Compare commits
58 Commits
Author | SHA1 | Date |
---|---|---|
Fedora Release Engineering | bba71b2c7f | |
Bill Nottingham | a67ef18d62 | |
Ville Skyttä | 3e6913eec2 | |
Daniel J Walsh | 84c51dc263 | |
Daniel J Walsh | 789a6305db | |
Daniel J Walsh | b151130909 | |
Daniel J Walsh | d769e7d333 | |
Daniel J Walsh | 99148e8607 | |
Daniel J Walsh | 3a4b999ddf | |
Daniel J Walsh | 7e46ae00c4 | |
Daniel J Walsh | f40ec8f4b7 | |
Daniel J Walsh | 9bc066f4e5 | |
Daniel J Walsh | 70545b8b95 | |
Daniel J Walsh | 885bcd1c51 | |
Daniel J Walsh | 1bb95742fd | |
Daniel J Walsh | 154a1d2d80 | |
Daniel J Walsh | bc60e421ab | |
Daniel J Walsh | 05f43b88db | |
Daniel J Walsh | f34f925153 | |
Jesse Keating | 2f92968a1b | |
Matthias Clasen | 08e11ff20d | |
Matthias Clasen | 7c2c5859b4 | |
Matthias Clasen | 19044208b5 | |
Daniel J Walsh | b3a6aed4e8 | |
Daniel J Walsh | 1937624126 | |
Daniel J Walsh | c8a2b11996 | |
Daniel J Walsh | 3f5590c2ba | |
Daniel J Walsh | c8da8e4bb5 | |
Daniel J Walsh | b02bd552ad | |
Daniel J Walsh | 32359da96c | |
Daniel J Walsh | 7f0f9f77a0 | |
Daniel J Walsh | d233d262ce | |
Daniel J Walsh | a2d4e923a5 | |
Daniel J Walsh | b4d819247b | |
Daniel J Walsh | 1d9142319c | |
Daniel J Walsh | 9eb4f22beb | |
Daniel J Walsh | 5f036c7e84 | |
Daniel J Walsh | bf3b024c70 | |
Daniel J Walsh | e992b6c9c3 | |
Daniel J Walsh | b6cb6c752c | |
Daniel J Walsh | dc512da2c7 | |
Daniel J Walsh | d0636f5096 | |
Daniel J Walsh | 2144c791bc | |
Daniel J Walsh | 4feb8ecda0 | |
Daniel J Walsh | 76bb5768bc | |
Daniel J Walsh | ec48a80fcb | |
Daniel J Walsh | 1d99d9a050 | |
Daniel J Walsh | 586b4afdc3 | |
Daniel J Walsh | 3172c26d29 | |
Daniel J Walsh | 3641a49092 | |
Daniel J Walsh | cdbdbe7a2a | |
Daniel J Walsh | 96efbf90c9 | |
Daniel J Walsh | 44981fdef3 | |
Daniel J Walsh | 353136a1b0 | |
Daniel J Walsh | 2e73fc41a3 | |
Daniel J Walsh | 59ab094567 | |
Daniel J Walsh | 28e6ff92c2 | |
Daniel J Walsh | a0a94541aa |
|
@ -164,3 +164,23 @@ policycoreutils-2.0.28.tgz
|
|||
policycoreutils-2.0.29.tgz
|
||||
policycoreutils-2.0.31.tgz
|
||||
policycoreutils-2.0.32.tgz
|
||||
policycoreutils-2.0.33.tgz
|
||||
policycoreutils-2.0.34.tgz
|
||||
policycoreutils-2.0.35.tgz
|
||||
policycoreutils-2.0.36.tgz
|
||||
policycoreutils-2.0.37.tgz
|
||||
sepolgen-1.0.11.tgz
|
||||
policycoreutils-2.0.38.tgz
|
||||
policycoreutils-2.0.39.tgz
|
||||
policycoreutils-2.0.41.tgz
|
||||
policycoreutils-2.0.42.tgz
|
||||
policycoreutils-2.0.43.tgz
|
||||
policycoreutils-2.0.44.tgz
|
||||
policycoreutils-2.0.46.tgz
|
||||
policycoreutils-2.0.47.tgz
|
||||
policycoreutils-2.0.49.tgz
|
||||
policycoreutils-2.0.50.tgz
|
||||
sepolgen-1.0.12.tgz
|
||||
policycoreutils-2.0.51.tgz
|
||||
policycoreutils-2.0.52.tgz
|
||||
policycoreutils_man_ru2.tar.bz2
|
2
Makefile
2
Makefile
|
@ -4,7 +4,7 @@ NAME := policycoreutils
|
|||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
|
File diff suppressed because it is too large
Load Diff
331373
policycoreutils-po.patch
331373
policycoreutils-po.patch
File diff suppressed because it is too large
Load Diff
|
@ -1,114 +1,15 @@
|
|||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2why/audit2why.c policycoreutils-2.0.31/audit2why/audit2why.c
|
||||
--- nsapolicycoreutils/audit2why/audit2why.c 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/audit2why/audit2why.c 2007-11-02 15:54:42.000000000 -0400
|
||||
@@ -137,6 +137,8 @@
|
||||
/* Process the audit messages. */
|
||||
while (getline(&buffer, &len, stdin) > 0) {
|
||||
size_t len2 = strlen(buffer);
|
||||
+ char *begin, *end, *search_buf;
|
||||
+ int slen = 0;
|
||||
|
||||
if (buffer[len2 - 1] == '\n')
|
||||
buffer[len2 - 1] = 0;
|
||||
@@ -179,6 +181,7 @@
|
||||
}
|
||||
*p++ = 0;
|
||||
|
||||
+ search_buf = p;
|
||||
/* Get scontext and convert to SID. */
|
||||
while (*p && strncmp(p, SCONTEXT, sizeof(SCONTEXT) - 1))
|
||||
p++;
|
||||
@@ -188,11 +191,14 @@
|
||||
continue;
|
||||
}
|
||||
p += sizeof(SCONTEXT) - 1;
|
||||
- scon = p;
|
||||
+ begin = p;
|
||||
while (*p && !isspace(*p))
|
||||
p++;
|
||||
- if (*p)
|
||||
- *p++ = 0;
|
||||
+ end = p;
|
||||
+ slen=end - begin;
|
||||
+ scon = calloc(slen+1, 1);
|
||||
+ strncpy(scon, begin, slen);
|
||||
+
|
||||
rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr,
|
||||
@@ -201,6 +207,10 @@
|
||||
continue;
|
||||
}
|
||||
|
||||
+ free(scon);
|
||||
+ /* start searching at the beginning again */
|
||||
+ p = search_buf;
|
||||
+
|
||||
/* Get tcontext and convert to SID. */
|
||||
while (*p && strncmp(p, TCONTEXT, sizeof(TCONTEXT) - 1))
|
||||
p++;
|
||||
@@ -210,11 +220,15 @@
|
||||
continue;
|
||||
}
|
||||
p += sizeof(TCONTEXT) - 1;
|
||||
- tcon = p;
|
||||
+
|
||||
+ begin = p;
|
||||
while (*p && !isspace(*p))
|
||||
p++;
|
||||
- if (*p)
|
||||
- *p++ = 0;
|
||||
+ end = p;
|
||||
+ slen=end - begin;
|
||||
+ tcon = calloc(slen+1, 1);
|
||||
+ strncpy(tcon, begin, slen);
|
||||
+
|
||||
rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
|
||||
if (rc < 0) {
|
||||
fprintf(stderr,
|
||||
@@ -222,6 +236,9 @@
|
||||
TCONTEXT, tcon, lineno);
|
||||
continue;
|
||||
}
|
||||
+ free(tcon);
|
||||
+ /* start searching at the beginning again */
|
||||
+ p = search_buf;
|
||||
|
||||
/* Get tclass= and convert to value. */
|
||||
while (*p && strncmp(p, TCLASS, sizeof(TCLASS) - 1))
|
||||
@@ -232,12 +249,17 @@
|
||||
continue;
|
||||
}
|
||||
p += sizeof(TCLASS) - 1;
|
||||
- tclassstr = p;
|
||||
+ begin = p;
|
||||
while (*p && !isspace(*p))
|
||||
p++;
|
||||
- if (*p)
|
||||
- *p = 0;
|
||||
+
|
||||
+ end = p;
|
||||
+ slen=end - begin;
|
||||
+ tclassstr = calloc(slen+1, 1);
|
||||
+ strncpy(tclassstr, begin, slen);
|
||||
+
|
||||
tclass = string_to_security_class(tclassstr);
|
||||
+ free(tclassstr);
|
||||
if (!tclass) {
|
||||
fprintf(stderr,
|
||||
"Invalid %s%s on line %u, skipping...\n",
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.31/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/Makefile 2007-11-02 15:54:42.000000000 -0400
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.52/Makefile
|
||||
--- nsapolicycoreutils/Makefile 2008-07-02 17:19:34.000000000 -0400
|
||||
+++ policycoreutils-2.0.52/Makefile 2008-07-29 15:48:03.000000000 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||
|
||||
all install relabel clean indent:
|
||||
@for subdir in $(SUBDIRS); do \
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.31/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/restorecond/restorecond.c 2007-11-02 15:54:42.000000000 -0400
|
||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.52/restorecond/restorecond.c
|
||||
--- nsapolicycoreutils/restorecond/restorecond.c 2008-07-02 17:19:34.000000000 -0400
|
||||
+++ policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-29 15:48:03.000000000 -0400
|
||||
@@ -210,9 +210,10 @@
|
||||
}
|
||||
|
||||
|
@ -135,298 +36,394 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po
|
|||
}
|
||||
free(scontext);
|
||||
close(fd);
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.31/scripts/chcat
|
||||
--- nsapolicycoreutils/scripts/chcat 2007-08-23 16:52:26.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/scripts/chcat 2007-11-19 13:11:19.000000000 -0500
|
||||
@@ -25,10 +25,6 @@
|
||||
import commands, sys, os, pwd, string, getopt, selinux
|
||||
import seobject
|
||||
import gettext
|
||||
-import codecs
|
||||
-import locale
|
||||
-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
|
||||
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.52/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2008-07-02 17:19:34.000000000 -0400
|
||||
+++ policycoreutils-2.0.52/semanage/semanage 2008-07-29 15:48:20.000000000 -0400
|
||||
@@ -45,13 +45,13 @@
|
||||
def usage(message = ""):
|
||||
print _("""
|
||||
semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
|
||||
-semanage login -{a|d|m} [-sr] login_name
|
||||
-semanage user -{a|d|m} [-LrRP] selinux_name
|
||||
+semanage login -{a|d|m} [-srF] login_name | login_file
|
||||
+semanage user -{a|d|m} [-LrRPF] selinux_name | user_file
|
||||
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
|
||||
semanage interface -{a|d|m} [-tr] interface_spec
|
||||
-semanage fcontext -{a|d|m} [-frst] file_spec
|
||||
+semanage fcontext -{a|d|m} [-frstF] file_spec | fcontext_file
|
||||
semanage translation -{a|d|m} [-T] level
|
||||
-semanage boolean -{d|m} boolean
|
||||
+semanage boolean -{d|m} [-F] boolean | boolean_file
|
||||
semanage permissive -{d|a} type
|
||||
|
||||
try:
|
||||
gettext.install('policycoreutils')
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.31/scripts/fixfiles
|
||||
--- nsapolicycoreutils/scripts/fixfiles 2007-08-23 16:52:26.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/scripts/fixfiles 2007-11-16 16:30:21.000000000 -0500
|
||||
@@ -92,7 +92,7 @@
|
||||
! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o \
|
||||
\( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
|
||||
done 2> /dev/null | \
|
||||
- ${RESTORECON} $2 -v -f -
|
||||
+ ${RESTORECON} $2 -f -
|
||||
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
|
||||
fi
|
||||
}
|
||||
@@ -189,21 +189,27 @@
|
||||
case "$i" in
|
||||
f)
|
||||
fullFlag=1
|
||||
+ shift 1
|
||||
;;
|
||||
R)
|
||||
RPMFILES=$OPTARG
|
||||
+ shift 2
|
||||
;;
|
||||
o)
|
||||
OUTFILES=$OPTARG
|
||||
+ shift 2
|
||||
;;
|
||||
l)
|
||||
LOGFILE=$OPTARG
|
||||
+ shift 2
|
||||
;;
|
||||
C)
|
||||
PREFC=$OPTARG
|
||||
+ shift 2
|
||||
;;
|
||||
F)
|
||||
FORCEFLAG="-F"
|
||||
+ shift 1
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
@@ -211,10 +217,8 @@
|
||||
esac
|
||||
done
|
||||
Primary Options:
|
||||
@@ -79,6 +79,7 @@
|
||||
-l (symbolic link)
|
||||
-p (named pipe)
|
||||
|
||||
-
|
||||
# Check for the command
|
||||
-eval command=\$${OPTIND}
|
||||
-let OPTIND=$OPTIND+1
|
||||
+command=$1
|
||||
if [ -z $command ]; then
|
||||
usage
|
||||
fi
|
||||
@@ -223,17 +227,15 @@
|
||||
# check if they specified both DIRS and RPMFILES
|
||||
#
|
||||
|
||||
+shift 1
|
||||
if [ ! -z "$RPMFILES" ]; then
|
||||
- if [ $OPTIND -le $# ]; then
|
||||
+ if [ $# -gt 0 ]; then
|
||||
usage
|
||||
fi
|
||||
else
|
||||
- while [ $OPTIND -le $# ]; do
|
||||
- eval DIR=\$${OPTIND}
|
||||
- DIRS="$DIRS $DIR"
|
||||
- let OPTIND=$OPTIND+1
|
||||
- done
|
||||
+ DIRS=$*
|
||||
fi
|
||||
+
|
||||
#
|
||||
# Make sure they specified one of the three valid commands
|
||||
#
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.31/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2007-10-05 13:09:53.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/semanage/semanage 2007-11-19 13:10:07.000000000 -0500
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005 Red Hat
|
||||
+# Copyright (C) 2005, 2006, 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# semanage is a tool for managing SELinux configuration files
|
||||
@@ -28,10 +28,6 @@
|
||||
import gettext
|
||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||
gettext.textdomain(PROGNAME)
|
||||
-import codecs
|
||||
-import locale
|
||||
-sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
|
||||
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
|
||||
|
||||
try:
|
||||
gettext.install(PROGNAME,
|
||||
@@ -115,7 +111,7 @@
|
||||
+ -F, --file Treat target as an input file for command, change multiple settings
|
||||
-p, --proto Port protocol (tcp or udp)
|
||||
-P, --prefix Prefix for home directory labeling
|
||||
-L, --level Default SELinux Level (MLS/MCS Systems only)
|
||||
@@ -102,19 +103,19 @@
|
||||
valid_option={}
|
||||
valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
|
||||
valid_option["login"] = []
|
||||
- valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
|
||||
+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range', "-F", "--file"]
|
||||
valid_option["user"] = []
|
||||
- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
|
||||
+ valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix', "-F", "--file"]
|
||||
valid_option["port"] = []
|
||||
valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
|
||||
valid_option["interface"] = []
|
||||
valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
|
||||
valid_option["fcontext"] = []
|
||||
- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
|
||||
+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range', "-F", "--file"]
|
||||
valid_option["translation"] = []
|
||||
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
|
||||
valid_option["boolean"] = []
|
||||
- valid_option["boolean"] += valid_everyone
|
||||
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
|
||||
- valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
|
||||
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
|
||||
valid_option["permissive"] = []
|
||||
valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
|
||||
return valid_option
|
||||
|
||||
#
|
||||
@@ -135,7 +131,7 @@
|
||||
@@ -134,15 +135,16 @@
|
||||
setrans = ""
|
||||
roles = ""
|
||||
seuser = ""
|
||||
prefix = ""
|
||||
- prefix = ""
|
||||
+ prefix = "user"
|
||||
heading=1
|
||||
-
|
||||
+ value=0
|
||||
add = 0
|
||||
modify = 0
|
||||
delete = 0
|
||||
@@ -154,7 +150,7 @@
|
||||
- value=0
|
||||
- add = 0
|
||||
- modify = 0
|
||||
- delete = 0
|
||||
- deleteall = 0
|
||||
- list = 0
|
||||
- locallist = 0
|
||||
+ value = None
|
||||
+ add = False
|
||||
+ modify = False
|
||||
+ delete = False
|
||||
+ deleteall = False
|
||||
+ list = False
|
||||
+ locallist = False
|
||||
+ use_file = False
|
||||
store = ""
|
||||
if len(sys.argv) < 3:
|
||||
usage(_("Requires 2 or more arguments"))
|
||||
@@ -155,11 +157,12 @@
|
||||
args = sys.argv[2:]
|
||||
|
||||
gopts, cmds = getopt.getopt(args,
|
||||
- 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
|
||||
+ '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
|
||||
- '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
|
||||
+ '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:',
|
||||
['add',
|
||||
'delete',
|
||||
'deleteall',
|
||||
@@ -164,6 +160,8 @@
|
||||
'ftype=',
|
||||
+ 'file',
|
||||
'help',
|
||||
'list',
|
||||
'modify',
|
||||
'noheading',
|
||||
'localist',
|
||||
+ 'off',
|
||||
+ 'on',
|
||||
'proto=',
|
||||
'seuser=',
|
||||
'store=',
|
||||
@@ -242,6 +240,11 @@
|
||||
if o == "-T" or o == "--trans":
|
||||
@@ -185,18 +188,22 @@
|
||||
if o == "-a" or o == "--add":
|
||||
if modify or delete:
|
||||
usage()
|
||||
- add = 1
|
||||
+ add = True
|
||||
|
||||
if o == "-d" or o == "--delete":
|
||||
if modify or add:
|
||||
usage()
|
||||
- delete = 1
|
||||
+ delete = True
|
||||
if o == "-D" or o == "--deleteall":
|
||||
if modify:
|
||||
usage()
|
||||
- deleteall = 1
|
||||
+ deleteall = True
|
||||
if o == "-f" or o == "--ftype":
|
||||
ftype=a
|
||||
+
|
||||
+ if o == "-F" or o == "--file":
|
||||
+ use_file = True
|
||||
+
|
||||
if o == "-h" or o == "--help":
|
||||
usage()
|
||||
|
||||
@@ -204,12 +211,12 @@
|
||||
heading=0
|
||||
|
||||
if o == "-C" or o == "--locallist":
|
||||
- locallist=1
|
||||
+ locallist = True
|
||||
|
||||
if o == "-m"or o == "--modify":
|
||||
if delete or add:
|
||||
usage()
|
||||
- modify = 1
|
||||
+ modify = True
|
||||
|
||||
if o == "-S" or o == '--store':
|
||||
store = a
|
||||
@@ -220,7 +227,7 @@
|
||||
serange = a
|
||||
|
||||
if o == "-l" or o == "--list":
|
||||
- list = 1
|
||||
+ list = True
|
||||
|
||||
if o == "-L" or o == '--level':
|
||||
if is_mls_enabled == 0:
|
||||
@@ -246,9 +253,9 @@
|
||||
setrans = a
|
||||
|
||||
+ if o == "--on" or o == "-1":
|
||||
+ value = 1
|
||||
+ if o == "-off" or o == "-0":
|
||||
+ value = 0
|
||||
+
|
||||
if o == "--on" or o == "-1":
|
||||
- value = 1
|
||||
- if o == "-off" or o == "-0":
|
||||
- value = 0
|
||||
+ value = "on"
|
||||
+ if o == "--off" or o == "-0":
|
||||
+ value = "off"
|
||||
|
||||
if object == "login":
|
||||
OBJECT = seobject.loginRecords(store)
|
||||
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.10 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.31/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2007-10-07 21:46:43.000000000 -0400
|
||||
+++ policycoreutils-2.0.31/semanage/seobject.py 2007-11-19 17:35:04.000000000 -0500
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/python -E
|
||||
-# Copyright (C) 2005 Red Hat
|
||||
+# Copyright (C) 2005, 2006, 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# semanage is a tool for managing SELinux configuration files
|
||||
@@ -88,6 +88,35 @@
|
||||
@@ -275,7 +282,10 @@
|
||||
OBJECT = seobject.permissiveRecords(store)
|
||||
|
||||
if list:
|
||||
- OBJECT.list(heading, locallist)
|
||||
+ if object == "boolean":
|
||||
+ OBJECT.list(heading, locallist, use_file)
|
||||
+ else:
|
||||
+ OBJECT.list(heading, locallist)
|
||||
sys.exit(0);
|
||||
|
||||
mylog = logger()
|
||||
if deleteall:
|
||||
@@ -295,11 +305,9 @@
|
||||
OBJECT.add(target, setrans)
|
||||
|
||||
+import sys, os
|
||||
+import re
|
||||
+import xml.etree.ElementTree
|
||||
+
|
||||
+booleans_dict={}
|
||||
+try:
|
||||
+ tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
|
||||
+ for l in tree.findall("layer"):
|
||||
+ for m in l.findall("module"):
|
||||
+ for b in m.findall("tunable"):
|
||||
+ desc = b.find("desc").find("p").text.strip("\n")
|
||||
+ desc = re.sub("\n", " ", desc)
|
||||
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
|
||||
+ for b in m.findall("bool"):
|
||||
+ desc = b.find("desc").find("p").text.strip("\n")
|
||||
+ desc = re.sub("\n", " ", desc)
|
||||
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
|
||||
+ for i in tree.findall("bool"):
|
||||
+ desc = i.find("desc").find("p").text.strip("\n")
|
||||
+ desc = re.sub("\n", " ", desc)
|
||||
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
|
||||
+ for i in tree.findall("tunable"):
|
||||
+ desc = i.find("desc").find("p").text.strip("\n")
|
||||
+ desc = re.sub("\n", " ", desc)
|
||||
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
|
||||
+except IOError, e:
|
||||
+ #print _("Failed to translate booleans.\n%s") % e
|
||||
+ pass
|
||||
+
|
||||
def validate_level(raw):
|
||||
sensitivity = "s[0-9]*"
|
||||
category = "c[0-9]*"
|
||||
@@ -139,7 +168,7 @@
|
||||
translations = fd.readlines()
|
||||
fd.close()
|
||||
except IOError, e:
|
||||
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
|
||||
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
|
||||
if object == "user":
|
||||
- rlist = roles.split()
|
||||
- if len(rlist) == 0:
|
||||
- raise ValueError(_("You must specify a role"))
|
||||
- if prefix == "":
|
||||
- raise ValueError(_("You must specify a prefix"))
|
||||
+ rlist = []
|
||||
+ if not use_file:
|
||||
+ rlist = roles.split()
|
||||
OBJECT.add(target, rlist, selevel, serange, prefix)
|
||||
|
||||
if object == "port":
|
||||
@@ -317,7 +325,7 @@
|
||||
|
||||
self.ddict = {}
|
||||
self.comments = []
|
||||
@@ -236,9 +265,6 @@
|
||||
if rc < 0:
|
||||
semanage_handle_destroy(self.sh)
|
||||
raise ValueError(_("Could not establish semanage connection"))
|
||||
- def deleteall(self):
|
||||
- raise ValueError(_("Not yet implemented"))
|
||||
-
|
||||
if modify:
|
||||
if object == "boolean":
|
||||
- OBJECT.modify(target, value)
|
||||
+ OBJECT.modify(target, value, use_file)
|
||||
|
||||
class loginRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
@@ -1095,7 +1121,13 @@
|
||||
if object == "login":
|
||||
OBJECT.modify(target, seuser, serange)
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.52/semanage/semanage.8
|
||||
--- nsapolicycoreutils/semanage/semanage.8 2008-07-02 17:19:34.000000000 -0400
|
||||
+++ policycoreutils-2.0.52/semanage/semanage.8 2008-07-29 15:48:03.000000000 -0400
|
||||
@@ -3,9 +3,9 @@
|
||||
semanage \- SELinux Policy Management tool
|
||||
|
||||
return con
|
||||
|
||||
+ def validate(self, target):
|
||||
+ if target == "" or target.find("\n") >= 0:
|
||||
+ raise ValueError(_("Invalid file specification"))
|
||||
+
|
||||
def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
|
||||
+ self.validate(target)
|
||||
.SH "SYNOPSIS"
|
||||
-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n]
|
||||
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n] [\-S store]
|
||||
.br
|
||||
-.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
|
||||
+.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
|
||||
.br
|
||||
.B semanage login \-{a|d|m} [\-sr] login_name
|
||||
.br
|
||||
@@ -54,6 +54,11 @@
|
||||
File Type. This is used with fcontext.
|
||||
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
|
||||
.TP
|
||||
+.I \-F, \-\-file
|
||||
+Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
|
||||
+
|
||||
if is_mls_enabled == 1:
|
||||
serange = untranslate(serange)
|
||||
+Currently booleans only.
|
||||
+.TP
|
||||
.I \-h, \-\-help
|
||||
display this message
|
||||
.TP
|
||||
@@ -87,6 +92,9 @@
|
||||
.I \-s, \-\-seuser
|
||||
SELinux user name
|
||||
.TP
|
||||
+.I \-S, \-\-store
|
||||
+Select and alternate SELinux store to manage
|
||||
+.TP
|
||||
.I \-t, \-\-type
|
||||
SELinux Type for the object
|
||||
.TP
|
||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.13 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.52/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2008-07-02 17:19:34.000000000 -0400
|
||||
+++ policycoreutils-2.0.52/semanage/seobject.py 2008-07-29 15:48:15.000000000 -0400
|
||||
@@ -330,20 +330,15 @@
|
||||
for name in dirs:
|
||||
os.rmdir(os.path.join(root, name))
|
||||
|
||||
- if rc != 0:
|
||||
- raise ValueError(out)
|
||||
-
|
||||
-
|
||||
def delete(self, name):
|
||||
for n in name.split():
|
||||
rc = semanage_module_remove(self.sh, "permissive_%s" % n)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name)
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name)
|
||||
|
||||
@@ -1154,6 +1186,7 @@
|
||||
def modify(self, target, setype, ftype, serange, seuser):
|
||||
if serange == "" and setype == "" and seuser == "":
|
||||
raise ValueError(_("Requires setype, serange or seuser"))
|
||||
+ self.validate(target)
|
||||
|
||||
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
||||
if rc < 0:
|
||||
@@ -1304,6 +1337,7 @@
|
||||
print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
|
||||
|
||||
class booleanRecords(semanageRecords):
|
||||
+
|
||||
-
|
||||
def deleteall(self):
|
||||
l = self.get_all()
|
||||
if len(l) > 0:
|
||||
@@ -567,7 +562,11 @@
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
|
||||
@@ -1328,11 +1362,14 @@
|
||||
if value != "":
|
||||
nvalue = int(value)
|
||||
semanage_bool_set_value(b, nvalue)
|
||||
+ else:
|
||||
+ raise ValueError(_("You must specify a value"))
|
||||
- def add(self, name, roles, selevel, serange, prefix):
|
||||
+ def add(self, name, roles, selevel, serange, prefix, use_file = False):
|
||||
+
|
||||
+ if len(roles) == 0:
|
||||
+ raise ValueError(_("You must specify a role"))
|
||||
+
|
||||
if is_mls_enabled == 1:
|
||||
if serange == "":
|
||||
serange = "s0"
|
||||
@@ -1447,54 +1446,72 @@
|
||||
class booleanRecords(semanageRecords):
|
||||
def __init__(self, store = ""):
|
||||
semanageRecords.__init__(self, store)
|
||||
+ self.dict={}
|
||||
+ self.dict["TRUE"] = 1
|
||||
+ self.dict["FALSE"] = 0
|
||||
+ self.dict["ON"] = 1
|
||||
+ self.dict["OFF"] = 0
|
||||
+ self.dict["1"] = 1
|
||||
+ self.dict["0"] = 0
|
||||
|
||||
- def modify(self, name, value = ""):
|
||||
- if value == "":
|
||||
- raise ValueError(_("Requires value"))
|
||||
-
|
||||
- (rc,k) = semanage_bool_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError(_("Could not create a key for %s") % name)
|
||||
-
|
||||
- (rc,exists) = semanage_bool_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError(_("Could not check if boolean %s is defined") % name)
|
||||
- if not exists:
|
||||
- raise ValueError(_("Boolean %s is not defined") % name)
|
||||
-
|
||||
- (rc,b) = semanage_bool_query(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError(_("Could not query file context %s") % name)
|
||||
+ def __mod(self, name, value):
|
||||
+ (rc,k) = semanage_bool_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not create a key for %s") % name)
|
||||
+ (rc,exists) = semanage_bool_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not check if boolean %s is defined") % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError(_("Boolean %s is not defined") % name)
|
||||
+
|
||||
+ (rc,b) = semanage_bool_query(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not query file context %s") % name)
|
||||
|
||||
- if value != "":
|
||||
- nvalue = int(value)
|
||||
- semanage_bool_set_value(b, nvalue)
|
||||
+ if value.upper() in self.dict:
|
||||
+ semanage_bool_set_value(b, self.dict[value.upper()])
|
||||
else:
|
||||
- raise ValueError(_("You must specify a value"))
|
||||
+ raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
|
||||
+
|
||||
+ rc = semanage_bool_set_active(self.sh, k, b)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not set active value of boolean %s") % name)
|
||||
+ rc = semanage_bool_modify_local(self.sh, k, b)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not modify boolean %s") % name)
|
||||
+ semanage_bool_key_free(k)
|
||||
+ semanage_bool_free(b)
|
||||
|
||||
+ def modify(self, name, value=None, use_file=False):
|
||||
+
|
||||
rc = semanage_begin_transaction(self.sh)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not start semanage transaction"))
|
||||
-
|
||||
- rc = semanage_bool_set_active(self.sh, k, b)
|
||||
- if rc < 0:
|
||||
- raise ValueError(_("Could not set active value of boolean %s") % name)
|
||||
- rc = semanage_bool_modify_local(self.sh, k, b)
|
||||
- if rc < 0:
|
||||
- raise ValueError(_("Could not modify boolean %s") % name)
|
||||
+ if use_file:
|
||||
+ fd = open(name)
|
||||
+ for b in fd.read().split("\n"):
|
||||
+ b = b.strip()
|
||||
+ if len(b) == 0:
|
||||
+ continue
|
||||
+
|
||||
+ try:
|
||||
+ boolname, val = b.split("=")
|
||||
+ except ValueError, e:
|
||||
+ raise ValueError(_("Bad format %s: Record %s" % ( name, b) ))
|
||||
+ self.__mod(boolname.strip(), val.strip())
|
||||
+ fd.close()
|
||||
+ else:
|
||||
+ self.__mod(name, value)
|
||||
|
||||
+ rc = semanage_bool_set_active(self.sh, k, b)
|
||||
rc = semanage_bool_modify_local(self.sh, k, b)
|
||||
rc = semanage_commit(self.sh)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not modify boolean %s") % name)
|
||||
@@ -1416,11 +1453,25 @@
|
||||
|
||||
- semanage_bool_key_free(k)
|
||||
- semanage_bool_free(b)
|
||||
-
|
||||
def delete(self, name):
|
||||
- (rc,k) = semanage_bool_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError(_("Could not create a key for %s") % name)
|
||||
|
||||
return ddict
|
||||
|
||||
+ def get_desc(self, boolean):
|
||||
+ if boolean in booleans_dict:
|
||||
+ return _(booleans_dict[boolean][2])
|
||||
+ else:
|
||||
+ return boolean
|
||||
+
|
||||
+ def get_category(self, boolean):
|
||||
+ if boolean in booleans_dict:
|
||||
+ return _(booleans_dict[boolean][0])
|
||||
+ else:
|
||||
+ return _("unknown")
|
||||
+
|
||||
def list(self, heading = 1, locallist = 0):
|
||||
+ on_off = (_("off"),_("on"))
|
||||
+ (rc,k) = semanage_bool_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError(_("Could not create a key for %s") % name)
|
||||
(rc,exists) = semanage_bool_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not check if boolean %s is defined") % name)
|
||||
@@ -1571,8 +1588,15 @@
|
||||
else:
|
||||
return _("unknown")
|
||||
|
||||
- def list(self, heading = 1, locallist = 0):
|
||||
+ def list(self, heading = True, locallist = False, use_file = False):
|
||||
on_off = (_("off"),_("on"))
|
||||
+ if use_file:
|
||||
+ ddict = self.get_all(locallist)
|
||||
+ keys = ddict.keys()
|
||||
+ for k in keys:
|
||||
+ if ddict[k]:
|
||||
+ print "%s=%s" % (k, ddict[k][2])
|
||||
+ return
|
||||
if heading:
|
||||
- print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") )
|
||||
+ print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
|
||||
print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
|
||||
ddict = self.get_all(locallist)
|
||||
keys = ddict.keys()
|
||||
for k in keys:
|
||||
if ddict[k]:
|
||||
- print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2])
|
||||
+ print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
|
||||
+
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.49/sepolgen-1.0.13/src/sepolgen/refparser.py
|
||||
--- nsasepolgen/src/sepolgen/refparser.py 2008-06-13 23:25:26.000000000 -0400
|
||||
+++ policycoreutils-2.0.49/sepolgen-1.0.13/src/sepolgen/refparser.py 2008-06-27 07:21:06.000000000 -0400
|
||||
@@ -919,7 +919,7 @@
|
||||
def list_headers(root):
|
||||
modules = []
|
||||
support_macros = None
|
||||
- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
|
||||
+ blacklist = ["uml.if", "thunderbird.if"]
|
||||
|
||||
for dirpath, dirnames, filenames in os.walk(root):
|
||||
for name in filenames:
|
|
@ -1,12 +1,12 @@
|
|||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.0.10-1
|
||||
%define libsepolver 2.0.19-1
|
||||
%define libsemanagever 2.0.5-1
|
||||
%define libselinuxver 2.0.34-1
|
||||
%define sepolgenver 1.0.10
|
||||
%define libselinuxver 2.0.46-5
|
||||
%define sepolgenver 1.0.13
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.32
|
||||
Release: 2%{?dist}
|
||||
Version: 2.0.52
|
||||
Release: 8%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
@ -18,12 +18,13 @@ Source4: system-config-selinux.pam
|
|||
Source5: system-config-selinux.console
|
||||
Source6: selinux-polgengui.desktop
|
||||
Source7: selinux-polgengui.console
|
||||
Source8: policycoreutils_man_ru2.tar.bz2
|
||||
Patch: policycoreutils-rhat.patch
|
||||
Patch1: policycoreutils-po.patch
|
||||
#Patch2: policycoreutils-sepolgen.patch
|
||||
Patch3: policycoreutils-gui.patch
|
||||
Patch4: policycoreutils-sepolgen.patch
|
||||
|
||||
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
||||
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
||||
Requires: libselinux >= %{libselinuxver} libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} coreutils audit-libs-python >= %{libauditver} checkpolicy libselinux-python
|
||||
Requires(post): /sbin/service /sbin/chkconfig
|
||||
|
@ -50,8 +51,8 @@ context.
|
|||
%setup -q -a 1
|
||||
%patch -p1 -b .rhat
|
||||
%patch1 -p1 -b .rhatpo
|
||||
#%patch2 -p1 -b .sepolgen
|
||||
%patch3 -p1 -b .gui
|
||||
%patch4 -p1 -b .sepolgen
|
||||
|
||||
%build
|
||||
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
||||
|
@ -60,6 +61,7 @@ make -C sepolgen-%{sepolgenver} LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optfla
|
|||
%install
|
||||
rm -rf %{buildroot}
|
||||
mkdir -p %{buildroot}/etc/rc.d/init.d
|
||||
mkdir -p %{buildroot}/var/lib/selinux
|
||||
mkdir -p %{buildroot}%{_bindir}
|
||||
mkdir -p %{buildroot}%{_sbindir}
|
||||
mkdir -p %{buildroot}/sbin
|
||||
|
@ -76,17 +78,17 @@ install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
|
|||
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
|
||||
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
|
||||
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/security/console.apps/selinux-polgengui
|
||||
tar -jxf %{SOURCE8} -C %{buildroot}/
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
|
||||
ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
|
||||
|
||||
desktop-file-install --vendor fedora \
|
||||
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
|
||||
--add-category X-Fedora \
|
||||
--add-category Settings \
|
||||
%{SOURCE3}
|
||||
|
||||
desktop-file-install --vendor fedora \
|
||||
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
|
||||
--add-category X-Fedora \
|
||||
%{SOURCE6}
|
||||
%find_lang %{name}
|
||||
|
||||
|
@ -108,10 +110,11 @@ Summary: SELinux configuration GUI
|
|||
Group: System Environment/Base
|
||||
Requires: policycoreutils = %{version}-%{release}
|
||||
Requires: gnome-python2, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
||||
Requires: usermode, rhpl
|
||||
Requires: usermode
|
||||
Requires: setools-console
|
||||
Requires: selinux-policy-devel
|
||||
Requires: python >= 2.4
|
||||
BuildRequires: desktop-file-utils
|
||||
Requires: selinux-policy-devel
|
||||
|
||||
%description gui
|
||||
system-config-selinux is a utility for managing the SELinux environment
|
||||
|
@ -159,25 +162,7 @@ rm -rf %{buildroot}
|
|||
%{_bindir}/semodule_expand
|
||||
%{_bindir}/semodule_link
|
||||
%{_bindir}/semodule_package
|
||||
%{_mandir}/man8/chcat.8.gz
|
||||
%{_mandir}/man8/restorecond.8.gz
|
||||
%{_mandir}/man8/restorecon.8.gz
|
||||
%{_mandir}/man8/sestatus.8.gz
|
||||
%{_mandir}/man8/semanage.8.gz
|
||||
%{_mandir}/man8/semodule.8.gz
|
||||
%{_mandir}/man8/semodule_deps.8.gz
|
||||
%{_mandir}/man8/semodule_link.8.gz
|
||||
%{_mandir}/man8/semodule_package.8.gz
|
||||
%{_mandir}/man8/semodule_expand.8.gz
|
||||
%{_mandir}/man8/setfiles.8.gz
|
||||
%{_mandir}/man8/fixfiles.8.gz
|
||||
%{_mandir}/man8/load_policy.8.gz
|
||||
%{_mandir}/man8/audit2why.8.gz
|
||||
%{_mandir}/man8/open_init_pty.8.gz
|
||||
%{_mandir}/man8/setsebool.8.gz
|
||||
%{_mandir}/man8/run_init.8.gz
|
||||
%{_mandir}/man1/audit2allow.1.gz
|
||||
%{_mandir}/man1/secon.1.gz
|
||||
%{_mandir}/*
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/newrole
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
|
@ -187,6 +172,7 @@ rm -rf %{buildroot}
|
|||
%dir %{_libdir}/python?.?/site-packages/sepolgen
|
||||
%{_libdir}/python?.?/site-packages/sepolgen/*
|
||||
%dir /var/lib/sepolgen
|
||||
%dir /var/lib/selinux
|
||||
/var/lib/sepolgen/perm_map
|
||||
|
||||
%preun
|
||||
|
@ -198,7 +184,6 @@ fi
|
|||
%post
|
||||
/sbin/chkconfig --add restorecond
|
||||
[ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen > /dev/null
|
||||
/usr/bin/sepolgen-ifgen > /dev/null
|
||||
exit 0
|
||||
|
||||
%postun
|
||||
|
@ -207,6 +192,215 @@ if [ "$1" -ge "1" ]; then
|
|||
fi
|
||||
|
||||
%changelog
|
||||
* Mon Aug 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-8
|
||||
- Add missing html_util.py file
|
||||
|
||||
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-6
|
||||
- Fix boolean handling
|
||||
- Upgrade to latest sepolgen
|
||||
- Update po patch
|
||||
|
||||
* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-5
|
||||
- Additial cleanup of boolean handling for semanage
|
||||
|
||||
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-4
|
||||
- Handle ranges of ports in gui
|
||||
|
||||
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-3
|
||||
- Fix indent problems in seobject
|
||||
|
||||
* Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-2
|
||||
- Add lockdown wizard
|
||||
- Allow semanage booleans to take an input file an process lots of booleans at once.
|
||||
|
||||
* Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-1
|
||||
- Default prefix to "user"
|
||||
|
||||
* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
|
||||
- Remove semodule use within semanage
|
||||
- Fix launching of polgengui from toolbar
|
||||
|
||||
* Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
|
||||
- Update to upstream
|
||||
* Fix audit2allow generation of role-type rules from Karl MacMillan.
|
||||
|
||||
* Tue Jun 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-10
|
||||
- Fix spelling of enforcement
|
||||
|
||||
* Mon Jun 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-8
|
||||
- Fix sepolgen/audit2allow handling of roles
|
||||
|
||||
* Mon Jun 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-7
|
||||
- Fix sepolgen-ifgen processing
|
||||
|
||||
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-6
|
||||
- Add deleteall to semanage permissive, cleanup error handling
|
||||
|
||||
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-5
|
||||
- Complete removal of rhpl requirement
|
||||
|
||||
* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-4
|
||||
- Add semanage permissive *
|
||||
|
||||
* Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-3
|
||||
- Fix fixfiles to cleanup /tmp and /var/tmp
|
||||
|
||||
* Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-2
|
||||
- Fix listing of types in gui
|
||||
|
||||
* Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-1
|
||||
- Update to upstream
|
||||
* Remove security_check_context calls for prefix validation from semanage.
|
||||
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
|
||||
|
||||
* Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-3
|
||||
- Remove /usr/share/locale/sr@Latn/LC_MESSAGES/policycoreutils.mo
|
||||
|
||||
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-2
|
||||
- Add rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* to fixfiles restore
|
||||
- So that mislabeled files will get removed on full relabel
|
||||
|
||||
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-1
|
||||
- Make restorecond not start by default
|
||||
- Fix polgengui to allow defining of confined roles.
|
||||
- Add patches from Lubomir Rintel <lkundrak@v3.sk>
|
||||
* Add necessary runtime dependencies on setools-console for -gui
|
||||
* separate stderr when run seinfo commands
|
||||
- Update to upstream
|
||||
* Update semanage man page for booleans from Dan Walsh.
|
||||
* Add further error checking to seobject.py for setting booleans.
|
||||
|
||||
* Fri Apr 18 2008 Matthias Clasen <mclasen@redhat.com> - 2.0.46-5
|
||||
- Uninvasive (ie no string or widget changes) HIG approximations
|
||||
in selinux-polgenui
|
||||
|
||||
* Fri Apr 18 2008 Matthias Clasen <mclasen@redhat.com> - 2.0.46-4
|
||||
- Move s-c-selinux to the right menu
|
||||
|
||||
* Sun Apr 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-3
|
||||
- Fix boolean descriptions
|
||||
- Fix semanage man page
|
||||
|
||||
* Wed Mar 19 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-2
|
||||
- Don't use prefix in gui
|
||||
|
||||
* Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-1
|
||||
- Update to upstream
|
||||
* Update audit2allow to report dontaudit cases from Dan Walsh.
|
||||
* Fix semanage port to use --proto from Caleb Case.
|
||||
|
||||
* Fri Feb 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.44-1
|
||||
- Update to upstream
|
||||
* Fix for segfault when conf file parse error occurs.
|
||||
|
||||
* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.43-2
|
||||
- Don't show tabs on polgengui
|
||||
|
||||
* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
|
||||
- Update to upstream
|
||||
* Merged fix fixfiles option processing from Vaclav Ovsik.
|
||||
- Added existing users, staff and user_t users to polgengui
|
||||
|
||||
* Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
|
||||
- Add messages for audit2allow DONTAUDIT
|
||||
|
||||
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-2
|
||||
- Add ability to transition to roles via polgengui
|
||||
|
||||
* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-1
|
||||
- Update to upstream
|
||||
* Make semodule_expand use sepol_set_expand_consume_base to reduce
|
||||
peak memory usage.
|
||||
|
||||
* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.41-1
|
||||
- Update to upstream
|
||||
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
|
||||
* Merged a second fixfiles -C fix from Marshall Miller.
|
||||
|
||||
|
||||
* Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.39-1
|
||||
- Don't initialize audit2allow for audit2why call. Use default
|
||||
- Update to upstream
|
||||
* Merged fixfiles -C fix from Marshall Miller.
|
||||
|
||||
* Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.38-1
|
||||
- Update to upstream
|
||||
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
|
||||
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
|
||||
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
|
||||
|
||||
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.37-1
|
||||
- Update to upstream
|
||||
* Merged replacement for audit2why from Dan Walsh.
|
||||
|
||||
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-2
|
||||
- Cleanup fixfiles -f message in man page
|
||||
|
||||
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
|
||||
- Update to upstream
|
||||
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
|
||||
* Merged sepolgen fixes from Dan Walsh.
|
||||
|
||||
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-5
|
||||
- handle files with spaces on upgrades
|
||||
|
||||
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-4
|
||||
- Add support in fixfiles for ext4 ext4dev and gfs2
|
||||
|
||||
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-3
|
||||
- Allow files with spaces to be used by setfiles
|
||||
|
||||
* Tue Jan 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-2
|
||||
- Add descriptions of booleans to audit2allow
|
||||
|
||||
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-1
|
||||
- Update to upstream
|
||||
* Merged support for non-interactive newrole command invocation from Tim Reed.
|
||||
|
||||
* Thu Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-8
|
||||
- Change to use selinux bindings to audit2why
|
||||
|
||||
* Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-7
|
||||
- Fix fixfiles to handle no args
|
||||
|
||||
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-5
|
||||
- Fix roles output when creating a module
|
||||
|
||||
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
|
||||
- Handle files with spaces in fixfiles
|
||||
|
||||
* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
|
||||
- Catch SELINUX_ERR with audit2allow and generate policy
|
||||
|
||||
* Thu Dec 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-2
|
||||
- Make sepolgen set error exit code when partial failure
|
||||
- audit2why now checks booleans for avc diagnosis
|
||||
|
||||
* Wed Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-1
|
||||
- Update to upstream
|
||||
* Update Makefile to not build restorecond if
|
||||
/usr/include/sys/inotify.h is not present
|
||||
|
||||
* Wed Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-4
|
||||
- Fix sepolgen to be able to parse Fedora 9 policy
|
||||
Handle ifelse statements
|
||||
Handle refpolicywarn inside of define
|
||||
Add init.if and inetd.if into parse
|
||||
Add parse_file to syntax error message
|
||||
|
||||
* Fri Dec 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-3
|
||||
- Add scroll bar to fcontext gui page
|
||||
|
||||
* Tue Dec 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-2
|
||||
- Add Russion Man pages
|
||||
|
||||
* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-1
|
||||
- Upgrade from NSA
|
||||
* Drop verbose output on fixfiles -C from Dan Walsh.
|
||||
* Fix argument handling in fixfiles from Dan Walsh.
|
||||
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
|
||||
- Fix handling of final screen in polgengui
|
||||
|
||||
* Sun Dec 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.32-2
|
||||
- Fix handling of disable selinux button in gui
|
||||
|
||||
|
|
5
sources
5
sources
|
@ -1,2 +1,3 @@
|
|||
eddb3e34fb982d752aa8cbed7b98f3d2 sepolgen-1.0.10.tgz
|
||||
1e400f1a84e8c9467ab895efc5935797 policycoreutils-2.0.32.tgz
|
||||
b6756a012c26f414e4a5f8f438ce2188 sepolgen-1.0.13.tgz
|
||||
311e95b3374fe1993fb91a303b6675b2 policycoreutils-2.0.52.tgz
|
||||
7915287c8377b768ccae7eb6dc736783 policycoreutils_man_ru2.tar.bz2
|
||||
|
|
Loading…
Reference in New Issue