diff --git a/policycoreutils/.tx/config b/policycoreutils/.tx/config index 07643e9..daff18c 100644 --- a/policycoreutils/.tx/config +++ b/policycoreutils/.tx/config @@ -1,5 +1,5 @@ [main] -host = https://www.transifex.net +host = https://www.transifex.com [policycoreutils.policycoreutils] file_filter = po/.po diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile index 3980799..6624804 100644 --- a/policycoreutils/Makefile +++ b/policycoreutils/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui +SUBDIRS = sepolicy setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile index 88635d4..fc290ea 100644 --- a/policycoreutils/audit2allow/Makefile +++ b/policycoreutils/audit2allow/Makefile @@ -5,14 +5,19 @@ LIBDIR ?= $(PREFIX)/lib MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -all: ; +all: audit2why + +audit2why: + ln -sf audit2allow audit2why install: all -mkdir -p $(BINDIR) install -m 755 audit2allow $(BINDIR) + (cd $(BINDIR); ln -sf audit2allow audit2why) install -m 755 sepolgen-ifgen $(BINDIR) -mkdir -p $(MANDIR)/man1 install -m 644 audit2allow.1 $(MANDIR)/man1/ + install -m 644 audit2why.1 $(MANDIR)/man1/ clean: rm -f *~ diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow index 8e0c396..9f5185d 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow @@ -1,7 +1,8 @@ #! /usr/bin/python -Es # Authors: Karl MacMillan +# Authors: Dan Walsh # -# Copyright (C) 2006-2007 Red Hat +# Copyright (C) 2006-2013 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or @@ -18,7 +19,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import sys +import sys, os import sepolgen.audit as audit import sepolgen.policygen as policygen @@ -29,6 +30,8 @@ import sepolgen.defaults as defaults import sepolgen.module as module from sepolgen.sepolgeni18n import _ import selinux.audit2why as audit2why +import locale +locale.setlocale(locale.LC_ALL, '') class AuditToPolicy: VERSION = "%prog .1" @@ -80,8 +83,7 @@ class AuditToPolicy: parser.add_option("--interface-info", dest="interface_info", help="file name of interface information") parser.add_option("--debug", dest="debug", action="store_true", default=False, help="leave generated modules for -M") - - parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False, + parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0])=="audit2why"), help="Translates SELinux audit messages into a description of why the access was denied") options, args = parser.parse_args() @@ -267,12 +269,10 @@ class AuditToPolicy: continue if rc == audit2why.CONSTRAINT: - print "\t\tPolicy constraint violation.\n" - print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n" - print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n" - for reason in data: - print "\t\tNote: Possible cause is the source and target %s differ\n" % reason - continue + print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" + print "#Constraint rule: \n\t" + data[0] + for reason in data[1:]: + print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason if rc == audit2why.RBAC: print "\t\tMissing role allow rule.\n" @@ -329,7 +329,7 @@ class AuditToPolicy: g.set_module_name(self.__options.module) if self.__options.output: - fd = open(self.__options.output, "w") + fd = open(self.__options.output, "a") else: fd = sys.stdout writer.write(g.get_module(), fd) @@ -350,6 +350,9 @@ class AuditToPolicy: except ValueError, e: print e sys.exit(1) + except IOError, e: + print e + sys.exit(1) if __name__ == "__main__": app = AuditToPolicy() diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1 index a854a45..0155f98 100644 --- a/policycoreutils/audit2allow/audit2allow.1 +++ b/policycoreutils/audit2allow/audit2allow.1 @@ -29,7 +29,7 @@ \- generate SELinux policy allow/dontaudit rules from logs of denied operations .BR audit2why -\- translates SELinux audit messages into a description of why the access was denied (audit2allow -w) +\- translates SELinux audit messages into a description of why the access was denied (audit2allow \-w) .SH SYNOPSIS .B audit2allow @@ -37,16 +37,16 @@ .SH OPTIONS .TP .B "\-a" | "\-\-all" -Read input from audit and message log, conflicts with -i +Read input from audit and message log, conflicts with \-i .TP .B "\-b" | "\-\-boot" -Read input from audit messages since last boot conflicts with -i +Read input from audit messages since last boot conflicts with \-i .TP .B "\-d" | "\-\-dmesg" Read input from output of .I /bin/dmesg. Note that all audit messages are not available via dmesg when -auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. +auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead. .TP .B "\-D" | "\-\-dontaudit" Generate dontaudit rules (Default: allow) @@ -65,7 +65,7 @@ read input only after last policy reload Generate module/require output .TP .B "\-M " -Generate loadable module package, conflicts with -o +Generate loadable module package, conflicts with \-o .TP .B "\-p " | "\-\-policy " Policy file to use for analysis @@ -123,7 +123,7 @@ an 'allow' rule. .PP .B Using audit2allow to generate module policy -$ cat /var/log/audit/audit.log | audit2allow -m local > local.te +$ cat /var/log/audit/audit.log | audit2allow \-m local > local.te $ cat local.te module local 1.0; @@ -141,7 +141,7 @@ allow myapp_t etc_t:file { getattr open read }; .B Using audit2allow to generate module policy using reference policy -$ cat /var/log/audit/audit.log | audit2allow -R -m local > local.te +$ cat /var/log/audit/audit.log | audit2allow \-R \-m local > local.te $ cat local.te policy_module(local, 1.0) @@ -157,32 +157,32 @@ files_read_etc_files(myapp_t) # SELinux provides a policy devel environment under /usr/share/selinux/devel # You can create a te file and compile it by executing -$ make -f /usr/share/selinux/devel/Makefile -$ semodule -i local.pp +$ make -f /usr/share/selinux/devel/Makefile local.pp +$ semodule \-i local.pp .B Building module policy manually # Compile the module -$ checkmodule -M -m -o local.mod local.te +$ checkmodule \-M \-m \-o local.mod local.te # Create the package -$ semodule_package -o local.pp -m local.mod +$ semodule_package \-o local.pp \-m local.mod # Load the module into the kernel -$ semodule -i local.pp +$ semodule \-i local.pp .B Using audit2allow to generate and build module policy -$ cat /var/log/audit/audit.log | audit2allow -M local -Generating type enforcment file: local.te -Compiling policy: checkmodule -M -m -o local.mod local.te -Building package: semodule_package -o local.pp -m local.mod +$ cat /var/log/audit/audit.log | audit2allow \-M local +Generating type enforcement file: local.te +Compiling policy: checkmodule \-M \-m \-o local.mod local.te +Building package: semodule_package \-o local.pp \-m local.mod ******************** IMPORTANT *********************** In order to load this newly created policy package into the kernel, you are required to execute -semodule -i local.pp +semodule \-i local.pp -.B Using audit2allow to generate monolithic (non-module) policy +.B Using audit2allow to generate monolithic (non\-module) policy $ cd /etc/selinux/$SELINUXTYPE/src/policy $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te $ cat domains/misc/local.te diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1 new file mode 100644 index 0000000..a9e8893 --- /dev/null +++ b/policycoreutils/audit2allow/audit2why.1 @@ -0,0 +1 @@ +.so man1/audit2allow.1 diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen index ef4bec3..3967ba5 100644 --- a/policycoreutils/audit2allow/sepolgen-ifgen +++ b/policycoreutils/audit2allow/sepolgen-ifgen @@ -62,6 +62,9 @@ def parse_options(): return options def get_policy(): + p = selinux.selinux_current_policy_path() + if os.path.exists(p): + return p i = selinux.security_policyvers() p = selinux.selinux_binary_policy_path() + "." + str(i) while i > 0 and not os.path.exists(p): diff --git a/policycoreutils/audit2why/Makefile b/policycoreutils/audit2why/Makefile deleted file mode 100644 index 63eb8b3..0000000 --- a/policycoreutils/audit2why/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# Installation directories. -PREFIX ?= $(DESTDIR)/usr -BINDIR ?= $(PREFIX)/bin -MANDIR ?= $(PREFIX)/share/man - -TARGETS=audit2why - -all: $(TARGETS) - -install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) - -mkdir -p $(MANDIR)/man1 - install -m 644 audit2why.1 $(MANDIR)/man1/ - -clean: - -relabel: diff --git a/policycoreutils/audit2why/audit2why b/policycoreutils/audit2why/audit2why deleted file mode 100644 index 21a72aa..0000000 --- a/policycoreutils/audit2why/audit2why +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/bin/audit2allow -w $* diff --git a/policycoreutils/audit2why/audit2why.1 b/policycoreutils/audit2why/audit2why.1 deleted file mode 100644 index a9e8893..0000000 --- a/policycoreutils/audit2why/audit2why.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/audit2allow.1 diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile index b5abbb9..a8cf71f 100644 --- a/policycoreutils/gui/Makefile +++ b/policycoreutils/gui/Makefile @@ -1,7 +1,10 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr +SYSCONFDIR ?= ${DESTDIR}/etc BINDIR ?= $(PREFIX)/bin SHAREDIR ?= $(PREFIX)/share/system-config-selinux +DATADIR ?= $(PREFIX)/share +MANDIR = $(PREFIX)/share/man TARGETS= \ booleansPage.py \ @@ -16,18 +19,30 @@ portsPage.py \ semanagePage.py \ statusPage.py \ system-config-selinux.glade \ +system-config-selinux.png \ usersPage.py all: $(TARGETS) system-config-selinux.py polgengui.py install: all + -mkdir -p $(MANDIR)/man8 -mkdir -p $(SHAREDIR) -mkdir -p $(BINDIR) + -mkdir -p $(DATADIR)/pixmaps + -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps + -mkdir -p $(SYSCONFDIR) + -mkdir -p $(DATADIR)/polkit-1/actions/ install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 755 system-config-selinux $(BINDIR) install -m 755 polgengui.py $(SHAREDIR) - install -m 755 sepolgen $(BINDIR) install -m 644 $(TARGETS) $(SHAREDIR) - + install -m 644 system-config-selinux.8 $(MANDIR)/man8 + install -m 644 selinux-polgengui.8 $(MANDIR)/man8 + install -m 644 system-config-selinux.png $(DATADIR)/pixmaps + install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps + install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux + install -m 644 *.desktop $(DATADIR)/system-config-selinux + install -m 644 org.fedoraproject.config.selinux.policy $(DATADIR)/polkit-1/actions/ clean: indent: diff --git a/policycoreutils/gui/org.fedoraproject.config.selinux.policy b/policycoreutils/gui/org.fedoraproject.config.selinux.policy new file mode 100644 index 0000000..fcfa81d --- /dev/null +++ b/policycoreutils/gui/org.fedoraproject.config.selinux.policy @@ -0,0 +1,22 @@ + + + + + System Config SELinux + http://fedorahosted.org/system-config-selinux + + + Run System Config SELinux + Authentication is required to run system-config-selinux + system-selinux + + no + no + auth_admin + + /usr/share/system-config-selinux/system-config-selinux.py + true + + diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py index 1c16f7b..b89bf1a 100644 --- a/policycoreutils/gui/polgengui.py +++ b/policycoreutils/gui/polgengui.py @@ -4,7 +4,7 @@ # # Dan Walsh # -# Copyright (C) 2007-2012 Red Hat +# Copyright (C) 2007-2013 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,7 +28,12 @@ import os import gobject import gnome import sys -from sepolicy import generate +try: + from sepolicy import generate +except ValueError,e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) + import sepolicy.interface import commands diff --git a/policycoreutils/gui/selinux-polgengui.8 b/policycoreutils/gui/selinux-polgengui.8 new file mode 100644 index 0000000..52bf7dd --- /dev/null +++ b/policycoreutils/gui/selinux-polgengui.8 @@ -0,0 +1,35 @@ +.TH "selinux-polgengui" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual" + +.SH NAME +selinux\-polgengui \- SELinux Policy Generation Tool + +.SH SYNOPSIS +.B selinux-polgengui + +.SH DESCRIPTION +\fBselinux-polgengui\fP is a graphical tool, which can be used to create a framework for building SELinux Policy. +.SH OPTIONS +None + +.SH FILES +\fi/usr/bin/selinux-polgengui\fP + +.SH Examples +To run the program type: + +selinux-polgengui + +.PP +.SH "SEE ALSO" +.TP +selinux(1), sepolicy(8), sepolicy-generate(8) +.PP + +.SH REPORTING BUGS +Report bugs to . + +.SH LICENSE AND AUTHORS +\fBselinux-polgengui\fP is licensed under the GNU Public License and +is