Compare commits
22 Commits
Author | SHA1 | Date |
---|---|---|
Dan Walsh | 4dcf733d88 | |
Dan Walsh | 7eea916042 | |
Dan Walsh | 8a84b9dc0e | |
Dan Walsh | 2fb6f5383f | |
Dan Walsh | ffc2e23b19 | |
Dan Walsh | 0811ca9183 | |
Dan Walsh | c5a034dd83 | |
Dan Walsh | 602f9edb4e | |
Dan Walsh | d3b43fe396 | |
Dan Walsh | 2f61a7bd55 | |
Dan Walsh | fd962b4a18 | |
Dan Walsh | ceba8ec997 | |
Dan Walsh | 0ce6ffe6e0 | |
Dan Walsh | 75427df827 | |
Dan Walsh | 9f719e0494 | |
Dan Walsh | fdc4a2104c | |
Dan Walsh | 84f80332c4 | |
Dan Walsh | 9e0cf1ffd5 | |
Dan Walsh | 329484508e | |
Dan Walsh | b52696e988 | |
Dan Walsh | 7cc1f98d25 | |
Dan Walsh | 864bc60070 |
|
@ -224,3 +224,5 @@ policycoreutils-2.0.83.tgz
|
|||
/policycoreutils-2.0.84.tgz
|
||||
/policycoreutils-2.0.85.tgz
|
||||
/policycoreutils-2.0.86.tgz
|
||||
/policycoreutils-2.1.4.tgz
|
||||
/sepolgen-1.1.2.tgz
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,6 @@
|
|||
diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/gui/booleansPage.py
|
||||
--- policycoreutils-2.0.86/gui/booleansPage.py.gui 2011-04-12 10:52:07.463643555 -0400
|
||||
+++ policycoreutils-2.0.86/gui/booleansPage.py 2011-04-12 10:52:07.463643555 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/booleansPage.py.gui policycoreutils-2.1.4/gui/booleansPage.py
|
||||
--- policycoreutils-2.1.4/gui/booleansPage.py.gui 2012-05-08 10:50:10.196530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/booleansPage.py 2012-05-08 10:50:10.196530968 -0400
|
||||
@@ -0,0 +1,247 @@
|
||||
+#
|
||||
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
|
||||
|
@ -249,9 +249,9 @@ diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/g
|
|||
+ self.load(self.filter)
|
||||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gui/domainsPage.py
|
||||
--- policycoreutils-2.0.86/gui/domainsPage.py.gui 2011-04-12 10:52:07.464643571 -0400
|
||||
+++ policycoreutils-2.0.86/gui/domainsPage.py 2011-04-12 10:52:07.464643571 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/domainsPage.py.gui policycoreutils-2.1.4/gui/domainsPage.py
|
||||
--- policycoreutils-2.1.4/gui/domainsPage.py.gui 2012-05-08 10:50:10.196530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/domainsPage.py 2012-05-08 10:50:10.196530968 -0400
|
||||
@@ -0,0 +1,154 @@
|
||||
+## domainsPage.py - show selinux domains
|
||||
+## Copyright (C) 2009 Red Hat, Inc.
|
||||
|
@ -407,9 +407,9 @@ diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gu
|
|||
+
|
||||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/gui/fcontextPage.py
|
||||
--- policycoreutils-2.0.86/gui/fcontextPage.py.gui 2011-04-12 10:52:07.468643633 -0400
|
||||
+++ policycoreutils-2.0.86/gui/fcontextPage.py 2011-04-12 10:52:07.468643633 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/fcontextPage.py.gui policycoreutils-2.1.4/gui/fcontextPage.py
|
||||
--- policycoreutils-2.1.4/gui/fcontextPage.py.gui 2012-05-08 10:50:10.196530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/fcontextPage.py 2012-05-08 10:50:10.196530968 -0400
|
||||
@@ -0,0 +1,223 @@
|
||||
+## fcontextPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -634,9 +634,9 @@ diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/g
|
|||
+ self.store.set_value(iter, SPEC_COL, fspec)
|
||||
+ self.store.set_value(iter, FTYPE_COL, ftype)
|
||||
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
|
||||
diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/html_util.py
|
||||
--- policycoreutils-2.0.86/gui/html_util.py.gui 2011-04-12 10:52:07.469643648 -0400
|
||||
+++ policycoreutils-2.0.86/gui/html_util.py 2011-04-12 10:52:07.470643663 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/html_util.py.gui policycoreutils-2.1.4/gui/html_util.py
|
||||
--- policycoreutils-2.1.4/gui/html_util.py.gui 2012-05-08 10:50:10.196530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/html_util.py 2012-05-08 10:50:10.196530968 -0400
|
||||
@@ -0,0 +1,164 @@
|
||||
+# Authors: John Dennis <jdennis@redhat.com>
|
||||
+#
|
||||
|
@ -802,9 +802,9 @@ diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/
|
|||
+ doc += tail
|
||||
+ return doc
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gui/lockdown.glade
|
||||
--- policycoreutils-2.0.86/gui/lockdown.glade.gui 2011-04-12 10:52:07.471643678 -0400
|
||||
+++ policycoreutils-2.0.86/gui/lockdown.glade 2011-04-12 10:52:07.477643771 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/lockdown.glade.gui policycoreutils-2.1.4/gui/lockdown.glade
|
||||
--- policycoreutils-2.1.4/gui/lockdown.glade.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/lockdown.glade 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,771 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -1577,9 +1577,9 @@ diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gu
|
|||
+</widget>
|
||||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/gui/lockdown.gladep
|
||||
--- policycoreutils-2.0.86/gui/lockdown.gladep.gui 2011-04-12 10:52:07.482643847 -0400
|
||||
+++ policycoreutils-2.0.86/gui/lockdown.gladep 2011-04-12 10:52:07.483643863 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/lockdown.gladep.gui policycoreutils-2.1.4/gui/lockdown.gladep
|
||||
--- policycoreutils-2.1.4/gui/lockdown.gladep.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/lockdown.gladep 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -1588,11 +1588,11 @@ diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/g
|
|||
+ <name></name>
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/lockdown.py
|
||||
--- policycoreutils-2.0.86/gui/lockdown.py.gui 2011-04-12 10:52:07.484643879 -0400
|
||||
+++ policycoreutils-2.0.86/gui/lockdown.py 2011-04-12 10:52:07.484643879 -0400
|
||||
@@ -0,0 +1,382 @@
|
||||
+#!/usr/bin/python -Es
|
||||
diff -up policycoreutils-2.1.4/gui/lockdown.py.gui policycoreutils-2.1.4/gui/lockdown.py
|
||||
--- policycoreutils-2.1.4/gui/lockdown.py.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/lockdown.py 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,375 @@
|
||||
+#!/usr/bin/python
|
||||
+#
|
||||
+# lockdown.py - GUI for Booleans page in system-config-securitylevel
|
||||
+#
|
||||
|
@ -1623,7 +1623,7 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
|
|||
+import sys
|
||||
+import selinux
|
||||
+import seobject
|
||||
+import gtkhtml2
|
||||
+import webkit
|
||||
+import commands
|
||||
+import tempfile
|
||||
+
|
||||
|
@ -1714,18 +1714,14 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
|
|||
+ col.set_resizable(True)
|
||||
+ self.view.append_column(col)
|
||||
+
|
||||
+ self.html_view, self.doc = self.create_htmlview(self.html_scrolledwindow)
|
||||
+ self.html_view = self.create_htmlview(self.html_scrolledwindow)
|
||||
+ self.load()
|
||||
+ self.view.get_selection().select_path ((0,))
|
||||
+
|
||||
+ def create_htmlview(self, container):
|
||||
+ view = gtkhtml2.View()
|
||||
+ doc = gtkhtml2.Document()
|
||||
+ container.set_hadjustment(view.get_hadjustment())
|
||||
+ container.set_vadjustment(view.get_vadjustment())
|
||||
+ view.set_document(doc)
|
||||
+ view = webkit.WebView()
|
||||
+ container.add(view)
|
||||
+ return (view, doc)
|
||||
+ return (view)
|
||||
+
|
||||
+ def wait(self):
|
||||
+ self.window.set_cursor(self.busy_cursor)
|
||||
|
@ -1922,9 +1918,7 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
|
|||
+ self.cat = None
|
||||
+
|
||||
+ self.name = store.get_value(iter, BOOLEAN)
|
||||
+ self.doc.clear()
|
||||
+ self.doc.open_stream("text/html")
|
||||
+
|
||||
+
|
||||
+ html = ''
|
||||
+
|
||||
+ self.radiobox.hide()
|
||||
|
@ -1956,8 +1950,7 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
|
|||
+ self.default_radiobutton.set_active(True)
|
||||
+ html_doc= html_document(html)
|
||||
+
|
||||
+ self.doc.write_stream(html_doc)
|
||||
+ self.doc.close_stream()
|
||||
+ self.html_view.load_html_string(html, "")
|
||||
+
|
||||
+ def stand_alone(self):
|
||||
+ desktopName = _("Lockdown SELinux Booleans")
|
||||
|
@ -1974,9 +1967,9 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
|
|||
+
|
||||
+ app = booleanWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui/loginsPage.py
|
||||
--- policycoreutils-2.0.86/gui/loginsPage.py.gui 2011-04-12 10:52:07.485643894 -0400
|
||||
+++ policycoreutils-2.0.86/gui/loginsPage.py 2011-04-12 10:52:07.486643909 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/loginsPage.py.gui policycoreutils-2.1.4/gui/loginsPage.py
|
||||
--- policycoreutils-2.1.4/gui/loginsPage.py.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/loginsPage.py 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,185 @@
|
||||
+## loginsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -2163,9 +2156,9 @@ diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui
|
|||
+ self.store.set_value(iter, 1, seuser)
|
||||
+ self.store.set_value(iter, 2, seobject.translate(serange))
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Makefile
|
||||
--- policycoreutils-2.0.86/gui/Makefile.gui 2011-04-12 10:52:07.486643909 -0400
|
||||
+++ policycoreutils-2.0.86/gui/Makefile 2011-04-12 10:52:07.487643924 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/Makefile.gui policycoreutils-2.1.4/gui/Makefile
|
||||
--- policycoreutils-2.1.4/gui/Makefile.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/Makefile 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
|
@ -2207,9 +2200,9 @@ diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Make
|
|||
+indent:
|
||||
+
|
||||
+relabel:
|
||||
diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/gui/mappingsPage.py
|
||||
--- policycoreutils-2.0.86/gui/mappingsPage.py.gui 2011-04-12 10:52:07.487643924 -0400
|
||||
+++ policycoreutils-2.0.86/gui/mappingsPage.py 2011-04-12 10:52:07.492644000 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/mappingsPage.py.gui policycoreutils-2.1.4/gui/mappingsPage.py
|
||||
--- policycoreutils-2.1.4/gui/mappingsPage.py.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/mappingsPage.py 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,56 @@
|
||||
+## mappingsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -2267,9 +2260,9 @@ diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/g
|
|||
+ for k in keys:
|
||||
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gui/modulesPage.py
|
||||
--- policycoreutils-2.0.86/gui/modulesPage.py.gui 2011-04-12 10:52:07.493644016 -0400
|
||||
+++ policycoreutils-2.0.86/gui/modulesPage.py 2011-04-12 10:52:07.493644016 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/modulesPage.py.gui policycoreutils-2.1.4/gui/modulesPage.py
|
||||
--- policycoreutils-2.1.4/gui/modulesPage.py.gui 2012-05-08 10:50:10.197530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/modulesPage.py 2012-05-08 10:50:10.197530968 -0400
|
||||
@@ -0,0 +1,190 @@
|
||||
+## modulesPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
|
@ -2461,9 +2454,9 @@ diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gu
|
|||
+
|
||||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/polgen.glade
|
||||
--- policycoreutils-2.0.86/gui/polgen.glade.gui 2011-04-12 10:52:07.505644201 -0400
|
||||
+++ policycoreutils-2.0.86/gui/polgen.glade 2011-04-12 10:52:07.507644232 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/polgen.glade.gui policycoreutils-2.1.4/gui/polgen.glade
|
||||
--- policycoreutils-2.1.4/gui/polgen.glade.gui 2012-05-08 10:50:10.199530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/polgen.glade 2012-05-08 10:50:10.199530968 -0400
|
||||
@@ -0,0 +1,3432 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -5897,9 +5890,9 @@ diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/
|
|||
+</widget>
|
||||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui/polgen.gladep
|
||||
--- policycoreutils-2.0.86/gui/polgen.gladep.gui 2011-04-12 10:52:07.508644247 -0400
|
||||
+++ policycoreutils-2.0.86/gui/polgen.gladep 2011-04-12 10:52:07.508644247 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/polgen.gladep.gui policycoreutils-2.1.4/gui/polgen.gladep
|
||||
--- policycoreutils-2.1.4/gui/polgen.gladep.gui 2012-05-08 10:50:10.199530968 -0400
|
||||
+++ policycoreutils-2.1.4/gui/polgen.gladep 2012-05-08 10:50:10.199530968 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -5908,9 +5901,9 @@ diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui
|
|||
+ <name></name>
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/polgengui.py
|
||||
--- policycoreutils-2.0.86/gui/polgengui.py.gui 2011-04-12 10:52:07.513644322 -0400
|
||||
+++ policycoreutils-2.0.86/gui/polgengui.py 2011-05-23 17:04:16.377786536 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/polgengui.py.gui policycoreutils-2.1.4/gui/polgengui.py
|
||||
--- policycoreutils-2.1.4/gui/polgengui.py.gui 2012-05-08 10:50:10.200530969 -0400
|
||||
+++ policycoreutils-2.1.4/gui/polgengui.py 2012-05-08 10:50:10.200530969 -0400
|
||||
@@ -0,0 +1,750 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
|
@ -6662,13 +6655,13 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/
|
|||
+
|
||||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/polgen.py
|
||||
--- policycoreutils-2.0.86/gui/polgen.py.gui 2011-04-12 10:52:07.516644368 -0400
|
||||
+++ policycoreutils-2.0.86/gui/polgen.py 2011-05-23 17:04:04.539689964 -0400
|
||||
@@ -0,0 +1,1346 @@
|
||||
diff -up policycoreutils-2.1.4/gui/polgen.py.gui policycoreutils-2.1.4/gui/polgen.py
|
||||
--- policycoreutils-2.1.4/gui/polgen.py.gui 2012-05-08 10:50:10.201530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/polgen.py 2012-05-08 10:50:10.201530970 -0400
|
||||
@@ -0,0 +1,1353 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -6697,6 +6690,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+from templates import executable
|
||||
+from templates import boolean
|
||||
+from templates import etc_rw
|
||||
+from templates import unit_file
|
||||
+from templates import var_cache
|
||||
+from templates import var_spool
|
||||
+from templates import var_lib
|
||||
|
@ -6763,6 +6757,11 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ roles.sort()
|
||||
+ return roles
|
||||
+
|
||||
+def get_all_attributes():
|
||||
+ attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE))
|
||||
+ attributes.sort()
|
||||
+ return attributes
|
||||
+
|
||||
+def get_all_domains():
|
||||
+ all_domains = []
|
||||
+ types=get_all_types()
|
||||
|
@ -6958,13 +6957,15 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
|
||||
+ self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp];
|
||||
+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
|
||||
+ self.DEFAULT_DIRS["/lib/systemd/system"] = ["unit_file", [], unit_file];
|
||||
+ self.DEFAULT_DIRS["/etc/systemd/system"] = ["unit_file", [], unit_file];
|
||||
+ self.DEFAULT_DIRS["/var/cache"] = ["var_cache", [], var_cache];
|
||||
+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
|
||||
+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
|
||||
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
|
||||
+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
|
||||
+
|
||||
+ self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool"]
|
||||
+ self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/lib/systemd/system" ]
|
||||
+
|
||||
+ self.DEFAULT_TYPES = (\
|
||||
+( self.generate_daemon_types, self.generate_daemon_rules), \
|
||||
|
@ -6982,7 +6983,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ if name == "":
|
||||
+ raise ValueError(_("You must enter a name for your confined process/user"))
|
||||
+ if not name.isalnum():
|
||||
+ raise ValueError(_("Name must be alpha numberic with no spaces."))
|
||||
+ raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
|
||||
+
|
||||
+ if type == CGI:
|
||||
+ self.name = "httpd_%s_script" % name
|
||||
|
@ -7805,7 +7806,6 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ if os.path.isfile("/etc/rc.d/init.d/%s" % self.name):
|
||||
+ self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name)
|
||||
+
|
||||
+
|
||||
+ def gen_symbols(self):
|
||||
+ if self.type not in APPLICATIONS:
|
||||
+ return
|
||||
|
@ -7950,7 +7950,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ print _("""
|
||||
+%s
|
||||
+
|
||||
+sepolgen [ -m ] [ -t type ] [ executable | Name ]
|
||||
+sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
|
||||
+valid Types:
|
||||
+""") % msg
|
||||
+ keys=poltype.keys()
|
||||
|
@ -7966,7 +7966,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ ["type=",
|
||||
+ "mount",
|
||||
+ "test",
|
||||
+ "name",
|
||||
+ "name=",
|
||||
+ "help"])
|
||||
+ for o, a in gopts:
|
||||
+ if o == "-t" or o == "--type":
|
||||
|
@ -8012,9 +8012,9 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
|
|||
+ sys.exit(0)
|
||||
+ except ValueError, e:
|
||||
+ usage(e)
|
||||
diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/portsPage.py
|
||||
--- policycoreutils-2.0.86/gui/portsPage.py.gui 2011-04-12 10:52:07.518644400 -0400
|
||||
+++ policycoreutils-2.0.86/gui/portsPage.py 2011-04-12 10:52:07.521644446 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/portsPage.py.gui policycoreutils-2.1.4/gui/portsPage.py
|
||||
--- policycoreutils-2.1.4/gui/portsPage.py.gui 2012-05-08 10:50:10.202530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/portsPage.py 2012-05-08 10:50:10.202530970 -0400
|
||||
@@ -0,0 +1,259 @@
|
||||
+## portsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -8275,9 +8275,9 @@ diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/
|
|||
+
|
||||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/selinux.tbl
|
||||
--- policycoreutils-2.0.86/gui/selinux.tbl.gui 2011-04-12 10:52:07.522644461 -0400
|
||||
+++ policycoreutils-2.0.86/gui/selinux.tbl 2011-04-12 10:52:07.522644461 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/selinux.tbl.gui policycoreutils-2.1.4/gui/selinux.tbl
|
||||
--- policycoreutils-2.1.4/gui/selinux.tbl.gui 2012-05-08 10:50:10.202530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/selinux.tbl 2012-05-08 10:50:10.202530970 -0400
|
||||
@@ -0,0 +1,234 @@
|
||||
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
|
||||
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
|
||||
|
@ -8513,9 +8513,9 @@ diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/s
|
|||
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
|
||||
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/gui/semanagePage.py
|
||||
--- policycoreutils-2.0.86/gui/semanagePage.py.gui 2011-04-12 10:52:07.523644476 -0400
|
||||
+++ policycoreutils-2.0.86/gui/semanagePage.py 2011-04-12 10:52:07.524644491 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/semanagePage.py.gui policycoreutils-2.1.4/gui/semanagePage.py
|
||||
--- policycoreutils-2.1.4/gui/semanagePage.py.gui 2012-05-08 10:50:10.202530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/semanagePage.py 2012-05-08 10:50:10.202530970 -0400
|
||||
@@ -0,0 +1,168 @@
|
||||
+## semanagePage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
|
@ -8685,9 +8685,9 @@ diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/g
|
|||
+ self.load(self.filter)
|
||||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui/statusPage.py
|
||||
--- policycoreutils-2.0.86/gui/statusPage.py.gui 2011-04-12 10:52:07.530644584 -0400
|
||||
+++ policycoreutils-2.0.86/gui/statusPage.py 2011-04-12 10:52:07.530644584 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/statusPage.py.gui policycoreutils-2.1.4/gui/statusPage.py
|
||||
--- policycoreutils-2.1.4/gui/statusPage.py.gui 2012-05-08 10:50:10.203530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/statusPage.py 2012-05-08 10:50:10.203530970 -0400
|
||||
@@ -0,0 +1,190 @@
|
||||
+# statusPage.py - show selinux status
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
|
@ -8879,9 +8879,9 @@ diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui
|
|||
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
|
||||
+
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreutils-2.0.86/gui/system-config-selinux.glade
|
||||
--- policycoreutils-2.0.86/gui/system-config-selinux.glade.gui 2011-04-12 10:52:07.534644645 -0400
|
||||
+++ policycoreutils-2.0.86/gui/system-config-selinux.glade 2011-04-12 10:52:07.539644720 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/system-config-selinux.glade.gui policycoreutils-2.1.4/gui/system-config-selinux.glade
|
||||
--- policycoreutils-2.1.4/gui/system-config-selinux.glade.gui 2012-05-08 10:50:10.205530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/system-config-selinux.glade 2012-05-08 10:50:10.205530970 -0400
|
||||
@@ -0,0 +1,3024 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
|
@ -11907,9 +11907,9 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreut
|
|||
+</widget>
|
||||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreutils-2.0.86/gui/system-config-selinux.gladep
|
||||
--- policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui 2011-04-12 10:52:07.540644736 -0400
|
||||
+++ policycoreutils-2.0.86/gui/system-config-selinux.gladep 2011-04-12 10:52:07.541644752 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/system-config-selinux.gladep.gui policycoreutils-2.1.4/gui/system-config-selinux.gladep
|
||||
--- policycoreutils-2.1.4/gui/system-config-selinux.gladep.gui 2012-05-08 10:50:10.205530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/system-config-selinux.gladep 2012-05-08 10:50:10.205530970 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
|
@ -11918,9 +11918,9 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreu
|
|||
+ <name></name>
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils-2.0.86/gui/system-config-selinux.py
|
||||
--- policycoreutils-2.0.86/gui/system-config-selinux.py.gui 2011-04-12 10:52:07.542644768 -0400
|
||||
+++ policycoreutils-2.0.86/gui/system-config-selinux.py 2011-04-12 10:52:07.542644768 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/system-config-selinux.py.gui policycoreutils-2.1.4/gui/system-config-selinux.py
|
||||
--- policycoreutils-2.1.4/gui/system-config-selinux.py.gui 2012-05-08 10:50:10.206530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/system-config-selinux.py 2012-05-08 10:50:10.206530970 -0400
|
||||
@@ -0,0 +1,187 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
|
@ -12109,11 +12109,11 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils
|
|||
+
|
||||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0.86/gui/templates/boolean.py
|
||||
--- policycoreutils-2.0.86/gui/templates/boolean.py.gui 2011-04-12 10:52:07.543644784 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-05-23 16:59:42.369598714 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/boolean.py.gui policycoreutils-2.1.4/gui/templates/boolean.py
|
||||
--- policycoreutils-2.1.4/gui/templates/boolean.py.gui 2012-05-08 10:50:10.206530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/boolean.py 2012-05-08 10:50:10.206530970 -0400
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -12153,11 +12153,11 @@ diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0
|
|||
+')
|
||||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.86/gui/templates/etc_rw.py
|
||||
--- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui 2011-04-12 10:52:07.546644829 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-05-23 16:59:53.369684469 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/etc_rw.py.gui policycoreutils-2.1.4/gui/templates/etc_rw.py
|
||||
--- policycoreutils-2.1.4/gui/templates/etc_rw.py.gui 2012-05-08 10:50:10.206530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/etc_rw.py 2012-05-08 10:50:10.206530970 -0400
|
||||
@@ -0,0 +1,112 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -12254,7 +12254,7 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_etc_rw_t;"""
|
||||
+ type TEMPLATETYPE_etc_rw_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_etc($1)
|
||||
|
@ -12269,11 +12269,11 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-2.0.86/gui/templates/executable.py
|
||||
--- policycoreutils-2.0.86/gui/templates/executable.py.gui 2011-04-12 10:52:07.548644859 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/executable.py 2011-05-23 17:03:10.575251921 -0400
|
||||
@@ -0,0 +1,451 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
diff -up policycoreutils-2.1.4/gui/templates/executable.py.gui policycoreutils-2.1.4/gui/templates/executable.py
|
||||
--- policycoreutils-2.1.4/gui/templates/executable.py.gui 2012-05-08 10:50:10.206530970 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/executable.py 2012-05-08 10:52:30.026571526 -0400
|
||||
@@ -0,0 +1,445 @@
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -12389,7 +12389,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+permissive httpd_TEMPLATETYPE_script_t;
|
||||
+"""
|
||||
+
|
||||
+te_daemon_rules="""
|
||||
+te_daemon_rules="""\
|
||||
+allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms;
|
||||
+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
|
||||
+"""
|
||||
|
@ -12481,8 +12481,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+########################### Interface File #############################
|
||||
+
|
||||
+if_heading_rules="""
|
||||
+## <summary>policy for TEMPLATETYPE</summary>
|
||||
+"""
|
||||
+## <summary>policy for TEMPLATETYPE</summary>"""
|
||||
+
|
||||
+if_program_rules="""
|
||||
+
|
||||
|
@ -12504,7 +12503,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+ corecmd_search_bin($1)
|
||||
+ domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_user_program_rules="""
|
||||
|
@ -12560,7 +12558,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+ ps_process_pattern($2, TEMPLATETYPE_t)
|
||||
+ allow $2 TEMPLATETYPE_t:process signal;
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_sandbox_rules="""
|
||||
|
@ -12596,7 +12593,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+ allow TEMPLATETYPE_client_t $1:process { sigchld signull };
|
||||
+ allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms;
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_role_change_rules="""
|
||||
|
@ -12618,7 +12614,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+
|
||||
+ allow $1 TEMPLATETYPE_r;
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_initscript_rules="""
|
||||
|
@ -12639,7 +12634,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+
|
||||
+ init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t)
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_dbus_rules="""
|
||||
|
@ -12663,7 +12657,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+ allow $1 TEMPLATETYPE_t:dbus send_msg;
|
||||
+ allow TEMPLATETYPE_t $1:dbus send_msg;
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_begin_admin="""
|
||||
|
@ -12696,7 +12689,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+"""
|
||||
+
|
||||
+if_initscript_admin_types="""
|
||||
+ type TEMPLATETYPE_initrc_exec_t;"""
|
||||
+ type TEMPLATETYPE_initrc_exec_t;"""
|
||||
+
|
||||
+if_initscript_admin="""
|
||||
+ TEMPLATETYPE_initrc_domtrans($1)
|
||||
|
@ -12705,14 +12698,16 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+ allow $2 system_r;
|
||||
+"""
|
||||
+
|
||||
+if_end_admin="""
|
||||
+if_end_admin="""\
|
||||
+ optional_policy(`
|
||||
+ systemd_passwd_agent_exec($1)
|
||||
+ systemd_read_fifo_file_passwd_run($1)
|
||||
+ ')
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+########################### File Context ##################################
|
||||
+fc_program="""\
|
||||
+
|
||||
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
|
||||
+"""
|
||||
+
|
||||
|
@ -12721,15 +12716,14 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
|
|||
+"""
|
||||
+
|
||||
+fc_initscript="""\
|
||||
+
|
||||
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.0.86/gui/templates/__init__.py
|
||||
--- policycoreutils-2.0.86/gui/templates/__init__.py.gui 2011-04-12 10:52:07.549644874 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-05-23 17:02:40.424008790 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/__init__.py.gui policycoreutils-2.1.4/gui/templates/__init__.py
|
||||
--- policycoreutils-2.1.4/gui/templates/__init__.py.gui 2012-05-08 10:50:10.207530971 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/__init__.py 2012-05-08 10:50:10.207530971 -0400
|
||||
@@ -0,0 +1,18 @@
|
||||
+#
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+#
|
||||
+# This program is free software; you can redistribute it and/or modify
|
||||
+# it under the terms of the GNU General Public License as published by
|
||||
|
@ -12746,11 +12740,11 @@ diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.
|
|||
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
+#
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0.86/gui/templates/network.py
|
||||
--- policycoreutils-2.0.86/gui/templates/network.py.gui 2011-04-12 10:52:07.556644982 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/network.py 2011-05-23 17:03:09.237241107 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/network.py.gui policycoreutils-2.1.4/gui/templates/network.py
|
||||
--- policycoreutils-2.1.4/gui/templates/network.py.gui 2012-05-08 10:50:10.207530971 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/network.py 2012-05-08 10:50:10.207530971 -0400
|
||||
@@ -0,0 +1,102 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -12852,11 +12846,11 @@ diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0
|
|||
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
|
||||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/gui/templates/rw.py
|
||||
--- policycoreutils-2.0.86/gui/templates/rw.py.gui 2011-04-12 10:52:07.557644997 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/rw.py 2011-05-23 16:59:48.308644991 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/rw.py.gui policycoreutils-2.1.4/gui/templates/rw.py
|
||||
--- policycoreutils-2.1.4/gui/templates/rw.py.gui 2012-05-08 10:50:10.207530971 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/rw.py 2012-05-08 10:50:10.207530971 -0400
|
||||
@@ -0,0 +1,129 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -12970,7 +12964,7 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_rw_t;"""
|
||||
+ type TEMPLATETYPE_rw_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_etc($1)
|
||||
|
@ -12985,11 +12979,11 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
|
|||
+fc_dir="""
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.86/gui/templates/script.py
|
||||
--- policycoreutils-2.0.86/gui/templates/script.py.gui 2011-04-12 10:52:07.558645012 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/script.py 2011-05-23 17:02:13.796795073 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/script.py.gui policycoreutils-2.1.4/gui/templates/script.py
|
||||
--- policycoreutils-2.1.4/gui/templates/script.py.gui 2012-05-08 10:50:10.207530971 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/script.py 2012-05-08 10:52:08.220565338 -0400
|
||||
@@ -0,0 +1,126 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13054,7 +13048,7 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
|
|||
+
|
||||
+echo "Building and Loading Policy"
|
||||
+set -x
|
||||
+make -f /usr/share/selinux/devel/Makefile || exit
|
||||
+make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit
|
||||
+/usr/sbin/semodule -i TEMPLATEFILE.pp
|
||||
+
|
||||
+"""
|
||||
|
@ -13115,11 +13109,11 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
|
|||
+_EOF
|
||||
+fi
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.0.86/gui/templates/semodule.py
|
||||
--- policycoreutils-2.0.86/gui/templates/semodule.py.gui 2011-04-12 10:52:07.560645042 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-05-23 17:02:07.466744404 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/semodule.py.gui policycoreutils-2.1.4/gui/templates/semodule.py
|
||||
--- policycoreutils-2.1.4/gui/templates/semodule.py.gui 2012-05-08 10:50:10.207530971 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/semodule.py 2012-05-08 10:50:10.207530971 -0400
|
||||
@@ -0,0 +1,41 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13160,11 +13154,11 @@ diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.
|
|||
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
|
||||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/gui/templates/tmp.py
|
||||
--- policycoreutils-2.0.86/gui/templates/tmp.py.gui 2011-04-12 10:52:07.561645058 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-05-23 17:01:55.736650663 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/tmp.py.gui policycoreutils-2.1.4/gui/templates/tmp.py
|
||||
--- policycoreutils-2.1.4/gui/templates/tmp.py.gui 2012-05-08 10:50:10.208530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/tmp.py 2012-05-08 10:50:10.208530972 -0400
|
||||
@@ -0,0 +1,102 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13260,17 +13254,93 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_tmp_t;"""
|
||||
+ type TEMPLATETYPE_tmp_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_tmp($1)
|
||||
+ admin_pattern($1, TEMPLATETYPE_tmp_t)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86/gui/templates/user.py
|
||||
--- policycoreutils-2.0.86/gui/templates/user.py.gui 2011-04-12 10:52:07.562645074 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/user.py 2011-05-23 17:01:46.816579501 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/unit_file.py.gui policycoreutils-2.1.4/gui/templates/unit_file.py
|
||||
--- policycoreutils-2.1.4/gui/templates/unit_file.py.gui 2012-05-08 10:51:24.655552818 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/unit_file.py 2012-05-08 10:51:15.755550237 -0400
|
||||
@@ -0,0 +1,72 @@
|
||||
+# Copyright (C) 2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
+#
|
||||
+# This program is free software; you can redistribute it and/or
|
||||
+# modify it under the terms of the GNU General Public License as
|
||||
+# published by the Free Software Foundation; either version 2 of
|
||||
+# the License, or (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program; if not, write to the Free Software
|
||||
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
+# 02111-1307 USA
|
||||
+#
|
||||
+#
|
||||
+########################### unit Template File #############################
|
||||
+
|
||||
+########################### Type Enforcement File #############################
|
||||
+te_types="""
|
||||
+type TEMPLATETYPE_unit_file_t;
|
||||
+systemd_unit_file(TEMPLATETYPE_unit_file_t)
|
||||
+"""
|
||||
+
|
||||
+te_rules=""
|
||||
+
|
||||
+########################### Interface File #############################
|
||||
+if_rules="""\
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Execute TEMPLATETYPE server in the TEMPLATETYPE domain.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
+## Domain allowed to transition.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+#
|
||||
+interface(`TEMPLATETYPE_systemctl',`
|
||||
+ gen_require(`
|
||||
+ type TEMPLATETYPE_t;
|
||||
+ type TEMPLATETYPE_unit_file_t;
|
||||
+ ')
|
||||
+
|
||||
+ systemd_exec_systemctl($1)
|
||||
+ systemd_read_fifo_file_password_run($1)
|
||||
+ allow $1 TEMPLATETYPE_unit_file_t:file read_file_perms;
|
||||
+ allow $1 TEMPLATETYPE_unit_file_t:service manage_service_perms;
|
||||
+
|
||||
+ ps_process_pattern($1, TEMPLATETYPE_t)
|
||||
+')
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_unit_file_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ TEMPLATETYPE_systemctl($1)
|
||||
+ admin_pattern($1, TEMPLATETYPE_unit_file_t)
|
||||
+ allow $1 TEMPLATETYPE_unit_file_t:service all_service_perms;
|
||||
+"""
|
||||
+
|
||||
+########################### File Context ##################################
|
||||
+fc_file="""\
|
||||
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_unit_file_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.4/gui/templates/user.py.gui policycoreutils-2.1.4/gui/templates/user.py
|
||||
--- policycoreutils-2.1.4/gui/templates/user.py.gui 2012-05-08 10:50:10.208530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/user.py 2012-05-08 10:50:10.208530972 -0400
|
||||
@@ -0,0 +1,204 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13474,11 +13544,11 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
|
|||
+te_newrole_rules="""
|
||||
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2.0.86/gui/templates/var_cache.py
|
||||
--- policycoreutils-2.0.86/gui/templates/var_cache.py.gui 2011-04-12 10:52:07.566645136 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-05-23 17:01:38.793515591 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/var_cache.py.gui policycoreutils-2.1.4/gui/templates/var_cache.py
|
||||
--- policycoreutils-2.1.4/gui/templates/var_cache.py.gui 2012-05-08 10:50:10.208530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/var_cache.py 2012-05-08 10:50:10.208530972 -0400
|
||||
@@ -0,0 +1,132 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13595,7 +13665,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_cache_t;"""
|
||||
+ type TEMPLATETYPE_cache_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_var($1)
|
||||
|
@ -13610,11 +13680,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0.86/gui/templates/var_lib.py
|
||||
--- policycoreutils-2.0.86/gui/templates/var_lib.py.gui 2011-04-12 10:52:07.567645151 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-05-23 17:01:31.516457701 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/var_lib.py.gui policycoreutils-2.1.4/gui/templates/var_lib.py
|
||||
--- policycoreutils-2.1.4/gui/templates/var_lib.py.gui 2012-05-08 10:50:10.208530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/var_lib.py 2012-05-08 10:50:10.208530972 -0400
|
||||
@@ -0,0 +1,160 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13737,7 +13807,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
|
|||
+if_stream_rules="""
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Connect to TEMPLATETYPE over an unix stream socket.
|
||||
+## Connect to TEMPLATETYPE over a unix stream socket.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
|
@ -13755,7 +13825,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_var_lib_t;"""
|
||||
+ type TEMPLATETYPE_var_lib_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_var_lib($1)
|
||||
|
@ -13774,11 +13844,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0.86/gui/templates/var_log.py
|
||||
--- policycoreutils-2.0.86/gui/templates/var_log.py.gui 2011-04-12 10:52:07.568645166 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-05-23 17:01:22.948389639 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/var_log.py.gui policycoreutils-2.1.4/gui/templates/var_log.py
|
||||
--- policycoreutils-2.1.4/gui/templates/var_log.py.gui 2012-05-08 10:50:10.208530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/var_log.py 2012-05-08 10:50:10.208530972 -0400
|
||||
@@ -0,0 +1,114 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13814,7 +13884,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
+########################### Interface File #############################
|
||||
+if_rules="""
|
||||
+if_rules="""\
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Read TEMPLATETYPE's log files.
|
||||
|
@ -13877,7 +13947,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_log_t;"""
|
||||
+ type TEMPLATETYPE_log_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ logging_search_logs($1)
|
||||
|
@ -13892,11 +13962,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0.86/gui/templates/var_run.py
|
||||
--- policycoreutils-2.0.86/gui/templates/var_run.py.gui 2011-04-12 10:52:07.569645181 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-05-23 17:01:11.639299961 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/var_run.py.gui policycoreutils-2.1.4/gui/templates/var_run.py
|
||||
--- policycoreutils-2.1.4/gui/templates/var_run.py.gui 2012-05-08 10:50:10.209530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/var_run.py 2012-05-08 10:50:10.209530972 -0400
|
||||
@@ -0,0 +1,101 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -13935,7 +14005,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
|
|||
+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file)
|
||||
+"""
|
||||
+
|
||||
+if_rules="""
|
||||
+if_rules="""\
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Read TEMPLATETYPE PID files.
|
||||
|
@ -13960,7 +14030,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
|
|||
+if_stream_rules="""\
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Connect to TEMPLATETYPE over an unix stream socket.
|
||||
+## Connect to TEMPLATETYPE over a unix stream socket.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
|
@ -13979,7 +14049,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_var_run_t;"""
|
||||
+ type TEMPLATETYPE_var_run_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_pids($1)
|
||||
|
@ -13997,11 +14067,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py
|
||||
--- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-04-12 10:52:07.573645242 -0400
|
||||
+++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-25 16:09:23.350352658 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/templates/var_spool.py.gui policycoreutils-2.1.4/gui/templates/var_spool.py
|
||||
--- policycoreutils-2.1.4/gui/templates/var_spool.py.gui 2012-05-08 10:50:10.209530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/templates/var_spool.py 2012-05-08 10:50:10.209530972 -0400
|
||||
@@ -0,0 +1,131 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# Copyright (C) 2007-2012 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
+# policygentool is a tool for the initial generation of SELinux policy
|
||||
|
@ -14117,7 +14187,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
|
|||
+"""
|
||||
+
|
||||
+if_admin_types="""
|
||||
+ type TEMPLATETYPE_spool_t;"""
|
||||
+ type TEMPLATETYPE_spool_t;"""
|
||||
+
|
||||
+if_admin_rules="""
|
||||
+ files_search_spool($1)
|
||||
|
@ -14132,9 +14202,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
|
|||
+fc_dir="""\
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.0.86/gui/usersPage.py.gui policycoreutils-2.0.86/gui/usersPage.py
|
||||
--- policycoreutils-2.0.86/gui/usersPage.py.gui 2011-04-12 10:52:07.578645320 -0400
|
||||
+++ policycoreutils-2.0.86/gui/usersPage.py 2011-04-12 10:52:07.578645320 -0400
|
||||
diff -up policycoreutils-2.1.4/gui/usersPage.py.gui policycoreutils-2.1.4/gui/usersPage.py
|
||||
--- policycoreutils-2.1.4/gui/usersPage.py.gui 2012-05-08 10:50:10.209530972 -0400
|
||||
+++ policycoreutils-2.1.4/gui/usersPage.py 2012-05-08 10:50:10.209530972 -0400
|
||||
@@ -0,0 +1,150 @@
|
||||
+## usersPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,270 +1,56 @@
|
|||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py 2011-05-25 16:11:58.150628048 -0400
|
||||
@@ -32,6 +32,7 @@ in a variety of ways, but they are the f
|
||||
"""
|
||||
diff --git a/sepolgen/HACKING b/sepolgen/HACKING
|
||||
index 5cdf6d5..a0ec323 100644
|
||||
--- a/sepolgen/HACKING
|
||||
+++ b/sepolgen/HACKING
|
||||
@@ -76,4 +76,4 @@ information about the object classes - including information flow. It
|
||||
is separated to keep the core from being concerned about the details
|
||||
of the object classes.
|
||||
|
||||
-[selist]: http://www.nsa.gov/selinux/info/list.cfm
|
||||
\ No newline at end of file
|
||||
+[selist]: http://www.nsa.gov/research/selinux/info/list.cfm
|
||||
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
|
||||
index 9fdfafa..9e2ccee 100644
|
||||
--- a/sepolgen/src/sepolgen/audit.py
|
||||
+++ b/sepolgen/src/sepolgen/audit.py
|
||||
@@ -20,6 +20,7 @@
|
||||
import refpolicy
|
||||
+from selinux import audit2why
|
||||
import access
|
||||
import re
|
||||
+import sys
|
||||
|
||||
def is_idparam(id):
|
||||
"""Determine if an id is a paramater in the form $N, where N is
|
||||
@@ -85,6 +86,8 @@ class AccessVector:
|
||||
self.obj_class = None
|
||||
self.perms = refpolicy.IdSet()
|
||||
self.audit_msgs = []
|
||||
+ self.type = audit2why.TERULE
|
||||
+ self.bools = []
|
||||
# Convenience functions
|
||||
|
||||
# The direction of the information flow represented by this
|
||||
# access vector - used for matching
|
||||
@@ -253,20 +256,22 @@ class AccessVectorSet:
|
||||
for av in l:
|
||||
self.add_av(AccessVector(av))
|
||||
@@ -343,6 +344,7 @@ class AuditParser:
|
||||
self.policy_load_msgs = []
|
||||
self.path_msgs = []
|
||||
self.by_header = { }
|
||||
+ self.check_input_file = False
|
||||
|
||||
# Low-level parsing function - tries to determine if this audit
|
||||
# message is an SELinux related message and then parses it into
|
||||
@@ -378,6 +380,7 @@ class AuditParser:
|
||||
found = True
|
||||
|
||||
if found:
|
||||
+ self.check_input_file = True
|
||||
try:
|
||||
msg.from_split_string(rec)
|
||||
except ValueError:
|
||||
@@ -447,6 +450,9 @@ class AuditParser:
|
||||
while line:
|
||||
self.__parse(line)
|
||||
line = input.readline()
|
||||
+ if not self.check_input_file:
|
||||
+ sys.stderr.write("Nothing to do\n")
|
||||
+ sys.exit(0)
|
||||
self.__post_process()
|
||||
|
||||
- def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
|
||||
+ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
|
||||
"""Add an access vector to the set.
|
||||
"""
|
||||
tgt = self.src.setdefault(src_type, { })
|
||||
cls = tgt.setdefault(tgt_type, { })
|
||||
|
||||
- if cls.has_key(obj_class):
|
||||
- access = cls[obj_class]
|
||||
+ if cls.has_key((obj_class, avc_type)):
|
||||
+ access = cls[obj_class, avc_type]
|
||||
else:
|
||||
access = AccessVector()
|
||||
access.src_type = src_type
|
||||
access.tgt_type = tgt_type
|
||||
access.obj_class = obj_class
|
||||
- cls[obj_class] = access
|
||||
+ access.bools = bools
|
||||
+ access.type = avc_type
|
||||
+ cls[obj_class, avc_type] = access
|
||||
|
||||
access.perms.update(perms)
|
||||
if audit_msg:
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py 2011-05-25 16:11:58.150628048 -0400
|
||||
@@ -68,6 +68,17 @@ def get_dmesg_msgs():
|
||||
stdout=subprocess.PIPE).communicate()[0]
|
||||
return output
|
||||
|
||||
+def get_log_msgs():
|
||||
+ """Obtain all of the avc and policy load messages from /var/log/messages.
|
||||
+
|
||||
+ Returns:
|
||||
+ string contain all of the audit messages returned by /var/log/messages.
|
||||
+ """
|
||||
+ import subprocess
|
||||
+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
|
||||
+ stdout=subprocess.PIPE).communicate()[0]
|
||||
+ return output
|
||||
+
|
||||
# Classes representing audit messages
|
||||
|
||||
class AuditMessage:
|
||||
@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
|
||||
if fields[0] == "path":
|
||||
self.path = fields[1][1:-1]
|
||||
return
|
||||
+import selinux.audit2why as audit2why
|
||||
+
|
||||
+avcdict = {}
|
||||
|
||||
class AVCMessage(AuditMessage):
|
||||
"""AVC message representing an access denial or granted message.
|
||||
@@ -167,6 +181,8 @@ class AVCMessage(AuditMessage):
|
||||
self.path = ""
|
||||
self.accesses = []
|
||||
self.denial = True
|
||||
+ self.type = audit2why.TERULE
|
||||
+ self.bools = []
|
||||
|
||||
def __parse_access(self, recs, start):
|
||||
# This is kind of sucky - the access that is in a space separated
|
||||
@@ -226,7 +242,31 @@ class AVCMessage(AuditMessage):
|
||||
|
||||
if not found_src or not found_tgt or not found_class or not found_access:
|
||||
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
|
||||
-
|
||||
+ self.analyze()
|
||||
+
|
||||
+ def analyze(self):
|
||||
+ tcontext = self.tcontext.to_string()
|
||||
+ scontext = self.scontext.to_string()
|
||||
+ access_tuple = tuple( self.accesses)
|
||||
+ if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
|
||||
+ self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
|
||||
+ else:
|
||||
+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
|
||||
+ if self.type == audit2why.NOPOLICY:
|
||||
+ self.type = audit2why.TERULE
|
||||
+ if self.type == audit2why.BADTCON:
|
||||
+ raise ValueError("Invalid Target Context %s\n" % tcontext)
|
||||
+ if self.type == audit2why.BADSCON:
|
||||
+ raise ValueError("Invalid Source Context %s\n" % scontext)
|
||||
+ if self.type == audit2why.BADSCON:
|
||||
+ raise ValueError("Invalid Type Class %s\n" % self.tclass)
|
||||
+ if self.type == audit2why.BADPERM:
|
||||
+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
|
||||
+ if self.type == audit2why.BADCOMPUTE:
|
||||
+ raise ValueError("Error during access vector computation")
|
||||
+
|
||||
+ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
|
||||
+
|
||||
class PolicyLoadMessage(AuditMessage):
|
||||
"""Audit message indicating that the policy was reloaded."""
|
||||
def __init__(self, message):
|
||||
@@ -469,10 +509,10 @@ class AuditParser:
|
||||
if avc_filter:
|
||||
if avc_filter.filter(avc):
|
||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||
- avc.accesses, avc)
|
||||
+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
|
||||
else:
|
||||
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
|
||||
- avc.accesses, avc)
|
||||
+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
|
||||
return av_set
|
||||
|
||||
class AVCTypeFilter:
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py 2011-05-25 16:11:58.150628048 -0400
|
||||
@@ -30,6 +30,9 @@ def perm_map():
|
||||
def interface_info():
|
||||
return data_dir() + "/interface_info"
|
||||
|
||||
+def attribute_info():
|
||||
+ return data_dir() + "/attribute_info"
|
||||
+
|
||||
def refpolicy_devel():
|
||||
return "/usr/share/selinux/devel"
|
||||
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py 2011-05-25 16:11:58.151628058 -0400
|
||||
@@ -29,6 +29,8 @@ import matching
|
||||
|
||||
from sepolgeni18n import _
|
||||
|
||||
+import copy
|
||||
+
|
||||
class Param:
|
||||
"""
|
||||
Object representing a paramater for an interface.
|
||||
@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params
|
||||
ret = 1
|
||||
|
||||
return ret
|
||||
-
|
||||
+
|
||||
+class AttributeVector:
|
||||
+ def __init__(self):
|
||||
+ self.name = ""
|
||||
+ self.access = access.AccessVectorSet()
|
||||
+
|
||||
+ def add_av(self, av):
|
||||
+ self.access.add_av(av)
|
||||
+
|
||||
+class AttributeSet:
|
||||
+ def __init__(self):
|
||||
+ self.attributes = { }
|
||||
+
|
||||
+ def add_attr(self, attr):
|
||||
+ self.attributes[attr.name] = attr
|
||||
+
|
||||
+ def from_file(self, fd):
|
||||
+ def parse_attr(line):
|
||||
+ fields = line[1:-1].split()
|
||||
+ if len(fields) != 2 or fields[0] != "Attribute":
|
||||
+ raise SyntaxError("Syntax error Attribute statement %s" % line)
|
||||
+ a = AttributeVector()
|
||||
+ a.name = fields[1]
|
||||
+
|
||||
+ return a
|
||||
+
|
||||
+ a = None
|
||||
+ for line in fd:
|
||||
+ line = line[:-1]
|
||||
+ if line[0] == "[":
|
||||
+ if a:
|
||||
+ self.add_attr(a)
|
||||
+ a = parse_attr(line)
|
||||
+ elif a:
|
||||
+ l = line.split(",")
|
||||
+ av = access.AccessVector(l)
|
||||
+ a.add_av(av)
|
||||
+ if a:
|
||||
+ self.add_attr(a)
|
||||
|
||||
class InterfaceVector:
|
||||
- def __init__(self, interface=None):
|
||||
+ def __init__(self, interface=None, attributes={}):
|
||||
# Enabled is a loose concept currently - we are essentially
|
||||
# not enabling interfaces that we can't handle currently.
|
||||
# See InterfaceVector.add_ifv for more information.
|
||||
@@ -214,10 +254,10 @@ class InterfaceVector:
|
||||
# value: Param object).
|
||||
self.params = { }
|
||||
if interface:
|
||||
- self.from_interface(interface)
|
||||
+ self.from_interface(interface, attributes)
|
||||
self.expanded = False
|
||||
|
||||
- def from_interface(self, interface):
|
||||
+ def from_interface(self, interface, attributes={}):
|
||||
self.name = interface.name
|
||||
|
||||
# Add allow rules
|
||||
@@ -232,6 +272,23 @@ class InterfaceVector:
|
||||
for av in avs:
|
||||
self.add_av(av)
|
||||
|
||||
+ # Add typeattribute access
|
||||
+ if attributes != None:
|
||||
+ for typeattribute in interface.typeattributes():
|
||||
+ for attr in typeattribute.attributes:
|
||||
+ if not attributes.attributes.has_key(attr):
|
||||
+ # print "missing attribute " + attr
|
||||
+ continue
|
||||
+ attr_vec = attributes.attributes[attr]
|
||||
+ for a in attr_vec.access:
|
||||
+ av = copy.copy(a)
|
||||
+ if av.src_type == attr_vec.name:
|
||||
+ av.src_type = typeattribute.type
|
||||
+ if av.tgt_type == attr_vec.name:
|
||||
+ av.tgt_type = typeattribute.type
|
||||
+ self.add_av(av)
|
||||
+
|
||||
+
|
||||
# Extract paramaters from roles
|
||||
for role in interface.roles():
|
||||
if role_extract_params(role, self.params):
|
||||
@@ -346,13 +403,13 @@ class InterfaceSet:
|
||||
l = self.tgt_type_map.setdefault(type, [])
|
||||
l.append(ifv)
|
||||
|
||||
- def add(self, interface):
|
||||
- ifv = InterfaceVector(interface)
|
||||
+ def add(self, interface, attributes={}):
|
||||
+ ifv = InterfaceVector(interface, attributes)
|
||||
self.add_ifv(ifv)
|
||||
|
||||
- def add_headers(self, headers, output=None):
|
||||
+ def add_headers(self, headers, output=None, attributes={}):
|
||||
for i in itertools.chain(headers.interfaces(), headers.templates()):
|
||||
- self.add(i)
|
||||
+ self.add(i, attributes)
|
||||
|
||||
self.expand_ifcalls(headers)
|
||||
self.index()
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py 2011-05-25 16:11:58.151628058 -0400
|
||||
def parse_string(self, input):
|
||||
diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
|
||||
index 1a9a3e5..d56dd92 100644
|
||||
--- a/sepolgen/src/sepolgen/matching.py
|
||||
+++ b/sepolgen/src/sepolgen/matching.py
|
||||
@@ -50,7 +50,7 @@ class Match:
|
||||
return 1
|
||||
|
||||
|
@ -293,227 +79,3 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolge
|
|||
|
||||
def __iter__(self):
|
||||
return iter(self.children)
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py 2011-05-25 16:11:58.151628058 -0400
|
||||
@@ -29,6 +29,8 @@ import objectmodel
|
||||
import access
|
||||
import interfaces
|
||||
import matching
|
||||
+import selinux.audit2why as audit2why
|
||||
+from setools import *
|
||||
|
||||
# Constants for the level of explanation from the generation
|
||||
# routines
|
||||
@@ -77,6 +79,7 @@ class PolicyGenerator:
|
||||
|
||||
self.dontaudit = False
|
||||
|
||||
+ self.domains = None
|
||||
def set_gen_refpol(self, if_set=None, perm_maps=None):
|
||||
"""Set whether reference policy interfaces are generated.
|
||||
|
||||
@@ -151,8 +154,41 @@ class PolicyGenerator:
|
||||
rule = refpolicy.AVRule(av)
|
||||
if self.dontaudit:
|
||||
rule.rule_type = rule.DONTAUDIT
|
||||
+ rule.comment = ""
|
||||
if self.explain:
|
||||
- rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
|
||||
+ rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
|
||||
+ if av.type == audit2why.ALLOW:
|
||||
+ rule.comment += "#!!!! This avc is allowed in the current policy\n"
|
||||
+ if av.type == audit2why.DONTAUDIT:
|
||||
+ rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
|
||||
+
|
||||
+ if av.type == audit2why.BOOLEAN:
|
||||
+ if len(av.bools) > 1:
|
||||
+ rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n# %s\n" % ", ".join(map(lambda x: x[0], av.bools))
|
||||
+ else:
|
||||
+ rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
|
||||
+
|
||||
+ if av.type == audit2why.CONSTRAINT:
|
||||
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
|
||||
+ rule.comment += "#Contraint rule: "
|
||||
+
|
||||
+ if av.type == audit2why.TERULE:
|
||||
+ if "write" in av.perms:
|
||||
+ if "dir" in av.obj_class or "open" in av.perms:
|
||||
+ if not self.domains:
|
||||
+ self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
|
||||
+ types=[]
|
||||
+
|
||||
+ try:
|
||||
+ for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
|
||||
+ if i not in self.domains:
|
||||
+ types.append(i)
|
||||
+ if len(types) == 1:
|
||||
+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
+ elif len(types) >= 1:
|
||||
+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
|
||||
+ except:
|
||||
+ pass
|
||||
self.module.children.append(rule)
|
||||
|
||||
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py 2011-05-25 16:18:20.911964611 -0400
|
||||
@@ -243,7 +243,7 @@ def t_refpolicywarn(t):
|
||||
t.lexer.lineno += 1
|
||||
|
||||
def t_IDENTIFIER(t):
|
||||
- r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
|
||||
+ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
|
||||
# Handle any keywords
|
||||
t.type = reserved.get(t.value,'IDENTIFIER')
|
||||
return t
|
||||
@@ -768,6 +768,7 @@ def p_avrule_def(p):
|
||||
|
||||
def p_typerule_def(p):
|
||||
'''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
|
||||
+ | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
|
||||
| TYPE_CHANGE names names COLON names IDENTIFIER SEMI
|
||||
| TYPE_MEMBER names names COLON names IDENTIFIER SEMI
|
||||
'''
|
||||
@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, exp
|
||||
# of misc_macros. We are just going to pretend that this is an interface
|
||||
# to make the expansion work correctly.
|
||||
can_exec = refpolicy.Interface("can_exec")
|
||||
- av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
|
||||
+ av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read",
|
||||
"getattr","lock","execute","ioctl"])
|
||||
|
||||
can_exec.children.append(refpolicy.AVRule(av))
|
||||
diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map
|
||||
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen 2010-03-24 15:57:20.000000000 -0400
|
||||
+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map 2011-05-25 16:11:58.152628068 -0400
|
||||
@@ -124,7 +124,7 @@ class filesystem 10
|
||||
quotamod w 1
|
||||
quotaget r 1
|
||||
|
||||
-class file 20
|
||||
+class file 21
|
||||
execute_no_trans r 1
|
||||
entrypoint r 1
|
||||
execmod n 1
|
||||
@@ -141,48 +141,50 @@ class file 20
|
||||
unlink w 1
|
||||
link w 1
|
||||
rename w 5
|
||||
- execute r 100
|
||||
+ execute r 10
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
-class dir 22
|
||||
- add_name w 5
|
||||
+class dir 23
|
||||
+ add_name w 1
|
||||
remove_name w 1
|
||||
reparent w 1
|
||||
search r 1
|
||||
rmdir b 1
|
||||
ioctl n 1
|
||||
- read r 10
|
||||
- write w 10
|
||||
+ read r 1
|
||||
+ write w 1
|
||||
create w 1
|
||||
- getattr r 7
|
||||
- setattr w 7
|
||||
+ getattr r 1
|
||||
+ setattr w 1
|
||||
lock n 1
|
||||
- relabelfrom r 10
|
||||
- relabelto w 10
|
||||
+ relabelfrom r 1
|
||||
+ relabelto w 1
|
||||
append w 1
|
||||
unlink w 1
|
||||
link w 1
|
||||
- rename w 5
|
||||
+ rename w 1
|
||||
execute r 1
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
class fd 1
|
||||
use b 1
|
||||
|
||||
-class lnk_file 17
|
||||
+class lnk_file 18
|
||||
ioctl n 1
|
||||
- read r 10
|
||||
- write w 10
|
||||
+ read r 1
|
||||
+ write w 1
|
||||
create w 1
|
||||
- getattr r 7
|
||||
- setattr w 7
|
||||
+ getattr r 1
|
||||
+ setattr w 1
|
||||
lock n 1
|
||||
- relabelfrom r 10
|
||||
- relabelto w 10
|
||||
+ relabelfrom r 1
|
||||
+ relabelto w 1
|
||||
append w 1
|
||||
unlink w 1
|
||||
link w 1
|
||||
@@ -191,8 +193,9 @@ class lnk_file 17
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
-class chr_file 20
|
||||
+class chr_file 21
|
||||
execute_no_trans r 1
|
||||
entrypoint r 1
|
||||
execmod n 1
|
||||
@@ -213,8 +216,9 @@ class chr_file 20
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
-class blk_file 17
|
||||
+class blk_file 18
|
||||
ioctl n 1
|
||||
read r 10
|
||||
write w 10
|
||||
@@ -232,8 +236,9 @@ class blk_file 17
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
-class sock_file 17
|
||||
+class sock_file 18
|
||||
ioctl n 1
|
||||
read r 10
|
||||
write w 10
|
||||
@@ -251,8 +256,9 @@ class sock_file 17
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
-class fifo_file 17
|
||||
+class fifo_file 18
|
||||
ioctl n 1
|
||||
read r 10
|
||||
write w 10
|
||||
@@ -270,6 +276,7 @@ class fifo_file 17
|
||||
swapon b 1
|
||||
quotaon b 1
|
||||
mounton b 1
|
||||
+ open r 1
|
||||
|
||||
class socket 22
|
||||
ioctl n 1
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.0.44-2
|
||||
%define libsepolver 2.1.0-1
|
||||
%define libsemanagever 2.0.46-6
|
||||
%define libselinuxver 2.0.90-3
|
||||
%define sepolgenver 1.0.23
|
||||
%define libselinuxver 2.0.102-6
|
||||
%define sepolgenver 1.1.5
|
||||
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.86
|
||||
Release: 18%{?dist}
|
||||
Version: 2.1.4
|
||||
Release: 17%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
|
@ -22,11 +22,12 @@ Source6: selinux-polgengui.desktop
|
|||
Source7: selinux-polgengui.console
|
||||
Source8: policycoreutils_man_ru2.tar.bz2
|
||||
Source9: semanage-bash-completion.sh
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Source10: restorecond.service
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: policycoreutils-po.patch
|
||||
Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
Patch5: policycoreutils-f17.patch
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
|
||||
%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
|
||||
|
@ -66,7 +67,8 @@ context.
|
|||
%patch -p2 -b .rhat
|
||||
%patch1 -p1 -b .rhatpo
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
|
||||
%patch5 -p1 -b .f17
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
@ -90,6 +92,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
|
|||
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
|
||||
|
||||
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
make -C gui LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
|
||||
# Systemd
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
|
||||
|
@ -184,7 +187,7 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
|
|||
%{_datadir}/sandbox/start
|
||||
%attr(0755,root,root) %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/man5/sandbox.conf.5*
|
||||
%{_mandir}/man5/sandbox.5*
|
||||
|
||||
%triggerin python -- selinux-policy
|
||||
selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
|
||||
|
@ -271,6 +274,7 @@ rm -rf %{buildroot}
|
|||
%{_bindir}/semodule_expand
|
||||
%{_bindir}/semodule_link
|
||||
%{_bindir}/semodule_package
|
||||
%{_bindir}/semodule_unpackage
|
||||
%{_sysconfdir}/rc.d/init.d/sandbox
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
||||
|
@ -295,6 +299,7 @@ rm -rf %{buildroot}
|
|||
%{_mandir}/man8/semodule_link.8*
|
||||
%{_mandir}/ru/man8/semodule_link.8*
|
||||
%{_mandir}/man8/semodule_package.8*
|
||||
%{_mandir}/man8/semodule_unpackage.8*
|
||||
%{_mandir}/ru/man8/semodule_package.8*
|
||||
%{_mandir}/man8/sestatus.8*
|
||||
%{_mandir}/ru/man8/sestatus.8*
|
||||
|
@ -349,6 +354,138 @@ fi
|
|||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Tue May 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.4-17
|
||||
- Bring in unit_file.py in to templates direcory
|
||||
|
||||
* Wed Jan 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.4-16
|
||||
- Dont syslog changes if you are only checking in setfiles/restorecon
|
||||
- Don't syslog on full relabel
|
||||
|
||||
* Wed Jan 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.4-15
|
||||
- fix sepolgen to not crash on echo "" | audit2allow
|
||||
- Fix English in templates for sepolgen
|
||||
- Add unit file support to sepolgen, and cleanup some of the output.
|
||||
|
||||
* Fri Dec 23 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-13
|
||||
- Fix the handling of namespaces in seunshare/sandbox.
|
||||
- Currently mounting of directories within sandbox is propogating to the
|
||||
- parent namesspace.
|
||||
|
||||
* Tue Nov 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-12
|
||||
- Fix dpi handling in sandbox
|
||||
- Make sure semanage fcontext -l -C prints if only local equiv have changed
|
||||
|
||||
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-10
|
||||
- Add listing of distribution equivalence class from semanage fcontext -l
|
||||
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
|
||||
|
||||
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-9
|
||||
- Update to latest sepolgen
|
||||
- Allow ~ as a valid part of a filename in sepolgen
|
||||
|
||||
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-8
|
||||
- sandbox init script should always return 0
|
||||
- sandbox command needs to check range of categories and report error if not big enough
|
||||
- Allow DPI to be passed into the sandbox
|
||||
|
||||
* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-7
|
||||
- Backport fixes from restorecond to handle being run within a terminal session
|
||||
- Add ~/.local/share/* to restorecond_users.conf
|
||||
- Fix semodule man page
|
||||
- Fix a couple of problems found by coverity
|
||||
|
||||
* Mon Oct 24 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-6
|
||||
- Include the patch this time to fix sandbox.init
|
||||
|
||||
* Mon Oct 24 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-5
|
||||
- Fix sandbox.init script
|
||||
|
||||
* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-4
|
||||
- Backport sepolgen fixes from F17
|
||||
|
||||
* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-3
|
||||
- Backport fixes from F17
|
||||
|
||||
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
|
||||
- Fix bug in glob handling for restorecon
|
||||
|
||||
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
|
||||
-Update to upstream
|
||||
2.1.4 2011-08-17
|
||||
* run_init: clarification of the usage in the
|
||||
* semanage: fix usage header around booleans
|
||||
* semanage: remove useless empty lines
|
||||
* semanage: update man page with new examples
|
||||
* semanage: update usage text
|
||||
* semanage: introduce file context equivalencies
|
||||
* semanage: enable and disable modules
|
||||
* semanage: output all local modifications
|
||||
* semanage: introduce extraction of local configuration
|
||||
* semanage: cleanup error on invalid operation
|
||||
* semanage: handle being called with no arguments
|
||||
* semanage: return sooner to save CPU time
|
||||
* semanage: surround getopt with try/except
|
||||
* semanage: use define/raise instead of lots of
|
||||
* semanage: some options are only valid for
|
||||
* semanage: introduce better deleteall support
|
||||
* semanage: do not allow spaces in file
|
||||
* semanage: distinguish between builtin and local permissive
|
||||
* semanage: centralized ip node handling
|
||||
* setfiles: make the restore function exclude() non-static
|
||||
* setfiles: use glob to handle ~ and
|
||||
* fixfiles: do not hard code types
|
||||
* fixfiles: stop trying to be smart about
|
||||
* fixfiles: use new kernel seclabel option
|
||||
* fixfiles: pipe everything to cat before sending
|
||||
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
|
||||
* semodule: support for alternative root paths
|
||||
|
||||
2.1.3 2011-08-03
|
||||
* semanage: fix indention
|
||||
* semodule_package: fix man page typo
|
||||
* semodule_expand: update man page with -a
|
||||
* semanage: handle os errors
|
||||
* semanage: fix traceback with bad options
|
||||
* semanage: show usage on -h or --help
|
||||
* semanage: introduce more deleteall options
|
||||
* semanage: verify ports < 65536
|
||||
* transaction into semanageRecords
|
||||
* make get_handle a method of semanageRecords
|
||||
* remove a needless blank line
|
||||
* make process_one error if not initialized correctly
|
||||
* fixfiles: correct usage for r_opts.rootpath
|
||||
* put -p in help for restorecon and
|
||||
* fixfiles: do not try to only label
|
||||
* fixfiles clean up /var/run and /var/lib/debug
|
||||
* fixfiles delete tmp sockets and pipes rather
|
||||
* fixfile use find -delete instead of pipe
|
||||
* chcat man page typo
|
||||
* add man page for genhomedircon
|
||||
* setfiles fix typo
|
||||
* setsebool should inform users they need to
|
||||
* setsebool typos
|
||||
* open_init_tty man page typos
|
||||
* Don't add user site directory to sys.path
|
||||
* newrole retain CAP_SETPCAP
|
||||
|
||||
2.1.2 2011-08-02
|
||||
* seunshare: define _GNU_SOURCE earlier
|
||||
* make ignore_enoent do something
|
||||
* restorecond: first user logged in is not noticed
|
||||
* Repo: update .gitignore
|
||||
|
||||
2.1.1 2011-08-01
|
||||
* Man page updates
|
||||
* restorecon fix for bad inotify assumptions
|
||||
|
||||
2.1.0 2011-07-27
|
||||
* Release, minor version bump
|
||||
|
||||
* Tue Jul 26 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-20
|
||||
- Fix sepolgen usage statement
|
||||
- Stop using -k insandbox
|
||||
- Fix seunshare usage statement
|
||||
|
||||
* Thu Jul 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-18
|
||||
- Change seunshare to send kill signals to the childs session.
|
||||
- Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
|
||||
|
|
4
sources
4
sources
|
@ -1,3 +1,3 @@
|
|||
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||
13d864a8a6f8a933ef7aee7baf4a9662 policycoreutils-2.0.86.tgz
|
||||
7e1e18c09798ffb44913bce3d60c667d policycoreutils-2.1.4.tgz
|
||||
34b1f6599517f80c9b7cfa2dc22826db sepolgen-1.1.5.tgz
|
||||
|
|
Loading…
Reference in New Issue