diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.33.4/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2006-11-16 17:14:29.000000000 -0500 +++ policycoreutils-1.33.4/audit2allow/audit2allow 2006-11-22 14:51:29.000000000 -0500 @@ -25,6 +25,7 @@ # # from avc import * +import re if __name__ == '__main__': import commands, sys, os, getopt, selinux @@ -59,6 +60,11 @@ print msg sys.exit(1) + def verify_module(module): + m = re.findall("[^a-zA-Z]", module) + if len(m) != 0: + usage(_("Alphabetic Charaters Only")) + def errorExit(error): sys.stderr.write("%s: " % sys.argv[0]) sys.stderr.write("%s\n" % error) @@ -125,10 +131,12 @@ if module != "" or a[0] == "-": usage() module = a + verify_module(module) if o == "-M": if module != "" or output_ind or a[0] == "-": usage() module = a + verify_module(module) outfile = a+".te" buildPP = 1 if not os.path.exists("/usr/bin/checkmodule"): @@ -184,22 +192,26 @@ output.write(serules.out(requires, module)) output.flush() if buildPP: - cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module) - print _("Compiling policy") - print cmd - rc = commands.getstatusoutput(cmd) - if rc[0] == 0: - cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module) - if fc_file != "": - cmd = "%s -f %s" % (cmd, fc_file) - + if ref_ind: + cmd = "make -f /usr/share/selinux/devel/Makefile %s.pp" % module + print _("Compiling policy") + print cmd + rc = commands.getstatusoutput(cmd) + else: + cmd = "checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module) + print _("Compiling policy") print cmd rc = commands.getstatusoutput(cmd) if rc[0] == 0: - print _("\n******************** IMPORTANT ***********************\n") - print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module) - else: - errorExit(rc[1]) + cmd = "semodule_package -o %s.pp -m %s.mod" % (module, module) + if fc_file != "": + cmd = "%s -f %s" % (cmd, fc_file) + + print cmd + rc = commands.getstatusoutput(cmd) + if rc[0] == 0: + print _("\n******************** IMPORTANT ***********************\n") + print (_("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n") % module) else: errorExit(rc[1]) diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.4/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/booleansPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,200 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# +# Brent Fox +# Dan Walsh +# +# Copyright 2006 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import tempfile + +INSTALLPATH='/usr/share/system-config-securitylevel' +sys.path.append(INSTALLPATH) + +from Conf import * +import commands +ENFORCING=0 +PERMISSIVE=1 +DISABLED=2 +SELINUXDIR="/etc/selinux/" + +## +## I18N +## +PROGNAME="system-config-selinux" + +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class Translation: + def __init__(self): + self.translation={} + fd=open(INSTALLPATH + "/selinux.tbl","r") + lines=fd.readlines() + fd.close() + for i in lines: + try: + line=i.strip().split("_(\"") + key=line[0].strip() + category=line[1].split("\"")[0] + value=line[2].split("\"")[0] + self.translation[key]=(category,value) + except: + continue + + def get_category(self,key): + try: + return _(self.translation[key][0]) + except: + return _("Other") + + def get_value(self,key): + try: + return _(self.translation[key][1]) + except: + return key + +class Modifier: + def __init__(self,name, on, save): + self.on=on + self.name=name + self.save=save + + def set(self,value): + self.on=value + self.save=True + + def isOn(self): + return self.on + +class Boolean(Modifier): + def __init__(self,name, val, save=False): + Modifier.__init__(self,name, val, save) + +class Modifiers: + def __init__(self,store): + self.modifiers={} + self.translation=Translation() + self.store=store + self.store.clear() + + def add(self,name,val): + if name == "targeted_policy": + return + category=self.translation.get_category(name) + if not self.modifiers.has_key(category): + self.modifiers[category]={} + iter=self.store.append(None) + self.modifiers[category]["iter"] = iter + self.store.set_value(iter, 1, category) + self.store.set_value(iter, 3, False) + + self.modifiers[category][name]=val; + iter=self.store.append(self.modifiers[category]["iter"]) + self.store.set_value(iter, 0, val.isOn()) + self.store.set_value(iter, 1, self.translation.get_value(name)) + self.store.set_value(iter, 2, name) + self.store.set_value(iter, 3, True) + + def set(self,name,val): + category=self.translation.get_category(name) + self.modifiers[category][name].set(val) + + def isBoolean(self,name): + c=self.translation.get_category(name) + return isinstance(self.modifiers[c][name], Boolean) + + def get_booleans(self): + booleans={} + for c in self.modifiers.keys(): + for n in self.modifiers[c].keys(): + if isinstance(self.modifiers[c][n], Boolean): + booleans[n]=self.modifiers[c][n] + return booleans + +class booleansPage: + def __init__(self, xml, doDebug=None): + self.xml = xml + self.types=[] + self.selinuxsupport = True + self.translation = Translation() + self.typechanged = False + self.doDebug = doDebug + + # Bring in widgets from glade file. + self.typeHBox = xml.get_widget("typeHBox") + self.booleanSW = xml.get_widget("booleanSW") + self.booleansView = xml.get_widget("booleansView") + self.typeLabel = xml.get_widget("typeLabel") + self.modifySeparator = xml.get_widget("modifySeparator") + + listStore = gtk.ListStore(gobject.TYPE_STRING) + cell = gtk.CellRendererText() + + self.booleansStore = gtk.TreeStore(gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_PYOBJECT, gobject.TYPE_BOOLEAN) + self.booleansStore.set_sort_column_id(1, gtk.SORT_ASCENDING) + self.booleansView.set_model(self.booleansStore) + + checkbox = gtk.CellRendererToggle() + checkbox.connect("toggled", self.boolean_toggled) + col = gtk.TreeViewColumn('', checkbox, active = 0,visible=3) + col.set_fixed_width(20) + col.set_clickable(True) + self.booleansView.append_column(col) + + col = gtk.TreeViewColumn("", gtk.CellRendererText(), text=1) + self.booleansView.append_column(col) + self.refreshBooleans() + + def get_description(self): + return _("Boolean") + + def refreshBooleans(self): + self.modifiers=Modifiers(self.booleansStore) + booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n") + for i in booleansList: + rec=i.split() + name=rec[0] + if rec[2]=="on" or rec[2]=="active": + on=1 + else: + on=0 + self.modifiers.add(name,Boolean(name,on)) + + def boolean_toggled(self, widget, row): + if len(row) == 1: + return + iter = self.booleansStore.get_iter(row) + val = self.booleansStore.get_value(iter, 0) + key = self.booleansStore.get_value(iter, 2) + self.booleansStore.set_value(iter, 0 , not val) + self.modifiers.set(key, not val) + + setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) + commands.getstatusoutput(setsebool) diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-1.33.4/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/fcontextPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,158 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import seobject +from semanagePage import *; +from avc import context + +## +## I18N +## +PROGNAME="system-config-selinux" + +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class fcontextPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "fcontext", _("File Labeling")) + self.view = xml.get_widget("fcontextView") + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) +# self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=0) + col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(250) + + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("Selinux\nFile Context"), gtk.CellRendererText(), text=1) + + col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(250) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("File\nType"), gtk.CellRendererText(), text=2) + col.set_sort_column_id(2) + col.set_resizable(True) + self.view.append_column(col) + self.load() + self.fcontextEntry = xml.get_widget("fcontextEntry") + self.fcontextFileTypeCombo = xml.get_widget("fcontextFileTypeCombo") + liststore=self.fcontextFileTypeCombo.get_model() + for k in seobject.file_types: + if len(k) > 0 and k[0] != '-': + iter=liststore.append() + liststore.set_value(iter, 0, k) + iter = liststore.get_iter_first() + self.fcontextFileTypeCombo.set_active_iter(iter) + self.fcontextTypeEntry = xml.get_widget("fcontextTypeEntry") + self.fcontextMLSEntry = xml.get_widget("fcontextMLSEntry") + + def load(self): + self.fcontext=seobject.fcontextRecords() + fcon_list=self.fcontext.get_all() + self.store.clear() + for fcon in fcon_list: + iter=self.store.append() + self.store.set_value(iter, 0, fcon[0]) + self.store.set_value(iter, 2, fcon[1]) + if len(fcon) > 3: + rec="%s:%s:%s:%s " % (fcon[2], fcon[3],fcon[4], seobject.translate(fcon[5],False)) + else: + rec="<>" + self.store.set_value(iter, 1, rec) + self.view.get_selection().select_path ((0,)) + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.fcontextEntry.set_text(store.get_value(iter, 0)) + self.fcontextEntry.set_sensitive(False) + scontext = store.get_value(iter, 1) + scon=context(scontext) + self.fcontextTypeEntry.set_text(scon.type) + self.fcontextMLSEntry.set_text(scon.mls) + type=store.get_value(iter, 2) + liststore=self.fcontextFileTypeCombo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != type: + iter = liststore.iter_next(iter) + if iter != None: + self.fcontextFileTypeCombo.set_active_iter(iter) + self.fcontextFileTypeCombo.set_sensitive(False) + + def dialogClear(self): + self.fcontextEntry.set_text("") + self.fcontextEntry.set_sensitive(True) + self.fcontextFileTypeCombo.set_sensitive(True) + self.fcontextTypeEntry.set_text("") + self.fcontextMLSEntry.set_text("s0") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + fspec=store.get_value(iter, 0) + type=store.get_value(iter, 1) + self.fcontext.delete(fspec, type) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + fspec=self.fcontextEntry.get_text().strip() + type=self.fcontextTypeEntry.get_text().strip() + mls=self.fcontextMLSEntry.get_text().strip() + list_model=self.fcontextFileTypeCombo.get_model() + iter = self.fcontextFileTypeCombo.get_active_iter() + ftype=list_model.get_value(iter,0) + + self.fcontext.add(fspec, type, ftype, mls) + + iter=self.store.append() + self.store.set_value(iter, 0, fspec) + self.store.set_value(iter, 2, ftype) + self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) + + def modify(self): + fspec=self.fcontextEntry.get_text().strip() + type=self.fcontextTypeEntry.get_text().strip() + mls=self.fcontextMLSEntry.get_text().strip() + list_model=self.fcontextFileTypeCombo.get_model() + iter = self.fcontextFileTypeCombo.get_active_iter() + ftype=list_model.get_value(iter,0) + self.fcontext.modify(fspec, type, ftype, mls, "") + + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, fspec) + self.store.set_value(iter, 2, ftype) + self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-1.33.4/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/loginsPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,161 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class loginsPage(semanagePage): + def __init__(self, xml): + self.firstTime = False + semanagePage.__init__(self, xml, "logins", _("User Mapping")) + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Login\nName"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 1) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 2) + col.set_resizable(True) + self.view.append_column(col) + self.load() + self.loginsNameEntry = xml.get_widget("loginsNameEntry") + self.loginsSelinuxUserCombo = xml.get_widget("loginsSelinuxUserCombo") + self.loginsMLSEntry = xml.get_widget("loginsMLSEntry") + + def load(self): + self.login = seobject.loginRecords() + dict = self.login.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, 0, k) + self.store.set_value(iter, 1, dict[k][0]) + self.store.set_value(iter, 2, seobject.translate(dict[k][1])) + self.view.get_selection().select_path ((0,)) + + def __dialogSetup(self): + if self.firstTime == True: + return + self.firstTime = True + liststore = gtk.ListStore(gobject.TYPE_STRING) + self.loginsSelinuxUserCombo.set_model(liststore) + cell = gtk.CellRendererText() + self.loginsSelinuxUserCombo.pack_start(cell, True) + self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0) + + selusers = seobject.seluserRecords().get_all() + keys = selusers.keys() + keys.sort() + for k in keys: + if k != "system_u": + self.loginsSelinuxUserCombo.append_text(k) + + iter = liststore.get_iter_first() + while liststore.get_value(iter,0) != "user_u": + iter = liststore.iter_next(iter) + self.loginsSelinuxUserCombo.set_active_iter(iter) + + def dialogInit(self): + self.__dialogSetup() + store, iter = self.view.get_selection().get_selected() + self.loginsNameEntry.set_text(store.get_value(iter, 0)) + self.loginsNameEntry.set_sensitive(False) + + self.loginsMLSEntry.set_text(store.get_value(iter, 2)) + seuser = store.get_value(iter, 1) + liststore = self.loginsSelinuxUserCombo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != seuser: + iter = liststore.iter_next(iter) + if iter != None: + self.loginsSelinuxUserCombo.set_active_iter(iter) + + + def dialogClear(self): + self.