])
|
||||
+ self.store.set_value(iter, MLS_COL, dict[k][2])
|
||||
+ self.store.set_value(iter, PROTOCOL_COL, k[2])
|
||||
+ self.store.set_value(iter, MLS_COL, dict[k][1])
|
||||
+ self.view.get_selection().select_path ((0,))
|
||||
+
|
||||
+ def group_load(self, filter = ""):
|
||||
|
@ -7630,9 +7868,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
|
|||
+
|
||||
+ return True
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.62/gui/selinux.tbl
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.74/gui/selinux.tbl
|
||||
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/selinux.tbl 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/selinux.tbl 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,234 @@
|
||||
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
|
||||
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
|
||||
|
@ -7868,9 +8106,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
|||
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
|
||||
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.62/gui/semanagePage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.74/gui/semanagePage.py
|
||||
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/semanagePage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/semanagePage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,168 @@
|
||||
+## semanagePage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -8040,9 +8278,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
|
|||
+ self.load(self.filter)
|
||||
+ return True
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.62/gui/statusPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.74/gui/statusPage.py
|
||||
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/statusPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/statusPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,190 @@
|
||||
+# statusPage.py - show selinux status
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
|
@ -8234,9 +8472,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
|
|||
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.62/gui/system-config-selinux.glade
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.74/gui/system-config-selinux.glade
|
||||
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/system-config-selinux.glade 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/system-config-selinux.glade 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,3403 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -11641,9 +11879,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
|
|||
+</widget>
|
||||
+
|
||||
+</glade-interface>
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.62/gui/system-config-selinux.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.74/gui/system-config-selinux.py
|
||||
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/system-config-selinux.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/system-config-selinux.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,189 @@
|
||||
+#!/usr/bin/python
|
||||
+#
|
||||
|
@ -11834,9 +12072,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
|
|||
+
|
||||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.62/gui/templates/boolean.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.74/gui/templates/boolean.py
|
||||
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/boolean.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/boolean.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -11878,9 +12116,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py
|
|||
+')
|
||||
+"""
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.62/gui/templates/etc_rw.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.74/gui/templates/etc_rw.py
|
||||
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/etc_rw.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/etc_rw.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,129 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -11911,8 +12149,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
|
|||
+files_type(TEMPLATETYPE_etc_rw_t)
|
||||
+"""
|
||||
+te_rules="""
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:file manage_file_perms;
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:dir manage_dir_perms;
|
||||
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
|
||||
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
|
||||
+files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { file dir })
|
||||
+"""
|
||||
+
|
||||
|
@ -12011,9 +12249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.62/gui/templates/executable.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.74/gui/templates/executable.py
|
||||
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/executable.py 2009-03-07 12:58:20.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/executable.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,368 @@
|
||||
+# Copyright (C) 2007-2009 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12054,7 +12292,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+
|
||||
+te_initscript_types="""
|
||||
+type TEMPLATETYPE_initrc_exec_t;
|
||||
+init_script_type(TEMPLATETYPE_initrc_exec_t)
|
||||
+init_script_file(TEMPLATETYPE_initrc_exec_t)
|
||||
+"""
|
||||
+
|
||||
+te_dbusd_types="""\
|
||||
|
@ -12117,11 +12355,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+"""
|
||||
+
|
||||
+te_daemon_rules="""
|
||||
+########################################
|
||||
+#
|
||||
+# TEMPLATETYPE local policy
|
||||
+#
|
||||
+
|
||||
+# Init script handling
|
||||
+domain_use_interactive_fds(TEMPLATETYPE_t)
|
||||
+
|
||||
|
@ -12132,7 +12365,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+files_read_etc_files(TEMPLATETYPE_t)
|
||||
+
|
||||
+miscfiles_read_localization(TEMPLATETYPE_t)
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+te_inetd_rules="""
|
||||
|
@ -12157,7 +12389,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+libs_use_shared_libs(TEMPLATETYPE_t)
|
||||
+
|
||||
+miscfiles_read_localization(TEMPLATETYPE_t)
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+te_cgi_rules="""
|
||||
|
@ -12186,6 +12417,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+')
|
||||
+"""
|
||||
+
|
||||
+te_kerberos_rules="""
|
||||
+optional_policy(`
|
||||
+ kerberos_use(TEMPLATETYPE_t)
|
||||
+')
|
||||
+"""
|
||||
+
|
||||
+te_manage_krb5_rcache_rules="""
|
||||
+optional_policy(`
|
||||
+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
|
||||
+ kerberos_manage_host_rcache(TEMPLATETYPE_t)
|
||||
+')
|
||||
+"""
|
||||
+
|
||||
+te_audit_rules="""
|
||||
+logging_send_audit_msgs(TEMPLATETYPE_t)
|
||||
+"""
|
||||
|
@ -12217,8 +12461,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+#
|
||||
+interface(`TEMPLATETYPE_domtrans',`
|
||||
+ gen_require(`
|
||||
+ type TEMPLATETYPE_t;
|
||||
+ type TEMPLATETYPE_exec_t;
|
||||
+ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
|
||||
+ ')
|
||||
+
|
||||
+ domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
|
||||
|
@ -12337,12 +12580,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+## </param>
|
||||
+## <param name="role">
|
||||
+## <summary>
|
||||
+## The role to be allowed to manage the TEMPLATETYPE domain.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+## <param name="terminal">
|
||||
+## <summary>
|
||||
+## The type of the user terminal.
|
||||
+## Role allowed access.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+## <rolecap/>
|
||||
|
@ -12383,9 +12621,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
|
||||
+"""
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.62/gui/templates/__init__.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.74/gui/templates/__init__.py
|
||||
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/__init__.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/__init__.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,18 @@
|
||||
+#
|
||||
+# Copyright (C) 2007 Red Hat, Inc.
