Compare commits
41 Commits
Author | SHA1 | Date |
---|---|---|
Dan Walsh | 1ae6edaa3f | |
Fedora Release Engineering | 0bb879d732 | |
Daniel J Walsh | 04e3147f4d | |
Daniel J Walsh | b2b20d2581 | |
Daniel J Walsh | e2bc231dac | |
Daniel J Walsh | 82bebe9fa3 | |
Daniel J Walsh | b21a1b8450 | |
Daniel J Walsh | 5a12b6b656 | |
Daniel J Walsh | e55d485d04 | |
Daniel J Walsh | 9cc9250b2a | |
Daniel J Walsh | 74b91a6fb4 | |
Daniel J Walsh | b4c2280d90 | |
Daniel J Walsh | 250c43373f | |
Daniel J Walsh | 2957a3bf4a | |
Daniel J Walsh | 6971173a5a | |
Daniel J Walsh | 4eb9392a2e | |
Daniel J Walsh | 8fd09a6716 | |
Daniel J Walsh | bb2db04b13 | |
Daniel J Walsh | 47f0fb78a7 | |
Daniel J Walsh | 1b7e8af4b8 | |
Daniel J Walsh | a2023d1204 | |
Daniel J Walsh | aec9d8794c | |
Daniel J Walsh | 72c9357690 | |
Daniel J Walsh | 67f78790af | |
Daniel J Walsh | 20eb6eed06 | |
Daniel J Walsh | c25214ef50 | |
Daniel J Walsh | 506f13260b | |
Bill Nottingham | bd3dc1f146 | |
Daniel J Walsh | e6ed8059a0 | |
Daniel J Walsh | 6a40271789 | |
Daniel J Walsh | ffb6e9312b | |
Daniel J Walsh | 846a1ff81e | |
Daniel J Walsh | 07a8d32a0d | |
Daniel J Walsh | f6c247d6bf | |
Daniel J Walsh | 37eeacf84e | |
Daniel J Walsh | 6d16a9025e | |
Daniel J Walsh | 5ba4edc96c | |
Daniel J Walsh | be6234423c | |
Daniel J Walsh | 51895d063a | |
Daniel J Walsh | c38f0b0413 | |
Jesse Keating | 4734cddb89 |
|
@ -208,3 +208,15 @@ policycoreutils-2.0.71.tgz
|
|||
sepolgen-1.0.17.tgz
|
||||
policycoreutils-2.0.73.tgz
|
||||
policycoreutils-2.0.74.tgz
|
||||
policycoreutils-2.0.75.tgz
|
||||
policycoreutils-2.0.76.tgz
|
||||
policycoreutils-2.0.77.tgz
|
||||
policycoreutils-2.0.78.tgz
|
||||
sepolgen-1.0.19.tgz
|
||||
policycoreutils-2.0.79.tgz
|
||||
policycoreutils-2.0.80.tgz
|
||||
policycoreutils-2.0.81.tgz
|
||||
sepolgen-1.0.20.tgz
|
||||
sepolgen-1.0.22.tgz
|
||||
policycoreutils-2.0.82.tgz
|
||||
sepolgen-1.0.23.tgz
|
2
Makefile
2
Makefile
|
@ -4,7 +4,7 @@ NAME := policycoreutils
|
|||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
diff -up policycoreutils-2.0.83/gui/fcontextPage.py.old policycoreutils-2.0.83/gui/fcontextPage.py
|
||||
--- policycoreutils-2.0.83/gui/fcontextPage.py.old 2010-08-23 11:23:31.000000000 -0400
|
||||
+++ policycoreutils-2.0.83/gui/fcontextPage.py 2010-08-23 11:23:48.000000000 -0400
|
||||
@@ -185,14 +185,14 @@ class fcontextPage(semanagePage):
|
||||
self.error(e.args[0])
|
||||
|
||||
def add(self):
|
||||
+ ftype=["", "--", "-d", "-c", "-b", "-s", "-l", "-p" ]
|
||||
fspec=self.fcontextEntry.get_text().strip()
|
||||
type=self.fcontextTypeEntry.get_text().strip()
|
||||
mls=self.fcontextMLSEntry.get_text().strip()
|
||||
list_model=self.fcontextFileTypeCombo.get_model()
|
||||
- iter = self.fcontextFileTypeCombo.get_active_iter()
|
||||
- ftype=list_model.get_value(iter,0)
|
||||
+ active = self.fcontextFileTypeCombo.get_active()
|
||||
self.wait()
|
||||
- (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec))
|
||||
+ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype[active], fspec))
|
||||
self.ready()
|
||||
if rc != 0:
|
||||
self.error(out)
|
File diff suppressed because it is too large
Load Diff
25335
policycoreutils-po.patch
25335
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,35 +1,54 @@
|
|||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py
|
||||
--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py 2009-08-18 15:21:13.000000000 -0400
|
||||
@@ -23,6 +23,27 @@
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py
|
||||
--- nsasepolgen/src/sepolgen/access.py 2010-03-22 14:08:29.000000000 -0400
|
||||
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py 2010-03-24 16:11:37.000000000 -0400
|
||||
@@ -32,6 +32,7 @@
|
||||
"""
|
||||
|
||||
# Convenience functions
|
||||
import refpolicy
|
||||
+from selinux import audit2why
|
||||
|
||||
+def get_audit_boot_msgs():
|
||||
+ """Obtain all of the avc and policy load messages from the audit
|
||||
+ log. This function uses ausearch and requires that the current
|
||||
+ process have sufficient rights to run ausearch.
|
||||
+
|
||||
+ Returns:
|
||||
+ string contain all of the audit messages returned by ausearch.
|
||||
+ """
|
||||
+ import subprocess
|
||||
+ import time
|
||||
+ fd=open("/proc/uptime", "r")
|
||||
+ off=float(fd.read().split()[0])
|
||||
+ fd.close
|
||||
+ s = time.localtime(time.time() - off)
|
||||
+ date = time.strftime("%D/%Y", s).split("/")
|
||||
+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
|
||||
+ boottime = time.strftime("%X", s)
|
||||
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
|
||||
+ stdout=subprocess.PIPE).communicate()[0]
|
||||
+ return output
|
||||
+
|
||||
def get_audit_msgs():
|
||||
"""Obtain all of the avc and policy load messages from the audit
|
||||
log. This function uses ausearch and requires that the current
|
||||
@@ -47,6 +68,17 @@
|
||||
def is_idparam(id):
|
||||
"""Determine if an id is a paramater in the form $N, where N is
|
||||
@@ -85,6 +86,8 @@
|
||||
self.obj_class = None
|
||||
self.perms = refpolicy.IdSet()
|
||||
self.audit_msgs = []
|
||||
+ self.type = audit2why.TERULE
|
||||
+ self.bools = []
|
||||
|
||||
# The direction of the information flow represented by this
|
||||
# access vector - used for matching
|
||||
@@ -253,20 +256,22 @@
|
||||
for av in l:
|
||||
self.add_av(AccessVector(av))
|
||||
|
||||
- def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
|
||||
+ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
|
||||
"""Add an access vector to the set.
|
||||
"""
|
||||
tgt = self.src.setdefault(src_type, { })
|
||||
cls = tgt.setdefault(tgt_type, { })
|
||||
|
||||
- if cls.has_key(obj_class):
|
||||
- access = cls[obj_class]
|
||||
+ if cls.has_key((obj_class, avc_type)):
|
||||
+ access = cls[obj_class, avc_type]
|
||||
else:
|
||||
access = AccessVector()
|
||||
access.src_type = src_type
|
||||
access.tgt_type = tgt_type
|
||||
access.obj_class = obj_class
|
||||
- cls[obj_class] = access
|
||||
+ access.bools = bools
|
||||
+ access.type = avc_type
|
||||
+ cls[obj_class, avc_type] = access
|
||||
|
||||
access.perms.update(perms)
|
||||
if audit_msg:
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py
|
||||
--- nsasepolgen/src/sepolgen/audit.py 2010-03-22 14:08:29.000000000 -0400
|
||||
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py 2010-03-24 16:11:37.000000000 -0400
|
||||
@@ -68,6 +68,17 @@
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
return output
|
||||
|
||||
|
@ -47,15 +66,126 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
|
|||
# Classes representing audit messages
|
||||
|
||||
class AuditMessage:
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
|
||||
+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py 2009-08-13 17:57:55.000000000 -0400
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
support_macros = None
|
||||
- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
|
||||
+ blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
|
||||
@@ -127,6 +138,9 @@
|
||||
if fields[0] == "path":
|
||||
self.path = fields[1][1:-1]
|
||||
return
|
||||
+import selinux.audit2why as audit2why
|
||||
+
|
||||
+avcdict = {}
|
||||
|
||||
class AVCMessage(AuditMessage):
|
||||
"""AVC message representing an access denial or granted message.
|
||||
@@ -167,6 +181,8 @@
|
||||
self.path = ""
|
||||
self.accesses = []
|
||||
self.denial = True
|
||||
+ self.type = audit2why.TERULE
|
||||
+ self.bools = []
|
||||
|
||||
def __parse_access(self, recs, start):
|
||||
# This is kind of sucky - the access that is in a space separated
|
||||
@@ -226,7 +242,31 @@
|
||||
|
||||
if not found_src or not found_tgt or not found_class or not found_access:
|
||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||
-
|
||||
+ self.analyze()
|
||||
+
|
||||
+ def analyze(self):
|
||||
+ tcontext = self.tcontext.to_string()
|
||||
+ scontext = self.scontext.to_string()
|
||||
+ access_tuple = tuple( self.accesses)
|
||||
+ if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
|
||||
+ self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
|
||||
+ else:
|
||||
+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
|
||||
+ if self.type == audit2why.NOPOLICY:
|
||||
+ self.type = audit2why.TERULE
|
||||
+ if self.type == audit2why.BADTCON:
|
||||
+ raise ValueError("Invalid Target Context %s\n" % tcontext)
|
||||
+ if self.type == audit2why.BADSCON:
|
||||
+ raise ValueError("Invalid Source Context %s\n" % scontext)
|
||||
+ if self.type == audit2why.BADSCON:
|
||||
+ raise ValueError("Invalid Type Class %s\n" % self.tclass)
|
||||
+ if self.type == audit2why.BADPERM:
|
||||
+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
|
||||
+ if self.type == audit2why.BADCOMPUTE:
|
||||
+ raise ValueError("Error during access vector computation")
|
||||
+
|
||||
+ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
|
||||
+
|
||||
class PolicyLoadMessage(AuditMessage):
|
||||
"""Audit message indicating that the policy was reloaded."""
|
||||
def __init__(self, message):
|
||||
@@ -469,10 +509,10 @@
|
||||
if avc_filter:
|
||||
if avc_filter.filter(avc):
|
||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||
- avc.accesses, avc)
|
||||
+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
|
||||
else:
|
||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||
- avc.accesses, avc)
|
||||
+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
|
||||
return av_set
|
||||
|
||||
class AVCTypeFilter:
|
||||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
|
||||
--- nsasepolgen/src/sepolgen/policygen.py 2010-03-12 09:34:56.000000000 -0500
|
||||
+++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-03-24 16:11:37.000000000 -0400
|
||||
@@ -29,6 +29,8 @@
|
||||
import access
|
||||
import interfaces
|
||||
import matching
|
||||
+import selinux.audit2why as audit2why
|
||||
+from setools import *
|
||||
|
||||
# Constants for the level of explanation from the generation
|
||||
# routines
|
||||
@@ -77,6 +79,7 @@
|
||||
|
||||
self.dontaudit = False
|
||||
|
||||
+ self.domains = None
|
||||
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
||||
"""Set whether reference policy interfaces are generated.
|
||||
|
||||
@@ -151,8 +154,37 @@
|
||||
rule = refpolicy.AVRule(av)
|
||||
if self.dontaudit:
|
||||
rule.rule_type = rule.DONTAUDIT
|
||||
+ rule.comment = ""
|
||||
if self.explain:
|
||||
rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
|
||||
+ if av.type == audit2why.ALLOW:
|
||||
+ rule.comment += "#!!!! This avc is allowed in the current policy\n"
|
||||
+ if av.type == audit2why.DONTAUDIT:
|
||||
+ rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
|
||||
+ if av.type == audit2why.BOOLEAN:
|
||||
+ if len(av.bools) > 1:
|
||||
+ rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: av.bools[0][0], av.bools))
|
||||
+ else:
|
||||
+ rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
|
||||
+
|
||||
+ if av.type == audit2why.CONSTRAINT:
|
||||
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
||||
+ rule.comment += "#Contraint rule: "
|
||||
+
|
||||
+ if av.type == audit2why.TERULE:
|
||||
+ if "write" in av.perms:
|
||||
+ if "dir" in av.obj_class or "open" in av.perms:
|
||||
+ if not self.domains:
|
||||
+ self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
|
||||
+ types=[]
|
||||
+ for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
|
||||
+ if i not in self.domains:
|
||||
+ types.append(i)
|
||||
+ if len(types) == 1:
|
||||
+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
+ elif len(types) >= 1:
|
||||
+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
+
|
||||
self.module.children.append(rule)
|
||||
|
||||
|
||||
for dirpath, dirnames, filenames in os.walk(root):
|
||||
for name in filenames:
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.0.19-1
|
||||
%define libsemanagever 2.0.36-2
|
||||
%define libselinuxver 2.0.46-5
|
||||
%define sepolgenver 1.0.17
|
||||
%define libsepolver 2.0.41-3
|
||||
%define libsemanagever 2.0.43-4
|
||||
%define libselinuxver 2.0.90-3
|
||||
%define sepolgenver 1.0.23
|
||||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.74
|
||||
Release: 4%{?dist}
|
||||
Version: 2.0.82
|
||||
Release: 6%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
Source1: http://www.nsa.gov/selinux/archives/sepolgen-%{sepolgenver}.tgz
|
||||
URL: http://www.selinuxproject.org
|
||||
Source2: system-config-selinux.png
|
||||
|
@ -19,17 +20,22 @@ Source5: system-config-selinux.console
|
|||
Source6: selinux-polgengui.desktop
|
||||
Source7: selinux-polgengui.console
|
||||
Source8: policycoreutils_man_ru2.tar.bz2
|
||||
Source9: sandbox.init
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: policycoreutils-po.patch
|
||||
Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
Patch5: policycoreutils-fcontext.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
|
||||
|
||||
%global pkgpythondir %{python_sitelib}/%{name}
|
||||
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||
Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver}
|
||||
BuildRequires: python-devel
|
||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||
Requires: libsepol >= %{libsepolver} coreutils checkpolicy libselinux-utils >= %{libselinuxver}
|
||||
Requires(post): /sbin/chkconfig
|
||||
Requires(preun): /sbin/service /sbin/chkconfig
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
@ -57,6 +63,7 @@ context.
|
|||
%patch1 -p1 -b .rhatpo
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
%patch5 -p1 -b .fcontext
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
@ -74,7 +81,6 @@ mkdir -p %{buildroot}%{_mandir}/man8
|
|||
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
|
||||
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
|
||||
install -m0755 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rc.d/init.d/sandbox
|
||||
|
||||
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
|
@ -88,7 +94,6 @@ tar -jxf %{SOURCE8} -C %{buildroot}/
|
|||
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
|
||||
ln -s /sbin/load_policy %{buildroot}%{_sbindir}/load_policy
|
||||
|
||||
desktop-file-install --vendor fedora \
|
||||
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
|
||||
|
@ -109,6 +114,7 @@ Requires: audit-libs-python >= %{libauditver}
|
|||
Requires: /usr/bin/make
|
||||
Requires(pre): python >= 2.6
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Requires: setools-libs-python
|
||||
|
||||
%description python
|
||||
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
||||
|
@ -121,9 +127,10 @@ The policycoreutils-python package contains the management tools use to manage a
|
|||
%{_bindir}/chcat
|
||||
%{_bindir}/sandbox
|
||||
%{_bindir}/sepolgen-ifgen
|
||||
%{_libdir}/python?.?/site-packages/seobject.py*
|
||||
%{_libdir}/python?.?/site-packages/sepolgen/*
|
||||
%dir %{_libdir}/python?.?/site-packages/sepolgen
|
||||
%{python_sitelib}/seobject.py*
|
||||
%{python_sitelib}/sepolgen
|
||||
%{python_sitelib}/%{name}*.egg-info
|
||||
%{pkgpythondir}
|
||||
%dir /var/lib/sepolgen
|
||||
%dir /var/lib/selinux
|
||||
/var/lib/sepolgen/perm_map
|
||||
|
@ -132,10 +139,9 @@ The policycoreutils-python package contains the management tools use to manage a
|
|||
%{_mandir}/man1/audit2why.1*
|
||||
%{_mandir}/man8/chcat.8*
|
||||
%{_mandir}/ru/man8/chcat.8*
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
%{_mandir}/man8/semanage.8*
|
||||
%{_mandir}/ru/man8/semanage.8*
|
||||
%{_mandir}/man8/fixfiles.8*
|
||||
%{_mandir}/ru/man8/fixfiles.8*
|
||||
|
||||
%post python
|
||||
[ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen
|
||||
|
@ -154,8 +160,10 @@ BuildRequires: libcap-ng-devel
|
|||
The policycoreutils-python package contains the scripts to create graphical sandboxes
|
||||
|
||||
%files sandbox
|
||||
%defattr(-,root,root,-)
|
||||
%{_sysconfdir}/rc.d/init.d/sandbox
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
|
||||
%{_sysconfdir}/sysconfig/sandbox
|
||||
%{_sbindir}/seunshare
|
||||
%{_datadir}/sandbox/sandboxX.sh
|
||||
|
||||
|
@ -250,6 +258,8 @@ rm -rf %{buildroot}
|
|||
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
||||
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
||||
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
|
||||
%{_mandir}/man8/fixfiles.8*
|
||||
%{_mandir}/ru/man8/fixfiles.8*
|
||||
%{_mandir}/man8/load_policy.8*
|
||||
%{_mandir}/ru/man8/load_policy.8*
|
||||
%{_mandir}/man8/open_init_pty.8*
|
||||
|
@ -297,6 +307,201 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-6
|
||||
- Fix fcontext translation handling in system-config-selinux
|
||||
|
||||
* Thu Jul 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-5
|
||||
- Fix sandbox command on HOMEDIR
|
||||
|
||||
* Tue Apr 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-4
|
||||
- Fix spacing in templates
|
||||
|
||||
* Wed Mar 31 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-3
|
||||
- Fix semanage return codes
|
||||
|
||||
* Tue Mar 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-2
|
||||
- Fix sepolgen to confirm to the "Reference Policy Style Guide"
|
||||
|
||||
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-1
|
||||
- Update to upstream
|
||||
* Add avc's since boot from Dan Walsh.
|
||||
* Fix unit tests from Dan Walsh.
|
||||
|
||||
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-4
|
||||
- Update to upstream - sepolgen
|
||||
* Add since-last-boot option to audit2allow from Dan Walsh.
|
||||
* Fix sepolgen output to match what Chris expects for upstream
|
||||
refpolicy from Dan Walsh.
|
||||
|
||||
* Mon Mar 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-3
|
||||
- Allow restorecon on > 2 Gig files
|
||||
|
||||
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-2
|
||||
- Fix semanage handling of boolean options
|
||||
- Update translations
|
||||
|
||||
* Fri Mar 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-1
|
||||
- Update to upstream
|
||||
* Add dontaudit flag to audit2allow from Dan Walsh.
|
||||
|
||||
* Thu Mar 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.80-2
|
||||
- Use --rbind in sandbox init scripts
|
||||
|
||||
* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.80-1
|
||||
- Update to upstream
|
||||
* Module enable/disable support from Dan Walsh.
|
||||
|
||||
* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-5
|
||||
- Rewrite of sandbox script, add unit test for sandbox
|
||||
- Update translations
|
||||
|
||||
* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-4
|
||||
- Fix patch for dontaudit rules from audit2allow for upstream acceptance
|
||||
|
||||
* Fri Feb 26 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-3
|
||||
- Fixes for fixfiles
|
||||
|
||||
* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-2
|
||||
- Fix sandbox to complain if mount-shared has not been run
|
||||
- Fix to use /etc/sysconfig/sandbox
|
||||
|
||||
* Tue Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
|
||||
- Update to upstream
|
||||
* Fix double-free in newrole
|
||||
- Fix python language handling
|
||||
|
||||
* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
|
||||
- Fix display of command in sandbox
|
||||
|
||||
* Fri Feb 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-20
|
||||
- Catch OSError in semanage
|
||||
|
||||
* Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-19
|
||||
- Fix seobject and fixfiles
|
||||
|
||||
* Fri Jan 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-17
|
||||
- Change seobject to use translations properly
|
||||
|
||||
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-16
|
||||
- Cleanup spec file
|
||||
Resolves: 555835
|
||||
|
||||
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
|
||||
- Add use_resolve to sepolgen
|
||||
|
||||
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
|
||||
- Add session capability to sandbox
|
||||
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
|
||||
|
||||
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-13
|
||||
- Fix executable template for fifo files
|
||||
|
||||
* Tue Jan 19 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-12
|
||||
- Fix patch xod xmodmap
|
||||
- Exit 0 from script
|
||||
|
||||
* Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
|
||||
- Run with the same xdmodmap in sandbox as outside
|
||||
- Patch from Josh Cogliati
|
||||
|
||||
* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-10
|
||||
- Fix sepolgen to not generate user sh section on non user policy
|
||||
|
||||
* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-9
|
||||
- Add -e to semanage man page
|
||||
- Add -D qualifier to audit2allow to generate dontaudit rules
|
||||
|
||||
* Wed Jan 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-8
|
||||
- Speed up audit2allow processing of audit2why comments
|
||||
|
||||
* Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
|
||||
- Fixes to sandbox man page
|
||||
|
||||
* Thu Dec 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-6
|
||||
- Add setools-libs-python to requires for gui
|
||||
|
||||
* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
|
||||
- If restorecond running as a user has no files to watch then it should exit. (NFS Homedirs)
|
||||
|
||||
* Thu Dec 10 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-4
|
||||
- Move sandbox man page to base package
|
||||
|
||||
* Tue Dec 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-3
|
||||
- Fix audit2allow to report constraints, dontaudits, types, booleans
|
||||
|
||||
* Fri Dec 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-2
|
||||
- Fix restorecon -i to ignore enoent
|
||||
|
||||
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-1
|
||||
- Update to upstream
|
||||
* Remove non-working OUTFILE from fixfiles from Dan Walsh.
|
||||
* Additional exception handling in chcat from Dan Walsh.
|
||||
|
||||
* fix sepolgen to read a "type 1403" msg as a policy load by Stephen
|
||||
Smalley <sds@tycho.nsa.gov>
|
||||
* Add support for Xen ocontexts from Paul Nuzzi.
|
||||
|
||||
* Tue Nov 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.77-1
|
||||
- Update to upstream
|
||||
* Fixed bug preventing semanage node -a from working
|
||||
from Chad Sellers
|
||||
* Fixed bug preventing semanage fcontext -l from working
|
||||
from Chad Sellers
|
||||
- Change semanage to use unicode
|
||||
|
||||
* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
|
||||
- Update to upstream
|
||||
* Remove setrans management from semanage, as it does not work
|
||||
from Dan Walsh.
|
||||
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
|
||||
|
||||
* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
|
||||
- Raise exception if user tries to add file context with an embedded space
|
||||
|
||||
* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
|
||||
- Fix sandbox to setsid so it can run under mozilla without crashing the session
|
||||
|
||||
* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
|
||||
- Update to upstream
|
||||
* Factor out restoring logic from setfiles.c into restore.c
|
||||
|
||||
* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
|
||||
- Fix typo in seobject.py
|
||||
|
||||
* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-14
|
||||
- Allow semanage -i and semanage -o to generate customization files.
|
||||
- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
|
||||
|
||||
* Tue Oct 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-13
|
||||
- Fix restorecond man page
|
||||
|
||||
* Mon Oct 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-12
|
||||
- Add generation of the users context file to polgengui
|
||||
|
||||
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-11
|
||||
- Remove tabs from system-config-selinux glade file
|
||||
|
||||
* Thu Oct 15 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-10
|
||||
- Remove translations screen from system-config-selinux
|
||||
|
||||
* Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-9
|
||||
- Move fixfiles man pages into the correct package
|
||||
- Add genhomedircon to fixfiles restore
|
||||
|
||||
* Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
|
||||
- Add check to sandbox to verify save changes - Chris Pardy
|
||||
- Fix memory leak in restorecond - Steve Grubb
|
||||
|
||||
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-7
|
||||
- Fixes Templates
|
||||
|
||||
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-6
|
||||
- Fixes for polgengui to handle tcp ports correctly
|
||||
- Fix semanage node -a
|
||||
|
||||
* Wed Sep 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-5
|
||||
- Fixes for semanage -equiv, readded modules, --enable, --disable
|
||||
|
||||
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-4
|
||||
- Close sandbox when eclipse exits
|
||||
|
||||
|
|
4
sources
4
sources
|
@ -1,3 +1,3 @@
|
|||
480cc64a050735fa1163a87dc89c4f49 sepolgen-1.0.17.tgz
|
||||
60aa41df668a557892296ff02c7411aa policycoreutils-2.0.74.tgz
|
||||
e4deacb4df1e2ec081a91fd59da1dcc5 policycoreutils-2.0.82.tgz
|
||||
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||
|
|
Loading…
Reference in New Issue