__dialogSetup() + self.loginsNameEntry.set_text("") + self.loginsNameEntry.set_sensitive(True) + self.loginsMLSEntry.set_text("s0") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + login=store.get_value(iter, 0) + if login == "root" or login == "__default__": + raise ValueError(_("Login '%s' is required") % login) + + self.login.delete(login) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + target=self.loginsNameEntry.get_text().strip() + serange=self.loginsMLSEntry.get_text().strip() + if serange == "": + serange="s0" + list_model=self.loginsSelinuxUserCombo.get_model() + iter = self.loginsSelinuxUserCombo.get_active_iter() + seuser = list_model.get_value(iter,0) + self.login.add(target, seuser, serange) + iter = self.store.append() + self.store.set_value(iter, 0, target) + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + + def modify(self): + target=self.loginsNameEntry.get_text().strip() + serange=self.loginsMLSEntry.get_text().strip() + if serange == "": + serange = "s0" + list_model = self.loginsSelinuxUserCombo.get_model() + iter = self.loginsSelinuxUserCombo.get_active_iter() + seuser=list_model.get_value(iter,0) + self.login.modify(target, seuser, serange) + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, target) + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.4/gui/Makefile --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/Makefile 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,29 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr +SHAREDIR ?= $(PREFIX)/share/system-config-selinux + +TARGETS= \ +booleansPage.py \ +fcontextPage.py \ +loginsPage.py \ +mappingsPage.py \ +modulesPage.py \ +portsPage.py \ +semanagePage.py \ +statusPage.py \ +system-config-selinux.glade \ +translationsPage.py \ +usersPage.py + +all: $(TARGETS) system-config-selinux.py + +install: all + -mkdir -p $(SHAREDIR) + install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 644 $(TARGETS) $(SHAREDIR) + +clean: + +indent: + +relabel: diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-1.33.4/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/mappingsPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,54 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class loginsPage: + def __init__(self, xml): + self.xml = xml + self.view = xml.get_widget("mappingsView") + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + self.view.set_model(self.store) + self.login = loginRecords() + dict = self.login.get_all() + keys = dict.keys() + keys.sort() + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-1.33.4/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/modulesPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,161 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import commands +import libxml2 +import gobject +import sys +import seobject +import selinux +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class modulesPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "modules", _("Policy Module")) + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Module Name"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Version"), gtk.CellRendererText(), text = 1) + self.enable_audit_button = xml.get_widget("enableAuditButton") + self.enable_audit_button.connect("clicked", self.enable_audit) + self.disable_audit_button = xml.get_widget("disableAuditButton") + self.disable_audit_button.connect("clicked", self.disable_audit) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_func(1,self.sort_int, "") + status, self.policy_type = selinux.selinux_getpolicytype() + + self.load() + + def sort_int(self, treemodel, iter1, iter2, user_data): + try: + p1 = int(treemodel.get_value(iter1,1)) + p2 = int(treemodel.get_value(iter1,1)) + if p1 > p2: + return 1 + if p1 == p2: + return 0 + return -1 + except: + return 0 + + def load(self): + self.store.clear() + fd=os.popen("semodule -l") + l = fd.readlines() + fd.close() + for i in l: + module, ver = i.split('\t') + iter = self.store.append() + self.store.set_value(iter, 0, module.strip()) + self.store.set_value(iter, 1, ver.strip()) + + self.view.get_selection().select_path ((0,)) + + def delete(self): + store, iter = self.view.get_selection().get_selected() + module = store.get_value(iter, 0) + try: + status, output =commands.getstatusoutput("semodule -r %s" % module) + if status != 0: + self.error(output) + else: + store.remove(iter) + self.view.get_selection().select_path ((0,)) + + except ValueError, e: + self.error(e.args[0]) + + def enable_audit(self, button): + try: + status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/enableaudit.pp" % self.policy_type) + if status != 0: + self.error(output) + + except ValueError, e: + self.error(e.args[0]) + + def disable_audit(self, button): + try: + status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/base.pp" % self.policy_type) + if status != 0: + self.error(output) + + except ValueError, e: + self.error(e.args[0]) + + def propertiesDialog(self): + # Do nothing + return + + def addDialog(self): + dialog = gtk.FileChooserDialog(_("Load Policy Module"), + None, + gtk.FILE_CHOOSER_ACTION_OPEN, + (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, + gtk.STOCK_OPEN, gtk.RESPONSE_OK)) + dialog.set_default_response(gtk.RESPONSE_OK) + + filter = gtk.FileFilter() + filter.set_name("Policy Files") + filter.add_pattern("*.pp") + dialog.add_filter(filter) + + response = dialog.run() + if response == gtk.RESPONSE_OK: + self.add(dialog.get_filename()) + dialog.destroy() + + def add(self, file): + try: + status, output =commands.getstatusoutput("semodule -i %s" % file) + if status != 0: + self.error(output) + else: + self.load() + + except ValueError, e: + self.error(e.args[0]) + + + + + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-1.33.4/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/portsPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,214 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME = "policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +TYPE_COL = 0 +PROTOCOL_COL = 1 +MLS_COL = 2 +PORT_COL = 3 +try: + gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class portsPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "ports", "Network Port") + self.ports_name_entry = xml.get_widget("portsNameEntry") + self.ports_protocol_combo = xml.get_widget("portsProtocolCombo") + self.ports_number_entry = xml.get_widget("portsNumberEntry") + self.ports_mls_entry = xml.get_widget("portsMLSEntry") + self.ports_add_button = xml.get_widget("portsAddButton") + self.ports_properties_button = xml.get_widget("portsPropertiesButton") + self.ports_delete_button = xml.get_widget("portsDeleteButton") + self.ports_group_togglebutton = xml.get_widget("portsGroupTogglebutton") + self.ports_group_togglebutton.connect("toggled", self.group_toggle) + liststore = self.ports_protocol_combo.get_model() + iter = liststore.get_iter_first() + self.ports_protocol_combo.set_active_iter(iter) + self.init_store() + self.edit = True + self.load() + + def init_store(self): + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING , gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("SELinux Port\nType"), gtk.CellRendererText(), text = TYPE_COL) + col.set_sort_column_id(TYPE_COL) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_column_id(TYPE_COL, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("Protocol"), gtk.CellRendererText(), text = PROTOCOL_COL) + col.set_sort_column_id(PROTOCOL_COL) + col.set_resizable(True) + self.view.append_column(col) + + self.mls_col = gtk.TreeViewColumn(_("MLS/MCS\nLevel"), gtk.CellRendererText(), text = MLS_COL) + self.mls_col.set_resizable(True) + self.mls_col.set_sort_column_id(MLS_COL) + self.view.append_column(self.mls_col) + + col = gtk.TreeViewColumn(_("Port"), gtk.CellRendererText(), text = PORT_COL) + col.set_sort_column_id(PORT_COL) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_func(1,self.sort_int, "") + + def group_toggle(self, button): + self.edit = not button.get_active() + self.ports_add_button.set_sensitive(self.edit) + self.ports_properties_button.set_sensitive(self.edit) + self.ports_delete_button.set_sensitive(self.edit) + self.mls_col.set_visible(self.edit) + if on: + self.load() + else: + self.group_load() + + def sort_int(self, treemodel, iter1, iter2, user_data): + try: + p1 = int(treemodel.get_value(iter1,2)) + p2 = int(treemodel.get_value(iter1,2)) + if p1 > p2: + return 1 + if p1 == p2: + return 0 + return -1 + except: + return 0 + + def load(self): + self.port = seobject.portRecords() + dict = self.port.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + if k[0] == k[1]: + self.store.set_value(iter, PORT_COL, k[0]) + else: + rec = "%s-%s" % k + self.store.set_value(iter, PORT_COL, rec) + self.store.set_value(iter, TYPE_COL, dict[k][0]) + self.store.set_value(iter, PROTOCOL_COL, dict[k][1]) + self.store.set_value(iter, MLS_COL, dict[k][2]) + self.view.get_selection().select_path ((0,)) + + def group_load(self): + self.port = seobject.portRecords() + dict = self.port.get_all_by_type() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, TYPE_COL, k[0]) + self.store.set_value(iter, PROTOCOL_COL, k[1]) + self.store.set_value(iter, PORT_COL, ", ".join(dict[k])) + self.store.set_value(iter, MLS_COL, "") + self.view.get_selection().select_path ((0,)) + + def propertiesDialog(self): + if self.edit: + semanagePage.propertiesDialog(self) + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.ports_number_entry.set_text(store.get_value(iter, PORT_COL)) + self.ports_number_entry.set_sensitive(False) + self.ports_protocol_combo.set_sensitive(False) + self.ports_name_entry.set_text(store.get_value(iter, TYPE_COL)) + self.ports_mls_entry.set_text(store.get_value(iter, MLS_COL)) + protocol = store.get_value(iter, PROTOCOL_COL) + liststore = self.ports_protocol_combo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != protocol: + iter = liststore.iter_next(iter) + if iter != None: + self.ports_protocol_combo.set_active_iter(iter) + + def dialogClear(self): + self.ports_number_entry.set_text("") + self.ports_number_entry.set_sensitive(True) + self.ports_protocol_combo.set_sensitive(True) + self.ports_name_entry.set_text("") + self.ports_mls_entry.set_text("s0") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + port = store.get_value(iter, PORT_COL) + protocol = store.get_value(iter, 1) + try: + self.port.delete(port, protocol) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + target = self.ports_name_entry.get_text().strip() + mls = self.ports_mls_entry.get_text().strip() + port_number = self.ports_number_entry.get_text().strip() + if port_number == "": + port_number = "1" + list_model = self.ports_protocol_combo.get_model() + iter = self.ports_protocol_combo.get_active_iter() + protocol = list_model.get_value(iter,0) + self.port.add(port_number, protocol, mls, target) + iter = self.store.append() + self.store.set_value(iter, TYPE_COL, target) + self.store.set_value(iter, PORT_COL, port_number) + self.store.set_value(iter, PROTOCOL_COL, protocol) + self.store.set_value(iter, MLS_COL, mls) + + def modify(self): + target = self.ports_name_entry.get_text().strip() + mls = self.ports_mls_entry.get_text().strip() + port_number = self.ports_number_entry.get_text().strip() + list_model = self.ports_protocol_combo.get_model() + iter = self.ports_protocol_combo.get_active_iter() + protocol = list_model.get_value(iter,0) + self.port.modify(port_number, protocol, mls, target) + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, TYPE_COL, target) + self.store.set_value(iter, PORT_COL, port_number) + self.store.set_value(iter, PROTOCOL_COL, protocol) + self.store.set_value(iter, MLS_COL, mls) + + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.4/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/semanagePage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,109 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class semanagePage: + def __init__(self, xml, name, description): + self.xml = xml + self.view = xml.get_widget("%sView" % name) + self.dialog = xml.get_widget("%sDialog" % name) + self.view.connect("row_activated", self.rowActivated) + self.view.get_selection().connect("changed", self.itemSelected) + self.description = description; + + def get_description(self): + return self.description + + def itemSelected(self, args): + return + + def rowActivated(self, view, row, Column): + self.propertiesDialog() + + def verify(self, message, title="" ): + dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, + gtk.BUTTONS_YES_NO, + message) + dlg.set_title(title) + dlg.set_position(gtk.WIN_POS_MOUSE) + dlg.show_all() + rc = dlg.run() + dlg.destroy() + return rc + + def error(self, message): + dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, + gtk.BUTTONS_CLOSE, + message) + dlg.set_position(gtk.WIN_POS_MOUSE) + dlg.show_all() + dlg.run() + dlg.destroy() + + def deleteDialog(self): + store, iter = self.view.get_selection().get_selected() + if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(iter, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES: + self.delete() + + def addDialog(self): + self.dialogClear() + self.dialog.set_title(_("Add %s" % self.description)) + self.dialog.set_position(gtk.WIN_POS_MOUSE) + + while self.dialog.run() == gtk.RESPONSE_OK: + try: + self.add() + break; + except ValueError, e: + self.error(e.args[0]) + self.dialog.hide() + + def propertiesDialog(self): + self.dialogInit() + self.dialog.set_title(_("Modify %s" % self.description)) + self.dialog.set_position(gtk.WIN_POS_MOUSE) + while self.dialog.run() == gtk.RESPONSE_OK: + try: + self.modify() + break; + except ValueError, e: + self.error(e.args[0]) + self.dialog.hide() + + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-1.33.4/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/statusPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,213 @@ +## statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import tempfile + +INSTALLPATH = '/usr/share/system-config-selinux' +sys.path.append(INSTALLPATH) + +rhplPath = "/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) +if not rhplPath in sys.path: + sys.path.append(rhplPath) + +rhplPath = "/usr/lib64/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) +if not rhplPath in sys.path: + sys.path.append(rhplPath) + +from Conf import * +import commands +ENFORCING = 0 +PERMISSIVE = 1 +DISABLED = 2 +modearray = ( "enforcing", "permissive", "disabled" ) + +SELINUXDIR = "/etc/selinux/" +RELABELFILE = "/.autorelabel" + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +import selinux +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class statusPage: + def __init__(self, xml): + self.xml = xml + self.needRelabel = False + + self.type = selinux.selinux_getpolicytype() + # Bring in widgets from glade file. + self.typeHBox = xml.get_widget("typeHBox") + self.selinuxTypeOptionMenu = xml.get_widget("selinuxTypeOptionMenu") + self.typeLabel = xml.get_widget("typeLabel") + self.enabledOptionMenu = xml.get_widget("enabledOptionMenu") + self.currentOptionMenu = xml.get_widget("currentOptionMenu") + self.relabel_checkbutton = xml.get_widget("relabelCheckbutton") + self.relabel_checkbutton.set_active(self.is_relabel()) + self.relabel_checkbutton.connect("toggled", self.on_relabel_toggle) + if self.get_current_mode() == ENFORCING or self.get_current_mode() == PERMISSIVE: + self.currentOptionMenu.append_text(_("Enforcing")) + self.currentOptionMenu.append_text(_("Permissive")) + self.currentOptionMenu.set_active(self.get_current_mode()) + self.currentOptionMenu.connect("changed", self.set_current_mode) + self.currentOptionMenu.set_sensitive(True) + else: + self.currentOptionMenu.append_text(_("Disabled")) + self.currentOptionMenu.set_sensitive(False) + + + if self.read_selinux_config() == None: + self.selinuxsupport = False + else: + self.enabledOptionMenu.connect("changed", self.enabled_changed) + # + # This line must come after read_selinux_config + # + self.selinuxTypeOptionMenu.connect("changed", self.typemenu_changed) + + self.typeLabel.set_mnemonic_widget(self.selinuxTypeOptionMenu) + + def get_description(self): + return _("Status") + + def get_current_mode(self): + if selinux.is_selinux_enabled(): + if selinux.security_getenforce() > 0: + return ENFORCING + else: + return PERMISSIVE + else: + return DISABLED + + def set_current_mode(self,menu): + selinux.security_setenforce(menu.get_active() == 0) + + def is_relabel(self): + return os.access(RELABELFILE, os.F_OK) != 0 + + def on_relabel_toggle(self,button): + if button.get_active(): + fd = open(RELABELFILE,"w") + fd.close() + else: + if os.access(RELABELFILE, os.F_OK) != 0: + os.unlink(RELABELFILE) + + def verify(self, message): + dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, + gtk.BUTTONS_YES_NO, + message) + dlg.set_position(gtk.WIN_POS_MOUSE) + dlg.show_all() + rc = dlg.run() + dlg.destroy() + return rc + + def typemenu_changed(self, menu): + type = self.get_type() + enabled = self.enabledOptionMenu.get_active() + if self.initialtype != type: + if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: + menu.set_active(self.typeHistory) + return None + + self.relabel_checkbutton.set_active(True) + self.conf["SELINUX"] = modearray[enabled] + self.conf["SELINUXTYPE"]=type + self.conf.write() + self.typeHistory = menu.get_active() + + def enabled_changed(self, combo): + enabled = combo.get_active() + type = self.get_type() + + if self.initEnabled == DISABLED and enabled < 2: + if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: + return None + + self.relabel_checkbutton.set_active(True) + + self.conf["SELINUX"] = modearray[enabled] + self.conf["SELINUXTYPE"]=type + self.conf.write() + + def read_selinux_config(self): + self.initialtype = "targeted" + self.initEnabled = DISABLED + self.types = [] + if os.access(SELINUXDIR, os.F_OK) == 0: + #File doesn't exist. return + return None + + self.conf = ConfShellVar(SELINUXDIR+"config") + self.conf.rcs = 1 + if self.conf.has_key("SELINUX"): + value = self.conf.vars["SELINUX"].upper().strip() + else: + value = "ENFORCING" + self.conf.vars["SELINUX"] = value + + if value == "ENFORCING": + self.initEnabled = ENFORCING + self.enabledOptionMenu.set_active(ENFORCING) + elif value == "PERMISSIVE": + self.initEnabled = PERMISSIVE + self.enabledOptionMenu.set_active(PERMISSIVE) + elif value == "DISABLED": + self.initEnabled = DISABLED + self.enabledOptionMenu.set_active(DISABLED) + + if self.conf.has_key("SELINUXTYPE"): + self.initialtype = self.conf.vars["SELINUXTYPE"].strip() + else: + self.conf.vars["SELINUXTYPE"] = self.initialtype + + n = 0 + current = n + + for i in os.listdir(SELINUXDIR): + if os.path.isdir(SELINUXDIR+i) and os.path.isdir(SELINUXDIR+i+"/policy"): + self.types.append(i) + self.selinuxTypeOptionMenu.append_text(i) + if i == self.initialtype: + current = n + n = n+1 + self.selinuxTypeOptionMenu.set_active(current) + self.typeHistory = current + + return 0 + + def get_type(self): + return self.types[self.selinuxTypeOptionMenu.get_active()] + + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-1.33.4/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/system-config-selinux.glade 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,2792 @@ + + + + + + + + + False + system-config-selinux + Copyright (c)2006 Red Hat, Inc. +Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com> + False + Daniel Walsh <dwalsh@redhat.com> + + translator-credits + system-config-selinux.png + + + + Add SELinux Login Mapping + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 3 + 2 + False + 4 + 6 + + + + True + Login Name + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + SELinux User + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + MLS/MCS Range + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux Network Ports + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 4 + 2 + False + 4 + 6 + + + + True + Port Number + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Protocol + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + SELinux Type + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + tcp +udp + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + + True + MLS/MCS +Level + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 3 + 4 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 3 + 4 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux Login Mapping + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 2 + 2 + False + 4 + 6 + + + + True + SELinux MLS/MCS +Level + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Translation + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 1 + 2 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux Login Mapping + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 4 + 2 + False + 4 + 6 + + + + True + File Specification + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + File Type + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + SELinux Type + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + all files +regular file +directory +character device +block device +socket +symbolic link +named pipe + + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + + True + MLS + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 3 + 4 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 3 + 4 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux User + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 5 + 2 + False + 4 + 6 + + + + True + SELinux User + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Label Prefix + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + MLS/MCS Range + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 3 + 4 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 3 + 4 + + + + + + + True + MLS/MCS Level + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + + True + SELinux Roles + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 4 + 5 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 4 + 5 + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 1 + 2 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + 800 + 500 + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + system-config-selinux.png + True + False + False + GDK_WINDOW_TYPE_HINT_NORMAL + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + True + + + + True + GTK_SHADOW_NONE + + + + True + GTK_PACK_DIRECTION_LTR + GTK_PACK_DIRECTION_LTR + + + + True + GNOMEUIINFO_MENU_FILE_TREE + + + + + + + True + GNOMEUIINFO_MENU_EXIT_ITEM + + + + + + + + + + + True + GNOMEUIINFO_MENU_HELP_TREE + + + + + + + True + GNOMEUIINFO_MENU_ABOUT_ITEM + + + + + + + + + + + + BONOBO_DOCK_TOP + 0 + 0 + 0 + BONOBO_DOCK_ITEM_BEH_EXCLUSIVE|BONOBO_DOCK_ITEM_BEH_NEVER_VERTICAL|BONOBO_DOCK_ITEM_BEH_LOCKED + + + + + + True + True + 0 + + + + 5 + True + 0 + 0.5 + GTK_SHADOW_NONE + + + + True + 0.5 + 0.5 + 1 + 1 + 0 + 0 + 12 + 0 + + + + True + Select Managment Object + True + False + False + False + True + False + False + False + + + + + + + + True + <b>Select:</b> + False + True + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + label_item + + + + + False + True + + + + + + True + False + True + GTK_POS_TOP + False + False + + + + True + False + 0 + + + + True + 4 + 2 + False + 5 + 5 + + + + True + System Default Enforcing Mode + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Enforcing +Permissive +Disabled + + False + True + + + 1 + 2 + 0 + 1 + fill + + + + + + True + Current Enforcing Mode + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + System Default Policy Type: + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + + False + True + + + 1 + 2 + 2 + 3 + fill + fill + + + + + + True + Select if you wish to relabel then entire file system on next reboot. Relabeling can take a very long time, depending on the size of the system. If you are changing policy types or going from disabled to enforing, a relabel is required. + True + GTK_RELIEF_NORMAL + True + False + False + True + + + + True + 0.5 + 0.5 + 0 + 0 + 0 + 0 + 0 + 0 + + + + True + False + 2 + + + + True + gtk-refresh + 4 + 0.5 + 0.5 + 0 + 0 + + + 0 + False + False + + + + + + True + Relabel on next reboot. + True + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + False + False + + + + + + + + + 0 + 2 + 3 + 4 + fill + fill + + + + + 0 + True + True + + + + + False + True + + + + + + True + label37 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + True + False + False + False + True + False + False + False + + + False + True + + + + + + True + label50 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add File Context + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify File Context + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete File Context + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label38 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add SELinux User Mapping + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify SELinux User Mapping + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete SELinux User Mapping + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label39 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add Translation + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify Translation + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete Translation + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label41 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add SELinux User + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify SELinux User + gtk-properties + True + True + False + + + + False + True + + + + + + True + Add SELinux User + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label40 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + False + True + + + + True + Add Network Port + gtk-add + True + True + False + + + + False + True + + + + + + True + Edit Network Port + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete Network Port + gtk-delete + True + True + False + + + + False + True + + + + + + True + True + True + False + + + + 32 + True + + + + + False + False + + + + + + True + True + True + False + + + + True + Group/ungroup network ports by SELinux type. + True + GTK_RELIEF_NORMAL + True + False + False + + + + + True + 0.5 + 0.5 + 0 + 0 + 0 + 0 + 0 + 0 + + + + True + False + 2 + + + + True + gtk-indent + 4 + 0.5 + 0.5 + 0 + 0 + + + 0 + False + False + + + + + + True + Group View + True + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + False + False + + + + + + + + + + + False + False + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label42 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Load policy module + gtk-add + True + True + False + + + + False + True + + + + + + True + Remove loadable policy module + gtk-remove + True + True + False + + + + False + True + + + + + + True + True + True + False + + + + 10 + True + + + + + False + False + + + + + + True + Enable additional audit rules, that are normally not reported in the log files. + Enable Audit + True + gtk-zoom-in + True + True + False + + + + False + True + + + + + + True + Disable additional audit rules, that are normally not reported in the log files. + Disable Audit + True + gtk-zoom-out + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label44 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + True + True + + + + + + + 0 + True + True + + + + + + True + True + True + + + 0 + True + True + + + + + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-1.33.4/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/system-config-selinux.