|
||||
|
@ -12405,9 +12643,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
|
|||
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
+#
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.62/gui/templates/network.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.74/gui/templates/network.py
|
||||
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/network.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/network.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,80 @@
|
||||
+te_port_types="""
|
||||
+type TEMPLATETYPE_port_t;
|
||||
|
@ -12489,10 +12727,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
|
|||
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
|
||||
+"""
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.62/gui/templates/rw.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.74/gui/templates/rw.py
|
||||
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/rw.py 2009-02-18 16:52:27.000000000 -0500
|
||||
@@ -0,0 +1,128 @@
|
||||
+++ policycoreutils-2.0.74/gui/templates/rw.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,127 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
|
@ -12522,8 +12760,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
|
|||
+"""
|
||||
+
|
||||
+te_rules="""
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:file manage_file_perms;
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:dir create_dir_perms;
|
||||
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
|
||||
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
|
||||
+"""
|
||||
+
|
||||
+########################### Interface File #############################
|
||||
|
@ -12583,8 +12821,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
|
|||
+ type TEMPLATETYPE_rw_t;
|
||||
+ ')
|
||||
+
|
||||
+ allow $1 TEMPLATETYPE_rw_t:file manage_file_perms;
|
||||
+ allow $1 TEMPLATETYPE_rw_t:dir rw_dir_perms;
|
||||
+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
|
@ -12621,9 +12858,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
|
|||
+fc_dir="""
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.62/gui/templates/script.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.74/gui/templates/script.py
|
||||
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/script.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/script.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,99 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12649,7 +12886,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
|
|||
+
|
||||
+########################### tmp Template File #############################
|
||||
+compile="""\
|
||||
+#!/bin/sh
|
||||
+#!/bin/sh -e
|
||||
+
|
||||
+DIRNAME=`dirname $0`
|
||||
+cd $DIRNAME
|
||||
|
@ -12724,9 +12961,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
|
|||
+# Adding roles to SELinux user USER
|
||||
+/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.62/gui/templates/semodule.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.74/gui/templates/semodule.py
|
||||
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/semodule.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/semodule.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,41 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12769,9 +13006,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
|
|||
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
|
||||
+"""
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.62/gui/templates/tmp.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.74/gui/templates/tmp.py
|
||||
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/tmp.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/tmp.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,97 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -12802,8 +13039,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
|
|||
+"""
|
||||
+
|
||||
+te_rules="""
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:file manage_file_perms;
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:dir create_dir_perms;
|
||||
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
|
||||
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
|
||||
+files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { file dir })
|
||||
+"""
|
||||
+
|
||||
|
@ -12870,9 +13107,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
|
|||
+ TEMPLATETYPE_manage_tmp($1)
|
||||
+"""
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.62/gui/templates/user.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.74/gui/templates/user.py
|
||||
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/user.py 2009-03-07 12:58:11.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/user.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,182 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13056,9 +13293,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
|
|||
+te_newrole_rules="""
|
||||
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.62/gui/templates/var_lib.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.74/gui/templates/var_lib.py
|
||||
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/var_lib.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/var_lib.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,158 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13218,9 +13455,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.62/gui/templates/var_log.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.74/gui/templates/var_log.py
|
||||
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/var_log.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/var_log.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,110 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13332,9 +13569,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.62/gui/templates/var_run.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.74/gui/templates/var_run.py
|
||||
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/var_run.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/var_run.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,118 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13454,9 +13691,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
|
|||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
|
||||
+"""
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.62/gui/templates/var_spool.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.74/gui/templates/var_spool.py
|
||||
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/templates/var_spool.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/templates/var_spool.py 2009-10-01 12:03:05.000000000 -0400
|
||||
@@ -0,0 +1,129 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
|
@ -13487,9 +13724,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
|
|||
+files_type(TEMPLATETYPE_spool_t)
|
||||
+"""
|
||||
+te_rules="""
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:dir manage_dir_perms;
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:file manage_file_perms;
|
||||
+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:sock_file manage_sock_file_perms;
|
||||
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
|
||||
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
|
||||
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
|
||||
+files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { file dir sock_file })
|
||||
+"""
|
||||
+
|
||||
|
@ -13587,9 +13824,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.62/gui/translationsPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.74/gui/translationsPage.py
|
||||
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/translationsPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/translationsPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,118 @@
|
||||
+## translationsPage.py - show selinux translations
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -13709,9 +13946,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py
|
|||
+ store, iter = self.view.get_selection().get_selected()
|
||||
+ self.store.set_value(iter, 0, level)
|
||||
+ self.store.set_value(iter, 1, translation)
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.62/gui/usersPage.py
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.74/gui/usersPage.py
|
||||
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/gui/usersPage.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.74/gui/usersPage.py 2009-09-20 21:26:37.000000000 -0400
|
||||
@@ -0,0 +1,150 @@
|
||||
+## usersPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,17 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-2.0.62/debugfiles.list
|
||||
--- nsapolicycoreutils/debugfiles.list 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/debugfiles.list 2009-04-03 14:13:23.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/audit2allow/audit2allow.rhat policycoreutils-2.0.62/audit2allow/audit2allow
|
||||
--- policycoreutils-2.0.62/audit2allow/audit2allow.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/audit2allow/audit2allow 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -126,6 +126,7 @@ class AuditToPolicy:
|
||||
elif self.__options.audit:
|
||||
try:
|
||||
messages = audit.get_audit_msgs()
|
||||
+ messages += audit.get_log_msgs()
|
||||
except OSError, e:
|
||||
sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
|
||||
sys.exit(1)
|
||||
diff -up /dev/null policycoreutils-2.0.62/debugfiles.list
|
||||
--- /dev/null 2009-05-04 15:46:32.150257971 -0400
|
||||
+++ policycoreutils-2.0.62/debugfiles.list 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -0,0 +1,64 @@
|
||||
+%dir /usr/lib/debug
|
||||
+%dir /usr/lib/debug/sbin
|
||||
|
@ -66,9 +77,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+/usr/lib/debug/usr/bin/semodule_expand.debug
|
||||
+/usr/lib/debug/usr/bin/secon.debug
|
||||
+/usr/src/debug/policycoreutils-2.0.62
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debuglinks.list policycoreutils-2.0.62/debuglinks.list
|
||||
--- nsapolicycoreutils/debuglinks.list 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/debuglinks.list 2009-04-03 14:13:23.000000000 -0400
|
||||
diff -up /dev/null policycoreutils-2.0.62/debuglinks.list
|
||||
--- /dev/null 2009-05-04 15:46:32.150257971 -0400
|
||||
+++ policycoreutils-2.0.62/debuglinks.list 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -0,0 +1,29 @@
|
||||
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 /sbin/setfiles
|
||||
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug /usr/lib/debug/sbin/setfiles.debug
|
||||
|
@ -99,19 +110,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 /usr/bin/semodule_deps
|
||||
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug /usr/lib/debug/usr/bin/semodule_deps.debug
|
||||
+/usr/lib/debug/sbin/restorecon.debug /usr/lib/debug/sbin/setfiles.debug
|
||||
Binary files nsapolicycoreutils/debugsources.list and policycoreutils-2.0.62/debugsources.list differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.62/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/Makefile 2009-04-03 14:12:56.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/Makefile.rhat policycoreutils-2.0.62/Makefile
|
||||
--- policycoreutils-2.0.62/Makefile.rhat 2009-02-18 16:45:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/Makefile 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.62/restorecond/restorecond.conf
|
||||
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-02-18 16:44:47.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-04-03 14:12:56.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/restorecond/restorecond.conf.rhat policycoreutils-2.0.62/restorecond/restorecond.conf
|
||||
--- policycoreutils-2.0.62/restorecond/restorecond.conf.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -5,3 +5,7 @@
|
||||
/var/run/utmp
|
||||
/var/log/wtmp
|
||||
|
@ -120,10 +130,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+/root/.ssh/*
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.62/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/chcat 2009-04-09 12:28:34.000000000 -0400
|
||||
@@ -281,14 +281,14 @@
|
||||
diff -up policycoreutils-2.0.62/scripts/chcat.rhat policycoreutils-2.0.62/scripts/chcat
|
||||
--- policycoreutils-2.0.62/scripts/chcat.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/chcat 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -281,14 +281,14 @@ def isSensitivity(sensitivity):
|
||||
def expandCats(cats):
|
||||
newcats = []
|
||||
for c in cats:
|
||||
|
@ -146,10 +156,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if i not in newcats:
|
||||
newcats.append(i)
|
||||
if len(newcats) > 25:
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2009-02-18 16:44:47.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-04-03 14:12:56.000000000 -0400
|
||||
@@ -122,7 +122,7 @@
|
||||
diff -up policycoreutils-2.0.62/scripts/fixfiles.rhat policycoreutils-2.0.62/scripts/fixfiles
|
||||
--- policycoreutils-2.0.62/scripts/fixfiles.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-05-05 10:49:24.000000000 -0400
|
||||
@@ -89,7 +89,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ];
|
||||
fi; \
|
||||
done | \
|
||||
while read pattern ; do sh -c "find $pattern \
|
||||
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o \
|
||||
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o \
|
||||
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
|
||||
done 2> /dev/null | \
|
||||
${RESTORECON} $* -0 -f -
|
||||
@@ -122,14 +122,14 @@ if [ ! -z "$PREFC" ]; then
|
||||
fi
|
||||
if [ ! -z "$RPMFILES" ]; then
|
||||
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||
|
@ -158,10 +177,37 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
done
|
||||
exit $?
|
||||
fi
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2009-02-18 16:44:47.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/semanage 2009-04-08 21:39:50.000000000 -0400
|
||||
@@ -50,7 +50,7 @@
|
||||
if [ ! -z "$FILEPATH" ]; then
|
||||
if [ -x /usr/bin/find ]; then
|
||||
/usr/bin/find "$FILEPATH" \
|
||||
- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune -o -print0 | \
|
||||
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune -o -print0 | \
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
|
||||
else
|
||||
${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
|
||||
diff -up policycoreutils-2.0.62/semanage/semanage.8.rhat policycoreutils-2.0.62/semanage/semanage.8
|
||||
--- policycoreutils-2.0.62/semanage/semanage.8.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/semanage.8 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -21,6 +21,8 @@ semanage \- SELinux Policy Management to
|
||||
.br
|
||||
.B semanage permissive \-{a|d} type
|
||||
.br
|
||||
+.B semanage module \-{a|d} policy_package
|
||||
+.br
|
||||
.B semanage translation \-{a|d|m} [\-T] level
|
||||
.P
|
||||
|
||||
diff -up policycoreutils-2.0.62/semanage/semanage.rhat policycoreutils-2.0.62/semanage/semanage
|
||||
--- policycoreutils-2.0.62/semanage/semanage.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/semanage 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -44,16 +44,17 @@ if __name__ == '__main__':
|
||||
text = _("""
|
||||
semanage [ -S store ] -i [ input_file | - ]
|
||||
|
||||
-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
|
||||
+semanage {module,boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
|
||||
semanage login -{a|d|m} [-sr] login_name | %groupname
|
||||
semanage user -{a|d|m} [-LrRP] selinux_name
|
||||
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
|
||||
semanage interface -{a|d|m} [-tr] interface_spec
|
||||
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
|
||||
|
@ -169,8 +215,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
|
||||
semanage translation -{a|d|m} [-T] level
|
||||
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
|
||||
semanage permissive -{d|a} type
|
||||
@@ -84,6 +84,7 @@
|
||||
-semanage permissive -{d|a} type
|
||||
+semanage permissive -{a|d} type
|
||||
+semanage module -{a|d|} module
|
||||
|
||||
Primary Options:
|
||||
|
||||
@@ -68,6 +69,7 @@ Primary Options:
|
||||
-h, --help Display this message
|
||||
-n, --noheading Do not print heading when listing OBJECTS
|
||||
-S, --store Select and alternate SELinux store to manage
|
||||
+ --dontaudit Turn on or off dontaudit rules
|
||||
|
||||
Object-specific Options (see above):
|
||||
|
||||
@@ -84,6 +86,7 @@ Object-specific Options (see above):
|
||||
-F, --file Treat target as an input file for command, change multiple settings
|
||||
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
|
||||
-M, --mask Netmask
|
||||
|
@ -178,7 +237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
-P, --prefix Prefix for home directory labeling
|
||||
-L, --level Default SELinux Level (MLS/MCS Systems only)
|
||||
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
|
||||
@@ -115,7 +116,7 @@
|
||||
@@ -115,11 +118,14 @@ Object-specific Options (see above):
|
||||
valid_option["node"] = []
|
||||
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
|
||||
valid_option["fcontext"] = []
|
||||
|
@ -187,15 +246,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
valid_option["translation"] = []
|
||||
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
|
||||
valid_option["boolean"] = []
|
||||
@@ -192,6 +193,7 @@
|
||||
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
|
||||
+ valid_option["module"] = []
|
||||
+ valid_option["module"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '--dontaudit']
|
||||
+
|
||||
valid_option["permissive"] = []
|
||||
valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
|
||||
return valid_option
|
||||
@@ -192,7 +198,10 @@ Object-specific Options (see above):
|
||||
locallist = False
|
||||
use_file = False
|
||||
store = ""
|
||||
+ equil=""
|
||||
|
||||
+ dontaudit = ""
|
||||
+
|
||||
object = argv[0]
|
||||
option_dict=get_options()
|
||||
@@ -201,10 +203,11 @@
|
||||
if object not in option_dict.keys():
|
||||
@@ -201,10 +210,12 @@ Object-specific Options (see above):
|
||||
args = argv[1:]
|
||||
|
||||
gopts, cmds = getopt.getopt(args,
|
||||
|
@ -204,21 +273,69 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
['add',
|
||||
'delete',
|
||||
'deleteall',
|
||||
+ 'dontaudit=',
|
||||
+ 'equil=',
|
||||
'ftype=',
|
||||
'file',
|
||||
'help',
|
||||
@@ -248,6 +251,9 @@
|
||||
@@ -241,16 +252,24 @@ Object-specific Options (see above):
|
||||
if modify or add:
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
delete = True
|
||||
+
|
||||
if o == "-D" or o == "--deleteall":
|
||||
if modify:
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
deleteall = True
|
||||
+
|
||||
if o == "-f" or o == "--ftype":
|
||||
ftype=a
|
||||
|
||||
- ftype=a
|
||||
+ ftype = a
|
||||
+
|
||||
+ if o == "-e" or o == "--equil":
|
||||
+ equil = a
|
||||
+
|
||||
|
||||
if o == "-F" or o == "--file":
|
||||
use_file = True
|
||||
|
||||
@@ -366,7 +372,10 @@
|
||||
+ if o == "--dontaudit":
|
||||
+ dontaudit = a
|
||||
+
|
||||
if o == "-h" or o == "--help":
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
|
||||
@@ -323,6 +342,9 @@ Object-specific Options (see above):
|
||||
|
||||
if object == "boolean":
|
||||
OBJECT = seobject.booleanRecords(store)
|
||||
+
|
||||
+ if object == "module":
|
||||
+ OBJECT = seobject.moduleRecords(store)
|
||||
|
||||
if object == "translation":
|
||||
OBJECT = seobject.setransRecords()
|
||||
@@ -341,6 +363,13 @@ Object-specific Options (see above):
|
||||
OBJECT.deleteall()
|
||||
return
|
||||
|
||||
+ if dontaudit != "":
|
||||
+ if object == "module":
|
||||
+ OBJECT.dontaudit(dontaudit)
|
||||
+ else:
|
||||
+ raise ValueError(_("%s bad option") % o)
|
||||
+ return
|
||||
+
|
||||
if len(cmds) != 1:
|
||||
raise ValueError(_("%s bad option") % o)
|
||||
|
||||
@@ -362,11 +391,17 @@ Object-specific Options (see above):
|
||||
if object == "interface":
|
||||
OBJECT.add(target, serange, setype)
|
||||
|
||||
+ if object == "module":
|
||||
+ OBJECT.add(target)
|
||||
+
|
||||
if object == "node":
|
||||
OBJECT.add(target, mask, proto, serange, setype)
|
||||
|
||||
if object == "fcontext":
|
||||
|
@ -230,7 +347,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if object == "permissive":
|
||||
OBJECT.add(target)
|
||||
|
||||
@@ -396,7 +405,10 @@
|
||||
@@ -386,6 +421,9 @@ Object-specific Options (see above):
|
||||
rlist = roles.split()
|
||||
OBJECT.modify(target, rlist, selevel, serange, prefix)
|
||||
|
||||
+ if object == "module":
|
||||
+ OBJECT.modify(target)
|
||||
+
|
||||
if object == "port":
|
||||
OBJECT.modify(target, proto, serange, setype)
|
||||
|
||||
@@ -396,7 +434,10 @@ Object-specific Options (see above):
|
||||
OBJECT.modify(target, mask, proto, serange, setype)
|
||||
|
||||
if object == "fcontext":
|
||||
|
@ -242,7 +369,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
return
|
||||
|
||||
@@ -405,7 +417,7 @@
|
||||
@@ -405,7 +446,7 @@ Object-specific Options (see above):
|
||||
OBJECT.delete(target, proto)
|
||||
|
||||
elif object == "fcontext":
|
||||
|
@ -251,7 +378,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
elif object == "node":
|
||||
OBJECT.delete(target, mask, proto)
|
||||
@@ -464,10 +476,10 @@
|
||||
@@ -464,10 +505,10 @@ Object-specific Options (see above):
|
||||
else:
|
||||
fd = open(input, 'r')
|
||||
trans = seobject.semanageRecords(store)
|
||||
|
@ -264,9 +391,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
else:
|
||||
process_args(sys.argv[1:])
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-11-14 17:10:15.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-11 08:13:02.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/semanage/seobject.py.rhat policycoreutils-2.0.62/semanage/seobject.py
|
||||
--- policycoreutils-2.0.62/semanage/seobject.py.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-05-05 14:46:35.000000000 -0400
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
|
||||
+# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# semanage is a tool for managing SELinux configuration files
|
||||
@@ -21,16 +21,16 @@
|
||||
#
|
||||
#
|
||||
|
@ -287,7 +421,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
except IOError:
|
||||
import __builtin__
|
||||
__builtin__.__dict__['_'] = unicode
|
||||
@@ -96,7 +96,7 @@
|
||||
@@ -96,7 +96,7 @@ try:
|
||||
self.audit_fd = audit.audit_open()
|
||||
|
||||
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
|
||||
|
@ -296,7 +430,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
except:
|
||||
class logger:
|
||||
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
|
||||
@@ -104,7 +104,7 @@
|
||||
@@ -104,7 +104,7 @@ except:
|
||||
message = "Successful: "
|
||||
else:
|
||||
message = "Failed: "
|
||||
|
@ -305,7 +439,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if sename != "":
|
||||
message += " sename=" + sename
|
||||
if old_sename != "":
|
||||
@@ -123,9 +123,9 @@
|
||||
@@ -123,9 +123,9 @@ mylog = logger()
|
||||
|
||||
import xml.etree.ElementTree
|
||||
|
||||
|
@ -317,7 +451,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
for l in tree.findall("layer"):
|
||||
for m in l.findall("module"):
|
||||
for b in m.findall("tunable"):
|
||||
@@ -160,12 +160,12 @@
|
||||
@@ -160,12 +160,12 @@ def validate_level(raw):
|
||||
cat_range = category + "(\." + category +")?"
|
||||
categories = cat_range + "(\," + cat_range + ")*"
|
||||
reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
|
||||
|
@ -333,7 +467,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
else:
|
||||
context = raw
|
||||
(rc, trans) = selinux.selinux_raw_to_trans_context(context)
|
||||
@@ -179,9 +179,9 @@
|
||||
@@ -179,9 +179,9 @@ def translate(raw, prepend = 1):
|
||||
return trans
|
||||
|
||||
def untranslate(trans, prepend = 1):
|
||||
|
@ -345,7 +479,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
else:
|
||||
context = trans
|
||||
|
||||
@@ -234,7 +234,7 @@
|
||||
@@ -234,7 +234,7 @@ class setransRecords:
|
||||
rec += "%s=%s\n" % (k, self.ddict[k])
|
||||
return rec
|
||||
|
||||
|
@ -354,7 +488,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if heading:
|
||||
print "\n%-25s %s\n" % (_("Level"), _("Translation"))
|
||||
keys = self.ddict.keys()
|
||||
@@ -273,6 +273,7 @@
|
||||
@@ -273,6 +273,7 @@ class setransRecords:
|
||||
(fd, newfilename) = tempfile.mkstemp('', self.filename)
|
||||
os.write(fd, self.out())
|
||||
os.close(fd)
|
||||
|
@ -362,7 +496,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
os.rename(newfilename, self.filename)
|
||||
os.system("/sbin/service mcstrans reload > /dev/null")
|
||||
|
||||
@@ -281,15 +282,20 @@
|
||||
@@ -281,15 +282,20 @@ class semanageRecords:
|
||||
global handle
|
||||
|
||||
if handle != None:
|
||||
|
@ -386,7 +520,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
def begin(self):
|
||||
if self.transaction:
|
||||
return
|
||||
@@ -303,6 +309,12 @@
|
||||
@@ -303,6 +309,55 @@ class semanageRecords:
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not commit semanage transaction"))
|
||||
|
||||
|
@ -395,11 +529,54 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+ raise ValueError(_("Semanage transaction not in progress"))
|
||||
+ self.transaction = False
|
||||
+ self.commit()
|
||||
+
|
||||
+class moduleRecords(semanageRecords):
|
||||
+ def __init__(self, store):
|
||||
+ semanageRecords.__init__(self, store)
|
||||
+
|
||||
+ def get_all(self):
|
||||
+ l = []
|
||||
+ (rc, mlist, number) = semanage_module_list(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not list SELinux modules"))
|
||||
+
|
||||
+ for i in range(number):
|
||||
+ mod = semanage_module_list_nth(mlist, i)
|
||||
+ name = semanage_module_get_name(mod)
|
||||
+ l.append(name)
|
||||
+ return l
|
||||
+
|
||||
+ def dontaudit(self, dontaudit = 0):
|
||||
+ self.begin()
|
||||
+ rc = semanage_set_disable_dontaudit(self.sh, int(dontaudit))
|
||||
+ self.commit()
|
||||
+ rc = semanage_reload_policy(self.sh)
|
||||
+
|
||||
+ def list(self, heading = 1, locallist = 0):
|
||||
+ if heading:
|
||||
+ print "\n%-25s\n" % (_("Modules"))
|
||||
+ for t in self.get_all():
|
||||
+ print t
|
||||
+
|
||||
+ def add(self, modules):
|
||||
+ import glob
|
||||
+ for m in modules.split():
|
||||
+ rc = semanage_module_install_file(self.sh, m);
|
||||
+ if rc >= 0:
|
||||
+ self.commit()
|
||||
+
|
||||
+ def delete(self, modules):
|
||||
+ for m in modules.split():
|
||||
+ rc = semanage_module_remove(self.sh, m)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not remove module %s (remove failed)") % name)
|
||||
+
|
||||
+ self.commit()
|
||||
+
|
||||
class permissiveRecords(semanageRecords):
|
||||
def __init__(self, store):
|
||||
semanageRecords.__init__(self, store)
|
||||
@@ -320,7 +332,7 @@
|
||||
@@ -320,7 +375,7 @@ class permissiveRecords(semanageRecords)
|
||||
l.append(name.split("permissive_")[1])
|
||||
return l
|
||||
|
||||
|
@ -408,7 +585,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if heading:
|
||||
print "\n%-25s\n" % (_("Permissive Types"))
|
||||
for t in self.get_all():
|
||||
@@ -328,6 +340,7 @@
|
||||
@@ -328,6 +383,7 @@ class permissiveRecords(semanageRecords)
|
||||
|
||||
|
||||
def add(self, type):
|
||||
|
@ -416,7 +593,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
name = "permissive_%s" % type
|
||||
dirname = "/var/lib/selinux"
|
||||
os.chdir(dirname)
|
||||
@@ -341,7 +354,7 @@
|
||||
@@ -341,7 +397,7 @@ require {
|
||||
|
||||
permissive %s;
|
||||
""" % (name, type, type)
|
||||
|
@ -425,7 +602,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
fd.write(modtxt)
|
||||
fd.close()
|
||||
mc = module.ModuleCompiler()
|
||||
@@ -351,16 +364,19 @@
|
||||
@@ -351,16 +407,19 @@ permissive %s;
|
||||
fd.close()
|
||||
|
||||
rc = semanage_module_install(self.sh, data, len(data));
|
||||
|
@ -450,7 +627,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def delete(self, name):
|
||||
for n in name.split():
|
||||
@@ -390,11 +406,11 @@
|
||||
@@ -390,11 +449,11 @@ class loginRecords(semanageRecords):
|
||||
if sename == "":
|
||||
sename = "user_u"
|
||||
|
||||
|
@ -464,7 +641,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||
if exists:
|
||||
@@ -410,7 +426,7 @@
|
||||
@@ -410,7 +469,7 @@ class loginRecords(semanageRecords):
|
||||
except:
|
||||
raise ValueError(_("Linux User %s does not exist") % name)
|
||||
|
||||
|
@ -473,7 +650,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create login mapping for %s") % name)
|
||||
|
||||
@@ -450,17 +466,17 @@
|
||||
@@ -450,17 +509,17 @@ class loginRecords(semanageRecords):
|
||||
if sename == "" and serange == "":
|
||||
raise ValueError(_("Requires seuser or serange"))
|
||||
|
||||
|
@ -494,7 +671,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query seuser for %s") % name)
|
||||
|
||||
@@ -483,7 +499,7 @@
|
||||
@@ -483,7 +542,7 @@ class loginRecords(semanageRecords):
|
||||
semanage_seuser_key_free(k)
|
||||
semanage_seuser_free(u)
|
||||
|
||||
|
@ -503,7 +680,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def modify(self, name, sename = "", serange = ""):
|
||||
try:
|
||||
@@ -492,21 +508,21 @@
|
||||
@@ -492,21 +551,21 @@ class loginRecords(semanageRecords):
|
||||
self.commit()
|
||||
|
||||
except ValueError, error:
|
||||
|
@ -529,7 +706,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||
if not exists:
|
||||
@@ -525,10 +541,10 @@
|
||||
@@ -525,10 +584,10 @@ class loginRecords(semanageRecords):
|
||||
self.commit()
|
||||
|
||||
except ValueError, error:
|
||||
|
@ -542,7 +719,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def get_all(self, locallist = 0):
|
||||
ddict = {}
|
||||
@@ -578,17 +594,17 @@
|
||||
@@ -578,17 +637,17 @@ class seluserRecords(semanageRecords):
|
||||
if len(roles) < 1:
|
||||
raise ValueError(_("You must add at least one role for %s") % name)
|
||||
|
||||
|
@ -563,7 +740,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create SELinux user for %s") % name)
|
||||
|
||||
@@ -612,7 +628,7 @@
|
||||
@@ -612,7 +671,7 @@ class seluserRecords(semanageRecords):
|
||||
rc = semanage_user_set_prefix(self.sh, u, prefix)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
|
||||
|
@ -572,7 +749,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not extract key for %s") % name)
|
||||
|
||||
@@ -645,17 +661,17 @@
|
||||
@@ -645,17 +704,17 @@ class seluserRecords(semanageRecords):
|
||||
else:
|
||||
raise ValueError(_("Requires prefix or roles"))
|
||||
|
||||
|
@ -593,7 +770,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query user for %s") % name)
|
||||
|
||||
@@ -703,17 +719,17 @@
|
||||
@@ -703,17 +762,17 @@ class seluserRecords(semanageRecords):
|
||||
raise error
|
||||
|
||||
def __delete(self, name):
|
||||
|
@ -614,7 +791,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
||||
if not exists:
|
||||
@@ -795,7 +811,7 @@
|
||||
@@ -795,7 +854,7 @@ class portRecords(semanageRecords):
|
||||
low = int(ports[0])
|
||||
high = int(ports[1])
|
||||
|
||||
|
@ -623,7 +800,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
|
||||
return ( k, proto_d, low, high )
|
||||
@@ -812,13 +828,13 @@
|
||||
@@ -812,13 +871,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
||||
|
@ -639,7 +816,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create port for %s/%s") % (proto, port))
|
||||
|
||||
@@ -871,13 +887,13 @@
|
||||
@@ -871,13 +930,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
||||
|
@ -655,7 +832,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query port %s/%s") % (proto, port))
|
||||
|
||||
@@ -926,13 +942,13 @@
|
||||
@@ -926,13 +985,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
def __delete(self, port, proto):
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
@ -671,7 +848,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
||||
if not exists:
|
||||
@@ -1038,17 +1054,17 @@
|
||||
@@ -1038,17 +1097,17 @@ class nodeRecords(semanageRecords):
|
||||
if ctype == "":
|
||||
raise ValueError(_("SELinux Type is required"))
|
||||
|
||||
|
@ -692,7 +869,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create addr for %s") % addr)
|
||||
|
||||
@@ -1113,17 +1129,17 @@
|
||||
@@ -1113,17 +1172,17 @@ class nodeRecords(semanageRecords):
|
||||
if serange == "" and setype == "":
|
||||
raise ValueError(_("Requires setype or serange"))
|
||||
|
||||
|
@ -713,7 +890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query addr %s") % addr)
|
||||
|
||||
@@ -1160,17 +1176,17 @@
|
||||
@@ -1160,17 +1219,17 @@ class nodeRecords(semanageRecords):
|
||||
else:
|
||||
raise ValueError(_("Unknown or missing protocol"))
|
||||
|
||||
|
@ -734,7 +911,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if addr %s is defined") % addr)
|
||||
if not exists:
|
||||
@@ -1240,17 +1256,17 @@
|
||||
@@ -1240,17 +1299,17 @@ class interfaceRecords(semanageRecords):
|
||||
if ctype == "":
|
||||
raise ValueError(_("SELinux Type is required"))
|
||||
|
||||
|
@ -755,7 +932,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create interface for %s") % interface)
|
||||
|
||||
@@ -1301,17 +1317,17 @@
|
||||
@@ -1301,17 +1360,17 @@ class interfaceRecords(semanageRecords):
|
||||
if serange == "" and setype == "":
|
||||
raise ValueError(_("Requires setype or serange"))
|
||||
|
||||
|
@ -776,7 +953,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query interface %s") % interface)
|
||||
|
||||
@@ -1335,17 +1351,17 @@
|
||||
@@ -1335,17 +1394,17 @@ class interfaceRecords(semanageRecords):
|
||||
self.commit()
|
||||
|
||||
def __delete(self, interface):
|
||||
|
@ -797,7 +974,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||
if not exists:
|
||||
@@ -1393,6 +1409,45 @@
|
||||
@@ -1393,6 +1452,48 @@ class interfaceRecords(semanageRecords):
|
||||
class fcontextRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
|
@ -820,7 +997,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
+ for src in self.equiv.keys():
|
||||
+ fd.write("%s %s\n" % (src, self.equiv[src]))
|
||||
+ fd.close()
|
||||
+ try:
|
||||
+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
|
||||
+ except:
|
||||
+ pass
|
||||
+ os.rename(tmpfile,subs_file)
|
||||
+ self.equil_ind = False
|
||||
+ semanageRecords.commit(self)
|
||||
|
@ -843,7 +1023,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
def createcon(self, target, seuser = "system_u"):
|
||||
(rc, con) = semanage_context_create(self.sh)
|
||||
@@ -1429,23 +1484,23 @@
|
||||
@@ -1429,23 +1530,23 @@ class fcontextRecords(semanageRecords):
|
||||
if type == "":
|
||||
raise ValueError(_("SELinux Type is required"))
|
||||
|
||||
|
@ -871,7 +1051,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create file context for %s") % target)
|
||||
|
||||
@@ -1486,21 +1541,21 @@
|
||||
@@ -1486,21 +1587,21 @@ class fcontextRecords(semanageRecords):
|
||||
raise ValueError(_("Requires setype, serange or seuser"))
|
||||
self.validate(target)
|
||||
|
||||
|
@ -898,7 +1078,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query file context for %s") % target)
|
||||
|
||||
@@ -1550,7 +1605,7 @@
|
||||
@@ -1550,7 +1651,7 @@ class fcontextRecords(semanageRecords):
|
||||
target = semanage_fcontext_get_expr(fcontext)
|
||||
ftype = semanage_fcontext_get_type(fcontext)
|
||||
ftype_str = semanage_fcontext_get_type_str(ftype)
|
||||
|
@ -907,7 +1087,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not create a key for %s") % target)
|
||||
|
||||
@@ -1558,19 +1613,26 @@
|
||||
@@ -1558,19 +1659,26 @@ class fcontextRecords(semanageRecords):
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not delete the file context %s") % target)
|
||||
semanage_fcontext_key_free(k)
|
||||
|
@ -938,7 +1118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||
if exists:
|
||||
@@ -1617,11 +1679,11 @@
|
||||
@@ -1617,11 +1725,11 @@ class fcontextRecords(semanageRecords):
|
||||
return ddict
|
||||
|
||||
def list(self, heading = 1, locallist = 0 ):
|
||||
|
@ -952,7 +1132,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
for k in keys:
|
||||
if fcon_dict[k]:
|
||||
if is_mls_enabled:
|
||||
@@ -1630,11 +1692,17 @@
|
||||
@@ -1630,11 +1738,17 @@ class fcontextRecords(semanageRecords):
|
||||
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
|
||||
else:
|
||||
print "%-50s %-18s <<None>>" % (k[0], k[1])
|
||||
|
@ -971,7 +1151,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
self.dict["TRUE"] = 1
|
||||
self.dict["FALSE"] = 0
|
||||
self.dict["ON"] = 1
|
||||
@@ -1643,16 +1711,16 @@
|
||||
@@ -1643,16 +1757,16 @@ class booleanRecords(semanageRecords):
|
||||
self.dict["0"] = 0
|
||||
|
||||
def __mod(self, name, value):
|
||||
|
@ -991,7 +1171,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not query file context %s") % name)
|
||||
|
||||
@@ -1670,7 +1738,7 @@
|
||||
@@ -1670,7 +1784,7 @@ class booleanRecords(semanageRecords):
|
||||
semanage_bool_key_free(k)
|
||||
semanage_bool_free(b)
|
||||
|
||||
|
@ -1000,7 +1180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
|
||||
self.begin()
|
||||
|
||||
@@ -1694,16 +1762,16 @@
|
||||
@@ -1694,16 +1808,16 @@ class booleanRecords(semanageRecords):
|
||||
|
||||
def __delete(self, name):
|
||||
|
||||
|
@ -1020,7 +1200,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if rc < 0:
|
||||
raise ValueError(_("Could not check if boolean %s is defined") % name)
|
||||
if not exists:
|
||||
@@ -1762,7 +1830,7 @@
|
||||
@@ -1762,7 +1876,7 @@ class booleanRecords(semanageRecords):
|
||||
return _("unknown")
|
||||
|
||||
def list(self, heading = True, locallist = False, use_file = False):
|
||||
|
@ -1029,11 +1209,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
if use_file:
|
||||
ddict = self.get_all(locallist)
|
||||
keys = ddict.keys()
|
||||
Binary files nsapolicycoreutils/setfiles/restorecon and policycoreutils-2.0.62/setfiles/restorecon differ
|
||||
Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-2.0.62/setfiles/setfiles differ
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.62/setfiles/setfiles.c
|
||||
--- nsapolicycoreutils/setfiles/setfiles.c 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-04-14 09:38:55.000000000 -0400
|
||||
diff -up policycoreutils-2.0.62/setfiles/setfiles.c.rhat policycoreutils-2.0.62/setfiles/setfiles.c
|
||||
--- policycoreutils-2.0.62/setfiles/setfiles.c.rhat 2009-02-18 16:45:01.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-05-05 10:49:02.000000000 -0400
|
||||
@@ -29,6 +29,8 @@
|
||||
static int mass_relabel;
|
||||
static int mass_relabel_errs;
|
||||
|
@ -1043,7 +1221,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
static FILE *outfile = NULL;
|
||||
static int force = 0;
|
||||
#define STAT_BLOCK_SIZE 1
|
||||
@@ -444,11 +446,11 @@
|
||||
@@ -444,11 +446,11 @@ static int restore(const char *file)
|
||||
|
||||
if (progress) {
|
||||
count++;
|
||||
|
@ -1057,7 +1235,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
fprintf(stdout, "*");
|
||||
fflush(stdout);
|
||||
}
|
||||
@@ -1017,7 +1019,7 @@
|
||||
@@ -1017,7 +1019,7 @@ int main(int argc, char **argv)
|
||||
free(excludeArray[i].directory);
|
||||
}
|
||||
|
||||
|
@ -1066,4 +1244,27 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
|
|||
printf("\n");
|
||||
exit(errors);
|
||||
}
|
||||
Binary files nsapolicycoreutils/setfiles/setfiles.o and policycoreutils-2.0.62/setfiles/setfiles.o differ
|
||||
diff -up policycoreutils-2.0.62/semanage/seobject.py~ policycoreutils-2.0.62/semanage/seobject.py
|
||||
--- policycoreutils-2.0.62/semanage/seobject.py~ 2009-05-14 09:02:13.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-05-14 09:03:05.000000000 -0400
|
||||
@@ -1027,7 +1027,7 @@ class portRecords(semanageRecords):
|
||||
proto_str = semanage_port_get_proto_str(proto)
|
||||
low = semanage_port_get_low(port)
|
||||
high = semanage_port_get_high(port)
|
||||
- ddict[(low, high)] = (ctype, proto_str, level)
|
||||
+ ddict[(low, high, proto_str)] = (ctype, level)
|
||||
return ddict
|
||||
|
||||
def get_all_by_type(self, locallist = 0):
|
||||
diff -up policycoreutils-2.0.62/setfiles/setfiles.c~ policycoreutils-2.0.62/setfiles/setfiles.c
|
||||
--- policycoreutils-2.0.62/setfiles/setfiles.c~ 2009-09-09 16:50:37.000000000 +0200
|
||||
+++ policycoreutils-2.0.62/setfiles/setfiles.c 2009-09-09 16:51:23.000000000 +0200
|
||||
@@ -683,6 +683,8 @@ static int process_one(char *name)
|
||||
progname, name, strerror(errno));
|
||||
goto err;
|
||||
}
|
||||
+ close(pipe_fds[0]);
|
||||
+ pipe_fds[0] = -1;
|
||||
} else {
|
||||
rc = restore(name);
|
||||
if (rc)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
|
||||
--- nsasepolgen/src/sepolgen/access.py 2009-01-13 08:45:35.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-01 10:03:43.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-21 14:54:12.000000000 -0400
|
||||
@@ -313,7 +313,7 @@
|
||||
|
||||
def __len__(self):
|
||||
|
@ -10,9 +10,30 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
|
|||
|
||||
def add(self, role, type):
|
||||
if self.role_types.has_key(role):
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
|
||||
--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py 2009-04-24 13:19:39.000000000 -0400
|
||||
@@ -47,6 +47,17 @@
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
return output
|
||||
|
||||
+def get_log_msgs():
|
||||
+ """Obtain all of the avc and policy load messages from /var/log/messages.
|
||||
+
|
||||
+ Returns:
|
||||
+ string contain all of the audit messages returned by /var/log/messages.
|
||||
+ """
|
||||
+ import subprocess
|
||||
+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
|
||||
+ stdout=subprocess.PIPE).communicate()[0]
|
||||
+ return output
|
||||
+
|
||||
# Classes representing audit messages
|
||||
|
||||
class AuditMessage:
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-02-18 16:52:27.000000000 -0500
|
||||
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-04-21 14:54:12.000000000 -0400
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.62
|
||||
Release: 10%{?dist}
|
||||
Release: 12.15%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -23,6 +23,7 @@ Patch: policycoreutils-rhat.patch
|
|||
Patch1: policycoreutils-po.patch
|
||||
Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
Patch5: policycoreutils-F11.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
|
@ -54,6 +55,7 @@ context.
|
|||
%patch1 -p1 -b .rhatpo
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
@ -111,6 +113,7 @@ The policycoreutils-python package contains the management tools use to manage a
|
|||
%{_sbindir}/semanage
|
||||
%{_bindir}/audit2allow
|
||||
%{_bindir}/audit2why
|
||||
%{_bindir}/sandbox
|
||||
%{_bindir}/chcat
|
||||
%{_bindir}/sepolgen-ifgen
|
||||
%{_libdir}/python?.?/site-packages/seobject.py*
|
||||
|
@ -160,6 +163,7 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%defattr(-,root,root)
|
||||
%{_bindir}/system-config-selinux
|
||||
%{_bindir}/selinux-polgengui
|
||||
%{_bindir}/sepolgen
|
||||
%{_datadir}/applications/fedora-system-config-selinux.desktop
|
||||
%{_datadir}/applications/fedora-selinux-polgengui.desktop
|
||||
%dir %{_datadir}/system-config-selinux
|
||||
|
@ -221,6 +225,54 @@ else
|
|||
fi
|
||||
|
||||
%changelog
|
||||
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15
|
||||
- Update to Rawhides system-config-selinux/polgengui
|
||||
|
||||
* Thu Sep 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.14
|
||||
- Fix tight loop in restorecond patch from Martin Orr
|
||||
|
||||
* Wed Sep 23 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.62-12.13
|
||||
- Fix for setfiles leaks descriptors from Steve Grubb
|
||||
|
||||
* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.12
|
||||
- Fix polgen.py
|
||||
|
||||
* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11
|
||||
- Fix polgen.py
|
||||
|
||||
* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.10
|
||||
- Add sepolgen executable
|
||||
|
||||
* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9
|
||||
- Fix mount options on sandbox
|
||||
|
||||
* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.8
|
||||
- Allow polgen.py to generate policy for just the binary
|
||||
|
||||
* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.7
|
||||
- Fix sandbox to be able to execute files in homedir
|
||||
|
||||
* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6
|
||||
- Add sandbox script
|
||||
|
||||
* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.5
|
||||
- More portspage fixes
|
||||
|
||||
* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.4
|
||||
- Fix portspage and generation of init_script_file in templates
|
||||
|
||||
* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.3
|
||||
- Fix handling of .subs file
|
||||
|
||||
* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.2
|
||||
- Fix fixfiles to handle btrfs
|
||||
|
||||
* Fri Apr 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.1
|
||||
- Fix audit2allow -a to read /var/log/messages
|
||||
|
||||
* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12
|
||||
- Add semanage module support
|
||||
|
||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
|
||||
- Do not print \n, if count < 1000;
|
||||
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue