Compare commits
56 Commits
Author | SHA1 | Date |
---|---|---|
Dan Walsh | 4f2b60f96a | |
Dan Walsh | 93c449a55a | |
Dan Walsh | b9dfc8cf5f | |
Dan Walsh | 9acd6d2653 | |
Dan Walsh | f4bf55ccb2 | |
Dan Walsh | 6eed3115b9 | |
Dan Walsh | b7430583da | |
Dan Walsh | b19892214d | |
Dan Walsh | 8440c94908 | |
Dan Walsh | cc55b67dde | |
Dan Walsh | 7bb326e3b0 | |
Dan Walsh | 16cc0136dd | |
Dan Walsh | 84b88d9309 | |
Dan Walsh | 63524354f9 | |
Dan Walsh | 62ab97b393 | |
Dan Walsh | 8f131b4a15 | |
Dan Walsh | bb20ed2fab | |
Dan Walsh | bd7cb64997 | |
Dan Walsh | 419030ab27 | |
Dan Walsh | 720ea81a74 | |
Dan Walsh | 9f6e28ab93 | |
Dan Walsh | e2fab69723 | |
Dan Walsh | 5e86c6c83a | |
Dan Walsh | 346863135f | |
Dan Walsh | f3401ef5cf | |
Dan Walsh | 167eb4ae4d | |
Dan Walsh | dd3ab0dc1d | |
Dan Walsh | 913872747b | |
Dan Walsh | 7bcf5f9108 | |
Dan Walsh | 9fffedab42 | |
Dan Walsh | d096e6b673 | |
Dan Walsh | a26f1f2e97 | |
Dan Walsh | e0b77e4af2 | |
Dan Walsh | 7ca35f44e1 | |
Dan Walsh | 5c7ac2193a | |
Dan Walsh | 5eda7d7da7 | |
Dan Walsh | 9ea5a9c263 | |
Dan Walsh | e73828104a | |
Dan Walsh | 7bbaa602fe | |
Dan Walsh | 9d740110e6 | |
Dan Walsh | 9c23983b71 | |
Dan Walsh | 6e7e249de6 | |
Dan Walsh | 470f41d83d | |
Dan Walsh | b23202d558 | |
Dan Walsh | b1b6c5eb24 | |
Dan Walsh | fc15cdf18c | |
Dan Walsh | a0d0267634 | |
Dan Walsh | 3efb403928 | |
Dan Walsh | 3a563b3ce8 | |
Dan Walsh | f41eb95e23 | |
Dan Walsh | 4ab6423946 | |
Dan Walsh | 1c7e79a94c | |
Dan Walsh | d674eb1b52 | |
Dan Walsh | 543897b534 | |
David Malcolm | d7113c1828 | |
Dan Walsh | b50d1bb6de |
|
@ -221,3 +221,5 @@ sepolgen-1.0.22.tgz
|
|||
policycoreutils-2.0.82.tgz
|
||||
sepolgen-1.0.23.tgz
|
||||
policycoreutils-2.0.83.tgz
|
||||
/policycoreutils-2.0.84.tgz
|
||||
/policycoreutils-2.0.85.tgz
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
diff -up policycoreutils-2.0.83/load_policy/load_policy.c.init policycoreutils-2.0.83/load_policy/load_policy.c
|
||||
--- policycoreutils-2.0.83/load_policy/load_policy.c.init 2010-11-08 13:46:37.000000000 -0500
|
||||
+++ policycoreutils-2.0.83/load_policy/load_policy.c 2010-11-22 13:43:58.000000000 -0500
|
||||
@@ -74,6 +74,7 @@ int main(int argc, char **argv)
|
||||
"%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n",
|
||||
argv[0], argv[optind++]);
|
||||
}
|
||||
+ errno = 0;
|
||||
if (init) {
|
||||
if (is_selinux_enabled() == 1) {
|
||||
/* SELinux is already enabled, we should not do an initial load again */
|
||||
@@ -98,7 +99,12 @@ int main(int argc, char **argv)
|
||||
else {
|
||||
ret = selinux_mkload_policy(1);
|
||||
}
|
||||
- if (ret < 0) {
|
||||
+
|
||||
+ /* selinux_init_load_policy returns -1 if it did not load_policy
|
||||
+ * On SELinux disabled system it will always return -1
|
||||
+ * So check errno to see if anything went wrong
|
||||
+ */
|
||||
+ if (ret < 0 && errno != 0) {
|
||||
char *path=policy_path();
|
||||
fprintf(stderr, _("%s: Can't load policy file %s: %s\n"),
|
||||
argv[0], path, strerror(errno));
|
File diff suppressed because it is too large
Load Diff
68996
policycoreutils-po.patch
68996
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,390 @@
|
|||
diff -up policycoreutils-2.0.86/restorecond/restorecond_user.conf.sandbox policycoreutils-2.0.86/restorecond/restorecond_user.conf
|
||||
--- policycoreutils-2.0.86/restorecond/restorecond_user.conf.sandbox 2011-06-13 13:47:06.552590955 -0400
|
||||
+++ policycoreutils-2.0.86/restorecond/restorecond_user.conf 2011-06-13 13:47:27.757820459 -0400
|
||||
@@ -4,4 +4,4 @@
|
||||
~/local/*
|
||||
~/.fonts/*
|
||||
~/.cache/*
|
||||
-
|
||||
+~/.config/*
|
||||
diff -up policycoreutils-2.0.86/sandbox/sandbox.8.sandbox policycoreutils-2.0.86/sandbox/sandbox.8
|
||||
--- policycoreutils-2.0.86/sandbox/sandbox.8.sandbox 2011-07-07 14:42:18.298415909 -0400
|
||||
+++ policycoreutils-2.0.86/sandbox/sandbox.8 2011-07-07 14:42:30.567508958 -0400
|
||||
@@ -3,11 +3,11 @@
|
||||
sandbox \- Run cmd under an SELinux sandbox
|
||||
.SH SYNOPSIS
|
||||
.B sandbox
|
||||
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
|
||||
+[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
|
||||
|
||||
.br
|
||||
.B sandbox
|
||||
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
|
||||
+[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
|
||||
.br
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -60,8 +60,11 @@ Default to /usr/bin/matchbox-window-mana
|
||||
Create an X based Sandbox for gui apps, temporary files for
|
||||
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
|
||||
.TP
|
||||
-\fB\-C\fR
|
||||
+\fB\-c\fR
|
||||
Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
|
||||
+.TP
|
||||
+\fB\-C\fR
|
||||
+Use capabilities within the sandbox. By default applications executed within the sandbox will not be allowed to use capabilities (setuid apps), with the -C flag, you can use programs requiring capabilities.
|
||||
.PP
|
||||
.SH "SEE ALSO"
|
||||
.TP
|
||||
diff -up policycoreutils-2.0.86/sandbox/sandbox.sandbox policycoreutils-2.0.86/sandbox/sandbox
|
||||
--- policycoreutils-2.0.86/sandbox/sandbox.sandbox 2011-06-13 13:44:44.678086035 -0400
|
||||
+++ policycoreutils-2.0.86/sandbox/sandbox 2011-07-07 14:42:50.587660702 -0400
|
||||
@@ -88,9 +88,7 @@ def copyfile(file, srcdir, dest):
|
||||
|
||||
except shutil.Error, elist:
|
||||
for e in elist.message:
|
||||
- # ignore files that are missing
|
||||
- if not e[2].startswith("[Errno 2]"):
|
||||
- sys.stderr.write(e[2])
|
||||
+ sys.stderr.write(e[2])
|
||||
|
||||
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
|
||||
|
||||
@@ -311,17 +309,21 @@ sandbox [-h] [-l level ] [-[X|M] [-H hom
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
help=_("MCS/MLS level for the sandbox"))
|
||||
|
||||
- parser.add_option("-C", "--cgroups",
|
||||
+ parser.add_option("-c", "--cgroups",
|
||||
action="store_true", dest="usecgroup", default=False,
|
||||
help="Use cgroups to limit this sandbox.")
|
||||
|
||||
+ parser.add_option("-C", "--capabilities",
|
||||
+ action="store_true", dest="usecaps", default=False,
|
||||
+ help="Allow apps requiring capabilities to run within the sandbox.")
|
||||
+
|
||||
self.__parser=parser
|
||||
|
||||
self.__options, cmds = parser.parse_args()
|
||||
|
||||
if self.__options.X_ind:
|
||||
self.setype = DEFAULT_X_TYPE
|
||||
-
|
||||
+ self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2")
|
||||
if self.__options.setype:
|
||||
self.setype = self.__options.setype
|
||||
|
||||
@@ -392,8 +394,12 @@ sandbox [-h] [-l level ] [-[X|M] [-H hom
|
||||
def __execute(self):
|
||||
try:
|
||||
cmds = [ SEUNSHARE, "-Z", self.__execcon ]
|
||||
- if self.__options.usecgroup == True:
|
||||
+ if self.__options.usecgroup:
|
||||
cmds.append('-c')
|
||||
+ if self.__options.usecaps:
|
||||
+ cmds.append('-C')
|
||||
+ if not self.__options.level:
|
||||
+ cmds.append('-k')
|
||||
if self.__mount:
|
||||
cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
|
||||
|
||||
@@ -405,7 +411,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H hom
|
||||
|
||||
self.__setup_sandboxrc(self.__options.wm)
|
||||
|
||||
- cmds += [ "--", SANDBOXSH, self.__options.windowsize ]
|
||||
+ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
|
||||
else:
|
||||
cmds += [ "--" ] + self.__paths
|
||||
return subprocess.Popen(cmds).wait()
|
||||
diff -up policycoreutils-2.0.86/sandbox/sandboxX.sh.sandbox policycoreutils-2.0.86/sandbox/sandboxX.sh
|
||||
--- policycoreutils-2.0.86/sandbox/sandboxX.sh.sandbox 2011-06-13 13:44:44.684086096 -0400
|
||||
+++ policycoreutils-2.0.86/sandbox/sandboxX.sh 2011-07-07 14:41:50.536205201 -0400
|
||||
@@ -1,10 +1,12 @@
|
||||
#!/bin/bash
|
||||
-context=`id -Z | secon -t `
|
||||
-export TITLE="`grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` ($context)"
|
||||
-[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
|
||||
+trap "" TERM
|
||||
+context=`id -Z | secon -t -l -P`
|
||||
+export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
|
||||
+[ -z $1 ] && export SCREENSIZE="1000x700" || export SCREENSIZE="$1"
|
||||
+[ -z $2 ] && export DPI="96" || export DPI="$2"
|
||||
trap "exit 0" HUP
|
||||
|
||||
-(/usr/bin/Xephyr -nolisten tcp -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
#!/bin/sh
|
||||
@@ -13,7 +15,7 @@ __EOF
|
||||
chmod +x ~/seremote
|
||||
/usr/share/sandbox/start $HOME/.sandboxrc
|
||||
export EXITCODE=$?
|
||||
- kill -HUP 0
|
||||
+ kill -TERM 0
|
||||
break
|
||||
done
|
||||
exit 0
|
||||
diff -up policycoreutils-2.0.86/sandbox/seunshare.8.sandbox policycoreutils-2.0.86/sandbox/seunshare.8
|
||||
--- policycoreutils-2.0.86/sandbox/seunshare.8.sandbox 2011-07-07 14:41:16.065943281 -0400
|
||||
+++ policycoreutils-2.0.86/sandbox/seunshare.8 2011-07-07 14:41:26.300021079 -0400
|
||||
@@ -3,7 +3,7 @@
|
||||
seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
|
||||
.SH SYNOPSIS
|
||||
.B seunshare
|
||||
-[ -v ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
|
||||
+[-v] [-c] [-C] [-k] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
|
||||
.br
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
@@ -18,9 +18,15 @@ Alternate homedir to be used by the appl
|
||||
\fB\-t\ tmpdir
|
||||
Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user.
|
||||
.TP
|
||||
-\fB\-c cgroups\fR
|
||||
+\fB\-c --cgroups\fR
|
||||
Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
|
||||
.TP
|
||||
+\fB\-C --capabilities\fR
|
||||
+Allow apps executed within the namespace to use capabilities. Default is no capabilities.
|
||||
+.TP
|
||||
+\fB\-k --kill\fR
|
||||
+Kill all processes with matching MCS level.
|
||||
+.TP
|
||||
\fB\-Z\ context
|
||||
Use alternate SELinux context while runing the executable.
|
||||
.TP
|
||||
diff -up policycoreutils-2.0.86/sandbox/seunshare.c.sandbox policycoreutils-2.0.86/sandbox/seunshare.c
|
||||
--- policycoreutils-2.0.86/sandbox/seunshare.c.sandbox 2011-06-13 13:44:44.687086129 -0400
|
||||
+++ policycoreutils-2.0.86/sandbox/seunshare.c 2011-07-07 14:41:08.038882237 -0400
|
||||
@@ -29,6 +29,7 @@
|
||||
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/context.h> /* for context-mangling functions */
|
||||
+#include <dirent.h>
|
||||
|
||||
#ifdef USE_NLS
|
||||
#include <locale.h> /* for setlocale() */
|
||||
@@ -53,20 +54,22 @@
|
||||
#define BUF_SIZE 1024
|
||||
#define DEFAULT_PATH "/usr/bin:/bin"
|
||||
|
||||
-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] -t tmpdir -h homedir [-Z context] -- executable [args]")
|
||||
+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] -C -t tmpdir -h homedir [-Z context] -- executable [args]")
|
||||
|
||||
static int verbose = 0;
|
||||
+static int child = 0;
|
||||
|
||||
+static capng_select_t cap_set = CAPNG_SELECT_BOTH;
|
||||
|
||||
/**
|
||||
* This function will drop all capabilities.
|
||||
*/
|
||||
static int drop_caps()
|
||||
{
|
||||
- if (capng_have_capabilities(CAPNG_SELECT_BOTH) == CAPNG_NONE)
|
||||
+ if (capng_have_capabilities(cap_set) == CAPNG_NONE)
|
||||
return 0;
|
||||
- capng_clear(CAPNG_SELECT_BOTH);
|
||||
- if (capng_lock() == -1 || capng_apply(CAPNG_SELECT_BOTH) == -1) {
|
||||
+ capng_clear(cap_set);
|
||||
+ if (capng_lock() == -1 || capng_apply(cap_set) == -1) {
|
||||
fprintf(stderr, _("Failed to drop all capabilities\n"));
|
||||
return -1;
|
||||
}
|
||||
@@ -86,6 +89,13 @@ static int drop_privs(uid_t uid)
|
||||
}
|
||||
|
||||
/**
|
||||
+ * If the user sends a siginto to seunshare, kill the child's session
|
||||
+ */
|
||||
+void handler(int sig) {
|
||||
+ if (child > 0) kill(-child,sig);
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
* Take care of any signal setup.
|
||||
*/
|
||||
static int set_signal_handles(void)
|
||||
@@ -101,7 +111,12 @@ static int set_signal_handles(void)
|
||||
(void)sigprocmask(SIG_SETMASK, &empty, NULL);
|
||||
|
||||
/* Terminate on SIGHUP */
|
||||
- if (signal(SIGHUP, SIG_IGN) == SIG_ERR) {
|
||||
+ if (signal(SIGHUP, SIG_DFL) == SIG_ERR) {
|
||||
+ perror("Unable to set SIGHUP handler");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (signal(SIGINT, handler) == SIG_ERR) {
|
||||
perror("Unable to set SIGHUP handler");
|
||||
return -1;
|
||||
}
|
||||
@@ -334,6 +349,7 @@ static int setup_cgroups()
|
||||
char buf[BUF_SIZE];
|
||||
char *tok = NULL;
|
||||
int rc = -1;
|
||||
+ char *str = NULL;
|
||||
const char* fname = "/etc/sysconfig/sandbox";
|
||||
|
||||
if ((fp = fopen(fname, "rt")) == NULL) {
|
||||
@@ -346,7 +362,8 @@ static int setup_cgroups()
|
||||
|
||||
/* Copy the string, ignoring whitespace */
|
||||
int len = strlen(buf);
|
||||
- char *str = malloc((len + 1) * sizeof(char));
|
||||
+ free(str);
|
||||
+ str = malloc((len + 1) * sizeof(char));
|
||||
|
||||
int ind = 0;
|
||||
int i;
|
||||
@@ -487,6 +504,8 @@ static int setup_cgroups()
|
||||
|
||||
rc = 0;
|
||||
err:
|
||||
+ fclose(fp);
|
||||
+ free(str);
|
||||
free(mem);
|
||||
free(cgroupname);
|
||||
free(cpus);
|
||||
@@ -734,12 +753,75 @@ good:
|
||||
return tmpdir;
|
||||
}
|
||||
|
||||
+#define PROC_BASE "/proc"
|
||||
+
|
||||
+static int
|
||||
+killall (security_context_t execcon)
|
||||
+{
|
||||
+ DIR *dir;
|
||||
+ security_context_t scon;
|
||||
+ struct dirent *de;
|
||||
+ pid_t *pid_table, pid, self;
|
||||
+ int i;
|
||||
+ int pids, max_pids;
|
||||
+ int running = 0;
|
||||
+ self = getpid();
|
||||
+ if (!(dir = opendir(PROC_BASE))) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ max_pids = 256;
|
||||
+ pid_table = malloc(max_pids * sizeof (pid_t));
|
||||
+ if (!pid_table) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ pids = 0;
|
||||
+ context_t con;
|
||||
+ con = context_new(execcon);
|
||||
+ const char *mcs = context_range_get(con);
|
||||
+ printf("mcs=%s\n", mcs);
|
||||
+ while ((de = readdir (dir)) != NULL) {
|
||||
+ if (!(pid = (pid_t)atoi(de->d_name)) || pid == self)
|
||||
+ continue;
|
||||
+
|
||||
+ if (pids == max_pids) {
|
||||
+ if (!(pid_table = realloc(pid_table, 2*pids*sizeof(pid_t)))) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ max_pids *= 2;
|
||||
+ }
|
||||
+ pid_table[pids++] = pid;
|
||||
+ }
|
||||
+
|
||||
+ (void)closedir(dir);
|
||||
+
|
||||
+ for (i = 0; i < pids; i++) {
|
||||
+ pid_t id = pid_table[i];
|
||||
+
|
||||
+ if (getpidcon(id, &scon) == 0) {
|
||||
+
|
||||
+ context_t pidcon = context_new(scon);
|
||||
+ /* Attempt to kill remaining processes */
|
||||
+ if (strcmp(context_range_get(pidcon), mcs) == 0)
|
||||
+ kill(id, SIGKILL);
|
||||
+
|
||||
+ context_free(pidcon);
|
||||
+ freecon(scon);
|
||||
+ }
|
||||
+ running++;
|
||||
+ }
|
||||
+
|
||||
+ context_free(con);
|
||||
+ free(pid_table);
|
||||
+ return running;
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv) {
|
||||
int status = -1;
|
||||
security_context_t execcon = NULL;
|
||||
|
||||
int clflag; /* holds codes for command line flags */
|
||||
int usecgroups = 0;
|
||||
+ int kill_all = 0;
|
||||
|
||||
char *homedir_s = NULL; /* homedir spec'd by user in argv[] */
|
||||
char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */
|
||||
@@ -752,9 +834,11 @@ int main(int argc, char **argv) {
|
||||
const struct option long_options[] = {
|
||||
{"homedir", 1, 0, 'h'},
|
||||
{"tmpdir", 1, 0, 't'},
|
||||
+ {"kill", 1, 0, 'k'},
|
||||
{"verbose", 1, 0, 'v'},
|
||||
{"cgroups", 1, 0, 'c'},
|
||||
{"context", 1, 0, 'Z'},
|
||||
+ {"capabilities", 1, 0, 'C'},
|
||||
{NULL, 0, 0, 0}
|
||||
};
|
||||
|
||||
@@ -783,7 +867,7 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
while (1) {
|
||||
- clflag = getopt_long(argc, argv, "cvh:t:Z:", long_options, NULL);
|
||||
+ clflag = getopt_long(argc, argv, "Ccvh:t:Z:", long_options, NULL);
|
||||
if (clflag == -1)
|
||||
break;
|
||||
|
||||
@@ -791,6 +875,9 @@ int main(int argc, char **argv) {
|
||||
case 't':
|
||||
tmpdir_s = optarg;
|
||||
break;
|
||||
+ case 'k':
|
||||
+ kill_all = 1;
|
||||
+ break;
|
||||
case 'h':
|
||||
homedir_s = optarg;
|
||||
break;
|
||||
@@ -800,6 +887,9 @@ int main(int argc, char **argv) {
|
||||
case 'c':
|
||||
usecgroups = 1;
|
||||
break;
|
||||
+ case 'C':
|
||||
+ cap_set = CAPNG_SELECT_CAPS;
|
||||
+ break;
|
||||
case 'Z':
|
||||
execcon = optarg;
|
||||
break;
|
||||
@@ -851,7 +941,7 @@ int main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
/* spawn child process */
|
||||
- int child = fork();
|
||||
+ child = fork();
|
||||
if (child == -1) {
|
||||
perror(_("Unable to fork"));
|
||||
goto err;
|
||||
@@ -926,6 +1016,12 @@ childerr:
|
||||
waitpid(child, &status, 0);
|
||||
status_to_retval(status, status);
|
||||
|
||||
+ /* Make sure all child processes exit */
|
||||
+ kill(-child,SIGTERM);
|
||||
+
|
||||
+ if (execcon && kill_all)
|
||||
+ killall(execcon);
|
||||
+
|
||||
if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
|
||||
|
||||
err:
|
|
@ -6,12 +6,13 @@
|
|||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.83
|
||||
Release: 7%{?dist}
|
||||
License: GPLv2+
|
||||
Version: 2.0.85
|
||||
Release: 30.3%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
Source1: http://www.nsa.gov/selinux/archives/sepolgen-%{sepolgenver}.tgz
|
||||
# Based on git repository with tag 20101221
|
||||
Source: git://oss.tresys.com/git/selinux/policycoreutils-%{version}.tgz
|
||||
Source1: git://oss.tresys.com/git/selinux/sepolgen-%{sepolgenver}.tgz
|
||||
URL: http://www.selinuxproject.org
|
||||
Source2: system-config-selinux.png
|
||||
Source3: system-config-selinux.desktop
|
||||
|
@ -24,6 +25,7 @@ Patch: policycoreutils-rhat.patch
|
|||
Patch1: policycoreutils-po.patch
|
||||
Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
Patch5: policycoreutils-sandbox.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
|
||||
%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
|
||||
|
@ -62,9 +64,10 @@ context.
|
|||
%patch1 -p1 -b .rhatpo
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
#%patch5 -p1 -b .sandbox
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all
|
||||
make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
||||
%install
|
||||
|
@ -81,6 +84,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
|
|||
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
|
||||
%{__mkdir} -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
|
||||
%{__mkdir} -p %{buildroot}%{_datadir}/pixmaps
|
||||
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
||||
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
||||
|
||||
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
|
@ -91,11 +96,10 @@ install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
|
|||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
|
||||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
|
||||
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
|
||||
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
|
||||
tar -jxf %{SOURCE8} -C %{buildroot}/
|
||||
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
|
||||
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
|
||||
|
||||
desktop-file-install --vendor fedora \
|
||||
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
|
||||
|
@ -116,7 +120,8 @@ Requires: audit-libs-python >= %{libauditver}
|
|||
Requires: /usr/bin/make
|
||||
Requires(pre): python >= 2.6
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Requires: setools-libs-python
|
||||
Requires: setools-libs-python >= 3.3.7-6
|
||||
Requires: python-IPy
|
||||
|
||||
%description python
|
||||
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
||||
|
@ -140,7 +145,6 @@ The policycoreutils-python package contains the management tools use to manage a
|
|||
%{_mandir}/man1/audit2allow.1*
|
||||
%{_mandir}/ru/man1/audit2allow.1*
|
||||
%{_mandir}/man1/audit2why.1*
|
||||
%{_mandir}/man5/sandbox.conf.5*
|
||||
%{_mandir}/man8/chcat.8*
|
||||
%{_mandir}/ru/man8/chcat.8*
|
||||
%{_mandir}/man8/sandbox.8*
|
||||
|
@ -155,17 +159,21 @@ exit 0
|
|||
Summary: SELinux sandbox utilities
|
||||
Group: System Environment/Base
|
||||
Requires: policycoreutils-python = %{version}-%{release}
|
||||
Requires: xorg-x11-server-Xephyr
|
||||
Requires: xorg-x11-server-Xephyr /usr/bin/rsync /usr/bin/xmodmap
|
||||
Requires: matchbox-window-manager
|
||||
Requires(post): /sbin/chkconfig
|
||||
BuildRequires: libcap-ng-devel
|
||||
|
||||
%description sandbox
|
||||
The policycoreutils-python package contains the scripts to create graphical sandboxes
|
||||
The policycoreutils-sandbox package contains the scripts to create graphical sandboxes
|
||||
|
||||
%files sandbox
|
||||
%defattr(-,root,root,-)
|
||||
%{_datadir}/sandbox/sandboxX.sh
|
||||
%{_datadir}/sandbox/start
|
||||
%{_sbindir}/seunshare
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/man5/sandbox.conf.5*
|
||||
|
||||
%triggerin python -- selinux-policy
|
||||
selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
|
||||
|
@ -193,6 +201,7 @@ or level of a logged in user.
|
|||
%defattr(-,root,root)
|
||||
%attr(4755,root,root) %{_bindir}/newrole
|
||||
%{_mandir}/man1/newrole.1.gz
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/newrole
|
||||
|
||||
%package gui
|
||||
Summary: SELinux configuration GUI
|
||||
|
@ -227,7 +236,6 @@ system-config-selinux is a utility for managing the SELinux environment
|
|||
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
|
||||
%config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
@ -238,7 +246,6 @@ rm -rf %{buildroot}
|
|||
/sbin/fixfiles
|
||||
/sbin/setfiles
|
||||
/sbin/load_policy
|
||||
%{_sbindir}/seunshare
|
||||
%{_sbindir}/genhomedircon
|
||||
%{_sbindir}/load_policy
|
||||
%{_sbindir}/restorecond
|
||||
|
@ -254,7 +261,6 @@ rm -rf %{buildroot}
|
|||
%{_bindir}/semodule_package
|
||||
%{_sysconfdir}/rc.d/init.d/sandbox
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/newrole
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
%attr(755,root,root) /etc/rc.d/init.d/restorecond
|
||||
|
@ -293,8 +299,8 @@ rm -rf %{buildroot}
|
|||
%{_mandir}/ru/man8/setsebool.8*
|
||||
%{_mandir}/man1/secon.1*
|
||||
%{_mandir}/ru/man1/secon.1*
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/man8/genhomedircon.8*
|
||||
%doc %{_usr}/share/doc/%{name}-%{version}
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
|
@ -314,6 +320,249 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Tue Sep 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-7.3
|
||||
- Backport sandbox fixes from F16
|
||||
|
||||
* Thu Jul 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-7.2
|
||||
- Change seunshare to send kill signals to the childs session.
|
||||
- Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
|
||||
- Add -k qualifier to seunshare to have it attempt to kill all processes with
|
||||
the matching MCS label.
|
||||
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
|
||||
the bounding set will be dropped.
|
||||
- Change --cgroups short name -c rather then -C for consistancy
|
||||
- Fix memory and fd leaks in seunshare
|
||||
|
||||
* Fri Jun 17 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-30.1
|
||||
- Backport lots of fixes from F15 including:
|
||||
- Do not drop capability bounding set in seunshare, this allows sandbox to
|
||||
- run setuid apps.
|
||||
- Cleanup policy generation template
|
||||
- Pass dpi settings to sandbox
|
||||
- Add .config/* to restorecond_users.conf
|
||||
- Clean up some of the templates for sepolgen
|
||||
- Apply patches from Christoph A.
|
||||
* fix sandbox title
|
||||
* stop xephyr from li
|
||||
- Also ignore errors on sandbox include of directory missing files
|
||||
- Change fixfiles restore to delete unlabeled sockets in /tmp
|
||||
|
||||
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-30
|
||||
- Add Elia Pinto patches to allow user to specify directories to ignore
|
||||
|
||||
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-29
|
||||
- Fix policycoreutils-sandbox description
|
||||
|
||||
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
|
||||
- rsynccmd should run outside of execcon
|
||||
|
||||
* Thu Mar 24 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-27
|
||||
- Fix semange node handling of ipv6 addresses
|
||||
|
||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
||||
- Fix sepolgen-ifgen call, add -p option
|
||||
|
||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-25
|
||||
- Fix sepolgen-ifgen call
|
||||
|
||||
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
||||
- Fix rsync command to work if the directory is old.
|
||||
- Fix all tests
|
||||
|
||||
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-23
|
||||
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node
|
||||
|
||||
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-22
|
||||
- Return to original seunshare man page
|
||||
|
||||
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-21
|
||||
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
|
||||
- This will allow default sandboxes to work on NFS homedirs without allowing
|
||||
access to homedir data
|
||||
|
||||
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
|
||||
- Change sepolgen-ifgen to search all available policy files
|
||||
- Exit in restorecond if it can not find a UID in the passwd database
|
||||
|
||||
* Wed Mar 9 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
||||
- Fix portspage in system-config-selinux to not crash
|
||||
- More fixes for seunshare from Tomas Hoger
|
||||
|
||||
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
|
||||
- put back in old handling of -T in sandbox command
|
||||
- Put back setsid in seunshare
|
||||
- Fix rsync to maintain times
|
||||
|
||||
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17
|
||||
- Use rewritten seunshare from thoger
|
||||
|
||||
* Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16
|
||||
- Require python-IPy for policycoreutils-python package
|
||||
- Fixes for sepologen
|
||||
- Usage statement needs -n name
|
||||
- Names with _ are being prevented
|
||||
- dbus apps should get _chat interface
|
||||
|
||||
* Thu Mar 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-15
|
||||
- Fix error message in seunshare, check for tmpdir existance before unlink.
|
||||
|
||||
* Fri Feb 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-13
|
||||
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
|
||||
- Only allow names in polgengui that contain letters and numbers
|
||||
- Fix up node handling in semanage command
|
||||
- Update translations
|
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
||||
- Fix sandbox policy creation with udp connect ports
|
||||
|
||||
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
|
||||
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
|
||||
- Cleanup chcat man page
|
||||
|
||||
* Wed Feb 2 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-9
|
||||
- Report full errors on OSError on Sandbox
|
||||
|
||||
* Wed Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
|
||||
- Fix newrole hanlding of pcap
|
||||
|
||||
* Wed Jan 19 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-7
|
||||
- Have restorecond watch more directories in homedir
|
||||
|
||||
* Fri Jan 14 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-6
|
||||
- Add sandbox to sepolgen
|
||||
|
||||
* Thu Jan 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-4
|
||||
- Fix proper handling of getopt errors
|
||||
- Do not allow modules names to contain spaces
|
||||
|
||||
* Wed Jan 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-3
|
||||
- Polgengui raises the wrong type of exception. #471078
|
||||
- Change semanage to not allow it to semanage module -D
|
||||
- Change setsebool to suggest run as root on failure
|
||||
|
||||
* Wed Dec 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-2
|
||||
- Fix restorecond watching utmp file for people logging in our out
|
||||
|
||||
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-1
|
||||
- Update to upstream
|
||||
|
||||
* Thu Dec 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-5
|
||||
- Change to allow sandbox to run on nfs homedirs, add start python script
|
||||
|
||||
* Wed Dec 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-4
|
||||
- Move seunshare to sandbox package
|
||||
|
||||
* Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-3
|
||||
- Fix sandbox to show correct types in usage statement
|
||||
|
||||
* Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-2
|
||||
- Stop fixfiles from complaining about missing dirs
|
||||
|
||||
* Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-1
|
||||
- Update to upstream
|
||||
- List types available for sandbox in usage statement
|
||||
|
||||
* Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-37
|
||||
- Don't report error on load_policy when system is disabled.
|
||||
|
||||
* Mon Nov 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-36
|
||||
- Fix up problems pointed out by solar designer on dropping capabilities
|
||||
|
||||
* Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-35
|
||||
- Check if you have full privs and reset otherwise dont drop caps
|
||||
|
||||
* Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-34
|
||||
- Fix setools require line
|
||||
|
||||
* Fri Oct 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-33
|
||||
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
|
||||
- Additiona capability checking in sepolgen
|
||||
|
||||
* Mon Oct 25 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-32
|
||||
- Remove setuid flag and replace with file capabilities
|
||||
- Fix sandbox handling of files with spaces in them
|
||||
|
||||
* Wed Sep 29 2010 jkeating - 2.0.83-31
|
||||
- Rebuilt for gcc bug 634757
|
||||
|
||||
* Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-30
|
||||
- Move restorecond into its own subpackage
|
||||
|
||||
* Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-29
|
||||
- Fix semanage man page
|
||||
|
||||
* Mon Sep 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-28
|
||||
- Add seremote, to allow the execution of command inside the sandbox from outside the sandbox.
|
||||
|
||||
* Mon Sep 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-27
|
||||
- Fix sandbox copyfile when copying a dir with a socket, print error
|
||||
|
||||
* Fri Sep 10 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-26
|
||||
- Stop polgengui from crashing if selinux policy is not installed
|
||||
|
||||
* Thu Sep 9 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
|
||||
- Fix bug preventing sandbox from using -l
|
||||
|
||||
* Tue Sep 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-24
|
||||
- Eliminate quotes fro desktop files
|
||||
|
||||
* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-23
|
||||
- Add -w windowsize patch from Christoph A.
|
||||
|
||||
* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-22
|
||||
- Update po
|
||||
|
||||
* Wed Aug 25 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-21
|
||||
- Update po
|
||||
|
||||
* Tue Aug 24 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-20
|
||||
- Tighten down seunshare to create /tmp dir with sticky bit and MS_NODEV | MS_NOSUID | MS_NOEXEC;
|
||||
- Remove setsid on seunshare so ^c on sandbox will cause apps to exit
|
||||
- Add dbus-launch --exit-with-session so all processes launched within the sandbox exit with the sandbox
|
||||
- Clean up error handling so error will get sent back to sandbox tool
|
||||
|
||||
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-19
|
||||
- Fix translation handling in file context page of system-config-selinux
|
||||
|
||||
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-18
|
||||
- Fix sandbox error handling
|
||||
|
||||
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-17
|
||||
- Apply patch to restorecond from Chris Adams, which will cause restorecond
|
||||
- to watch first user that logs in.
|
||||
|
||||
* Thu Aug 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-16
|
||||
- Add COPYING file to doc dir
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-15
|
||||
- Update po and translations
|
||||
Resolves: #610473
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-14
|
||||
- More fixes for polgen tools
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-13
|
||||
- Remove requirement to run selinux-polgen as root
|
||||
|
||||
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-12
|
||||
- Update po and translations
|
||||
- Fix gui policy generation tools
|
||||
|
||||
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-11
|
||||
- Update po and translations
|
||||
|
||||
* Sat Jul 31 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.83-10
|
||||
- rebuild against python 2.7
|
||||
|
||||
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
|
||||
- Update selinux-polgengui to sepolgen policy generation
|
||||
|
||||
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-8
|
||||
- Fix invalid free in seunshare and fix man page
|
||||
|
||||
* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-7
|
||||
- Update translations
|
||||
|
||||
|
@ -3134,4 +3383,3 @@ written to. fails on 64-bit archs
|
|||
|
||||
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
|
||||
- Initial version
|
||||
|
||||
|
|
|
@ -1,20 +1,62 @@
|
|||
[Desktop Entry]
|
||||
Name=SELinux Policy Generation Tool
|
||||
Name[es]="Herramienta de Generación de Políticas de SELinux"
|
||||
Name[ja]="SELinux ポリシー生成ツール"
|
||||
Name[mr]="SELinux करार निर्माण साधन"
|
||||
Name[nl]="SELinux tactiek generatie gereedschap"
|
||||
Name[or]="SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ"
|
||||
Name[pa]="SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ"
|
||||
Name[pl]="Narzędzie tworzenia polityki SELinuksa"
|
||||
Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী
|
||||
Name[ca]=Eina de generació de polítiques del SELinux
|
||||
Name[da]=Regelsætgenereringsværktøj til SELinux
|
||||
Name[de]=Tool zur Erstellung von SELinux-Richtlinien
|
||||
Name[es]=Generador de Políticas de SELinux
|
||||
Name[fi]=SELinux-käytäntöjen generointityökalu
|
||||
Name[fr]=Outil de génération de stratégies SELinux
|
||||
Name[gu]=SELinux પોલિસી બનાવટ સાધન
|
||||
Name[hi]=SELinux पॉलिसी जनन औजार
|
||||
Name[it]=Tool di generazione della policy di SELinux
|
||||
Name[ja]=SELinux ポリシー生成ツール
|
||||
Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ
|
||||
Name[ko]=SELinux 정책 생성 도구
|
||||
Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം
|
||||
Name[mr]=SELinux करार निर्माण साधन
|
||||
Name[nl]=SELinux tactiek generatie gereedschap
|
||||
Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ
|
||||
Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ
|
||||
Name[pl]=Narzędzie tworzenia polityki SELinuksa
|
||||
Name[pt]=Ferramenta de Geração de Políticas SELinux
|
||||
Name[pt_BR]=Ferramenta de criação de políticas do SELinux
|
||||
Name[ru]=Средство создания политики SELinux
|
||||
Name[sv]=Genereringsverktyg för SELinuxpolicy
|
||||
Name[ta]=SELinux பாலிசி உற்பத்தி கருவி
|
||||
Name[te]=SELinux నిర్వహణ
|
||||
Name[uk]=Утиліта генерації правил SELinux
|
||||
Name[zh_CN]=SELinux 策略生成工具
|
||||
Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool)
|
||||
Comment=Generate SELinux policy modules
|
||||
Comment[es]="Generar módulos de política de SELinux"
|
||||
Comment[ja]="新しいポリシーモジュールの作成"
|
||||
Comment[mr]="SELinux करार घटके निर्माण करा"
|
||||
Comment[nl]="Maak een SELinux tactiek module aan"
|
||||
Comment[or]="SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ"
|
||||
Comment[pa]="SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ"
|
||||
Comment[pl]="Tworzenie nowych modułów polityki SELinuksa"
|
||||
Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন
|
||||
Comment[ca]=Genera els mòduls de les polítiques de SELinux
|
||||
Comment[da]=Generér SELinux-regelsætmodul
|
||||
Comment[de]=Tool zur Erstellung von SELinux-Richtlinien
|
||||
Comment[es]=Generar módulos de política de SELinux
|
||||
Comment[fi]=Generoi SELinuxin käytäntömoduuleja
|
||||
Comment[fr]=Génére des modules de stratégie SELinux
|
||||
Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો
|
||||
Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें
|
||||
Comment[it]=Genera moduli della politica di SELinux
|
||||
Comment[ja]=新しいポリシーモジュールの作成
|
||||
Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು
|
||||
Comment[ko]=SELinux 정책 모듈 생성
|
||||
Comment[ml]=SELinux യ പോളിസി ഘങ്ങള് തയ്യാറാക്കുക
|
||||
Comment[mr]=SELinux करार घटके निर्माण करा
|
||||
Comment[nl]=Maak een SELinux tactiek module aan
|
||||
Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ
|
||||
Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ
|
||||
Comment[pl]=Tworzenie nowych modułów polityki SELinuksa
|
||||
Comment[pt]=Gerar módulos de políticas SELinux
|
||||
Comment[pt_BR]=Gerar módulos de política do SELinux
|
||||
Comment[ru]=Генерация модулей политики SELinux
|
||||
Comment[sv]=Generera SELinux-policymoduler
|
||||
Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும்
|
||||
Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము
|
||||
Comment[uk]=Створення модулів контролю доступу SELinux
|
||||
Comment[zh_CN]=生成 SELinux 策略模块
|
||||
Comment[zh_TW]=產生 SELinux 政策模組
|
||||
StartupNotify=true
|
||||
Icon=system-config-selinux
|
||||
Exec=/usr/bin/selinux-polgengui
|
||||
|
|
2
sources
2
sources
|
@ -1,3 +1,3 @@
|
|||
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
||||
85a84b4521dfdde649d0143e15f724f9 policycoreutils-2.0.83.tgz
|
||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||
92fa615448d443b22c4ad6ecf89fc974 policycoreutils-2.0.85.tgz
|
||||
|
|
|
@ -1,20 +1,62 @@
|
|||
[Desktop Entry]
|
||||
Name=SELinux Management
|
||||
Name[es]="Administración de SELinux"
|
||||
Name[jp]="SELinux 管理"
|
||||
Name[mr]="SELinux मॅनेजमेंट"
|
||||
Name[nl]="SELinux beheer"
|
||||
Name[or]="SELinux ପରିଚାଳନା"
|
||||
Name[pa]="SELinux ਮੈਨੇਜਮੈਂਟ"
|
||||
Name[pl]="Zarządzanie SELinuksem"
|
||||
Name[bn_IN]=SELinux পরিচালনা
|
||||
Name[da]=Håndtering af SELinux
|
||||
Name[de]=SELinux-Management
|
||||
Name[ca]=Gestió de SELinux
|
||||
Name[es]=Administración de SELinux
|
||||
Name[fi]=SELinuxin ylläpito
|
||||
Name[fr]=Gestion de SELinux
|
||||
Name[gu]=SELinux સંચાલન
|
||||
Name[hi]=SELinux प्रबंधन
|
||||
Name[jp]=SELinux 管理
|
||||
Name[it]=Gestione di SELinux
|
||||
Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ
|
||||
Name[ko]=SELinux 관리
|
||||
Name[ml]=SELinux മാനേജ്മെന്റ്
|
||||
Name[mr]=SELinux मॅनेजमेंट
|
||||
Name[nl]=SELinux beheer
|
||||
Name[or]=SELinux ପରିଚାଳନା
|
||||
Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ
|
||||
Name[pl]=Zarządzanie SELinuksem
|
||||
Name[pt_BR]=Gerenciamento do SELinux
|
||||
Name[pt]=Gestão de SELinux
|
||||
Name[ru]=Управление SELinux
|
||||
Name[sv]=SELinux-hantering
|
||||
Name[ta]=SELinux மேலாண்மை
|
||||
Name[te]=SELinux నిర్వహణ
|
||||
Name[uk]=Керування SELinux
|
||||
Name[zh_CN]=SELinux 管理
|
||||
Name[zh_TW]=SELinux 管理
|
||||
Comment=Configure SELinux in a graphical setting
|
||||
Comment[es]="Defina SELinux en una configuración de interfaz gráfica"
|
||||
Comment[jp]="グラフィカルな設定画面で SELinux を設定する"
|
||||
Comment[mr]="ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा"
|
||||
Comment[nl]="Configureer SELinux in een grafische omgeving"
|
||||
Comment[or]="SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ"
|
||||
Comment[pa]="SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ"
|
||||
Comment[pl]="Konfiguracja SELinuksa w trybie graficznym"
|
||||
Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন
|
||||
Comment[ca]=Configura SELinuc an mode de preferències gràfiques
|
||||
Comment[da]=Konfigurér SELinux i et grafisk miljø
|
||||
Comment[de]=SELinux in einer grafischen Einstellung konfigurieren
|
||||
Comment[es]=Defina SELinux en una configuración de interfaz gráfica
|
||||
Comment[fi]=Tee SELinuxin asetukset graafisesti
|
||||
Comment[fr]=Configure SELinux dans un environnement graphique
|
||||
Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો
|
||||
Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें
|
||||
Comment[it]=Configura SELinux in una impostazione grafica
|
||||
Comment[jp]=グラフィカルな設定画面で SELinux を設定する
|
||||
Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정
|
||||
Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ
|
||||
Comment[ml]=ഒരു ഗ്രാഫിക്കല് സജ്ജീകരണത്തില് SELinux ക്രമീകരിയ്ക്കുക
|
||||
Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा
|
||||
Comment[nl]=Configureer SELinux in een grafische omgeving
|
||||
Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ
|
||||
Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ
|
||||
Comment[pl]=Konfiguracja SELinuksa w trybie graficznym
|
||||
Comment[pt]=Configurar o SELinux num ambiente gráfico
|
||||
Comment[pt_BR]=Configure o SELinux em uma configuração gráfica
|
||||
Comment[ru]=Настройка SELinux в графическом режиме
|
||||
Comment[sv]=Konfigurera SELinux i en grafisk miljö
|
||||
Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும்
|
||||
Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము
|
||||
Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом
|
||||
Comment[zh_CN]=在图形设置中配置 SELinux
|
||||
Comment[zh_TW]=在圖形話設定中配置 SELinux
|
||||
StartupNotify=true
|
||||
Icon=system-config-selinux
|
||||
Exec=/usr/bin/system-config-selinux
|
||||
|
|
Loading…
Reference in New Issue