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,156 @@ +#!/usr/bin/python +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux +# +# Dan Walsh +# +# Copyright 2006 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +import signal +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import gnome +import sys +import statusPage +import booleansPage +import loginsPage +import usersPage +import portsPage +import modulesPage +import fcontextPage +import translationsPage +## +## I18N +## +PROGNAME="system-config-selinux" + +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +gnome.program_init("SELinux Management Tool", "5") + +version = "1.0" + +sys.path.append('/usr/share/system-config-selinux') + + + +## +## Pull in the Glade file +## +if os.access("system-config-selinux.glade", os.F_OK): + xml = gtk.glade.XML ("system-config-selinux.glade", domain=PROGNAME) +else: + xml = gtk.glade.XML ("/usr/share/system-config-selinux/system-config-selinux.glade", domain=PROGNAME) + +class childWindow: + def __init__(self): + self.tabs=[] + self.xml = xml + xml.signal_connect("on_quit_activate", self.destroy) + xml.signal_connect("on_delete_clicked", self.delete) + xml.signal_connect("on_add_clicked", self.add) + xml.signal_connect("on_properties_clicked", self.properties) + self.add_page(statusPage.statusPage(xml)) + self.add_page(booleansPage.booleansPage(xml)) + self.add_page(fcontextPage.fcontextPage(xml)) + self.add_page(loginsPage.loginsPage(xml)) + self.add_page(usersPage.usersPage(xml)) + self.add_page(translationsPage.translationsPage(xml)) + self.add_page(portsPage.portsPage(xml)) + self.add_page(modulesPage.modulesPage(xml)) # modules + + xml.signal_connect("on_quit_activate", self.destroy) + xml.signal_connect("on_policy_activate", self.policy) + xml.signal_connect("on_logging_activate", self.logging) + xml.signal_connect("on_about_activate", self.on_about_activate) + + def add_page(self, page): + self.tabs.append(page) + + def policy(self, args): + os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/semanagegui.py") + def logging(self, args): + os.spawnl(os.P_NOWAIT, "/usr/bin/seaudit") + + def delete(self, args): + self.tabs[self.notebook.get_current_page()].deleteDialog() + + def add(self, args): + self.tabs[self.notebook.get_current_page()].addDialog() + + def properties(self, args): + self.tabs[self.notebook.get_current_page()].propertiesDialog() + + def on_about_activate(self, args): + dlg = xml.get_widget ("aboutWindow") + dlg.run () + dlg.hide () + + def destroy(self, args): + gtk.main_quit() + + def itemSelected(self, selection): + store, rows = selection.get_selected_rows() + if store != None and len(rows) > 0: + self.notebook.set_current_page(rows[0][0]) + else: + self.notebook.set_current_page(0) + + + def setupScreen(self): + # Bring in widgets from glade file. + self.mainWindow = self.xml.get_widget("mainWindow") + self.notebook = self.xml.get_widget("notebook") + self.view = self.xml.get_widget("selectView") + self.view.get_selection().connect("changed", self.itemSelected) + self.store = gtk.ListStore(gobject.TYPE_STRING) + self.view.set_model(self.store) + col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) + col.set_resizable(True) + self.view.append_column(col) + + for page in self.tabs: + iter = self.store.append() + self.store.set_value(iter, 0, page.get_description()) + self.view.get_selection().select_path ((0,)) + + def stand_alone(self): + desktopName = _("Configue SELinux") + + self.setupScreen() + + self.mainWindow.connect("destroy", self.destroy) + + self.mainWindow.show_all() + gtk.main() + +if __name__ == "__main__": + signal.signal (signal.SIGINT, signal.SIG_DFL) + + app = childWindow() + app.stand_alone() diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-1.33.4/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/translationsPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,109 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class translationsPage(semanagePage): + def __init__(self, xml): + self.firstTime = False + semanagePage.__init__(self, xml, "translations", _("Translation")) + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Sensitvity Level"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("Translation"), gtk.CellRendererText(), text = 1) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) + + self.load() + self.translationsLevelEntry = xml.get_widget("translationsLevelEntry") + self.translationsEntry = xml.get_widget("translationsEntry") + + def load(self): + self.translation = seobject.setransRecords() + dict = self.translation.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, 0, k) + self.store.set_value(iter, 1, dict[k]) + self.view.get_selection().select_path ((0,)) + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.translationsLevelEntry.set_text(store.get_value(iter, 0)) + self.translationsLevelEntry.set_sensitive(False) + self.translationsEntry.set_text(store.get_value(iter, 1)) + + def dialogClear(self): + self.translationsLevelEntry.set_text("") + self.translationsLevelEntry.set_sensitive(True) + self.translationsEntry.set_text("") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + level = store.get_value(iter, 0) + self.translation.delete(level) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + level = self.translationsLevelEntry.get_text().strip() + translation = self.translationsEntry.get_text().strip() + self.translation.add(level, translation) + iter = self.store.append() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) + + def modify(self): + level = self.translationsLevelEntry.get_text().strip() + translation = self.translationsEntry.get_text().strip() + self.translation.modify(level, translation) + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-1.33.4/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.33.4/gui/usersPage.py 2006-11-22 14:11:25.000000000 -0500 @@ -0,0 +1,155 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class usersPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "users", "SELinux User") + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + + col = gtk.TreeViewColumn(_("Labeling\nPrefix"), gtk.CellRendererText(), text = 1) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("MLS/\nMCS Level"), gtk.CellRendererText(), text = 2) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 3) + col.set_resizable(True) + self.view.append_column(col) + + col = gtk.TreeViewColumn(_("SELinux Roles"), gtk.CellRendererText(), text = 4) + col.set_resizable(True) + self.view.append_column(col) + + self.load() + self.selinuxUserEntry = xml.get_widget("selinuxUserEntry") + self.labelPrefixEntry = xml.get_widget("labelPrefixEntry") + self.mlsLevelEntry = xml.get_widget("mlsLevelEntry") + self.mlsRangeEntry = xml.get_widget("mlsRangeEntry") + self.selinuxRolesEntry = xml.get_widget("selinuxRolesEntry") + + def load(self): + self.user = seobject.seluserRecords() + dict = self.user.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, 0, k) + self.store.set_value(iter, 1, dict[k][0]) + self.store.set_value(iter, 2, seobject.translate(dict[k][1])) + self.store.set_value(iter, 3, seobject.translate(dict[k][2])) + self.store.set_value(iter, 4, dict[k][3]) + self.view.get_selection().select_path ((0,)) + + def delete(self): + if semanagePage.delete(self) == gtk.RESPONSE_NO: + return None + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.selinuxUserEntry.set_text(store.get_value(iter, 0)) + self.selinuxUserEntry.set_sensitive(False) + self.labelPrefixEntry.set_text(store.get_value(iter, 1)) + self.mlsLevelEntry.set_text(store.get_value(iter, 2)) + self.mlsRangeEntry.set_text(store.get_value(iter, 3)) + self.selinuxRolesEntry.set_text(store.get_value(iter, 4)) + protocol=store.get_value(iter, 2) + + def dialogClear(self): + self.selinuxUserEntry.set_text("") + self.selinuxUserEntry.set_sensitive(True) + self.labelPrefixEntry.set_text("") + self.mlsLevelEntry.set_text("s0") + self.mlsRangeEntry.set_text("s0") + self.selinuxRolesEntry.set_text("") + + def add(self): + user = self.selinuxUserEntry.get_text() + prefix = self.labelPrefixEntry.get_text() + level = self.mlsLevelEntry.get_text() + range = self.mlsRangeEntry.get_text() + roles = self.selinuxRolesEntry.get_text() + + self.user.add(user, roles.split(), level, range, prefix) + iter = self.store.append() + self.store.set_value(iter, 0, user) + self.store.set_value(iter, 1, prefix) + self.store.set_value(iter, 2, level) + self.store.set_value(iter, 3, range) + self.store.set_value(iter, 4, roles) + + def modify(self): + user = self.selinuxUserEntry.get_text() + prefix = self.labelPrefixEntry.get_text() + level = self.mlsLevelEntry.get_text() + range = self.mlsRangeEntry.get_text() + roles = self.selinuxRolesEntry.get_text() + + self.user.modify(user, roles.split(), level, range, prefix) + store, iter = self.view.get_selection().get_selected() + iter = self.store.append() + self.store.set_value(iter, 0, user) + self.store.set_value(iter, 1, prefix) + self.store.set_value(iter, 2, level) + self.store.set_value(iter, 3, range) + self.store.set_value(iter, 4, roles) + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + user=store.get_value(iter, 0) + if user == "root" or user == "user_u": + raise ValueError(_("SELinux user '%s' is required") % user) + + self.user.delete(user) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.33.4/Makefile --- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500 +++ policycoreutils-1.33.4/Makefile 2006-11-22 14:11:25.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui all install relabel clean indent: @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.4/newrole/newrole.c --- nsapolicycoreutils/newrole/newrole.c 2006-11-20 12:19:55.000000000 -0500 +++ policycoreutils-1.33.4/newrole/newrole.c 2006-11-22 14:11:25.000000000 -0500 @@ -1068,11 +1068,16 @@ */ int rc; int exit_code = 0; + int status; do { - rc = wait(NULL); + rc = wait(&status); } while (rc < 0 && errno == EINTR); + /* Preserve child exit status, unless there is another error. */ + if (WIFEXITED(status)) + exit_code = WEXITSTATUS(status); + if (restore_tty_label(fd, ttyn, tty_context, new_tty_context)) { fprintf(stderr, _("Unable to restore tty label...\n")); exit_code = -1; diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/run_init/run_init.c policycoreutils-1.33.4/run_init/run_init.c --- nsapolicycoreutils/run_init/run_init.c 2006-11-16 17:14:27.000000000 -0500 +++ policycoreutils-1.33.4/run_init/run_init.c 2006-11-22 14:11:25.000000000 -0500 @@ -132,6 +132,14 @@ result = 1; /* user authenticated OK! */ } + /* If we were successful, call pam_acct_mgmt() to reset the + * pam_tally failcount. + */ + if (result && (PAM_SUCCESS != pam_acct_mgmt(pam_handle, 0)) ) { + fprintf(stderr, _("failed to get account information\n")); + exit(-1); + } + /* We're done with PAM. Free `pam_handle'. */ pam_end(pam_handle, PAM_SUCCESS); diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.33.4/semanage/semanage.8 --- nsapolicycoreutils/semanage/semanage.8 2006-11-20 12:19:55.000000000 -0500 +++ policycoreutils-1.33.4/semanage/semanage.8 2006-11-22 14:11:25.000000000 -0500 @@ -82,9 +82,6 @@ .TP .I \-T, \-\-trans SELinux Translation -.TP -.I \-v, \-\-verbose -verbose output .SH EXAMPLE .nf diff --exclude-from=exclude --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.4/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2006-11-16 17:14:26.000000000 -0500 +++ policycoreutils-1.33.4/semanage/seobject.py 2006-11-22 14:11:25.000000000 -0500 @@ -94,23 +94,25 @@ return re.search("^" + reg +"$",raw) def translate(raw, prepend = 1): - if prepend == 1: - context = "a:b:c:%s" % raw + filler="a:b:c:" + if prepend == 1: + context = "%s%s" % (filler,raw) else: context = raw - (rc, trans) = selinux.selinux_raw_to_trans_context(context) + (rc, trans) = selinux.selinux_raw_to_trans_context(context) if rc != 0: return raw if prepend: - trans = trans.strip("a:b:c") + trans = trans[len(filler):] if trans == "": return raw else: return trans def untranslate(trans, prepend = 1): + filler="a:b:c:" if prepend == 1: - context = "a:b:c:%s" % trans + context = "%s%s" % (filler,trans) else: context = trans @@ -118,7 +120,7 @@ if rc != 0: return trans if prepend: - raw = raw.strip("a:b:c") + raw = raw[len(filler):] if raw == "": return trans else: @@ -157,7 +159,7 @@ def out(self): rec = "" for c in self.comments: - rec += c +"\n" + rec += c keys = self.ddict.keys() keys.sort() for k in keys: @@ -204,7 +206,8 @@ os.write(fd, self.out()) os.close(fd) os.rename(newfilename, self.filename) - + os.system("/sbin/service mcstrans reload > /dev/null") + class semanageRecords: def __init__(self): self.sh = semanage_handle_create() @@ -456,7 +459,8 @@ rc = semanage_user_set_mlslevel(self.sh, u, selevel) if rc < 0: raise ValueError(_("Could not set MLS level for %s") % name) - + if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0: + raise ValueError(_("Invalid prefix %s") % prefix) rc = semanage_user_set_prefix(self.sh, u, prefix) if rc < 0: raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) @@ -522,7 +526,9 @@ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) if prefix != "": - semanage_user_set_prefix(self.sh, u, prefix) + if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0: + raise ValueError(_("Invalid prefix %s") % prefix) + semanage_user_set_prefix(self.sh, u, prefix) if len(roles) != 0: for r in roles: