Bring in unit_file.py in to templates direcory

Dont syslog changes if you are only checking in setfiles/restorecon
2012-05-08 10:57:46 -04:00 · 2012-05-08 10:53:53 -04:00 · 2012-05-02 15:57:11 -04:00 · 2012-01-18 16:52:15 -05:00 · 2011-12-23 10:58:01 +00:00 · 2011-11-29 16:07:09 -05:00
7 changed files with 2143 additions and 2804 deletions
--- a/.gitignore
+++ b/.gitignore
@ -224,3 +224,5 @@ policycoreutils-2.0.83.tgz
 /policycoreutils-2.0.84.tgz
 /policycoreutils-2.0.85.tgz
 /policycoreutils-2.0.86.tgz
+/policycoreutils-2.1.4.tgz
+/sepolgen-1.1.2.tgz
--- a/policycoreutils-f17.patch
+++ b/policycoreutils-f17.patch
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -1,6 +1,6 @@
-diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/gui/booleansPage.py
--- policycoreutils-2.0.86/gui/booleansPage.py.gui	2011-04-12 10:52:07.463643555 -0400
-+++ policycoreutils-2.0.86/gui/booleansPage.py	2011-04-12 10:52:07.463643555 -0400
+diff -up policycoreutils-2.1.4/gui/booleansPage.py.gui policycoreutils-2.1.4/gui/booleansPage.py
+--- policycoreutils-2.1.4/gui/booleansPage.py.gui	2012-05-08 10:50:10.196530968 -0400
+++ policycoreutils-2.1.4/gui/booleansPage.py	2012-05-08 10:50:10.196530968 -0400
@@ -0,0 +1,247 @@
 +#
 +# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@ -249,9 +249,9 @@ diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/g
 +        self.load(self.filter)
 +        return True
 +        
-diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gui/domainsPage.py
--- policycoreutils-2.0.86/gui/domainsPage.py.gui	2011-04-12 10:52:07.464643571 -0400
-+++ policycoreutils-2.0.86/gui/domainsPage.py	2011-04-12 10:52:07.464643571 -0400
+diff -up policycoreutils-2.1.4/gui/domainsPage.py.gui policycoreutils-2.1.4/gui/domainsPage.py
+--- policycoreutils-2.1.4/gui/domainsPage.py.gui	2012-05-08 10:50:10.196530968 -0400
+++ policycoreutils-2.1.4/gui/domainsPage.py	2012-05-08 10:50:10.196530968 -0400
@@ -0,0 +1,154 @@
 +## domainsPage.py - show selinux domains
 +## Copyright (C) 2009 Red Hat, Inc.
@ -407,9 +407,9 @@ diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gu
 +                
 +        except ValueError, e:
 +            self.error(e.args[0])
-diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/gui/fcontextPage.py
--- policycoreutils-2.0.86/gui/fcontextPage.py.gui	2011-04-12 10:52:07.468643633 -0400
-+++ policycoreutils-2.0.86/gui/fcontextPage.py	2011-04-12 10:52:07.468643633 -0400
+diff -up policycoreutils-2.1.4/gui/fcontextPage.py.gui policycoreutils-2.1.4/gui/fcontextPage.py
+--- policycoreutils-2.1.4/gui/fcontextPage.py.gui	2012-05-08 10:50:10.196530968 -0400
+++ policycoreutils-2.1.4/gui/fcontextPage.py	2012-05-08 10:50:10.196530968 -0400
@@ -0,0 +1,223 @@
 +## fcontextPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -634,9 +634,9 @@ diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/g
 +        self.store.set_value(iter, SPEC_COL, fspec)
 +        self.store.set_value(iter, FTYPE_COL, ftype)
 +        self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/html_util.py
--- policycoreutils-2.0.86/gui/html_util.py.gui	2011-04-12 10:52:07.469643648 -0400
-+++ policycoreutils-2.0.86/gui/html_util.py	2011-04-12 10:52:07.470643663 -0400
+diff -up policycoreutils-2.1.4/gui/html_util.py.gui policycoreutils-2.1.4/gui/html_util.py
+--- policycoreutils-2.1.4/gui/html_util.py.gui	2012-05-08 10:50:10.196530968 -0400
+++ policycoreutils-2.1.4/gui/html_util.py	2012-05-08 10:50:10.196530968 -0400
@@ -0,0 +1,164 @@
 +# Authors: John Dennis <jdennis@redhat.com>
 +#
@ -802,9 +802,9 @@ diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/
 +    doc += tail
 +    return doc
 +
-diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gui/lockdown.glade
--- policycoreutils-2.0.86/gui/lockdown.glade.gui	2011-04-12 10:52:07.471643678 -0400
-+++ policycoreutils-2.0.86/gui/lockdown.glade	2011-04-12 10:52:07.477643771 -0400
+diff -up policycoreutils-2.1.4/gui/lockdown.glade.gui policycoreutils-2.1.4/gui/lockdown.glade
+--- policycoreutils-2.1.4/gui/lockdown.glade.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/lockdown.glade	2012-05-08 10:50:10.197530968 -0400
@@ -0,0 +1,771 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -1577,9 +1577,9 @@ diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gu
 +</widget>
 +
 +</glade-interface>
-diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/gui/lockdown.gladep
--- policycoreutils-2.0.86/gui/lockdown.gladep.gui	2011-04-12 10:52:07.482643847 -0400
-+++ policycoreutils-2.0.86/gui/lockdown.gladep	2011-04-12 10:52:07.483643863 -0400
+diff -up policycoreutils-2.1.4/gui/lockdown.gladep.gui policycoreutils-2.1.4/gui/lockdown.gladep
+--- policycoreutils-2.1.4/gui/lockdown.gladep.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/lockdown.gladep	2012-05-08 10:50:10.197530968 -0400
@@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@ -1588,11 +1588,11 @@ diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/g
 +  <name></name>
 +  <program_name></program_name>
 +</glade-project>
-diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/lockdown.py
--- policycoreutils-2.0.86/gui/lockdown.py.gui	2011-04-12 10:52:07.484643879 -0400
-+++ policycoreutils-2.0.86/gui/lockdown.py	2011-04-12 10:52:07.484643879 -0400
-@@ -0,0 +1,382 @@
-+#!/usr/bin/python -Es
+diff -up policycoreutils-2.1.4/gui/lockdown.py.gui policycoreutils-2.1.4/gui/lockdown.py
+--- policycoreutils-2.1.4/gui/lockdown.py.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/lockdown.py	2012-05-08 10:50:10.197530968 -0400
+@@ -0,0 +1,375 @@
+#!/usr/bin/python
 +#
 +# lockdown.py - GUI for Booleans page in system-config-securitylevel
 +#
@ -1623,7 +1623,7 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
 +import sys
 +import selinux
 +import seobject
-+import gtkhtml2
+import webkit
 +import commands
 +import tempfile
 +
@ -1714,18 +1714,14 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
 +        col.set_resizable(True)
 +        self.view.append_column(col)
 +
-+        self.html_view, self.doc = self.create_htmlview(self.html_scrolledwindow)
+        self.html_view = self.create_htmlview(self.html_scrolledwindow)
 +        self.load()
 +        self.view.get_selection().select_path ((0,))
 +
 +    def create_htmlview(self, container):
-+        view = gtkhtml2.View()
-+        doc = gtkhtml2.Document()
-+        container.set_hadjustment(view.get_hadjustment())
-+        container.set_vadjustment(view.get_vadjustment())
-+        view.set_document(doc)
+        view = webkit.WebView()
 +        container.add(view)
-+        return (view, doc)
+        return (view)
 +
 +    def wait(self):
 +        self.window.set_cursor(self.busy_cursor)
@ -1922,9 +1918,7 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
 +            self.cat =  None
 +
 +        self.name =  store.get_value(iter, BOOLEAN)
-+        self.doc.clear()
-+        self.doc.open_stream("text/html")
-+        
+
 +        html = ''
 +
 +        self.radiobox.hide()
@ -1956,8 +1950,7 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
 +                        self.default_radiobutton.set_active(True)
 +        html_doc= html_document(html)
 +
-+        self.doc.write_stream(html_doc)
-+        self.doc.close_stream()
+        self.html_view.load_html_string(html, "")
 +
 +    def stand_alone(self):
 +        desktopName = _("Lockdown SELinux Booleans")
@ -1974,9 +1967,9 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
 +
 +    app = booleanWindow()
 +    app.stand_alone()
-diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui/loginsPage.py
--- policycoreutils-2.0.86/gui/loginsPage.py.gui	2011-04-12 10:52:07.485643894 -0400
-+++ policycoreutils-2.0.86/gui/loginsPage.py	2011-04-12 10:52:07.486643909 -0400
+diff -up policycoreutils-2.1.4/gui/loginsPage.py.gui policycoreutils-2.1.4/gui/loginsPage.py
+--- policycoreutils-2.1.4/gui/loginsPage.py.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/loginsPage.py	2012-05-08 10:50:10.197530968 -0400
@@ -0,0 +1,185 @@
 +## loginsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -2163,9 +2156,9 @@ diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui
 +        self.store.set_value(iter, 1, seuser)
 +        self.store.set_value(iter, 2, seobject.translate(serange))
 +
-diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Makefile
--- policycoreutils-2.0.86/gui/Makefile.gui	2011-04-12 10:52:07.486643909 -0400
-+++ policycoreutils-2.0.86/gui/Makefile	2011-04-12 10:52:07.487643924 -0400
+diff -up policycoreutils-2.1.4/gui/Makefile.gui policycoreutils-2.1.4/gui/Makefile
+--- policycoreutils-2.1.4/gui/Makefile.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/Makefile	2012-05-08 10:50:10.197530968 -0400
@@ -0,0 +1,40 @@
 +# Installation directories.
 +PREFIX ?= ${DESTDIR}/usr
@ -2207,9 +2200,9 @@ diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Make
 +indent:
 +
 +relabel:
-diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/gui/mappingsPage.py
--- policycoreutils-2.0.86/gui/mappingsPage.py.gui	2011-04-12 10:52:07.487643924 -0400
-+++ policycoreutils-2.0.86/gui/mappingsPage.py	2011-04-12 10:52:07.492644000 -0400
+diff -up policycoreutils-2.1.4/gui/mappingsPage.py.gui policycoreutils-2.1.4/gui/mappingsPage.py
+--- policycoreutils-2.1.4/gui/mappingsPage.py.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/mappingsPage.py	2012-05-08 10:50:10.197530968 -0400
@@ -0,0 +1,56 @@
 +## mappingsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -2267,9 +2260,9 @@ diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/g
 +        for k in keys:
 +            print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
 +
-diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gui/modulesPage.py
--- policycoreutils-2.0.86/gui/modulesPage.py.gui	2011-04-12 10:52:07.493644016 -0400
-+++ policycoreutils-2.0.86/gui/modulesPage.py	2011-04-12 10:52:07.493644016 -0400
+diff -up policycoreutils-2.1.4/gui/modulesPage.py.gui policycoreutils-2.1.4/gui/modulesPage.py
+--- policycoreutils-2.1.4/gui/modulesPage.py.gui	2012-05-08 10:50:10.197530968 -0400
+++ policycoreutils-2.1.4/gui/modulesPage.py	2012-05-08 10:50:10.197530968 -0400
@@ -0,0 +1,190 @@
 +## modulesPage.py - show selinux mappings
 +## Copyright (C) 2006-2009 Red Hat, Inc.
@ -2461,9 +2454,9 @@ diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gu
 +                
 +        except ValueError, e:
 +            self.error(e.args[0])
-diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/polgen.glade
--- policycoreutils-2.0.86/gui/polgen.glade.gui	2011-04-12 10:52:07.505644201 -0400
-+++ policycoreutils-2.0.86/gui/polgen.glade	2011-04-12 10:52:07.507644232 -0400
+diff -up policycoreutils-2.1.4/gui/polgen.glade.gui policycoreutils-2.1.4/gui/polgen.glade
+--- policycoreutils-2.1.4/gui/polgen.glade.gui	2012-05-08 10:50:10.199530968 -0400
+++ policycoreutils-2.1.4/gui/polgen.glade	2012-05-08 10:50:10.199530968 -0400
@@ -0,0 +1,3432 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -5897,9 +5890,9 @@ diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/
 +</widget>
 +
 +</glade-interface>
-diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui/polgen.gladep
--- policycoreutils-2.0.86/gui/polgen.gladep.gui	2011-04-12 10:52:07.508644247 -0400
-+++ policycoreutils-2.0.86/gui/polgen.gladep	2011-04-12 10:52:07.508644247 -0400
+diff -up policycoreutils-2.1.4/gui/polgen.gladep.gui policycoreutils-2.1.4/gui/polgen.gladep
+--- policycoreutils-2.1.4/gui/polgen.gladep.gui	2012-05-08 10:50:10.199530968 -0400
+++ policycoreutils-2.1.4/gui/polgen.gladep	2012-05-08 10:50:10.199530968 -0400
@@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@ -5908,9 +5901,9 @@ diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui
 +  <name></name>
 +  <program_name></program_name>
 +</glade-project>
-diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/polgengui.py
--- policycoreutils-2.0.86/gui/polgengui.py.gui	2011-04-12 10:52:07.513644322 -0400
-+++ policycoreutils-2.0.86/gui/polgengui.py	2011-05-23 17:04:16.377786536 -0400
+diff -up policycoreutils-2.1.4/gui/polgengui.py.gui policycoreutils-2.1.4/gui/polgengui.py
+--- policycoreutils-2.1.4/gui/polgengui.py.gui	2012-05-08 10:50:10.200530969 -0400
+++ policycoreutils-2.1.4/gui/polgengui.py	2012-05-08 10:50:10.200530969 -0400
@@ -0,0 +1,750 @@
 +#!/usr/bin/python -Es
 +#
@ -6662,13 +6655,13 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/
 +
 +    app = childWindow()
 +    app.stand_alone()
-diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/polgen.py
--- policycoreutils-2.0.86/gui/polgen.py.gui	2011-04-12 10:52:07.516644368 -0400
-+++ policycoreutils-2.0.86/gui/polgen.py	2011-05-23 17:04:04.539689964 -0400
-@@ -0,0 +1,1346 @@
+diff -up policycoreutils-2.1.4/gui/polgen.py.gui policycoreutils-2.1.4/gui/polgen.py
+--- policycoreutils-2.1.4/gui/polgen.py.gui	2012-05-08 10:50:10.201530970 -0400
+++ policycoreutils-2.1.4/gui/polgen.py	2012-05-08 10:50:10.201530970 -0400
+@@ -0,0 +1,1353 @@
 +#!/usr/bin/python -Es
 +#
-+# Copyright (C) 2007-2011 Red Hat 
+# Copyright (C) 2007-2012 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -6697,6 +6690,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +from templates import executable
 +from templates import boolean
 +from templates import etc_rw
+from templates import unit_file
 +from templates import var_cache
 +from templates import var_spool
 +from templates import var_lib
@ -6763,6 +6757,11 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +    roles.sort()
 +    return roles
 +
+def get_all_attributes():
+    attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE))
+    attributes.sort()
+    return attributes
+
 +def get_all_domains():
 +    all_domains = []
 +    types=get_all_types()
@ -6958,13 +6957,15 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +		self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
 +		self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp];
 +		self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
+		self.DEFAULT_DIRS["/lib/systemd/system"] = ["unit_file", [], unit_file];
+		self.DEFAULT_DIRS["/etc/systemd/system"] = ["unit_file", [], unit_file];
 +		self.DEFAULT_DIRS["/var/cache"] = ["var_cache", [], var_cache];
 +		self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
 +		self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
 +		self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
 +		self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
 +
-+                self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool"]
+                self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/lib/systemd/system" ]
 +
 +		self.DEFAULT_TYPES = (\
 +( self.generate_daemon_types, self.generate_daemon_rules), \
@ -6982,7 +6983,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +		if name == "":
 +			raise ValueError(_("You must enter a name for your confined process/user"))
 +                if not name.isalnum():
-+                    raise ValueError(_("Name must be alpha numberic with no spaces."))
+                    raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
 +
 +		if type == CGI:
 +			self.name = "httpd_%s_script" % name
@ -7805,7 +7806,6 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +            if os.path.isfile("/etc/rc.d/init.d/%s"  % self.name):
 +                self.set_init_script("/etc/rc\.d/init\.d/%s"  % self.name)
 +
-+
 +        def gen_symbols(self):
 +            if self.type not in APPLICATIONS:
 +                return
@ -7950,7 +7950,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +    print _("""
 +%s
 +
-+sepolgen [ -m ] [ -t type ] [ executable | Name ]
+sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
 +valid Types:
 +""") % msg
 +    keys=poltype.keys()
@ -7966,7 +7966,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +                                    ["type=", 
 +                                     "mount",
 +                                     "test",
-+                                     "name",
+                                     "name=",
 +                                     "help"])
 +        for o, a in gopts:
 +            if o == "-t" or o == "--type":
@ -8012,9 +8012,9 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
 +        sys.exit(0)
 +    except ValueError, e:
 +        usage(e)
-diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/portsPage.py
--- policycoreutils-2.0.86/gui/portsPage.py.gui	2011-04-12 10:52:07.518644400 -0400
-+++ policycoreutils-2.0.86/gui/portsPage.py	2011-04-12 10:52:07.521644446 -0400
+diff -up policycoreutils-2.1.4/gui/portsPage.py.gui policycoreutils-2.1.4/gui/portsPage.py
+--- policycoreutils-2.1.4/gui/portsPage.py.gui	2012-05-08 10:50:10.202530970 -0400
+++ policycoreutils-2.1.4/gui/portsPage.py	2012-05-08 10:50:10.202530970 -0400
@@ -0,0 +1,259 @@
 +## portsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -8275,9 +8275,9 @@ diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/
 +
 +        return True
 +        
-diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/selinux.tbl
--- policycoreutils-2.0.86/gui/selinux.tbl.gui	2011-04-12 10:52:07.522644461 -0400
-+++ policycoreutils-2.0.86/gui/selinux.tbl	2011-04-12 10:52:07.522644461 -0400
+diff -up policycoreutils-2.1.4/gui/selinux.tbl.gui policycoreutils-2.1.4/gui/selinux.tbl
+--- policycoreutils-2.1.4/gui/selinux.tbl.gui	2012-05-08 10:50:10.202530970 -0400
+++ policycoreutils-2.1.4/gui/selinux.tbl	2012-05-08 10:50:10.202530970 -0400
@@ -0,0 +1,234 @@
 +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
 +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@ -8513,9 +8513,9 @@ diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/s
 +webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
 +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
 +
-diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/gui/semanagePage.py
--- policycoreutils-2.0.86/gui/semanagePage.py.gui	2011-04-12 10:52:07.523644476 -0400
-+++ policycoreutils-2.0.86/gui/semanagePage.py	2011-04-12 10:52:07.524644491 -0400
+diff -up policycoreutils-2.1.4/gui/semanagePage.py.gui policycoreutils-2.1.4/gui/semanagePage.py
+--- policycoreutils-2.1.4/gui/semanagePage.py.gui	2012-05-08 10:50:10.202530970 -0400
+++ policycoreutils-2.1.4/gui/semanagePage.py	2012-05-08 10:50:10.202530970 -0400
@@ -0,0 +1,168 @@
 +## semanagePage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -8685,9 +8685,9 @@ diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/g
 +        self.load(self.filter)
 +        return True
 +        
-diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui/statusPage.py
--- policycoreutils-2.0.86/gui/statusPage.py.gui	2011-04-12 10:52:07.530644584 -0400
-+++ policycoreutils-2.0.86/gui/statusPage.py	2011-04-12 10:52:07.530644584 -0400
+diff -up policycoreutils-2.1.4/gui/statusPage.py.gui policycoreutils-2.1.4/gui/statusPage.py
+--- policycoreutils-2.1.4/gui/statusPage.py.gui	2012-05-08 10:50:10.203530970 -0400
+++ policycoreutils-2.1.4/gui/statusPage.py	2012-05-08 10:50:10.203530970 -0400
@@ -0,0 +1,190 @@
 +# statusPage.py - show selinux status
 +## Copyright (C) 2006-2009 Red Hat, Inc.
@ -8879,9 +8879,9 @@ diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui
 +        return self.types[self.selinuxTypeOptionMenu.get_active()]
 +
 +
-diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreutils-2.0.86/gui/system-config-selinux.glade
--- policycoreutils-2.0.86/gui/system-config-selinux.glade.gui	2011-04-12 10:52:07.534644645 -0400
-+++ policycoreutils-2.0.86/gui/system-config-selinux.glade	2011-04-12 10:52:07.539644720 -0400
+diff -up policycoreutils-2.1.4/gui/system-config-selinux.glade.gui policycoreutils-2.1.4/gui/system-config-selinux.glade
+--- policycoreutils-2.1.4/gui/system-config-selinux.glade.gui	2012-05-08 10:50:10.205530970 -0400
+++ policycoreutils-2.1.4/gui/system-config-selinux.glade	2012-05-08 10:50:10.205530970 -0400
@@ -0,0 +1,3024 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -11907,9 +11907,9 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreut
 +</widget>
 +
 +</glade-interface>
-diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreutils-2.0.86/gui/system-config-selinux.gladep
--- policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui	2011-04-12 10:52:07.540644736 -0400
-+++ policycoreutils-2.0.86/gui/system-config-selinux.gladep	2011-04-12 10:52:07.541644752 -0400
+diff -up policycoreutils-2.1.4/gui/system-config-selinux.gladep.gui policycoreutils-2.1.4/gui/system-config-selinux.gladep
+--- policycoreutils-2.1.4/gui/system-config-selinux.gladep.gui	2012-05-08 10:50:10.205530970 -0400
+++ policycoreutils-2.1.4/gui/system-config-selinux.gladep	2012-05-08 10:50:10.205530970 -0400
@@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@ -11918,9 +11918,9 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreu
 +  <name></name>
 +  <program_name></program_name>
 +</glade-project>
-diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils-2.0.86/gui/system-config-selinux.py
--- policycoreutils-2.0.86/gui/system-config-selinux.py.gui	2011-04-12 10:52:07.542644768 -0400
-+++ policycoreutils-2.0.86/gui/system-config-selinux.py	2011-04-12 10:52:07.542644768 -0400
+diff -up policycoreutils-2.1.4/gui/system-config-selinux.py.gui policycoreutils-2.1.4/gui/system-config-selinux.py
+--- policycoreutils-2.1.4/gui/system-config-selinux.py.gui	2012-05-08 10:50:10.206530970 -0400
+++ policycoreutils-2.1.4/gui/system-config-selinux.py	2012-05-08 10:50:10.206530970 -0400
@@ -0,0 +1,187 @@
 +#!/usr/bin/python -Es
 +#
@ -12109,11 +12109,11 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils
 +
 +    app = childWindow()
 +    app.stand_alone()
-diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0.86/gui/templates/boolean.py
--- policycoreutils-2.0.86/gui/templates/boolean.py.gui	2011-04-12 10:52:07.543644784 -0400
-+++ policycoreutils-2.0.86/gui/templates/boolean.py	2011-05-23 16:59:42.369598714 -0400
+diff -up policycoreutils-2.1.4/gui/templates/boolean.py.gui policycoreutils-2.1.4/gui/templates/boolean.py
+--- policycoreutils-2.1.4/gui/templates/boolean.py.gui	2012-05-08 10:50:10.206530970 -0400
+++ policycoreutils-2.1.4/gui/templates/boolean.py	2012-05-08 10:50:10.206530970 -0400
@@ -0,0 +1,40 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -12153,11 +12153,11 @@ diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0
 +')
 +"""
 +
-diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.86/gui/templates/etc_rw.py
--- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui	2011-04-12 10:52:07.546644829 -0400
-+++ policycoreutils-2.0.86/gui/templates/etc_rw.py	2011-05-23 16:59:53.369684469 -0400
+diff -up policycoreutils-2.1.4/gui/templates/etc_rw.py.gui policycoreutils-2.1.4/gui/templates/etc_rw.py
+--- policycoreutils-2.1.4/gui/templates/etc_rw.py.gui	2012-05-08 10:50:10.206530970 -0400
+++ policycoreutils-2.1.4/gui/templates/etc_rw.py	2012-05-08 10:50:10.206530970 -0400
@@ -0,0 +1,112 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -12254,7 +12254,7 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_etc_rw_t;"""
+		type TEMPLATETYPE_etc_rw_t;"""
 +
 +if_admin_rules="""
 +	files_search_etc($1)
@ -12269,11 +12269,11 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
 +fc_dir="""\
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-2.0.86/gui/templates/executable.py
--- policycoreutils-2.0.86/gui/templates/executable.py.gui	2011-04-12 10:52:07.548644859 -0400
-+++ policycoreutils-2.0.86/gui/templates/executable.py	2011-05-23 17:03:10.575251921 -0400
-@@ -0,0 +1,451 @@
-+# Copyright (C) 2007-2011 Red Hat
+diff -up policycoreutils-2.1.4/gui/templates/executable.py.gui policycoreutils-2.1.4/gui/templates/executable.py
+--- policycoreutils-2.1.4/gui/templates/executable.py.gui	2012-05-08 10:50:10.206530970 -0400
+++ policycoreutils-2.1.4/gui/templates/executable.py	2012-05-08 10:52:30.026571526 -0400
+@@ -0,0 +1,445 @@
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -12389,7 +12389,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +permissive httpd_TEMPLATETYPE_script_t;
 +"""
 +
-+te_daemon_rules="""
+te_daemon_rules="""\
 +allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms;
 +allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
 +"""
@ -12481,8 +12481,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +########################### Interface File #############################
 +
 +if_heading_rules="""
-+## <summary>policy for TEMPLATETYPE</summary>
-+"""
+## <summary>policy for TEMPLATETYPE</summary>"""
 +
 +if_program_rules="""
 +
@ -12504,7 +12503,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +	corecmd_search_bin($1)
 +	domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
 +')
-+
 +"""
 +
 +if_user_program_rules="""
@ -12560,7 +12558,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +	ps_process_pattern($2, TEMPLATETYPE_t)
 +	allow $2 TEMPLATETYPE_t:process signal;
 +')
-+
 +"""
 +
 +if_sandbox_rules="""
@ -12596,7 +12593,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +	allow TEMPLATETYPE_client_t $1:process { sigchld signull };
 +	allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms;
 +')
-+
 +"""
 +
 +if_role_change_rules="""
@ -12618,7 +12614,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +
 +	allow $1 TEMPLATETYPE_r;
 +')
-+
 +"""
 +
 +if_initscript_rules="""
@ -12639,7 +12634,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +
 +	init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t)
 +')
-+
 +"""
 +
 +if_dbus_rules="""
@ -12663,7 +12657,6 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +	allow $1 TEMPLATETYPE_t:dbus send_msg;
 +	allow TEMPLATETYPE_t $1:dbus send_msg;
 +')
-+
 +"""
 +
 +if_begin_admin="""
@ -12696,7 +12689,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +"""
 +
 +if_initscript_admin_types="""
-+	type TEMPLATETYPE_initrc_exec_t;"""
+		type TEMPLATETYPE_initrc_exec_t;"""
 +
 +if_initscript_admin="""
 +	TEMPLATETYPE_initrc_domtrans($1)
@ -12705,14 +12698,16 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +	allow $2 system_r;
 +"""
 +
-+if_end_admin="""
+if_end_admin="""\
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
 +')
-+
 +"""
 +
 +########################### File Context ##################################
 +fc_program="""\
-+
 +EXECUTABLE		--	gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
 +"""
 +
@ -12721,15 +12716,14 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
 +"""
 +
 +fc_initscript="""\
-+
 +EXECUTABLE	--	gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.0.86/gui/templates/__init__.py
--- policycoreutils-2.0.86/gui/templates/__init__.py.gui	2011-04-12 10:52:07.549644874 -0400
-+++ policycoreutils-2.0.86/gui/templates/__init__.py	2011-05-23 17:02:40.424008790 -0400
+diff -up policycoreutils-2.1.4/gui/templates/__init__.py.gui policycoreutils-2.1.4/gui/templates/__init__.py
+--- policycoreutils-2.1.4/gui/templates/__init__.py.gui	2012-05-08 10:50:10.207530971 -0400
+++ policycoreutils-2.1.4/gui/templates/__init__.py	2012-05-08 10:50:10.207530971 -0400
@@ -0,0 +1,18 @@
 +#
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +#
 +# This program is free software; you can redistribute it and/or modify
 +# it under the terms of the GNU General Public License as published by
@ -12746,11 +12740,11 @@ diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.
 +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 +#
 +
-diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0.86/gui/templates/network.py
--- policycoreutils-2.0.86/gui/templates/network.py.gui	2011-04-12 10:52:07.556644982 -0400
-+++ policycoreutils-2.0.86/gui/templates/network.py	2011-05-23 17:03:09.237241107 -0400
+diff -up policycoreutils-2.1.4/gui/templates/network.py.gui policycoreutils-2.1.4/gui/templates/network.py
+--- policycoreutils-2.1.4/gui/templates/network.py.gui	2012-05-08 10:50:10.207530971 -0400
+++ policycoreutils-2.1.4/gui/templates/network.py	2012-05-08 10:50:10.207530971 -0400
@@ -0,0 +1,102 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -12852,11 +12846,11 @@ diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0
 +corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
 +"""
 +
-diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/gui/templates/rw.py
--- policycoreutils-2.0.86/gui/templates/rw.py.gui	2011-04-12 10:52:07.557644997 -0400
-+++ policycoreutils-2.0.86/gui/templates/rw.py	2011-05-23 16:59:48.308644991 -0400
+diff -up policycoreutils-2.1.4/gui/templates/rw.py.gui policycoreutils-2.1.4/gui/templates/rw.py
+--- policycoreutils-2.1.4/gui/templates/rw.py.gui	2012-05-08 10:50:10.207530971 -0400
+++ policycoreutils-2.1.4/gui/templates/rw.py	2012-05-08 10:50:10.207530971 -0400
@@ -0,0 +1,129 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -12970,7 +12964,7 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_rw_t;"""
+		type TEMPLATETYPE_rw_t;"""
 +
 +if_admin_rules="""
 +	files_search_etc($1)
@ -12985,11 +12979,11 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
 +fc_dir="""
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.86/gui/templates/script.py
--- policycoreutils-2.0.86/gui/templates/script.py.gui	2011-04-12 10:52:07.558645012 -0400
-+++ policycoreutils-2.0.86/gui/templates/script.py	2011-05-23 17:02:13.796795073 -0400
+diff -up policycoreutils-2.1.4/gui/templates/script.py.gui policycoreutils-2.1.4/gui/templates/script.py
+--- policycoreutils-2.1.4/gui/templates/script.py.gui	2012-05-08 10:50:10.207530971 -0400
+++ policycoreutils-2.1.4/gui/templates/script.py	2012-05-08 10:52:08.220565338 -0400
@@ -0,0 +1,126 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13054,7 +13048,7 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
 +
 +echo "Building and Loading Policy"
 +set -x
-+make -f /usr/share/selinux/devel/Makefile || exit
+make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit
 +/usr/sbin/semodule -i TEMPLATEFILE.pp
 +
 +"""
@ -13115,11 +13109,11 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
 +_EOF
 +fi
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.0.86/gui/templates/semodule.py
--- policycoreutils-2.0.86/gui/templates/semodule.py.gui	2011-04-12 10:52:07.560645042 -0400
-+++ policycoreutils-2.0.86/gui/templates/semodule.py	2011-05-23 17:02:07.466744404 -0400
+diff -up policycoreutils-2.1.4/gui/templates/semodule.py.gui policycoreutils-2.1.4/gui/templates/semodule.py
+--- policycoreutils-2.1.4/gui/templates/semodule.py.gui	2012-05-08 10:50:10.207530971 -0400
+++ policycoreutils-2.1.4/gui/templates/semodule.py	2012-05-08 10:50:10.207530971 -0400
@@ -0,0 +1,41 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13160,11 +13154,11 @@ diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.
 +semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
 +"""
 +
-diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/gui/templates/tmp.py
--- policycoreutils-2.0.86/gui/templates/tmp.py.gui	2011-04-12 10:52:07.561645058 -0400
-+++ policycoreutils-2.0.86/gui/templates/tmp.py	2011-05-23 17:01:55.736650663 -0400
+diff -up policycoreutils-2.1.4/gui/templates/tmp.py.gui policycoreutils-2.1.4/gui/templates/tmp.py
+--- policycoreutils-2.1.4/gui/templates/tmp.py.gui	2012-05-08 10:50:10.208530972 -0400
+++ policycoreutils-2.1.4/gui/templates/tmp.py	2012-05-08 10:50:10.208530972 -0400
@@ -0,0 +1,102 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13260,17 +13254,93 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_tmp_t;"""
+		type TEMPLATETYPE_tmp_t;"""
 +
 +if_admin_rules="""
 +	files_search_tmp($1)
 +	admin_pattern($1, TEMPLATETYPE_tmp_t)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86/gui/templates/user.py
--- policycoreutils-2.0.86/gui/templates/user.py.gui	2011-04-12 10:52:07.562645074 -0400
-+++ policycoreutils-2.0.86/gui/templates/user.py	2011-05-23 17:01:46.816579501 -0400
+diff -up policycoreutils-2.1.4/gui/templates/unit_file.py.gui policycoreutils-2.1.4/gui/templates/unit_file.py
+--- policycoreutils-2.1.4/gui/templates/unit_file.py.gui	2012-05-08 10:51:24.655552818 -0400
+++ policycoreutils-2.1.4/gui/templates/unit_file.py	2012-05-08 10:51:15.755550237 -0400
+@@ -0,0 +1,72 @@
+# Copyright (C) 2012 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of the GNU General Public License as
+#    published by the Free Software Foundation; either version 2 of
+#    the License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program; if not, write to the Free Software
+#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+#                                        02111-1307  USA
+#
+#
+########################### unit Template File #############################
+
+########################### Type Enforcement File #############################
+te_types="""
+type TEMPLATETYPE_unit_file_t;
+systemd_unit_file(TEMPLATETYPE_unit_file_t)
+"""
+
+te_rules=""
+
+########################### Interface File #############################
+if_rules="""\
+########################################
+## <summary>
+##	Execute TEMPLATETYPE server in the TEMPLATETYPE domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_systemctl',`
+	gen_require(`
+		type TEMPLATETYPE_t;
+		type TEMPLATETYPE_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+        systemd_read_fifo_file_password_run($1)
+	allow $1 TEMPLATETYPE_unit_file_t:file read_file_perms;
+	allow $1 TEMPLATETYPE_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, TEMPLATETYPE_t)
+')
+
+"""
+
+if_admin_types="""
+	type TEMPLATETYPE_unit_file_t;"""
+
+if_admin_rules="""
+	TEMPLATETYPE_systemctl($1)
+	admin_pattern($1, TEMPLATETYPE_unit_file_t)
+	allow $1 TEMPLATETYPE_unit_file_t:service all_service_perms;
+"""
+
+########################### File Context ##################################
+fc_file="""\
+FILENAME		--	gen_context(system_u:object_r:TEMPLATETYPE_unit_file_t,s0)
+"""
+diff -up policycoreutils-2.1.4/gui/templates/user.py.gui policycoreutils-2.1.4/gui/templates/user.py
+--- policycoreutils-2.1.4/gui/templates/user.py.gui	2012-05-08 10:50:10.208530972 -0400
+++ policycoreutils-2.1.4/gui/templates/user.py	2012-05-08 10:50:10.208530972 -0400
@@ -0,0 +1,204 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13474,11 +13544,11 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
 +te_newrole_rules="""
 +seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2.0.86/gui/templates/var_cache.py
--- policycoreutils-2.0.86/gui/templates/var_cache.py.gui	2011-04-12 10:52:07.566645136 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_cache.py	2011-05-23 17:01:38.793515591 -0400
+diff -up policycoreutils-2.1.4/gui/templates/var_cache.py.gui policycoreutils-2.1.4/gui/templates/var_cache.py
+--- policycoreutils-2.1.4/gui/templates/var_cache.py.gui	2012-05-08 10:50:10.208530972 -0400
+++ policycoreutils-2.1.4/gui/templates/var_cache.py	2012-05-08 10:50:10.208530972 -0400
@@ -0,0 +1,132 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13595,7 +13665,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_cache_t;"""
+		type TEMPLATETYPE_cache_t;"""
 +
 +if_admin_rules="""
 +	files_search_var($1)
@ -13610,11 +13680,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
 +fc_dir="""\
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0.86/gui/templates/var_lib.py
--- policycoreutils-2.0.86/gui/templates/var_lib.py.gui	2011-04-12 10:52:07.567645151 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_lib.py	2011-05-23 17:01:31.516457701 -0400
+diff -up policycoreutils-2.1.4/gui/templates/var_lib.py.gui policycoreutils-2.1.4/gui/templates/var_lib.py
+--- policycoreutils-2.1.4/gui/templates/var_lib.py.gui	2012-05-08 10:50:10.208530972 -0400
+++ policycoreutils-2.1.4/gui/templates/var_lib.py	2012-05-08 10:50:10.208530972 -0400
@@ -0,0 +1,160 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13737,7 +13807,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
 +if_stream_rules="""
 +########################################
 +## <summary>
-+##	Connect to TEMPLATETYPE over an unix stream socket.
+##	Connect to TEMPLATETYPE over a unix stream socket.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
@ -13755,7 +13825,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_var_lib_t;"""
+		type TEMPLATETYPE_var_lib_t;"""
 +
 +if_admin_rules="""
 +	files_search_var_lib($1)
@ -13774,11 +13844,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
 +fc_dir="""\
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0.86/gui/templates/var_log.py
--- policycoreutils-2.0.86/gui/templates/var_log.py.gui	2011-04-12 10:52:07.568645166 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_log.py	2011-05-23 17:01:22.948389639 -0400
+diff -up policycoreutils-2.1.4/gui/templates/var_log.py.gui policycoreutils-2.1.4/gui/templates/var_log.py
+--- policycoreutils-2.1.4/gui/templates/var_log.py.gui	2012-05-08 10:50:10.208530972 -0400
+++ policycoreutils-2.1.4/gui/templates/var_log.py	2012-05-08 10:50:10.208530972 -0400
@@ -0,0 +1,114 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13814,7 +13884,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
 +"""
 +
 +########################### Interface File #############################
-+if_rules="""
+if_rules="""\
 +########################################
 +## <summary>
 +##	Read TEMPLATETYPE's log files.
@ -13877,7 +13947,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_log_t;"""
+		type TEMPLATETYPE_log_t;"""
 +
 +if_admin_rules="""
 +	logging_search_logs($1)
@ -13892,11 +13962,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
 +fc_dir="""\
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0.86/gui/templates/var_run.py
--- policycoreutils-2.0.86/gui/templates/var_run.py.gui	2011-04-12 10:52:07.569645181 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_run.py	2011-05-23 17:01:11.639299961 -0400
+diff -up policycoreutils-2.1.4/gui/templates/var_run.py.gui policycoreutils-2.1.4/gui/templates/var_run.py
+--- policycoreutils-2.1.4/gui/templates/var_run.py.gui	2012-05-08 10:50:10.209530972 -0400
+++ policycoreutils-2.1.4/gui/templates/var_run.py	2012-05-08 10:50:10.209530972 -0400
@@ -0,0 +1,101 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -13935,7 +14005,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
 +files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file)
 +"""
 +
-+if_rules="""
+if_rules="""\
 +########################################
 +## <summary>
 +##	Read TEMPLATETYPE PID files.
@ -13960,7 +14030,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
 +if_stream_rules="""\
 +########################################
 +## <summary>
-+##	Connect to TEMPLATETYPE over an unix stream socket.
+##	Connect to TEMPLATETYPE over a unix stream socket.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
@ -13979,7 +14049,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_var_run_t;"""
+		type TEMPLATETYPE_var_run_t;"""
 +
 +if_admin_rules="""
 +	files_search_pids($1)
@ -13997,11 +14067,11 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
 +fc_dir="""\
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py
--- policycoreutils-2.0.86/gui/templates/var_spool.py.gui	2011-04-12 10:52:07.573645242 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_spool.py	2011-05-25 16:09:23.350352658 -0400
+diff -up policycoreutils-2.1.4/gui/templates/var_spool.py.gui policycoreutils-2.1.4/gui/templates/var_spool.py
+--- policycoreutils-2.1.4/gui/templates/var_spool.py.gui	2012-05-08 10:50:10.209530972 -0400
+++ policycoreutils-2.1.4/gui/templates/var_spool.py	2012-05-08 10:50:10.209530972 -0400
@@ -0,0 +1,131 @@
-+# Copyright (C) 2007-2011 Red Hat
+# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
 +# policygentool is a tool for the initial generation of SELinux policy
@ -14117,7 +14187,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
 +"""
 +
 +if_admin_types="""
-+	type TEMPLATETYPE_spool_t;"""
+		type TEMPLATETYPE_spool_t;"""
 +
 +if_admin_rules="""
 +	files_search_spool($1)
@ -14132,9 +14202,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
 +fc_dir="""\
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
 +"""
-diff -up policycoreutils-2.0.86/gui/usersPage.py.gui policycoreutils-2.0.86/gui/usersPage.py
--- policycoreutils-2.0.86/gui/usersPage.py.gui	2011-04-12 10:52:07.578645320 -0400
-+++ policycoreutils-2.0.86/gui/usersPage.py	2011-04-12 10:52:07.578645320 -0400
+diff -up policycoreutils-2.1.4/gui/usersPage.py.gui policycoreutils-2.1.4/gui/usersPage.py
+--- policycoreutils-2.1.4/gui/usersPage.py.gui	2012-05-08 10:50:10.209530972 -0400
+++ policycoreutils-2.1.4/gui/usersPage.py	2012-05-08 10:50:10.209530972 -0400
@@ -0,0 +1,150 @@
 +## usersPage.py - show selinux mappings
 +## Copyright (C) 2006,2007,2008 Red Hat, Inc.
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@ -1,270 +1,56 @@
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/access.py	2011-05-25 16:11:58.150628048 -0400
-@@ -32,6 +32,7 @@ in a variety of ways, but they are the f
- """
+diff --git a/sepolgen/HACKING b/sepolgen/HACKING
+index 5cdf6d5..a0ec323 100644
+--- a/sepolgen/HACKING
+++ b/sepolgen/HACKING
+@@ -76,4 +76,4 @@ information about the object classes - including information flow. It
+ is separated to keep the core from being concerned about the details
+ of the object classes.
 
+-[selist]: http://www.nsa.gov/selinux/info/list.cfm
+\ No newline at end of file
+[selist]: http://www.nsa.gov/research/selinux/info/list.cfm
+diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
+index 9fdfafa..9e2ccee 100644
+--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
+@@ -20,6 +20,7 @@
 import refpolicy
-+from selinux import audit2why
+ import access
+ import re
+import sys
 
- def is_idparam(id):
-     """Determine if an id is a paramater in the form $N, where N is
-@@ -85,6 +86,8 @@ class AccessVector:
-             self.obj_class = None
-             self.perms = refpolicy.IdSet()
-             self.audit_msgs = []
-+            self.type = audit2why.TERULE
-+            self.bools = []
+ # Convenience functions
 
-         # The direction of the information flow represented by this
-         # access vector - used for matching
-@@ -253,20 +256,22 @@ class AccessVectorSet:
-         for av in l:
-             self.add_av(AccessVector(av))
+@@ -343,6 +344,7 @@ class AuditParser:
+         self.policy_load_msgs = []
+         self.path_msgs = []
+         self.by_header = { }
+        self.check_input_file = False
+                 
+     # Low-level parsing function - tries to determine if this audit
+     # message is an SELinux related message and then parses it into
+@@ -378,6 +380,7 @@ class AuditParser:
+                 found = True
+                 
+             if found:
+                self.check_input_file = True
+                 try:
+                     msg.from_split_string(rec)
+                 except ValueError:
+@@ -447,6 +450,9 @@ class AuditParser:
+         while line:
+             self.__parse(line)
+             line = input.readline()
+        if not self.check_input_file:
+            sys.stderr.write("Nothing to do\n")
+            sys.exit(0)
+         self.__post_process()
 
-    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
-+    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
-         """Add an access vector to the set.
-         """
-         tgt = self.src.setdefault(src_type, { })
-         cls = tgt.setdefault(tgt_type, { })
-         
-        if cls.has_key(obj_class):
-            access = cls[obj_class]
-+        if cls.has_key((obj_class, avc_type)):
-+            access = cls[obj_class, avc_type]
-         else:
-             access = AccessVector()
-             access.src_type = src_type
-             access.tgt_type = tgt_type
-             access.obj_class = obj_class
-            cls[obj_class] = access
-+            access.bools = bools
-+            access.type = avc_type
-+            cls[obj_class, avc_type] = access
- 
-         access.perms.update(perms)
-         if audit_msg:
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/audit.py	2011-05-25 16:11:58.150628048 -0400
-@@ -68,6 +68,17 @@ def get_dmesg_msgs():
-                               stdout=subprocess.PIPE).communicate()[0]
-     return output
- 
-+def get_log_msgs():
-+    """Obtain all of the avc and policy load messages from /var/log/messages.
-+
-+    Returns:
-+       string contain all of the audit messages returned by /var/log/messages.
-+    """
-+    import subprocess
-+    output = subprocess.Popen(["/bin/grep", "avc",  "/var/log/messages"],
-+                              stdout=subprocess.PIPE).communicate()[0]
-+    return output
-+
- # Classes representing audit messages
- 
- class AuditMessage:
-@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
-             if fields[0] == "path":
-                 self.path = fields[1][1:-1]
-                 return
-+import selinux.audit2why as audit2why
-+
-+avcdict = {}
- 
- class AVCMessage(AuditMessage):
-     """AVC message representing an access denial or granted message.
-@@ -167,6 +181,8 @@ class AVCMessage(AuditMessage):
-         self.path = ""
-         self.accesses = []
-         self.denial = True
-+        self.type = audit2why.TERULE
-+        self.bools = []
- 
-     def __parse_access(self, recs, start):
-         # This is kind of sucky - the access that is in a space separated
-@@ -226,7 +242,31 @@ class AVCMessage(AuditMessage):
- 
-         if not found_src or not found_tgt or not found_class or not found_access:
-             raise ValueError("AVC message in invalid format [%s]\n" % self.message)
-                
-+        self.analyze()
-+
-+    def analyze(self):
-+        tcontext = self.tcontext.to_string()
-+        scontext = self.scontext.to_string()
-+        access_tuple = tuple( self.accesses)
-+        if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
-+            self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
-+        else:
-+            self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
-+            if self.type == audit2why.NOPOLICY:
-+                self.type = audit2why.TERULE
-+            if self.type == audit2why.BADTCON:
-+                raise ValueError("Invalid Target Context %s\n" % tcontext)
-+            if self.type == audit2why.BADSCON:
-+                raise ValueError("Invalid Source Context %s\n" % scontext)
-+            if self.type == audit2why.BADSCON:
-+                raise ValueError("Invalid Type Class %s\n" % self.tclass)
-+            if self.type == audit2why.BADPERM:
-+                raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
-+            if self.type == audit2why.BADCOMPUTE:
-+                raise ValueError("Error during access vector computation")
-+            
-+            avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
-+
- class PolicyLoadMessage(AuditMessage):
-     """Audit message indicating that the policy was reloaded."""
-     def __init__(self, message):
-@@ -469,10 +509,10 @@ class AuditParser:
-             if avc_filter:
-                 if avc_filter.filter(avc):
-                     av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
-                               avc.accesses, avc)
-+                               avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
-             else:
-                 av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
-                           avc.accesses, avc)
-+                           avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
-         return av_set
- 
- class AVCTypeFilter:
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/defaults.py	2011-05-25 16:11:58.150628048 -0400
-@@ -30,6 +30,9 @@ def perm_map():
- def interface_info():
-     return data_dir() + "/interface_info"
- 
-+def attribute_info():
-+    return data_dir() + "/attribute_info"
-+
- def refpolicy_devel():
-     return "/usr/share/selinux/devel"
- 
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/interfaces.py	2011-05-25 16:11:58.151628058 -0400
-@@ -29,6 +29,8 @@ import matching
- 
- from sepolgeni18n import _
- 
-+import copy
-+
- class Param:
-     """
-     Object representing a paramater for an interface.
-@@ -197,10 +199,48 @@ def ifcall_extract_params(ifcall, params
-                 ret = 1
- 
-     return ret
-            
-+
-+class AttributeVector:
-+    def __init__(self):
-+        self.name = ""
-+        self.access = access.AccessVectorSet()
-+
-+    def add_av(self, av):
-+        self.access.add_av(av)
-+
-+class AttributeSet:
-+    def __init__(self):
-+        self.attributes = { }
-+
-+    def add_attr(self, attr):
-+        self.attributes[attr.name] = attr
-+
-+    def from_file(self, fd):
-+        def parse_attr(line):
-+            fields = line[1:-1].split()
-+            if len(fields) != 2 or fields[0] != "Attribute":
-+                raise SyntaxError("Syntax error Attribute statement %s" % line)
-+            a = AttributeVector()
-+            a.name = fields[1]
-+
-+            return a
-+
-+        a = None
-+        for line in fd:
-+            line = line[:-1]
-+            if line[0] == "[":
-+                if a:
-+                    self.add_attr(a)
-+                a = parse_attr(line)
-+            elif a:
-+                l = line.split(",")
-+                av = access.AccessVector(l)
-+                a.add_av(av)
-+        if a:
-+            self.add_attr(a)
- 
- class InterfaceVector:
-    def __init__(self, interface=None):
-+    def __init__(self, interface=None, attributes={}):
-         # Enabled is a loose concept currently - we are essentially
-         # not enabling interfaces that we can't handle currently.
-         # See InterfaceVector.add_ifv for more information.
-@@ -214,10 +254,10 @@ class InterfaceVector:
-         # value: Param object).
-         self.params = { }
-         if interface:
-            self.from_interface(interface)
-+            self.from_interface(interface, attributes)
-         self.expanded = False
- 
-    def from_interface(self, interface):
-+    def from_interface(self, interface, attributes={}):
-         self.name = interface.name
- 
-         # Add allow rules
-@@ -232,6 +272,23 @@ class InterfaceVector:
-             for av in avs:
-                 self.add_av(av)
- 
-+        # Add typeattribute access
-+        if attributes != None:
-+            for typeattribute in interface.typeattributes():
-+                for attr in typeattribute.attributes:
-+                    if not attributes.attributes.has_key(attr):
-+                        # print "missing attribute " + attr
-+                        continue
-+                    attr_vec = attributes.attributes[attr]
-+                    for a in attr_vec.access:
-+                        av = copy.copy(a)
-+                        if av.src_type == attr_vec.name:
-+                            av.src_type = typeattribute.type
-+                        if av.tgt_type == attr_vec.name:
-+                            av.tgt_type = typeattribute.type
-+                        self.add_av(av)
-+
-+
-         # Extract paramaters from roles
-         for role in interface.roles():
-             if role_extract_params(role, self.params):
-@@ -346,13 +403,13 @@ class InterfaceSet:
-                 l = self.tgt_type_map.setdefault(type, [])
-                 l.append(ifv)
- 
-    def add(self, interface):
-        ifv = InterfaceVector(interface)
-+    def add(self, interface, attributes={}):
-+        ifv = InterfaceVector(interface, attributes)
-         self.add_ifv(ifv)
- 
-    def add_headers(self, headers, output=None):
-+    def add_headers(self, headers, output=None, attributes={}):
-         for i in itertools.chain(headers.interfaces(), headers.templates()):
-            self.add(i)
-+            self.add(i, attributes)
- 
-         self.expand_ifcalls(headers)
-         self.index()
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py	2011-05-25 16:11:58.151628058 -0400
+     def parse_string(self, input):
+diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
+index 1a9a3e5..d56dd92 100644
+--- a/sepolgen/src/sepolgen/matching.py
+++ b/sepolgen/src/sepolgen/matching.py
@@ -50,7 +50,7 @@ class Match:
                 return 1
 
@ -293,227 +79,3 @@ diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/matching.py.sepolge
 
     def __iter__(self):
         return iter(self.children)
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/policygen.py	2011-05-25 16:11:58.151628058 -0400
-@@ -29,6 +29,8 @@ import objectmodel
- import access
- import interfaces
- import matching
-+import selinux.audit2why as audit2why
-+from setools import *
- 
- # Constants for the level of explanation from the generation
- # routines
-@@ -77,6 +79,7 @@ class PolicyGenerator:
- 
-         self.dontaudit = False
- 
-+        self.domains = None
-     def set_gen_refpol(self, if_set=None, perm_maps=None):
-         """Set whether reference policy interfaces are generated.
- 
-@@ -151,8 +154,41 @@ class PolicyGenerator:
-             rule = refpolicy.AVRule(av)
-             if self.dontaudit:
-                 rule.rule_type = rule.DONTAUDIT
-+            rule.comment = ""
-             if self.explain:
-                rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
-+                rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
-+            if av.type == audit2why.ALLOW:
-+                rule.comment += "#!!!! This avc is allowed in the current policy\n" 
-+            if av.type == audit2why.DONTAUDIT:
-+                rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n" 
-+
-+            if av.type == audit2why.BOOLEAN:
-+                if len(av.bools) > 1:
-+                    rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n#     %s\n" % ", ".join(map(lambda x: x[0], av.bools))
-+                else:
-+                    rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
-+
-+            if av.type == audit2why.CONSTRAINT:
-+                rule.comment += "#!!!! This avc is a constraint violation.  You will need to add an attribute to either the source or target type to make it work.\n" 
-+                rule.comment += "#Contraint rule: "
-+
-+            if av.type == audit2why.TERULE:
-+                if "write" in av.perms:
-+                    if "dir" in av.obj_class or "open" in av.perms:
-+                        if not self.domains:
-+                            self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
-+                        types=[]
-+                        
-+                        try:
-+                            for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
-+                                if i not in self.domains:
-+                                    types.append(i)
-+                            if len(types) == 1:
-+                                rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-+                            elif len(types) >= 1:
-+                                rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-+                        except:
-+                            pass
-             self.module.children.append(rule)
- 
- 
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/sepolgen/refparser.py	2011-05-25 16:18:20.911964611 -0400
-@@ -243,7 +243,7 @@ def t_refpolicywarn(t):
-     t.lexer.lineno += 1
- 
- def t_IDENTIFIER(t):
-    r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
-+    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
-     # Handle any keywords
-     t.type = reserved.get(t.value,'IDENTIFIER')
-     return t
-@@ -768,6 +768,7 @@ def p_avrule_def(p):
- 
- def p_typerule_def(p):
-     '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
-+                    | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
-                     | TYPE_CHANGE names names COLON names IDENTIFIER SEMI
-                     | TYPE_MEMBER names names COLON names IDENTIFIER SEMI
-     '''
-@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, exp
-         # of misc_macros. We are just going to pretend that this is an interface
-         # to make the expansion work correctly.
-         can_exec = refpolicy.Interface("can_exec")
-        av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
-+        av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read",
-                                   "getattr","lock","execute","ioctl"])
- 
-         can_exec.children.append(refpolicy.AVRule(av))
-diff -up policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map
--- policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map.sepolgen	2010-03-24 15:57:20.000000000 -0400
-+++ policycoreutils-2.0.86/sepolgen-1.0.23/src/share/perm_map	2011-05-25 16:11:58.152628068 -0400
-@@ -124,7 +124,7 @@ class filesystem 10
-           quotamod     w           1
-           quotaget     r           1
- 
-class file 20
-+class file 21
-   execute_no_trans     r           1
-         entrypoint     r           1
-            execmod     n           1
-@@ -141,48 +141,50 @@ class file 20
-             unlink     w           1
-               link     w           1
-             rename     w           5
-           execute     r           100
-+           execute     r           10
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
-class dir 22
-          add_name     w           5
-+class dir 23
-+          add_name     w           1
-        remove_name     w           1
-           reparent     w           1
-             search     r           1
-              rmdir     b           1
-              ioctl     n           1
-              read     r          10
-             write     w          10
-+              read     r           1
-+             write     w           1
-             create     w           1
-           getattr     r           7
-           setattr     w           7
-+           getattr     r           1
-+           setattr     w           1
-               lock     n           1
-       relabelfrom     r           10
-         relabelto     w           10
-+       relabelfrom     r           1
-+         relabelto     w           1
-             append     w           1
-             unlink     w           1
-               link     w           1
-            rename     w           5
-+            rename     w           1
-            execute     r           1
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
- class fd 1
-                use     b           1
- 
-class lnk_file 17
-+class lnk_file 18
-              ioctl     n           1
-              read     r          10
-             write     w          10
-+              read     r           1
-+             write     w           1
-             create     w           1
-           getattr     r           7
-           setattr     w           7
-+           getattr     r           1
-+           setattr     w           1
-               lock     n           1
-       relabelfrom     r           10
-         relabelto     w           10
-+       relabelfrom     r           1
-+         relabelto     w           1
-             append     w           1
-             unlink     w           1
-               link     w           1
-@@ -191,8 +193,9 @@ class lnk_file 17
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
-class chr_file 20
-+class chr_file 21
-   execute_no_trans     r           1
-         entrypoint     r           1
-            execmod     n           1
-@@ -213,8 +216,9 @@ class chr_file 20
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
-class blk_file 17
-+class blk_file 18
-              ioctl     n           1
-               read     r          10
-              write     w          10
-@@ -232,8 +236,9 @@ class blk_file 17
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
-class sock_file 17
-+class sock_file 18
-              ioctl     n           1
-               read     r          10
-              write     w          10
-@@ -251,8 +256,9 @@ class sock_file 17
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
-class fifo_file 17
-+class fifo_file 18
-              ioctl     n           1
-               read     r          10
-              write     w          10
-@@ -270,6 +276,7 @@ class fifo_file 17
-             swapon     b           1
-            quotaon     b           1
-            mounton     b           1
-+	      open     r	   1
- 
- class socket 22
-              ioctl     n           1
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,13 +1,13 @@
 %define	libauditver	1.4.2-1
-%define libsepolver 	2.0.44-2
+%define libsepolver 2.1.0-1
 %define	libsemanagever	2.0.46-6
-%define	libselinuxver	2.0.90-3
-%define	sepolgenver	1.0.23
+%define libselinuxver 2.0.102-6
+%define	sepolgenver	1.1.5

 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.0.86
-Release: 18%{?dist}
+Version: 2.1.4
+Release: 17%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -22,11 +22,12 @@ Source6: selinux-polgengui.desktop
 Source7: selinux-polgengui.console
 Source8: policycoreutils_man_ru2.tar.bz2
 Source9: semanage-bash-completion.sh
-Patch:	 policycoreutils-rhat.patch
 Source10: restorecond.service
+Patch:	 policycoreutils-rhat.patch
 Patch1:	 policycoreutils-po.patch
 Patch3:	 policycoreutils-gui.patch
 Patch4:	 policycoreutils-sepolgen.patch
+Patch5:	 policycoreutils-f17.patch
 Obsoletes: policycoreutils < 2.0.61-2

 %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
@ -66,7 +67,8 @@ context.
 %patch -p2 -b .rhat
 %patch1 -p1 -b .rhatpo
 %patch3 -p1 -b .gui
-%patch4 -p1 -b .sepolgen
+%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
+%patch5 -p1 -b .f17

 %build
 make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all 
@ -90,6 +92,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
 cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/

 make LSPP_PRIV=y  DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
+make -C gui LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
 # Systemd 
 mkdir -p %{buildroot}%{_unitdir}
 install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
@ -184,7 +187,7 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
 %{_datadir}/sandbox/start
 %attr(0755,root,root) %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
 %{_mandir}/man8/seunshare.8*
-%{_mandir}/man5/sandbox.conf.5*
+%{_mandir}/man5/sandbox.5*

 %triggerin python -- selinux-policy
 selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
@ -271,6 +274,7 @@ rm -rf %{buildroot}
 %{_bindir}/semodule_expand
 %{_bindir}/semodule_link
 %{_bindir}/semodule_package
+%{_bindir}/semodule_unpackage
 %{_sysconfdir}/rc.d/init.d/sandbox
 %config(noreplace) %{_sysconfdir}/sysconfig/sandbox
 %config(noreplace) %{_sysconfdir}/pam.d/run_init
@ -295,6 +299,7 @@ rm -rf %{buildroot}
 %{_mandir}/man8/semodule_link.8*
 %{_mandir}/ru/man8/semodule_link.8*
 %{_mandir}/man8/semodule_package.8*
+%{_mandir}/man8/semodule_unpackage.8*
 %{_mandir}/ru/man8/semodule_package.8*
 %{_mandir}/man8/sestatus.8*
 %{_mandir}/ru/man8/sestatus.8*
@ -349,6 +354,138 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Tue May 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.4-17
+- Bring in unit_file.py in to templates direcory
+
+* Wed Jan 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.4-16
+- Dont syslog changes if you are only checking in setfiles/restorecon
+- Don't syslog on full relabel
+
+* Wed Jan 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.4-15
+- fix sepolgen to not crash on echo "" | audit2allow 
+- Fix English in templates for sepolgen
+- Add unit file support to sepolgen, and cleanup some of the output.
+
+* Fri Dec 23 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-13
+- Fix the handling of namespaces in seunshare/sandbox.
+- Currently mounting of directories within sandbox is propogating to the 
+- parent namesspace.
+
+* Tue Nov 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-12
+- Fix dpi handling in sandbox 
+- Make sure semanage fcontext -l -C prints if only local equiv have changed
+
+* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-10
+- Add listing of distribution equivalence class from semanage fcontext -l
+- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
+ 
+* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-9
+- Update to latest sepolgen
+- Allow ~ as a valid part of a filename in sepolgen
+
+* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-8
+- sandbox init script should always return 0
+- sandbox command needs to check range of categories and report error if not big enough
+- Allow DPI to be passed into the sandbox
+
+* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-7
+- Backport fixes from restorecond to handle being run within a terminal session
+- Add ~/.local/share/* to restorecond_users.conf
+- Fix semodule man page
+- Fix a couple of problems found by coverity
+
+* Mon Oct 24 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-6
+- Include the patch this time to fix sandbox.init
+
+* Mon Oct 24 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-5
+- Fix sandbox.init script
+
+* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-4
+- Backport sepolgen fixes from F17
+
+* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-3
+- Backport fixes from F17
+
+* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
+- Fix bug in glob handling for restorecon
+
+* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
+-Update to upstream
+2.1.4 2011-08-17
+	* run_init: clarification of the usage in the
+	* semanage: fix usage header around booleans
+	* semanage: remove useless empty lines
+	* semanage: update man page with new examples
+	* semanage: update usage text
+	* semanage: introduce file context equivalencies
+	* semanage: enable and disable modules
+	* semanage: output all local modifications
+	* semanage: introduce extraction of local configuration
+	* semanage: cleanup error on invalid operation
+	* semanage: handle being called with no arguments
+	* semanage: return sooner to save CPU time
+	* semanage: surround getopt with try/except
+	* semanage: use define/raise instead of lots of
+	* semanage: some options are only valid for
+	* semanage: introduce better deleteall support
+	* semanage: do not allow spaces in file
+	* semanage: distinguish between builtin and local permissive
+	* semanage: centralized ip node handling
+	* setfiles: make the restore function exclude() non-static
+	* setfiles: use glob to handle ~ and
+	* fixfiles: do not hard code types
+	* fixfiles: stop trying to be smart about
+	* fixfiles: use new kernel seclabel option
+	* fixfiles: pipe everything to cat before sending
+	* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
+	* semodule: support for alternative root paths
+
+2.1.3 2011-08-03
+	* semanage: fix indention
+	* semodule_package: fix man page typo
+	* semodule_expand: update man page with -a
+	* semanage: handle os errors
+	* semanage: fix traceback with bad options
+	* semanage: show usage on -h or --help
+	* semanage: introduce more deleteall options
+	* semanage: verify ports < 65536
+	* transaction into semanageRecords
+	* make get_handle a method of semanageRecords
+	* remove a needless blank line
+	* make process_one error if not initialized correctly
+	* fixfiles: correct usage for r_opts.rootpath
+	* put -p in help for restorecon and
+	* fixfiles: do not try to only label
+	* fixfiles clean up /var/run and /var/lib/debug
+	* fixfiles delete tmp sockets and pipes rather
+	* fixfile use find -delete instead of pipe
+	* chcat man page typo
+	* add man page for genhomedircon
+	* setfiles fix typo
+	* setsebool should inform users they need to
+	* setsebool typos
+	* open_init_tty man page typos
+	* Don't add user site directory to sys.path
+	* newrole retain CAP_SETPCAP
+
+2.1.2 2011-08-02
+	* seunshare: define _GNU_SOURCE earlier
+	* make ignore_enoent do something
+	* restorecond: first user logged in is not noticed
+	* Repo: update .gitignore
+
+2.1.1 2011-08-01
+	* Man page updates
+	* restorecon fix for bad inotify assumptions
+
+2.1.0 2011-07-27
+	* Release, minor version bump
+
+* Tue Jul 26 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-20
+- Fix sepolgen usage statement
+- Stop using -k insandbox
+- Fix seunshare usage statement
+
 * Thu Jul 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-18
 - Change seunshare to send kill signals to the childs session. 
 - Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
--- a/4
+++ b/4
@ -1,3 +1,3 @@
-49faa2e5f343317bcfcf34d7286f6037  sepolgen-1.0.23.tgz
 59d33101d57378ce69889cc078addf90  policycoreutils_man_ru2.tar.bz2
-13d864a8a6f8a933ef7aee7baf4a9662  policycoreutils-2.0.86.tgz
+7e1e18c09798ffb44913bce3d60c667d  policycoreutils-2.1.4.tgz
+34b1f6599517f80c9b7cfa2dc22826db  sepolgen-1.1.5.tgz
Author	SHA1	Message	Date
Dan Walsh	4dcf733d88	Bring in unit_file.py in to templates direcory	2012-05-08 10:57:46 -04:00
Dan Walsh	7eea916042	Bring in unit_file.py in to templates direcory	2012-05-08 10:53:53 -04:00
Dan Walsh	8a84b9dc0e	Dont syslog changes if you are only checking in setfiles/restorecon - Don't syslog on full relabel	2012-05-02 15:57:11 -04:00
Dan Walsh	2fb6f5383f	fix sepolgen to not crash on echo "" \| audit2allow Fix English in templates for sepolgen Add unit file support to sepolgen, and cleanup some of the output.	2012-01-18 16:52:15 -05:00
Dan Walsh	ffc2e23b19	Fix the handling of namespaces in seunshare/sandbox. Currently mounting of directories within sandbox is propogating to the parent namesspace.	2011-12-23 10:58:01 +00:00
Dan Walsh	0811ca9183	Fix dpi handling in sandbox Make sure semanage fcontext -l -C prints if only local equiv have changed	2011-11-29 16:07:09 -05:00
Dan Walsh	c5a034dd83	Fix dpi handling in sandbox Make sure semanage fcontext -l -C prints if only local equiv have changed	2011-11-29 15:58:43 -05:00
Dan Walsh	602f9edb4e	Fix dpi handling in sandbox	2011-11-29 15:40:41 -05:00
Dan Walsh	d3b43fe396	Add listing of distribution equivalence class from semanage fcontext -l Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence Update to latest sepolgen Allow ~ as a valid part of a filename in sepolgen	2011-11-16 15:44:06 -05:00
Dan Walsh	2f61a7bd55	Update to latest sepolgen Allow ~ as a valid part of a filename in sepolgen	2011-11-16 11:39:56 -05:00
Dan Walsh	fd962b4a18	sandbox init script should always return 0 sandbox command needs to check range of categories and report error if not big enough Allow DPI to be passed into the sandbox	2011-11-11 15:30:41 -05:00
Dan Walsh	ceba8ec997	Backport fixes from restorecond to handle being run within a terminal session Add ~/.local/share/* to restorecond_users.conf Fix semodule man page Fix a couple of problems found by coverity	2011-10-31 11:24:40 -04:00
Dan Walsh	0ce6ffe6e0	Inlcude the patch this time to fix sandbox.init	2011-10-26 08:35:28 -04:00
Dan Walsh	75427df827	Fix sandbox.init script	2011-10-24 14:38:38 -04:00
Dan Walsh	9f719e0494	Backport sepolgen fixes from F17	2011-10-13 13:50:26 -04:00
Dan Walsh	fdc4a2104c	Backport sepolgen fixes from F17	2011-10-13 13:37:48 -04:00
Dan Walsh	84f80332c4	Backport fixes from F17	2011-10-04 08:55:45 -04:00
Dan Walsh	9e0cf1ffd5	Fix bug in glob handling for restorecon	2011-08-23 17:14:13 -04:00
Dan Walsh	329484508e	Update to upstream 2.1.4 2011-08-17 * run_init: clarification of the usage in the * semanage: fix usage header around booleans * semanage: remove useless empty lines * semanage: update man page with new examples * semanage: update usage text * semanage: introduce file context equivalencies * semanage: enable and disable modules * semanage: output all local modifications * semanage: introduce extraction of local configuration * semanage: cleanup error on invalid operation * semanage: handle being called with no arguments * semanage: return sooner to save CPU time * semanage: surround getopt with try/except * semanage: use define/raise instead of lots of * semanage: some options are only valid for * semanage: introduce better deleteall support * semanage: do not allow spaces in file * semanage: distinguish between builtin and local permissive * semanage: centralized ip node handling * setfiles: make the restore function exclude() non-static * setfiles: use glob to handle ~ and * fixfiles: do not hard code types * fixfiles: stop trying to be smart about * fixfiles: use new kernel seclabel option * fixfiles: pipe everything to cat before sending * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs * semodule: support for alternative root paths	2011-08-23 10:13:48 -04:00
Dan Walsh	b52696e988	Update to upstream 2.1.4 2011-08-17 * run_init: clarification of the usage in the * semanage: fix usage header around booleans * semanage: remove useless empty lines * semanage: update man page with new examples * semanage: update usage text * semanage: introduce file context equivalencies * semanage: enable and disable modules * semanage: output all local modifications * semanage: introduce extraction of local configuration * semanage: cleanup error on invalid operation * semanage: handle being called with no arguments * semanage: return sooner to save CPU time * semanage: surround getopt with try/except * semanage: use define/raise instead of lots of * semanage: some options are only valid for * semanage: introduce better deleteall support * semanage: do not allow spaces in file * semanage: distinguish between builtin and local permissive * semanage: centralized ip node handling * setfiles: make the restore function exclude() non-static * setfiles: use glob to handle ~ and * fixfiles: do not hard code types * fixfiles: stop trying to be smart about * fixfiles: use new kernel seclabel option * fixfiles: pipe everything to cat before sending * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs * semodule: support for alternative root paths	2011-08-23 09:53:02 -04:00
Dan Walsh	7cc1f98d25	Update to upstream * Man page updates * restorecon fix for bad inotify assumptions * Release, minor version bump Fix sepolgen usage statement Stop using -k insandbox Fix seunshare usage statement	2011-08-10 12:57:25 -04:00
Dan Walsh	864bc60070	Update to upstream * Man page updates * restorecon fix for bad inotify assumptions * Release, minor version bump Fix sepolgen usage statement Stop using -k insandbox Fix seunshare usage statement	2011-08-10 11:12:26 -04:00