copyrighted by Red Hat, Inc. +.br +This man page was written by Daniel Walsh diff --git a/policycoreutils/gui/selinux-polgengui.desktop b/policycoreutils/gui/selinux-polgengui.desktop new file mode 100644 index 0000000..0c2f399 --- /dev/null +++ b/policycoreutils/gui/selinux-polgengui.desktop @@ -0,0 +1,67 @@ +[Desktop Entry] +Name=SELinux Policy Generation Tool +Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী +Name[ca]=Eina de generació de polítiques del SELinux +Name[da]=Regelsætgenereringsværktøj til SELinux +Name[de]=Tool zur Erstellung von SELinux-Richtlinien +Name[es]=Generador de Políticas de SELinux +Name[fi]=SELinux-käytäntöjen generointityökalu +Name[fr]=Outil de génération de stratégies SELinux +Name[gu]=SELinux પોલિસી બનાવટ સાધન +Name[hi]=SELinux पॉलिसी जनन औजार +Name[it]=Tool di generazione della policy di SELinux +Name[ja]=SELinux ポリシー生成ツール +Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ +Name[ko]=SELinux 정책 생성 도구 +Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം +Name[mr]=SELinux करार निर्माण साधन +Name[nl]=SELinux tactiek generatie gereedschap +Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ +Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ +Name[pl]=Narzędzie tworzenia polityki SELinuksa +Name[pt]=Ferramenta de Geração de Políticas SELinux +Name[pt_BR]=Ferramenta de criação de políticas do SELinux +Name[ru]=Средство создания политики SELinux +Name[sv]=Genereringsverktyg för SELinuxpolicy +Name[ta]=SELinux பாலிசி உற்பத்தி கருவி +Name[te]=SELinux నిర్వహణ +Name[uk]=Утиліта генерації правил SELinux +Name[zh_CN]=SELinux 策略生成工具 +Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool) +Comment=Generate SELinux policy modules +Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন +Comment[ca]=Genera els mòduls de les polítiques de SELinux +Comment[da]=Generér SELinux-regelsætmodul +Comment[de]=Tool zur Erstellung von SELinux-Richtlinien +Comment[es]=Generar módulos de política de SELinux +Comment[fi]=Generoi SELinuxin käytäntömoduuleja +Comment[fr]=Génére des modules de stratégie SELinux +Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો +Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें +Comment[it]=Genera moduli della politica di SELinux +Comment[ja]=新しいポリシーモジュールの作成 +Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು +Comment[ko]=SELinux 정책 모듈 생성 +Comment[ml]=SELinux യ പോളിസി ഘങ്ങള്‍ തയ്യാറാക്കുക +Comment[mr]=SELinux करार घटके निर्माण करा +Comment[nl]=Maak een SELinux tactiek module aan +Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ +Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ +Comment[pl]=Tworzenie nowych modułów polityki SELinuksa +Comment[pt]=Gerar módulos de políticas SELinux +Comment[pt_BR]=Gerar módulos de política do SELinux +Comment[ru]=Генерация модулей политики SELinux +Comment[sv]=Generera SELinux-policymoduler +Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும் +Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము +Comment[uk]=Створення модулів контролю доступу SELinux +Comment[zh_CN]=生成 SELinux 策略模块 +Comment[zh_TW]=產生 SELinux 政策模組 +StartupNotify=true +Icon=system-config-selinux +Exec=/usr/bin/selinux-polgengui +Type=Application +Terminal=false +Categories=System;Security; +X-Desktop-File-Install-Version=0.2 +Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux new file mode 100755 index 0000000..5be5ccd --- /dev/null +++ b/policycoreutils/gui/system-config-selinux @@ -0,0 +1,3 @@ +#!/bin/sh + +exec /usr/bin/pkexec /usr/share/system-config-selinux/system-config-selinux.py diff --git a/policycoreutils/gui/system-config-selinux.8 b/policycoreutils/gui/system-config-selinux.8 new file mode 100644 index 0000000..eca2024 --- /dev/null +++ b/policycoreutils/gui/system-config-selinux.8 @@ -0,0 +1,37 @@ +.TH "system-config-selinux" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual" + +.SH NAME +system\-config\-selinux \- SELinux Management tool + +.SH SYNOPSIS +.B system-config-selinux + +.SH DESCRIPTION +\fBsystem-config-selinux\fP provides a graphical interface for managing the +SELinux configuration. + +.SH OPTIONS +None + +.SH FILES +\fi/usr/bin/system-config-selinux\fP + +.SH Examples +To run the program type: + +system-config-selinux + +.PP +.SH "SEE ALSO" +.TP +selinux(1), semanage(8) +.PP + +.SH REPORTING BUGS +Report bugs to . + +.SH LICENSE AND AUTHORS +\fBsystem-config-selinux\fP is licensed under the GNU Public License and +is copyrighted by Red Hat, Inc. +.br +This man page was written by Daniel Walsh diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop new file mode 100644 index 0000000..8822ce2 --- /dev/null +++ b/policycoreutils/gui/system-config-selinux.desktop @@ -0,0 +1,67 @@ +[Desktop Entry] +Name=SELinux Management +Name[bn_IN]=SELinux পরিচালনা +Name[da]=Håndtering af SELinux +Name[de]=SELinux-Management +Name[ca]=Gestió de SELinux +Name[es]=Administración de SELinux +Name[fi]=SELinuxin ylläpito +Name[fr]=Gestion de SELinux +Name[gu]=SELinux સંચાલન +Name[hi]=SELinux प्रबंधन +Name[jp]=SELinux 管理 +Name[it]=Gestione di SELinux +Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ +Name[ko]=SELinux 관리 +Name[ml]=SELinux മാനേജ്മെന്റ് +Name[mr]=SELinux मॅनेजमेंट +Name[nl]=SELinux beheer +Name[or]=SELinux ପରିଚାଳନା +Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ +Name[pl]=Zarządzanie SELinuksem +Name[pt_BR]=Gerenciamento do SELinux +Name[pt]=Gestão de SELinux +Name[ru]=Управление SELinux +Name[sv]=SELinux-hantering +Name[ta]=SELinux மேலாண்மை +Name[te]=SELinux నిర్వహణ +Name[uk]=Керування SELinux +Name[zh_CN]=SELinux 管理 +Name[zh_TW]=SELinux 管理 +Comment=Configure SELinux in a graphical setting +Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন +Comment[ca]=Configura SELinuc an mode de preferències gràfiques +Comment[da]=Konfigurér SELinux i et grafisk miljø +Comment[de]=SELinux in einer grafischen Einstellung konfigurieren +Comment[es]=Defina SELinux en una configuración de interfaz gráfica +Comment[fi]=Tee SELinuxin asetukset graafisesti +Comment[fr]=Configure SELinux dans un environnement graphique +Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો +Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें +Comment[it]=Configura SELinux in una impostazione grafica +Comment[jp]=グラフィカルな設定画面で SELinux を設定する +Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정 +Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ +Comment[ml]=ഒരു ഗ്രാഫിക്കല്‍ സജ്ജീകരണത്തില്‍ SELinux ക്രമീകരിയ്ക്കുക +Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा +Comment[nl]=Configureer SELinux in een grafische omgeving +Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ +Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ +Comment[pl]=Konfiguracja SELinuksa w trybie graficznym +Comment[pt]=Configurar o SELinux num ambiente gráfico +Comment[pt_BR]=Configure o SELinux em uma configuração gráfica +Comment[ru]=Настройка SELinux в графическом режиме +Comment[sv]=Konfigurera SELinux i en grafisk miljö +Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும் +Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము +Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом +Comment[zh_CN]=在图形设置中配置 SELinux +Comment[zh_TW]=在圖形話設定中配置 SELinux +StartupNotify=true +Icon=system-config-selinux +Exec=/usr/bin/system-config-selinux +Type=Application +Terminal=false +Categories=System;Security; +X-Desktop-File-Install-Version=0.2 +Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui/system-config-selinux.png new file mode 100644 index 0000000..68ffcb7 Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8 index f9ca36e..a86073f 100644 --- a/policycoreutils/load_policy/load_policy.8 +++ b/policycoreutils/load_policy/load_policy.8 @@ -19,7 +19,7 @@ values in the policy file. suppress warning messages. .TP .B \-i -inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs). +initial policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs). .SH "EXIT STATUS" .TP diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5 index 4963cdc..dbfec55 100644 --- a/policycoreutils/man/man5/selinux_config.5 +++ b/policycoreutils/man/man5/selinux_config.5 @@ -92,7 +92,7 @@ The binary policy name has by convention the SELinux policy version that it supp .RS This entry is deprecated and should be removed or set to \fI0\fR. .sp -If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customisation for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)). +If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)). .RE .sp .B REQUIRESEUSERS @@ -122,7 +122,7 @@ This is an optional entry that allows the file system to be relabeled. .sp If set to \fI0\fR and there is a file called \fI.autorelabel\fR in the root directory, then on a reboot, the loader will drop to a shell where a root login is required. An administrator can then manually relabel the file system. .sp -If set to \fI1\fR or no entry present (the default) and there is a \fI.autorelabel\fR file in the root directory, then the file system will be automatically relabeled using \fBfixfiles -F restore\fR +If set to \fI1\fR or no entry present (the default) and there is a \fI.autorelabel\fR file in the root directory, then the file system will be automatically relabeled using \fBfixfiles \-F restore\fR .sp In both cases the \fI/.autorelabel\fR file will be removed so that relabeling is not done again. .RE diff --git a/policycoreutils/mcstrans/man/man8/mcs.8 b/policycoreutils/mcstrans/man/man8/mcs.8 index 44126bf..aeaf22e 100644 --- a/policycoreutils/mcstrans/man/man8/mcs.8 +++ b/policycoreutils/mcstrans/man/man8/mcs.8 @@ -20,7 +20,7 @@ readable form. Administrators can define any labels they want in this file. Certain applications like printing and auditing will use these labels to identify the files. By setting a category on a file you will prevent other applications/services from having access to the files. -.p +.P Examples of file labels would be PatientRecord, CompanyConfidential etc. .SH "SEE ALSO" diff --git a/policycoreutils/newrole/newrole.1 b/policycoreutils/newrole/newrole.1 index 376c458..c47bc52 100644 --- a/policycoreutils/newrole/newrole.1 +++ b/policycoreutils/newrole/newrole.1 @@ -44,7 +44,7 @@ Additional arguments .I ARGS may be provided after a -- option, in which case they are supplied to the new shell. -In particular, an argument of -- -c will cause the next argument to be +In particular, an argument of \-\- \-c will cause the next argument to be treated as a command by most command interpreters. .PP If a command argument is specified to newrole and the command name is found @@ -66,31 +66,31 @@ shows the current version of newrole .SH EXAMPLE .br Changing role: - # id -Z + # id \-Z staff_u:staff_r:staff_t:SystemLow-SystemHigh - # newrole -r sysadm_r - # id -Z + # newrole \-r sysadm_r + # id \-Z staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh Changing sensitivity only: - # id -Z + # id \-Z staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh - # newrole -l Secret - # id -Z + # newrole \-l Secret + # id \-Z staff_u:sysadm_r:sysadm_t:Secret-SystemHigh .PP Changing sensitivity and clearance: - # id -Z + # id \-Z staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh - # newrole -l Secret-Secret - # id -Z + # newrole \-l Secret-Secret + # id \-Z staff_u:sysadm_r:sysadm_t:Secret .PP Running a program in a given role or level: - # newrole -r sysadm_r -- -c "/path/to/app arg1 arg2..." - # newrole -l Secret -- -c "/path/to/app arg1 arg2..." + # newrole \-r sysadm_r \-\- \-c "/path/to/app arg1 arg2..." + # newrole \-l Secret \-\- \-c "/path/to/app arg1 arg2..." .SH FILES /etc/passwd - user account information diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index 8fbf2d0..4e59a06 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -547,9 +547,7 @@ static int drop_capabilities(int full) if (!uid) return 0; capng_setpid(getpid()); - capng_clear(CAPNG_SELECT_BOTH); - if (capng_lock() < 0) - return -1; + capng_clear(CAPNG_SELECT_CAPS); /* Change uid */ if (setresuid(uid, uid, uid)) { @@ -558,7 +556,7 @@ static int drop_capabilities(int full) } if (! full) capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE); - return capng_apply(CAPNG_SELECT_BOTH); + return capng_apply(CAPNG_SELECT_CAPS); } #elif defined(NAMESPACE_PRIV) /** @@ -576,20 +574,21 @@ static int drop_capabilities(int full) */ static int drop_capabilities(int full) { + uid_t uid = getuid(); + if (!uid) return 0; + capng_setpid(getpid()); - capng_clear(CAPNG_SELECT_BOTH); - if (capng_lock() < 0) - return -1; + capng_clear(CAPNG_SELECT_CAPS); - uid_t uid = getuid(); /* Change uid */ if (setresuid(uid, uid, uid)) { fprintf(stderr, _("Error changing uid, aborting.\n")); return -1; } if (! full) - capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1); - return capng_apply(CAPNG_SELECT_BOTH); + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_AUDIT_WRITE, -1); + + return capng_apply(CAPNG_SELECT_CAPS); } #else @@ -680,7 +679,7 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, security_context_t * tty_context, security_context_t * new_tty_context) { - int fd; + int fd, rc; int enforcing = security_getenforce(); security_context_t tty_con = NULL; security_context_t new_tty_con = NULL; @@ -699,7 +698,13 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, fprintf(stderr, _("Error! Could not open %s.\n"), ttyn); return fd; } - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + /* this craziness is to make sure we cann't block on open and deadlock */ + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) { + fprintf(stderr, _("Error! Could not clear O_NONBLOCK on %s\n"), ttyn); + close(fd); + return rc; + } if (fgetfilecon(fd, &tty_con) < 0) { fprintf(stderr, _("%s! Could not get current context " @@ -1010,9 +1015,9 @@ int main(int argc, char *argv[]) int fd; pid_t childPid = 0; char *shell_argv0 = NULL; + int rc; #ifdef USE_PAM - int rc; int pam_status; /* pam return code */ pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ @@ -1226,15 +1231,23 @@ int main(int argc, char *argv[]) fd = open(ttyn, O_RDONLY | O_NONBLOCK); if (fd != 0) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; + fd = open(ttyn, O_RDWR | O_NONBLOCK); if (fd != 1) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; + fd = open(ttyn, O_RDWR | O_NONBLOCK); if (fd != 2) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; } /* @@ -1268,19 +1281,24 @@ int main(int argc, char *argv[]) } #endif - if (send_audit_message(1, old_context, new_context, ttyn)) + if (send_audit_message(1, old_context, new_context, ttyn)) { + fprintf(stderr, _("Failed to send audit message")); goto err_close_pam_session; + } freecon(old_context); old_context=NULL; freecon(new_context); new_context=NULL; #ifdef NAMESPACE_PRIV - if (transition_to_caller_uid()) + if (transition_to_caller_uid()) { + fprintf(stderr, _("Failed to transition to namespace\n")); goto err_close_pam_session; + } #endif - if (drop_capabilities(TRUE)) + if (drop_capabilities(TRUE)) { + fprintf(stderr, _("Failed to drop capabilities %m\n")); goto err_close_pam_session; - + } /* Handle environment changes */ if (restore_environment(preserve_environment, old_environ, &pw)) { fprintf(stderr, _("Unable to restore the environment, " diff --git a/policycoreutils/newrole/newrole.pamd b/policycoreutils/newrole/newrole.pamd index d1b435c..de3582f 100644 --- a/policycoreutils/newrole/newrole.pamd +++ b/policycoreutils/newrole/newrole.pamd @@ -1,4 +1,6 @@ #%PAM-1.0 +# Uncomment the next line if you do not want to enter your passwd everytime +# auth sufficient pam_rootok.so auth include system-auth account include system-auth password include system-auth diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile index a377996..9c1486e 100644 --- a/policycoreutils/po/Makefile +++ b/policycoreutils/po/Makefile @@ -81,12 +81,16 @@ POTFILES = \ ../sepolicy/sepolicy/templates/var_log.py \ ../sepolicy/sepolicy/templates/var_run.py \ ../sepolicy/sepolicy/templates/var_spool.py \ + booleans.py #default:: clean all:: $(MOFILES) -$(POTFILE): $(POTFILES) +booleans.py: + sepolicy booleans -a > booleans.py + +$(POTFILE): $(POTFILES) booleans.py $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ rm -f $(NLSPACKAGE).po; \ @@ -95,6 +99,7 @@ $(POTFILE): $(POTFILES) fi; \ update-po: Makefile $(POTFILE) refresh-po + @rm -f booleans.py refresh-po: Makefile for cat in $(POFILES); do \ diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po index 961d921..5ee0bdc 100644 --- a/policycoreutils/po/af.po +++ b/policycoreutils/po/af.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-01-04 12:01-0500\n" +"POT-Creation-Date: 2013-05-07 11:12-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -24,7 +24,7 @@ msgid "" " are the arguments to that script." msgstr "" -#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 +#: ../run_init/run_init.c:126 ../newrole/newrole.c:1128 #, c-format msgid "failed to initialize PAM\n" msgstr "" @@ -73,16 +73,16 @@ msgstr "" msgid "authentication failed.\n" msgstr "" -#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 +#: ../run_init/run_init.c:405 ../newrole/newrole.c:1270 #, c-format msgid "Could not set exec context to %s.\n" msgstr "" -#: ../audit2allow/audit2allow:232 +#: ../audit2allow/audit2allow:231 msgid "******************** IMPORTANT ***********************\n" msgstr "" -#: ../audit2allow/audit2allow:233 +#: ../audit2allow/audit2allow:232 msgid "To make this policy package active, execute:" msgstr "" @@ -169,786 +169,799 @@ msgstr "" msgid "Customized Permissive Types" msgstr "" -#: ../semanage/seobject.py:412 +#: ../semanage/seobject.py:379 +msgid "" +"The sepolgen python module is required to setup permissive domains.\n" +"In some distributions it is included in the policycoreutils-devel package.\n" +"# yum install policycoreutils-devel\n" +"Or similar for your distro." +msgstr "" + +#: ../semanage/seobject.py:416 #, python-format msgid "Could not set permissive domain %s (module installation failed)" msgstr "" -#: ../semanage/seobject.py:418 +#: ../semanage/seobject.py:422 #, python-format msgid "Could not remove permissive domain %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:453 ../semanage/seobject.py:527 -#: ../semanage/seobject.py:573 ../semanage/seobject.py:695 -#: ../semanage/seobject.py:725 ../semanage/seobject.py:792 -#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104 -#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883 -#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025 -#: ../semanage/seobject.py:2076 +#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 +#: ../semanage/seobject.py:577 ../semanage/seobject.py:699 +#: ../semanage/seobject.py:729 ../semanage/seobject.py:796 +#: ../semanage/seobject.py:853 ../semanage/seobject.py:1111 +#: ../semanage/seobject.py:1834 ../semanage/seobject.py:1897 +#: ../semanage/seobject.py:1916 ../semanage/seobject.py:2042 +#: ../semanage/seobject.py:2093 #, python-format msgid "Could not create a key for %s" msgstr "" -#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 -#: ../semanage/seobject.py:577 ../semanage/seobject.py:583 +#: ../semanage/seobject.py:461 ../semanage/seobject.py:535 +#: ../semanage/seobject.py:581 ../semanage/seobject.py:587 #, python-format msgid "Could not check if login mapping for %s is defined" msgstr "" -#: ../semanage/seobject.py:466 +#: ../semanage/seobject.py:470 #, python-format msgid "Linux Group %s does not exist" msgstr "" -#: ../semanage/seobject.py:471 +#: ../semanage/seobject.py:475 #, python-format msgid "Linux User %s does not exist" msgstr "" -#: ../semanage/seobject.py:475 +#: ../semanage/seobject.py:479 #, python-format msgid "Could not create login mapping for %s" msgstr "" -#: ../semanage/seobject.py:479 ../semanage/seobject.py:740 +#: ../semanage/seobject.py:483 ../semanage/seobject.py:744 #, python-format msgid "Could not set name for %s" msgstr "" -#: ../semanage/seobject.py:484 ../semanage/seobject.py:750 +#: ../semanage/seobject.py:488 ../semanage/seobject.py:754 #, python-format msgid "Could not set MLS range for %s" msgstr "" -#: ../semanage/seobject.py:488 +#: ../semanage/seobject.py:492 #, python-format msgid "Could not set SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:492 +#: ../semanage/seobject.py:496 #, python-format msgid "Could not add login mapping for %s" msgstr "" -#: ../semanage/seobject.py:510 +#: ../semanage/seobject.py:514 msgid "Requires seuser or serange" msgstr "" -#: ../semanage/seobject.py:533 ../semanage/seobject.py:579 +#: ../semanage/seobject.py:537 ../semanage/seobject.py:583 #, python-format msgid "Login mapping for %s is not defined" msgstr "" -#: ../semanage/seobject.py:537 +#: ../semanage/seobject.py:541 #, python-format msgid "Could not query seuser for %s" msgstr "" -#: ../semanage/seobject.py:551 +#: ../semanage/seobject.py:555 #, python-format msgid "Could not modify login mapping for %s" msgstr "" -#: ../semanage/seobject.py:585 +#: ../semanage/seobject.py:589 #, python-format msgid "Login mapping for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:589 +#: ../semanage/seobject.py:593 #, python-format msgid "Could not delete login mapping for %s" msgstr "" -#: ../semanage/seobject.py:611 ../semanage/seobject.py:644 -#: ../semanage/seobject.py:892 +#: ../semanage/seobject.py:615 ../semanage/seobject.py:648 +#: ../semanage/seobject.py:896 msgid "Could not list login mappings" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 +#: ../semanage/seobject.py:676 ../semanage/seobject.py:688 #: ../gui/system-config-selinux.glade:100 msgid "Login Name" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:676 ../semanage/seobject.py:688 +#: ../semanage/seobject.py:946 ../semanage/seobject.py:951 #: ../gui/system-config-selinux.glade:128 #: ../gui/system-config-selinux.glade:915 #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 msgid "SELinux User" msgstr "" -#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156 +#: ../semanage/seobject.py:676 ../gui/system-config-selinux.glade:156 #: ../gui/system-config-selinux.glade:943 msgid "MLS/MCS Range" msgstr "" -#: ../semanage/seobject.py:672 +#: ../semanage/seobject.py:676 msgid "Service" msgstr "" -#: ../semanage/seobject.py:698 ../semanage/seobject.py:729 -#: ../semanage/seobject.py:796 ../semanage/seobject.py:853 -#: ../semanage/seobject.py:859 +#: ../semanage/seobject.py:702 ../semanage/seobject.py:733 +#: ../semanage/seobject.py:800 ../semanage/seobject.py:857 +#: ../semanage/seobject.py:863 #, python-format msgid "Could not check if SELinux user %s is defined" msgstr "" -#: ../semanage/seobject.py:701 ../semanage/seobject.py:802 -#: ../semanage/seobject.py:865 +#: ../semanage/seobject.py:705 ../semanage/seobject.py:806 +#: ../semanage/seobject.py:869 #, python-format msgid "Could not query user for %s" msgstr "" -#: ../semanage/seobject.py:721 +#: ../semanage/seobject.py:725 #, python-format msgid "You must add at least one role for %s" msgstr "" -#: ../semanage/seobject.py:736 +#: ../semanage/seobject.py:740 #, python-format msgid "Could not create SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:745 +#: ../semanage/seobject.py:749 #, python-format msgid "Could not add role %s for %s" msgstr "" -#: ../semanage/seobject.py:754 +#: ../semanage/seobject.py:758 #, python-format msgid "Could not set MLS level for %s" msgstr "" -#: ../semanage/seobject.py:757 +#: ../semanage/seobject.py:761 #, python-format msgid "Could not add prefix %s for %s" msgstr "" -#: ../semanage/seobject.py:760 +#: ../semanage/seobject.py:764 #, python-format msgid "Could not extract key for %s" msgstr "" -#: ../semanage/seobject.py:764 +#: ../semanage/seobject.py:768 #, python-format msgid "Could not add SELinux user %s" msgstr "" -#: ../semanage/seobject.py:786 +#: ../semanage/seobject.py:790 msgid "Requires prefix, roles, level or range" msgstr "" -#: ../semanage/seobject.py:788 +#: ../semanage/seobject.py:792 msgid "Requires prefix or roles" msgstr "" -#: ../semanage/seobject.py:798 ../semanage/seobject.py:855 +#: ../semanage/seobject.py:802 ../semanage/seobject.py:859 #, python-format msgid "SELinux user %s is not defined" msgstr "" -#: ../semanage/seobject.py:827 +#: ../semanage/seobject.py:831 #, python-format msgid "Could not modify SELinux user %s" msgstr "" -#: ../semanage/seobject.py:861 +#: ../semanage/seobject.py:865 #, python-format msgid "SELinux user %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:872 +#: ../semanage/seobject.py:876 #, python-format msgid "Could not delete SELinux user %s" msgstr "" -#: ../semanage/seobject.py:910 +#: ../semanage/seobject.py:914 msgid "Could not list SELinux users" msgstr "" -#: ../semanage/seobject.py:916 +#: ../semanage/seobject.py:920 #, python-format msgid "Could not list roles for user %s" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:945 msgid "Labeling" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:945 msgid "MLS/" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:946 msgid "Prefix" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:946 msgid "MCS Level" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:946 msgid "MCS Range" msgstr "" -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:946 ../semanage/seobject.py:951 #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 msgid "SELinux Roles" msgstr "" -#: ../semanage/seobject.py:964 +#: ../semanage/seobject.py:971 msgid "Protocol udp or tcp is required" msgstr "" -#: ../semanage/seobject.py:966 +#: ../semanage/seobject.py:973 msgid "Port is required" msgstr "" -#: ../semanage/seobject.py:976 +#: ../semanage/seobject.py:983 msgid "Invalid Port" msgstr "" -#: ../semanage/seobject.py:980 +#: ../semanage/seobject.py:987 #, python-format msgid "Could not create a key for %s/%s" msgstr "" -#: ../semanage/seobject.py:991 +#: ../semanage/seobject.py:998 msgid "Type is required" msgstr "" -#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056 -#: ../semanage/seobject.py:1814 +#: ../semanage/seobject.py:1001 ../semanage/seobject.py:1063 +#: ../semanage/seobject.py:1828 #, python-format msgid "Type %s is invalid, must be a port type" msgstr "" -#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062 -#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123 +#: ../semanage/seobject.py:1007 ../semanage/seobject.py:1069 +#: ../semanage/seobject.py:1124 ../semanage/seobject.py:1130 #, python-format msgid "Could not check if port %s/%s is defined" msgstr "" -#: ../semanage/seobject.py:1002 +#: ../semanage/seobject.py:1009 #, python-format msgid "Port %s/%s already defined" msgstr "" -#: ../semanage/seobject.py:1006 +#: ../semanage/seobject.py:1013 #, python-format msgid "Could not create port for %s/%s" msgstr "" -#: ../semanage/seobject.py:1012 +#: ../semanage/seobject.py:1019 #, python-format msgid "Could not create context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1016 +#: ../semanage/seobject.py:1023 #, python-format msgid "Could not set user in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1020 +#: ../semanage/seobject.py:1027 #, python-format msgid "Could not set role in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1024 +#: ../semanage/seobject.py:1031 #, python-format msgid "Could not set type in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1029 +#: ../semanage/seobject.py:1036 #, python-format msgid "Could not set mls fields in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1033 +#: ../semanage/seobject.py:1040 #, python-format msgid "Could not set port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1037 +#: ../semanage/seobject.py:1044 #, python-format msgid "Could not add port %s/%s" msgstr "" -#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324 -#: ../semanage/seobject.py:1523 +#: ../semanage/seobject.py:1058 ../semanage/seobject.py:1334 +#: ../semanage/seobject.py:1533 msgid "Requires setype or serange" msgstr "" -#: ../semanage/seobject.py:1053 +#: ../semanage/seobject.py:1060 msgid "Requires setype" msgstr "" -#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119 +#: ../semanage/seobject.py:1071 ../semanage/seobject.py:1126 #, python-format msgid "Port %s/%s is not defined" msgstr "" -#: ../semanage/seobject.py:1068 +#: ../semanage/seobject.py:1075 #, python-format msgid "Could not query port %s/%s" msgstr "" -#: ../semanage/seobject.py:1079 +#: ../semanage/seobject.py:1086 #, python-format msgid "Could not modify port %s/%s" msgstr "" -#: ../semanage/seobject.py:1092 +#: ../semanage/seobject.py:1099 msgid "Could not list the ports" msgstr "" -#: ../semanage/seobject.py:1108 +#: ../semanage/seobject.py:1115 #, python-format msgid "Could not delete the port %s" msgstr "" -#: ../semanage/seobject.py:1125 +#: ../semanage/seobject.py:1132 #, python-format msgid "Port %s/%s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1129 +#: ../semanage/seobject.py:1136 #, python-format msgid "Could not delete port %s/%s" msgstr "" -#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167 +#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1174 msgid "Could not list ports" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1213 msgid "SELinux Port Type" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1213 msgid "Proto" msgstr "" -#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335 +#: ../semanage/seobject.py:1213 ../gui/system-config-selinux.glade:335 msgid "Port Number" msgstr "" -#: ../semanage/seobject.py:1227 +#: ../semanage/seobject.py:1237 msgid "Node Address is required" msgstr "" -#: ../semanage/seobject.py:1242 +#: ../semanage/seobject.py:1252 msgid "Unknown or missing protocol" msgstr "" -#: ../semanage/seobject.py:1256 +#: ../semanage/seobject.py:1266 msgid "SELinux node type is required" msgstr "" -#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327 +#: ../semanage/seobject.py:1269 ../semanage/seobject.py:1337 #, python-format msgid "Type %s is invalid, must be a node type" msgstr "" -#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331 -#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465 -#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561 -#: ../semanage/seobject.py:1759 +#: ../semanage/seobject.py:1273 ../semanage/seobject.py:1341 +#: ../semanage/seobject.py:1377 ../semanage/seobject.py:1475 +#: ../semanage/seobject.py:1537 ../semanage/seobject.py:1571 +#: ../semanage/seobject.py:1773 #, python-format msgid "Could not create key for %s" msgstr "" -#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335 -#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377 +#: ../semanage/seobject.py:1275 ../semanage/seobject.py:1345 +#: ../semanage/seobject.py:1381 ../semanage/seobject.py:1387 #, python-format msgid "Could not check if addr %s is defined" msgstr "" -#: ../semanage/seobject.py:1274 +#: ../semanage/seobject.py:1284 #, python-format msgid "Could not create addr for %s" msgstr "" -#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481 -#: ../semanage/seobject.py:1714 +#: ../semanage/seobject.py:1290 ../semanage/seobject.py:1491 +#: ../semanage/seobject.py:1728 #, python-format msgid "Could not create context for %s" msgstr "" -#: ../semanage/seobject.py:1284 +#: ../semanage/seobject.py:1294 #, python-format msgid "Could not set mask for %s" msgstr "" -#: ../semanage/seobject.py:1288 +#: ../semanage/seobject.py:1298 #, python-format msgid "Could not set user in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1292 +#: ../semanage/seobject.py:1302 #, python-format msgid "Could not set role in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1296 +#: ../semanage/seobject.py:1306 #, python-format msgid "Could not set type in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1301 +#: ../semanage/seobject.py:1311 #, python-format msgid "Could not set mls fields in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1305 +#: ../semanage/seobject.py:1315 #, python-format msgid "Could not set addr context for %s" msgstr "" -#: ../semanage/seobject.py:1309 +#: ../semanage/seobject.py:1319 #, python-format msgid "Could not add addr %s" msgstr "" -#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373 +#: ../semanage/seobject.py:1347 ../semanage/seobject.py:1383 #, python-format msgid "Addr %s is not defined" msgstr "" -#: ../semanage/seobject.py:1341 +#: ../semanage/seobject.py:1351 #, python-format msgid "Could not query addr %s" msgstr "" -#: ../semanage/seobject.py:1351 +#: ../semanage/seobject.py:1361 #, python-format msgid "Could not modify addr %s" msgstr "" -#: ../semanage/seobject.py:1379 +#: ../semanage/seobject.py:1389 #, python-format msgid "Addr %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1383 +#: ../semanage/seobject.py:1393 #, python-format msgid "Could not delete addr %s" msgstr "" -#: ../semanage/seobject.py:1395 +#: ../semanage/seobject.py:1405 msgid "Could not deleteall node mappings" msgstr "" -#: ../semanage/seobject.py:1409 +#: ../semanage/seobject.py:1419 msgid "Could not list addrs" msgstr "" -#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752 +#: ../semanage/seobject.py:1471 ../semanage/seobject.py:1766 msgid "SELinux Type is required" msgstr "" -#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531 -#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571 +#: ../semanage/seobject.py:1479 ../semanage/seobject.py:1541 +#: ../semanage/seobject.py:1575 ../semanage/seobject.py:1581 #, python-format msgid "Could not check if interface %s is defined" msgstr "" -#: ../semanage/seobject.py:1476 +#: ../semanage/seobject.py:1486 #, python-format msgid "Could not create interface for %s" msgstr "" -#: ../semanage/seobject.py:1485 +#: ../semanage/seobject.py:1495 #, python-format msgid "Could not set user in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1489 +#: ../semanage/seobject.py:1499 #, python-format msgid "Could not set role in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1493 +#: ../semanage/seobject.py:1503 #, python-format msgid "Could not set type in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1498 +#: ../semanage/seobject.py:1508 #, python-format msgid "Could not set mls fields in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1502 +#: ../semanage/seobject.py:1512 #, python-format msgid "Could not set interface context for %s" msgstr "" -#: ../semanage/seobject.py:1506 +#: ../semanage/seobject.py:1516 #, python-format msgid "Could not set message context for %s" msgstr "" -#: ../semanage/seobject.py:1510 +#: ../semanage/seobject.py:1520 #, python-format msgid "Could not add interface %s" msgstr "" -#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567 +#: ../semanage/seobject.py:1543 ../semanage/seobject.py:1577 #, python-format msgid "Interface %s is not defined" msgstr "" -#: ../semanage/seobject.py:1537 +#: ../semanage/seobject.py:1547 #, python-format msgid "Could not query interface %s" msgstr "" -#: ../semanage/seobject.py:1548 +#: ../semanage/seobject.py:1558 #, python-format msgid "Could not modify interface %s" msgstr "" -#: ../semanage/seobject.py:1573 +#: ../semanage/seobject.py:1583 #, python-format msgid "Interface %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1577 +#: ../semanage/seobject.py:1587 #, python-format msgid "Could not delete interface %s" msgstr "" -#: ../semanage/seobject.py:1589 +#: ../semanage/seobject.py:1599 msgid "Could not delete all interface mappings" msgstr "" -#: ../semanage/seobject.py:1603 +#: ../semanage/seobject.py:1613 msgid "Could not list interfaces" msgstr "" -#: ../semanage/seobject.py:1628 +#: ../semanage/seobject.py:1638 msgid "SELinux Interface" msgstr "" -#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1638 ../semanage/seobject.py:1988 msgid "Context" msgstr "" -#: ../semanage/seobject.py:1691 +#: ../semanage/seobject.py:1705 #, python-format msgid "Equivalence class for %s already exists" msgstr "" -#: ../semanage/seobject.py:1697 +#: ../semanage/seobject.py:1711 #, python-format msgid "File spec %s conflicts with equivalency rule '%s %s'" msgstr "" -#: ../semanage/seobject.py:1706 +#: ../semanage/seobject.py:1720 #, python-format msgid "Equivalence class for %s does not exists" msgstr "" -#: ../semanage/seobject.py:1720 +#: ../semanage/seobject.py:1734 #, python-format msgid "Could not set user in file context for %s" msgstr "" -#: ../semanage/seobject.py:1724 +#: ../semanage/seobject.py:1738 #, python-format msgid "Could not set role in file context for %s" msgstr "" -#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789 +#: ../semanage/seobject.py:1743 ../semanage/seobject.py:1803 #, python-format msgid "Could not set mls fields in file context for %s" msgstr "" -#: ../semanage/seobject.py:1735 +#: ../semanage/seobject.py:1749 msgid "Invalid file specification" msgstr "" -#: ../semanage/seobject.py:1737 +#: ../semanage/seobject.py:1751 msgid "File specification can not include spaces" msgstr "" -#: ../semanage/seobject.py:1742 +#: ../semanage/seobject.py:1756 #, python-format msgid "" "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" msgstr "" -#: ../semanage/seobject.py:1755 +#: ../semanage/seobject.py:1769 #, python-format msgid "Type %s is invalid, must be a file or device type" msgstr "" -#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768 -#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906 -#: ../semanage/seobject.py:1910 +#: ../semanage/seobject.py:1777 ../semanage/seobject.py:1782 +#: ../semanage/seobject.py:1838 ../semanage/seobject.py:1920 +#: ../semanage/seobject.py:1924 #, python-format msgid "Could not check if file context for %s is defined" msgstr "" -#: ../semanage/seobject.py:1776 +#: ../semanage/seobject.py:1790 #, python-format msgid "Could not create file context for %s" msgstr "" -#: ../semanage/seobject.py:1784 +#: ../semanage/seobject.py:1798 #, python-format msgid "Could not set type in file context for %s" msgstr "" -#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852 -#: ../semanage/seobject.py:1856 +#: ../semanage/seobject.py:1806 ../semanage/seobject.py:1866 +#: ../semanage/seobject.py:1870 #, python-format msgid "Could not set file context for %s" msgstr "" -#: ../semanage/seobject.py:1798 +#: ../semanage/seobject.py:1812 #, python-format msgid "Could not add file context for %s" msgstr "" -#: ../semanage/seobject.py:1812 +#: ../semanage/seobject.py:1826 msgid "Requires setype, serange or seuser" msgstr "" -#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914 +#: ../semanage/seobject.py:1842 ../semanage/seobject.py:1928 #, python-format msgid "File context for %s is not defined" msgstr "" -#: ../semanage/seobject.py:1834 +#: ../semanage/seobject.py:1848 #, python-format msgid "Could not query file context for %s" msgstr "" -#: ../semanage/seobject.py:1860 +#: ../semanage/seobject.py:1874 #, python-format msgid "Could not modify file context for %s" msgstr "" -#: ../semanage/seobject.py:1873 +#: ../semanage/seobject.py:1887 msgid "Could not list the file contexts" msgstr "" -#: ../semanage/seobject.py:1887 +#: ../semanage/seobject.py:1901 #, python-format msgid "Could not delete the file context %s" msgstr "" -#: ../semanage/seobject.py:1912 +#: ../semanage/seobject.py:1926 #, python-format msgid "File context for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1918 +#: ../semanage/seobject.py:1932 #, python-format msgid "Could not delete file context for %s" msgstr "" -#: ../semanage/seobject.py:1933 +#: ../semanage/seobject.py:1947 msgid "Could not list file contexts" msgstr "" -#: ../semanage/seobject.py:1937 +#: ../semanage/seobject.py:1951 msgid "Could not list local file contexts" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1988 msgid "SELinux fcontext" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1988 msgid "type" msgstr "" -#: ../semanage/seobject.py:1987 +#: ../semanage/seobject.py:2001 msgid "" "\n" "SELinux Distribution fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1992 +#: ../semanage/seobject.py:2006 msgid "" "\n" "SELinux Local fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079 -#: ../semanage/seobject.py:2085 +#: ../semanage/seobject.py:2036 +#, python-format +msgid "Value Required for %s" +msgstr "" + +#: ../semanage/seobject.py:2045 ../semanage/seobject.py:2096 +#: ../semanage/seobject.py:2102 #, python-format msgid "Could not check if boolean %s is defined" msgstr "" -#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081 +#: ../semanage/seobject.py:2047 ../semanage/seobject.py:2098 #, python-format msgid "Boolean %s is not defined" msgstr "" -#: ../semanage/seobject.py:2034 +#: ../semanage/seobject.py:2051 #, python-format msgid "Could not query file context %s" msgstr "" -#: ../semanage/seobject.py:2039 +#: ../semanage/seobject.py:2056 #, python-format msgid "You must specify one of the following values: %s" msgstr "" -#: ../semanage/seobject.py:2044 +#: ../semanage/seobject.py:2061 #, python-format msgid "Could not set active value of boolean %s" msgstr "" -#: ../semanage/seobject.py:2047 +#: ../semanage/seobject.py:2064 #, python-format msgid "Could not modify boolean %s" msgstr "" -#: ../semanage/seobject.py:2063 +#: ../semanage/seobject.py:2080 #, python-format msgid "Bad format %s: Record %s" msgstr "" -#: ../semanage/seobject.py:2087 +#: ../semanage/seobject.py:2104 #, python-format msgid "Boolean %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:2091 +#: ../semanage/seobject.py:2108 #, python-format msgid "Could not delete boolean %s" msgstr "" -#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120 +#: ../semanage/seobject.py:2120 ../semanage/seobject.py:2137 msgid "Could not list booleans" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2172 msgid "off" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2172 msgid "on" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2186 msgid "SELinux boolean" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2186 msgid "State" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2186 msgid "Default" msgstr "" -#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113 +#: ../semanage/seobject.py:2186 ../gui/polgen.glade:113 #: ../gui/polgengui.py:269 msgid "Description" msgstr "" @@ -988,206 +1001,226 @@ msgstr "" msgid "Unable to clear environment\n" msgstr "" -#: ../newrole/newrole.c:556 ../newrole/newrole.c:587 ../newrole/newrole.c:617 +#: ../newrole/newrole.c:554 ../newrole/newrole.c:585 ../newrole/newrole.c:616 #, c-format msgid "Error changing uid, aborting.\n" msgstr "" -#: ../newrole/newrole.c:612 +#: ../newrole/newrole.c:611 #, c-format msgid "Error resetting KEEPCAPS, aborting\n" msgstr "" -#: ../newrole/newrole.c:635 +#: ../newrole/newrole.c:634 #, c-format msgid "Error connecting to audit system.\n" msgstr "" -#: ../newrole/newrole.c:641 +#: ../newrole/newrole.c:640 #, c-format msgid "Error allocating memory.\n" msgstr "" -#: ../newrole/newrole.c:648 +#: ../newrole/newrole.c:647 #, c-format msgid "Error sending audit message.\n" msgstr "" -#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 +#: ../newrole/newrole.c:691 ../newrole/newrole.c:1063 #, c-format msgid "Could not determine enforcing mode.\n" msgstr "" -#: ../newrole/newrole.c:699 +#: ../newrole/newrole.c:698 #, c-format msgid "Error! Could not open %s.\n" msgstr "" -#: ../newrole/newrole.c:705 +#: ../newrole/newrole.c:704 +#, c-format +msgid "Error! Could not clear O_NONBLOCK on %s\n" +msgstr "" + +#: ../newrole/newrole.c:710 #, c-format msgid "%s! Could not get current context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:715 +#: ../newrole/newrole.c:720 #, c-format msgid "%s! Could not get new context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:725 +#: ../newrole/newrole.c:730 #, c-format msgid "%s! Could not set new context for %s\n" msgstr "" -#: ../newrole/newrole.c:772 +#: ../newrole/newrole.c:777 #, c-format msgid "%s changed labels.\n" msgstr "" -#: ../newrole/newrole.c:778 +#: ../newrole/newrole.c:783 #, c-format msgid "Warning! Could not restore context for %s\n" msgstr "" -#: ../newrole/newrole.c:835 +#: ../newrole/newrole.c:840 #, c-format msgid "Error: multiple roles specified\n" msgstr "" -#: ../newrole/newrole.c:843 +#: ../newrole/newrole.c:848 #, c-format msgid "Error: multiple types specified\n" msgstr "" -#: ../newrole/newrole.c:850 +#: ../newrole/newrole.c:855 #, c-format msgid "Sorry, -l may be used with SELinux MLS support.\n" msgstr "" -#: ../newrole/newrole.c:855 +#: ../newrole/newrole.c:860 #, c-format msgid "Error: multiple levels specified\n" msgstr "" -#: ../newrole/newrole.c:865 +#: ../newrole/newrole.c:870 #, c-format msgid "Error: you are not allowed to change levels on a non secure terminal \n" msgstr "" -#: ../newrole/newrole.c:891 +#: ../newrole/newrole.c:896 #, c-format msgid "Couldn't get default type.\n" msgstr "" -#: ../newrole/newrole.c:901 +#: ../newrole/newrole.c:906 #, c-format msgid "failed to get new context.\n" msgstr "" -#: ../newrole/newrole.c:908 +#: ../newrole/newrole.c:913 #, c-format msgid "failed to set new role %s\n" msgstr "" -#: ../newrole/newrole.c:915 +#: ../newrole/newrole.c:920 #, c-format msgid "failed to set new type %s\n" msgstr "" -#: ../newrole/newrole.c:925 +#: ../newrole/newrole.c:930 #, c-format msgid "failed to build new range with level %s\n" msgstr "" -#: ../newrole/newrole.c:930 +#: ../newrole/newrole.c:935 #, c-format msgid "failed to set new range %s\n" msgstr "" -#: ../newrole/newrole.c:938 +#: ../newrole/newrole.c:943 #, c-format msgid "failed to convert new context to string\n" msgstr "" -#: ../newrole/newrole.c:943 +#: ../newrole/newrole.c:948 #, c-format msgid "%s is not a valid context\n" msgstr "" -#: ../newrole/newrole.c:950 +#: ../newrole/newrole.c:955 #, c-format msgid "Unable to allocate memory for new_context" msgstr "" -#: ../newrole/newrole.c:976 +#: ../newrole/newrole.c:981 #, c-format msgid "Unable to obtain empty signal set\n" msgstr "" -#: ../newrole/newrole.c:984 +#: ../newrole/newrole.c:989 #, c-format msgid "Unable to set SIGHUP handler\n" msgstr "" -#: ../newrole/newrole.c:1036 +#: ../newrole/newrole.c:1041 msgid "Sorry, newrole failed to drop capabilities\n" msgstr "" -#: ../newrole/newrole.c:1052 +#: ../newrole/newrole.c:1057 #, c-format msgid "Sorry, newrole may be used only on a SELinux kernel.\n" msgstr "" -#: ../newrole/newrole.c:1069 +#: ../newrole/newrole.c:1074 #, c-format msgid "failed to get old_context.\n" msgstr "" -#: ../newrole/newrole.c:1076 +#: ../newrole/newrole.c:1081 #, c-format msgid "Warning! Could not retrieve tty information.\n" msgstr "" -#: ../newrole/newrole.c:1097 +#: ../newrole/newrole.c:1102 #, c-format msgid "error on reading PAM service configuration.\n" msgstr "" -#: ../newrole/newrole.c:1132 +#: ../newrole/newrole.c:1137 #, c-format msgid "newrole: incorrect password for %s\n" msgstr "" -#: ../newrole/newrole.c:1159 +#: ../newrole/newrole.c:1164 #, c-format msgid "newrole: failure forking: %s" msgstr "" -#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 +#: ../newrole/newrole.c:1167 ../newrole/newrole.c:1190 #, c-format msgid "Unable to restore tty label...\n" msgstr "" -#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 +#: ../newrole/newrole.c:1169 ../newrole/newrole.c:1196 #, c-format msgid "Failed to close tty properly\n" msgstr "" -#: ../newrole/newrole.c:1223 +#: ../newrole/newrole.c:1228 #, c-format msgid "Could not close descriptors.\n" msgstr "" -#: ../newrole/newrole.c:1250 +#: ../newrole/newrole.c:1263 #, c-format msgid "Error allocating shell's argv0.\n" msgstr "" -#: ../newrole/newrole.c:1286 +#: ../newrole/newrole.c:1285 +#, c-format +msgid "Failed to send audit message" +msgstr "" + +#: ../newrole/newrole.c:1293 +#, c-format +msgid "Failed to transition to namespace\n" +msgstr "" + +#: ../newrole/newrole.c:1299 +#, c-format +msgid "Failed to drop capabilities %m\n" +msgstr "" + +#: ../newrole/newrole.c:1304 #, c-format msgid "Unable to restore the environment, aborting\n" msgstr "" -#: ../newrole/newrole.c:1297 +#: ../newrole/newrole.c:1315 msgid "failed to exec shell\n" msgstr "" @@ -1414,7 +1447,7 @@ msgstr "" msgid "Applications" msgstr "" -#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171 +#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:130 msgid "Standard Init Daemon" msgstr "" @@ -1424,7 +1457,7 @@ msgid "" "requires a script in /etc/rc.d/init.d" msgstr "" -#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172 +#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:131 msgid "DBUS System Daemon" msgstr "" @@ -1436,7 +1469,7 @@ msgstr "" msgid "Internet Services Daemon are daemons started by xinetd" msgstr "" -#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174 +#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:133 msgid "Web Application/Script (CGI)" msgstr "" @@ -1445,7 +1478,7 @@ msgid "" "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" msgstr "" -#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176 +#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:135 msgid "User Application" msgstr "" @@ -1455,7 +1488,7 @@ msgid "" "started by a user" msgstr "" -#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175 +#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:134 msgid "Sandbox" msgstr "" @@ -2159,261 +2192,322 @@ msgstr "" msgid "SELinux user '%s' is required" msgstr "" -#: ../sepolicy/sepolicy.py:202 +#: ../sepolicy/sepolicy.py:183 +#, python-format +msgid "Interface %s does not exist." +msgstr "" + +#: ../sepolicy/sepolicy.py:267 msgid "Generate SELinux man pages" msgstr "" -#: ../sepolicy/sepolicy.py:205 +#: ../sepolicy/sepolicy.py:270 msgid "path in which the generated SELinux man pages will be stored" msgstr "" -#: ../sepolicy/sepolicy.py:207 +#: ../sepolicy/sepolicy.py:272 msgid "name of the OS for man pages" msgstr "" -#: ../sepolicy/sepolicy.py:209 +#: ../sepolicy/sepolicy.py:274 msgid "Generate HTML man pages structure for selected SELinux man page" msgstr "" -#: ../sepolicy/sepolicy.py:213 +#: ../sepolicy/sepolicy.py:276 +msgid "Alternate root directory, defaults to /" +msgstr "" + +#: ../sepolicy/sepolicy.py:280 msgid "All domains" msgstr "" -#: ../sepolicy/sepolicy.py:216 +#: ../sepolicy/sepolicy.py:283 msgid "Domain name(s) of man pages to be created" msgstr "" -#: ../sepolicy/sepolicy.py:221 +#: ../sepolicy/sepolicy.py:288 msgid "Query SELinux policy network information" msgstr "" -#: ../sepolicy/sepolicy.py:226 +#: ../sepolicy/sepolicy.py:293 msgid "list all SELinux port types" msgstr "" -#: ../sepolicy/sepolicy.py:229 +#: ../sepolicy/sepolicy.py:296 msgid "show SELinux type related to the port" msgstr "" -#: ../sepolicy/sepolicy.py:232 +#: ../sepolicy/sepolicy.py:299 msgid "Show ports defined for this SELinux type" msgstr "" -#: ../sepolicy/sepolicy.py:235 +#: ../sepolicy/sepolicy.py:302 msgid "show ports to which this domain can bind and/or connect" msgstr "" -#: ../sepolicy/sepolicy.py:250 +#: ../sepolicy/sepolicy.py:317 msgid "query SELinux policy to see if domains can communicate with each other" msgstr "" -#: ../sepolicy/sepolicy.py:253 +#: ../sepolicy/sepolicy.py:320 msgid "Source Domain" msgstr "" -#: ../sepolicy/sepolicy.py:256 +#: ../sepolicy/sepolicy.py:323 msgid "Target Domain" msgstr "" -#: ../sepolicy/sepolicy.py:276 +#: ../sepolicy/sepolicy.py:342 msgid "query SELinux Policy to see description of booleans" msgstr "" -#: ../sepolicy/sepolicy.py:280 +#: ../sepolicy/sepolicy.py:346 msgid "get all booleans descriptions" msgstr "" -#: ../sepolicy/sepolicy.py:282 +#: ../sepolicy/sepolicy.py:349 msgid "boolean to get description" msgstr "" -#: ../sepolicy/sepolicy.py:301 +#: ../sepolicy/sepolicy.py:359 msgid "" "query SELinux Policy to see how a source process domain can transition to " "the target process domain" msgstr "" -#: ../sepolicy/sepolicy.py:304 +#: ../sepolicy/sepolicy.py:362 msgid "source process domain" msgstr "" -#: ../sepolicy/sepolicy.py:307 +#: ../sepolicy/sepolicy.py:365 msgid "target process domain" msgstr "" -#: ../sepolicy/sepolicy.py:327 +#: ../sepolicy/sepolicy.py:408 +#, python-format +msgid "sepolicy generate: error: one of the arguments %s is required" +msgstr "" + +#: ../sepolicy/sepolicy.py:413 msgid "Command required for this type of policy" msgstr "" -#: ../sepolicy/sepolicy.py:347 +#: ../sepolicy/sepolicy.py:424 +msgid "" +"-t option can not be used with this option. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:429 +msgid "" +"-d option can not be used with this option. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:433 +msgid "" +"-a option can not be used with this option. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:452 msgid "List SELinux Policy interfaces" msgstr "" -#: ../sepolicy/sepolicy.py:362 +#: ../sepolicy/sepolicy.py:470 +msgid "Enter interface names, you wish to query" +msgstr "" + +#: ../sepolicy/sepolicy.py:479 msgid "Generate SELinux Policy module template" msgstr "" -#: ../sepolicy/sepolicy.py:365 +#: ../sepolicy/sepolicy.py:482 msgid "Enter domain type which you will be extending" msgstr "" -#: ../sepolicy/sepolicy.py:368 +#: ../sepolicy/sepolicy.py:485 msgid "Enter SELinux user(s) which will transition to this domain" msgstr "" -#: ../sepolicy/sepolicy.py:371 +#: ../sepolicy/sepolicy.py:488 msgid "Enter domain(s) that this confined admin will administrate" msgstr "" -#: ../sepolicy/sepolicy.py:374 +#: ../sepolicy/sepolicy.py:491 msgid "name of policy to generate" msgstr "" -#: ../sepolicy/sepolicy.py:378 +#: ../sepolicy/sepolicy.py:498 msgid "path in which the generated policy files will be stored" msgstr "" -#: ../sepolicy/sepolicy.py:380 -msgid "executable to confine" +#: ../sepolicy/sepolicy.py:500 +msgid "path to which the confined processes will need to write" +msgstr "" + +#: ../sepolicy/sepolicy.py:501 +msgid "Policy types which require a command" msgstr "" -#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387 -#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393 -#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399 -#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405 -#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411 -#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417 +#: ../sepolicy/sepolicy.py:505 ../sepolicy/sepolicy.py:508 +#: ../sepolicy/sepolicy.py:511 ../sepolicy/sepolicy.py:514 +#: ../sepolicy/sepolicy.py:517 ../sepolicy/sepolicy.py:523 +#: ../sepolicy/sepolicy.py:526 ../sepolicy/sepolicy.py:529 +#: ../sepolicy/sepolicy.py:535 ../sepolicy/sepolicy.py:538 +#: ../sepolicy/sepolicy.py:541 ../sepolicy/sepolicy.py:544 #, python-format -msgid "Generate Policy for %s" +msgid "Generate '%s' policy" msgstr "" -#: ../sepolicy/sepolicy.py:422 +#: ../sepolicy/sepolicy.py:532 +#, python-format +msgid "Generate '%s' policy " +msgstr "" + +#: ../sepolicy/sepolicy.py:546 +msgid "executable to confine" +msgstr "" + +#: ../sepolicy/sepolicy.py:551 msgid "commands" msgstr "" -#: ../sepolicy/sepolicy.py:425 +#: ../sepolicy/sepolicy.py:554 msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:48 +#: ../sepolicy/sepolicy/__init__.py:72 msgid "No SELinux Policy installed" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:54 +#: ../sepolicy/sepolicy/__init__.py:243 #, python-format msgid "Failed to read %s policy file" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:127 +#: ../sepolicy/sepolicy/__init__.py:302 msgid "unknown" msgstr "" -#: ../sepolicy/sepolicy/generate.py:173 +#: ../sepolicy/sepolicy/generate.py:132 msgid "Internet Services Daemon" msgstr "" -#: ../sepolicy/sepolicy/generate.py:177 +#: ../sepolicy/sepolicy/generate.py:136 msgid "Existing Domain Type" msgstr "" -#: ../sepolicy/sepolicy/generate.py:178 +#: ../sepolicy/sepolicy/generate.py:137 msgid "Minimal Terminal Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:179 +#: ../sepolicy/sepolicy/generate.py:138 msgid "Minimal X Windows Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:180 +#: ../sepolicy/sepolicy/generate.py:139 msgid "Desktop Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:181 +#: ../sepolicy/sepolicy/generate.py:140 msgid "Administrator Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:182 +#: ../sepolicy/sepolicy/generate.py:141 msgid "Confined Root Administrator Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:187 +#: ../sepolicy/sepolicy/generate.py:142 +msgid "Module information for a new type" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:147 msgid "Valid Types:\n" msgstr "" -#: ../sepolicy/sepolicy/generate.py:221 +#: ../sepolicy/sepolicy/generate.py:181 #, python-format msgid "Ports must be numbers or ranges of numbers from 1 to %d " msgstr "" -#: ../sepolicy/sepolicy/generate.py:231 +#: ../sepolicy/sepolicy/generate.py:192 msgid "You must enter a valid policy type" msgstr "" -#: ../sepolicy/sepolicy/generate.py:234 +#: ../sepolicy/sepolicy/generate.py:195 #, python-format msgid "You must enter a name for your policy module for your %s." msgstr "" -#: ../sepolicy/sepolicy/generate.py:355 +#: ../sepolicy/sepolicy/generate.py:327 msgid "" "Name must be alpha numberic with no spaces. Consider using option \"-n " "MODULENAME\"" msgstr "" -#: ../sepolicy/sepolicy/generate.py:447 +#: ../sepolicy/sepolicy/generate.py:419 msgid "User Role types can not be assigned executables." msgstr "" -#: ../sepolicy/sepolicy/generate.py:453 +#: ../sepolicy/sepolicy/generate.py:425 msgid "Only Daemon apps can use an init script.." msgstr "" -#: ../sepolicy/sepolicy/generate.py:471 +#: ../sepolicy/sepolicy/generate.py:443 msgid "use_resolve must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:477 +#: ../sepolicy/sepolicy/generate.py:449 msgid "use_syslog must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:483 +#: ../sepolicy/sepolicy/generate.py:455 msgid "use_kerberos must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:489 +#: ../sepolicy/sepolicy/generate.py:461 msgid "manage_krb5_rcache must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:519 +#: ../sepolicy/sepolicy/generate.py:491 msgid "USER Types automatically get a tmp type" msgstr "" -#: ../sepolicy/sepolicy/generate.py:857 +#: ../sepolicy/sepolicy/generate.py:832 #, python-format msgid "%s policy modules require existing domains" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1059 +#: ../sepolicy/sepolicy/generate.py:857 +msgid "Type field required" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:869 +#, python-format +msgid "" +"You need to define a new type which ends with: \n" +" %s" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:1088 msgid "You must enter the executable path for your confined process" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1321 +#: ../sepolicy/sepolicy/generate.py:1351 msgid "Type Enforcement file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1322 +#: ../sepolicy/sepolicy/generate.py:1352 msgid "Interface file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1323 +#: ../sepolicy/sepolicy/generate.py:1353 msgid "File Contexts file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1324 +#: ../sepolicy/sepolicy/generate.py:1354 msgid "Spec file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1325 +#: ../sepolicy/sepolicy/generate.py:1355 msgid "Setup Script" msgstr "" @@ -2428,11 +2522,11 @@ msgid "" msgstr "" #: booleans.py:3 -msgid "Allow amavis to use JIT compiler" +msgid "Allow antivirus programs to read non security files on a system" msgstr "" #: booleans.py:4 -msgid "Allow antivirus programs to read non security files on a system" +msgid "Determine whether can antivirus programs use JIT compiler." msgstr "" #: booleans.py:5 @@ -2454,50 +2548,54 @@ msgid "Allow users to login using a yubikey server" msgstr "" #: booleans.py:9 -msgid "Allow awstats to purge Apache logs" +msgid "Determine whether awstats can purge httpd log files." msgstr "" #: booleans.py:10 msgid "" -"Allow cdrecord to read various content. nfs, samba, removable devices, user " -"temp and untrusted content files" +"Determine whether cdrecord can read various content. nfs, samba, removable " +"devices, user temp and untrusted content files" msgstr "" #: booleans.py:11 -msgid "Allow clamd to use JIT compiler" +msgid "" +"Allow cluster administrative domains to connect to the network using TCP." msgstr "" #: booleans.py:12 -msgid "Allow clamscan to non security files on a system" +msgid "Allow cluster administrative domains to manage all files on a system." msgstr "" #: booleans.py:13 -msgid "Allow clamscan to read user content" +msgid "" +"Allow cluster administrative cluster domains memcheck-amd64- to use " +"executable memory" msgstr "" #: booleans.py:14 msgid "" -"Allow Cobbler to modify public files used for public file transfer services." +"Determine whether Cobbler can modify public files used for public file " +"transfer services." msgstr "" #: booleans.py:15 -msgid "Allow Cobbler to connect to the network using TCP." +msgid "Determine whether Cobbler can connect to the network using TCP." msgstr "" #: booleans.py:16 -msgid "Allow Cobbler to access cifs file systems." +msgid "Determine whether Cobbler can access cifs file systems." msgstr "" #: booleans.py:17 -msgid "Allow Cobbler to access nfs file systems." +msgid "Determine whether Cobbler can access nfs file systems." msgstr "" #: booleans.py:18 -msgid "Allow collectd to connect to the network using TCP." +msgid "Determine whether collectd can connect to the network using TCP." msgstr "" #: booleans.py:19 -msgid "Allow codnor domain to connect to the network using TCP." +msgid "Determine whether Condor can connect to the network using TCP." msgstr "" #: booleans.py:20 @@ -2506,7 +2604,7 @@ msgid "" msgstr "" #: booleans.py:21 -msgid "Allow cvs daemon to read shadow" +msgid "Determine whether cvs can read shadow password files." msgstr "" #: booleans.py:22 @@ -2522,951 +2620,1000 @@ msgid "Allow all daemons the ability to read/write terminals" msgstr "" #: booleans.py:25 -msgid "Allow dan to manage user files" +msgid "Determine whether dbadm can manage generic user files." msgstr "" #: booleans.py:26 -msgid "Allow dan to read user files" +msgid "Determine whether dbadm can read generic user files." msgstr "" #: booleans.py:27 -msgid "Allow dbadm to manage files in users home directories" +msgid "" +"Deny user domains applications to map a memory region as both executable and " +"writable, this is dangerous and the executable should be reported in bugzilla" msgstr "" #: booleans.py:28 -msgid "Allow dbadm to read files in users home directories" +msgid "Deny any process from ptracing or debugging any other processes." msgstr "" #: booleans.py:29 -msgid "" -"Deny user domains applications to map a memory region as both executable and " -"writable, this is dangerous and the executable should be reported in bugzilla" +msgid "Allow dhcpc client applications to execute iptables commands" msgstr "" #: booleans.py:30 -msgid "Allow sysadm to debug or ptrace all processes." +msgid "Determine whether DHCP daemon can use LDAP backends." msgstr "" #: booleans.py:31 -msgid "Allow dhcpc client applications to execute iptables commands" +msgid "Allow all domains to use other domains file descriptors" msgstr "" #: booleans.py:32 -msgid "Allow DHCP daemon to use LDAP backends" +msgid "Allow all domains to have the kernel load modules" msgstr "" #: booleans.py:33 -msgid "Allow all domains to use other domains file descriptors" +msgid "" +"Determine whether entropyd can use audio devices as the source for the " +"entropy feeds." msgstr "" #: booleans.py:34 -msgid "Allow all domains to have the kernel load modules" +msgid "Determine whether exim can connect to databases." msgstr "" #: booleans.py:35 -msgid "Allow the use of the audio devices as the source for the entropy feeds" +msgid "" +"Determine whether exim can create, read, write, and delete generic user " +"content files." msgstr "" #: booleans.py:36 -msgid "Allow exim to connect to databases (postgres, mysql)" +msgid "Determine whether exim can read generic user content files." msgstr "" #: booleans.py:37 -msgid "Allow exim to create, read, write, and delete unprivileged user files." +msgid "Enable extra rules in the cron domain to support fcron." msgstr "" #: booleans.py:38 -msgid "Allow exim to read unprivileged user files." +msgid "Determine whether fenced can connect to the TCP network." msgstr "" #: booleans.py:39 -msgid "Enable extra rules in the cron domain to support fcron." +msgid "Determine whether fenced can use ssh." msgstr "" #: booleans.py:40 -msgid "Allow fenced domain to connect to the network using TCP." +msgid "Allow all domains to execute in fips_mode" msgstr "" #: booleans.py:41 -msgid "Allow fenced domain to execute ssh." +msgid "" +"Determine whether ftpd can read and write files in user home directories." msgstr "" #: booleans.py:42 -msgid "Allow all domains to execute in fips_mode" +msgid "" +"Determine whether ftpd can modify public files used for public file transfer " +"services. Directories/Files must be labeled public_content_rw_t." msgstr "" #: booleans.py:43 -msgid "Allow ftp to read and write files in the user home directories" +msgid "Determine whether ftpd can connect to all unreserved ports." msgstr "" #: booleans.py:44 -msgid "" -"Allow ftp servers to upload files, used for public file transfer services. " -"Directories must be labeled public_content_rw_t." +msgid "Determine whether ftpd can connect to databases over the TCP network." msgstr "" #: booleans.py:45 -msgid "Allow ftp servers to connect to all ports > 1023" +msgid "" +"Determine whether ftpd can login to local users and can read and write all " +"files on the system, governed by DAC." msgstr "" #: booleans.py:46 -msgid "Allow ftp servers to connect to mysql database ports" +msgid "" +"Determine whether ftpd can use CIFS used for public file transfer services." msgstr "" -#: booleans.py:47 -msgid "" -"Allow ftp servers to login to local users and read/write all files on the " -"system, governed by DAC." +#: booleans.py:47 booleans.py:166 +msgid "Allow samba to export ntfs/fusefs volumes." msgstr "" #: booleans.py:48 -msgid "Allow ftp servers to use cifs used for public file transfer services." +msgid "" +"Determine whether ftpd can use NFS used for public file transfer services." msgstr "" #: booleans.py:49 -msgid "Allow ftp servers to use nfs used for public file transfer services." +msgid "" +"Determine whether ftpd can bind to all unreserved ports for passive mode." msgstr "" #: booleans.py:50 -msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" -msgstr "" - -#: booleans.py:51 msgid "Determine whether Git CGI can search home directories." msgstr "" -#: booleans.py:52 +#: booleans.py:51 msgid "Determine whether Git CGI can access cifs file systems." msgstr "" -#: booleans.py:53 +#: booleans.py:52 msgid "Determine whether Git CGI can access nfs file systems." msgstr "" -#: booleans.py:54 +#: booleans.py:53 msgid "" "Determine whether Git session daemon can bind TCP sockets to all unreserved " "ports." msgstr "" -#: booleans.py:55 +#: booleans.py:54 msgid "" "Determine whether calling user domains can execute Git daemon in the " "git_session_t domain." msgstr "" -#: booleans.py:56 +#: booleans.py:55 msgid "Determine whether Git system daemon can search home directories." msgstr "" -#: booleans.py:57 +#: booleans.py:56 msgid "Determine whether Git system daemon can access cifs file systems." msgstr "" -#: booleans.py:58 +#: booleans.py:57 msgid "Determine whether Git system daemon can access nfs file systems." msgstr "" +#: booleans.py:58 +msgid "Determine whether Gitosis can send mail." +msgstr "" + #: booleans.py:59 -msgid "Allow gitisis daemon to send mail" +msgid "Enable reading of urandom for all domains." msgstr "" #: booleans.py:60 -msgid "Enable reading of urandom for all domains." +msgid "" +"Allow glusterfsd to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." msgstr "" #: booleans.py:61 +msgid "Allow glusterfsd to share any file/directory read only." +msgstr "" + +#: booleans.py:62 +msgid "Allow glusterfsd to share any file/directory read/write." +msgstr "" + +#: booleans.py:63 msgid "" "Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" "agent to manage user files." msgstr "" -#: booleans.py:62 +#: booleans.py:64 msgid "" "Allow gpg web domain to modify public files used for public file transfer " "services." msgstr "" -#: booleans.py:63 +#: booleans.py:65 msgid "Allow gssd to read temp directory. For access to kerberos tgt." msgstr "" -#: booleans.py:64 +#: booleans.py:66 msgid "Allow guest to exec content" msgstr "" -#: booleans.py:65 +#: booleans.py:67 msgid "" "Allow Apache to modify public files used for public file transfer services. " "Directories/Files must be labeled public_content_rw_t." msgstr "" -#: booleans.py:66 +#: booleans.py:68 msgid "Allow httpd to use built in scripting (usually php)" msgstr "" -#: booleans.py:67 +#: booleans.py:69 msgid "Allow http daemon to check spam" msgstr "" -#: booleans.py:68 +#: booleans.py:70 msgid "" "Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " "ports" msgstr "" -#: booleans.py:69 +#: booleans.py:71 msgid "Allow httpd to connect to the ldap port" msgstr "" -#: booleans.py:70 +#: booleans.py:72 msgid "Allow http daemon to connect to zabbix" msgstr "" -#: booleans.py:71 +#: booleans.py:73 msgid "Allow HTTPD scripts and modules to connect to the network using TCP." msgstr "" -#: booleans.py:72 +#: booleans.py:74 msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." msgstr "" -#: booleans.py:73 +#: booleans.py:75 msgid "" "Allow HTTPD scripts and modules to connect to databases over the network." msgstr "" -#: booleans.py:74 +#: booleans.py:76 msgid "Allow httpd to connect to memcache server" msgstr "" -#: booleans.py:75 +#: booleans.py:77 msgid "Allow httpd to act as a relay" msgstr "" -#: booleans.py:76 +#: booleans.py:78 msgid "Allow http daemon to send mail" msgstr "" -#: booleans.py:77 +#: booleans.py:79 msgid "Allow Apache to communicate with avahi service via dbus" msgstr "" -#: booleans.py:78 +#: booleans.py:80 msgid "Allow httpd cgi support" msgstr "" -#: booleans.py:79 +#: booleans.py:81 msgid "Allow httpd to act as a FTP server by listening on the ftp port." msgstr "" -#: booleans.py:80 +#: booleans.py:82 msgid "Allow httpd to read home directories" msgstr "" -#: booleans.py:81 +#: booleans.py:83 msgid "Allow httpd scripts and modules execmem/execstack" msgstr "" -#: booleans.py:82 +#: booleans.py:84 msgid "Allow HTTPD to connect to port 80 for graceful shutdown" msgstr "" -#: booleans.py:83 +#: booleans.py:85 msgid "Allow httpd processes to manage IPA content" msgstr "" -#: booleans.py:84 +#: booleans.py:86 msgid "Allow Apache to use mod_auth_ntlm_winbind" msgstr "" -#: booleans.py:85 +#: booleans.py:87 msgid "Allow Apache to use mod_auth_pam" msgstr "" -#: booleans.py:86 +#: booleans.py:88 msgid "Allow httpd to read user content" msgstr "" -#: booleans.py:87 +#: booleans.py:89 msgid "Allow Apache to run in stickshift mode, not transition to passenger" msgstr "" -#: booleans.py:88 +#: booleans.py:90 +msgid "Allow HTTPD scripts and modules to server cobbler files." +msgstr "" + +#: booleans.py:91 msgid "Allow httpd daemon to change its resource limits" msgstr "" -#: booleans.py:89 +#: booleans.py:92 msgid "" "Allow HTTPD to run SSI executables in the same domain as system CGI scripts." msgstr "" -#: booleans.py:90 +#: booleans.py:93 msgid "" "Allow apache scripts to write to public content, directories/files must be " "labeled public_rw_content_t." msgstr "" -#: booleans.py:91 +#: booleans.py:94 msgid "Allow Apache to execute tmp content." msgstr "" -#: booleans.py:92 +#: booleans.py:95 msgid "" "Unify HTTPD to communicate with the terminal. Needed for entering the " "passphrase for certificates at the terminal." msgstr "" -#: booleans.py:93 +#: booleans.py:96 msgid "Unify HTTPD handling of all content files." msgstr "" -#: booleans.py:94 +#: booleans.py:97 msgid "Allow httpd to access cifs file systems" msgstr "" -#: booleans.py:95 +#: booleans.py:98 msgid "Allow httpd to access FUSE file systems" msgstr "" -#: booleans.py:96 +#: booleans.py:99 msgid "Allow httpd to run gpg" msgstr "" -#: booleans.py:97 +#: booleans.py:100 msgid "Allow httpd to access nfs file systems" msgstr "" -#: booleans.py:98 +#: booleans.py:101 msgid "Allow httpd to communicate with oddjob to start up a service" msgstr "" -#: booleans.py:99 +#: booleans.py:102 msgid "Allow httpd to access openstack ports" msgstr "" -#: booleans.py:100 +#: booleans.py:103 msgid "Allow Apache to query NS records" msgstr "" -#: booleans.py:101 -msgid "Allow icecast to connect to all ports, not just sound ports." +#: booleans.py:104 +msgid "Determine whether icecast can listen on and connect to any TCP port." msgstr "" -#: booleans.py:102 +#: booleans.py:105 +msgid "" +"Determine whether irc clients can listen on and connect to any unreserved " +"TCP ports." +msgstr "" + +#: booleans.py:106 msgid "" "Allow the Irssi IRC Client to connect to any port, and to bind to any " "unreserved port." msgstr "" -#: booleans.py:103 +#: booleans.py:107 msgid "Allow confined applications to run with kerberos." msgstr "" -#: booleans.py:104 -msgid "Allow syslogd daemon to send mail" +#: booleans.py:108 +msgid "Allow ksmtuned to use cifs/Samba file systems" msgstr "" -#: booleans.py:105 -msgid "Allow syslogd the ability to read/write terminals" +#: booleans.py:109 +msgid "Allow ksmtuned to use nfs file systems" msgstr "" -#: booleans.py:106 +#: booleans.py:110 +msgid "Allow syslogd daemon to send mail" +msgstr "" + +#: booleans.py:111 +msgid "Allow syslogd the ability to read/write terminals" +msgstr "" + +#: booleans.py:112 msgid "Allow logging in and using the system from /dev/console." msgstr "" -#: booleans.py:107 +#: booleans.py:113 +msgid "Allow mailman to access FUSE file systems" +msgstr "" + +#: booleans.py:114 +msgid "Determine whether mcelog supports client mode." +msgstr "" + +#: booleans.py:115 +msgid "Determine whether mcelog can execute scripts." +msgstr "" + +#: booleans.py:116 +msgid "Determine whether mcelog can use all the user ttys." +msgstr "" + +#: booleans.py:117 +msgid "Determine whether mcelog supports server mode." +msgstr "" + +#: booleans.py:118 msgid "" "Control the ability to mmap a low area of the address space, as configured " "by /proc/sys/kernel/mmap_min_addr." msgstr "" -#: booleans.py:108 +#: booleans.py:119 msgid "Allow mock to read files in home directories." msgstr "" -#: booleans.py:109 +#: booleans.py:120 msgid "Allow the mount command to mount any directory or file." msgstr "" -#: booleans.py:110 +#: booleans.py:121 msgid "Allow mozilla plugin domain to connect to the network using TCP." msgstr "" -#: booleans.py:111 -msgid "" -"Allow mozilla_plugins to create random content in the users home directory" +#: booleans.py:122 +msgid "Allow confined web browsers to read home directory content" msgstr "" -#: booleans.py:112 -msgid "Allow confined web browsers to read home directory content" +#: booleans.py:123 +msgid "Determine whether mpd can traverse user home directories." msgstr "" -#: booleans.py:113 -msgid "Allow mplayer executable stack" +#: booleans.py:124 +msgid "Determine whether mpd can use cifs file systems." msgstr "" -#: booleans.py:114 +#: booleans.py:125 +msgid "Determine whether mpd can use nfs file systems." +msgstr "" + +#: booleans.py:126 +msgid "Determine whether mplayer can make its stack executable." +msgstr "" + +#: booleans.py:127 msgid "Allow mysqld to connect to all ports" msgstr "" -#: booleans.py:115 -msgid "Allow BIND to bind apache port." +#: booleans.py:128 +msgid "Determine whether Bind can bind tcp socket to http ports." msgstr "" -#: booleans.py:116 +#: booleans.py:129 msgid "" -"Allow BIND to write the master zone files. Generally this is used for " -"dynamic DNS or zone transfers." +"Determine whether Bind can write to master zone files. Generally this is " +"used for dynamic DNS or zone transfers." msgstr "" -#: booleans.py:117 +#: booleans.py:130 msgid "Allow any files/directories to be exported read/only via NFS." msgstr "" -#: booleans.py:118 +#: booleans.py:131 msgid "Allow any files/directories to be exported read/write via NFS." msgstr "" -#: booleans.py:119 +#: booleans.py:132 msgid "" "Allow nfs servers to modify public files used for public file transfer " "services. Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:120 +#: booleans.py:133 msgid "Allow system to run with NIS" msgstr "" -#: booleans.py:121 +#: booleans.py:134 msgid "Allow confined applications to use nscd shared memory." msgstr "" -#: booleans.py:122 +#: booleans.py:135 msgid "Allow openshift to lockdown app" msgstr "" -#: booleans.py:123 -msgid "Allow openvpn to read home directories" +#: booleans.py:136 +msgid "Determine whether openvpn can read generic user home content files." msgstr "" -#: booleans.py:124 +#: booleans.py:137 msgid "Allow piranha-lvs domain to connect to the network using TCP." msgstr "" -#: booleans.py:125 +#: booleans.py:138 msgid "Allow polipo to connect to all ports > 1023" msgstr "" -#: booleans.py:126 +#: booleans.py:139 msgid "" "Determine whether Polipo session daemon can bind tcp sockets to all " "unreserved ports." msgstr "" -#: booleans.py:127 +#: booleans.py:140 msgid "" "Determine whether calling user domains can execute Polipo daemon in the " "polipo_session_t domain." msgstr "" -#: booleans.py:128 +#: booleans.py:141 msgid "Determine whether polipo can access cifs file systems." msgstr "" -#: booleans.py:129 +#: booleans.py:142 msgid "Determine whether Polipo can access nfs file systems." msgstr "" -#: booleans.py:130 +#: booleans.py:143 msgid "Enable polyinstantiated directory support." msgstr "" -#: booleans.py:131 +#: booleans.py:144 msgid "Allow postfix_local domain full write access to mail_spool directories" msgstr "" -#: booleans.py:132 +#: booleans.py:145 msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" msgstr "" -#: booleans.py:133 +#: booleans.py:146 msgid "Allow transmit client label to foreign database" msgstr "" -#: booleans.py:134 +#: booleans.py:147 msgid "Allow database admins to execute DML statement" msgstr "" -#: booleans.py:135 +#: booleans.py:148 msgid "Allow unprivileged users to execute DDL statement" msgstr "" -#: booleans.py:136 +#: booleans.py:149 msgid "Allow pppd to load kernel modules for certain modems" msgstr "" -#: booleans.py:137 +#: booleans.py:150 msgid "Allow pppd to be run for a regular user" msgstr "" -#: booleans.py:138 -msgid "" -"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: booleans.py:151 +msgid "Determine whether privoxy can connect to all tcp ports." msgstr "" -#: booleans.py:139 +#: booleans.py:152 msgid "Allow Puppet client to manage all file types." msgstr "" -#: booleans.py:140 +#: booleans.py:153 msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" msgstr "" -#: booleans.py:141 +#: booleans.py:154 msgid "Allow racoon to read shadow" msgstr "" -#: booleans.py:142 -msgid "Allow rgmanager domain to connect to the network using TCP." -msgstr "" - -#: booleans.py:143 +#: booleans.py:155 msgid "" "Allow rsync to modify public files used for public file transfer services. " "Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:144 +#: booleans.py:156 msgid "Allow rsync to run as a client" msgstr "" -#: booleans.py:145 +#: booleans.py:157 msgid "Allow rsync to export any files/directories read only." msgstr "" -#: booleans.py:146 -msgid "Allow rsync servers to share cifs files systems" -msgstr "" - -#: booleans.py:147 -msgid "Allow rsync servers to share nfs files systems" +#: booleans.py:158 +msgid "Allow rsync server to manage all files/directories on the system." msgstr "" -#: booleans.py:148 +#: booleans.py:159 msgid "Allow samba to create new home directories (e.g. via PAM)" msgstr "" -#: booleans.py:149 +#: booleans.py:160 msgid "" "Allow samba to act as the domain controller, add users, groups and change " "passwords." msgstr "" -#: booleans.py:150 +#: booleans.py:161 msgid "Allow samba to share users home directories." msgstr "" -#: booleans.py:151 +#: booleans.py:162 msgid "Allow samba to share any file/directory read only." msgstr "" -#: booleans.py:152 +#: booleans.py:163 msgid "Allow samba to share any file/directory read/write." msgstr "" -#: booleans.py:153 +#: booleans.py:164 msgid "Allow samba to act as a portmapper" msgstr "" -#: booleans.py:154 +#: booleans.py:165 msgid "Allow samba to run unconfined scripts" msgstr "" -#: booleans.py:155 -msgid "Allow samba to export ntfs/fusefs volumes." -msgstr "" - -#: booleans.py:156 +#: booleans.py:167 msgid "Allow samba to export NFS volumes." msgstr "" -#: booleans.py:157 +#: booleans.py:168 msgid "Allow sanlock to read/write fuse files" msgstr "" -#: booleans.py:158 +#: booleans.py:169 msgid "Allow sanlock to manage nfs files" msgstr "" -#: booleans.py:159 +#: booleans.py:170 msgid "Allow sanlock to manage cifs files" msgstr "" -#: booleans.py:160 +#: booleans.py:171 msgid "Allow sasl to read shadow" msgstr "" -#: booleans.py:161 +#: booleans.py:172 msgid "Allow secadm to exec content" msgstr "" -#: booleans.py:162 +#: booleans.py:173 msgid "" "disallow programs, such as newrole, from transitioning to administrative " "user domains." msgstr "" -#: booleans.py:163 +#: booleans.py:174 msgid "Disable kernel module loading." msgstr "" -#: booleans.py:164 +#: booleans.py:175 msgid "" "Boolean to determine whether the system permits loading policy, setting " "enforcing mode, and changing boolean values. Set this to true and you have " "to reboot to set it back." msgstr "" -#: booleans.py:165 +#: booleans.py:176 msgid "Allow regular users direct dri device access" msgstr "" -#: booleans.py:166 +#: booleans.py:177 msgid "" "Allow unconfined executables to make their heap memory executable. Doing " "this is a really bad idea. Probably indicates a badly coded executable, but " "could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: booleans.py:167 +#: booleans.py:178 msgid "" "Allow all unconfined executables to use libraries requiring text relocation " "that are not labeled textrel_shlib_t" msgstr "" -#: booleans.py:168 +#: booleans.py:179 msgid "" "Allow unconfined executables to make their stack executable. This should " "never, ever be necessary. Probably indicates a badly coded executable, but " "could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: booleans.py:169 +#: booleans.py:180 msgid "Allow users to connect to the local mysql server" msgstr "" -#: booleans.py:170 +#: booleans.py:181 msgid "" "Allow confined users the ability to execute the ping and traceroute commands." msgstr "" -#: booleans.py:171 +#: booleans.py:182 msgid "Allow users to connect to PostgreSQL" msgstr "" -#: booleans.py:172 +#: booleans.py:183 msgid "" "Allow user to r/w files on filesystems that do not have extended attributes " "(FAT, CDROM, FLOPPY)" msgstr "" -#: booleans.py:173 +#: booleans.py:184 +msgid "Allow user music sharing" +msgstr "" + +#: booleans.py:185 msgid "" "Allow users to run TCP servers (bind to ports and accept connection from the " "same domain and outside users) disabling this forces FTP passive mode and " "may change other protocols." msgstr "" -#: booleans.py:174 +#: booleans.py:186 msgid "Allow user to use ssh chroot environment." msgstr "" -#: booleans.py:175 -msgid "Allow user music sharing" -msgstr "" - -#: booleans.py:176 +#: booleans.py:187 msgid "" -"Allow anon internal-sftp to upload files, used for public file transfer " -"services. Directories must be labeled public_content_rw_t." +"Determine whether sftpd can modify public files used for public file " +"transfer services. Directories/Files must be labeled public_content_rw_t." msgstr "" -#: booleans.py:177 +#: booleans.py:188 msgid "" -"Allow sftp-internal to read and write files in the user home directories" +"Determine whether sftpd-can read and write files in user home directories." msgstr "" -#: booleans.py:178 +#: booleans.py:189 msgid "" -"Allow sftp-internal to login to local users and read/write all files on the " -"system, governed by DAC." +"Determine whether sftpd-can login to local users and read and write all " +"files on the system, governed by DAC." msgstr "" -#: booleans.py:179 +#: booleans.py:190 msgid "" -"Allow internal-sftp to read and write files in the user ssh home directories." +"Determine whether sftpd can read and write files in user ssh home " +"directories." msgstr "" -#: booleans.py:180 +#: booleans.py:191 msgid "Allow sge to connect to the network using any TCP port" msgstr "" -#: booleans.py:181 +#: booleans.py:192 msgid "Allow sge to access nfs file systems." msgstr "" -#: booleans.py:182 -msgid "" -"Enable additional permissions needed to support devices on 3ware controllers." +#: booleans.py:193 +msgid "Determine whether smartmon can support devices on 3ware controllers." msgstr "" -#: booleans.py:183 +#: booleans.py:194 msgid "" "Allow samba to modify public files used for public file transfer services. " "Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:184 +#: booleans.py:195 msgid "Allow user spamassassin clients to use the network." msgstr "" -#: booleans.py:185 +#: booleans.py:196 msgid "Allow spamd to read/write user home directories." msgstr "" -#: booleans.py:186 -msgid "" -"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: booleans.py:197 +msgid "Determine whether squid can connect to all TCP ports." msgstr "" -#: booleans.py:187 -msgid "Allow squid to run as a transparent proxy (TPROXY)" +#: booleans.py:198 +msgid "Determine whether squid can run as a transparent proxy." msgstr "" -#: booleans.py:188 +#: booleans.py:199 msgid "" "Allow ssh with chroot env to read and write files in the user home " "directories" msgstr "" -#: booleans.py:189 +#: booleans.py:200 msgid "allow host key based authentication" msgstr "" -#: booleans.py:190 +#: booleans.py:201 msgid "Allow ssh logins as sysadm_r:sysadm_t" msgstr "" -#: booleans.py:191 +#: booleans.py:202 msgid "Allow staff to exec content" msgstr "" -#: booleans.py:192 +#: booleans.py:203 msgid "allow staff user to create and transition to svirt domains." msgstr "" -#: booleans.py:193 +#: booleans.py:204 msgid "Allow sysadm to exec content" msgstr "" -#: booleans.py:194 +#: booleans.py:205 msgid "Allow the Telepathy connection managers to connect to any network port." msgstr "" -#: booleans.py:195 +#: booleans.py:206 msgid "" "Allow the Telepathy connection managers to connect to any generic TCP port." msgstr "" -#: booleans.py:196 +#: booleans.py:207 msgid "" "Allow tftp to modify public files used for public file transfer services." msgstr "" -#: booleans.py:197 +#: booleans.py:208 msgid "Allow tftp to read and write files in the user home directories" msgstr "" -#: booleans.py:198 -msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." +#: booleans.py:209 +msgid "Determine whether tor can bind tcp sockets to all unreserved ports." msgstr "" -#: booleans.py:199 +#: booleans.py:210 msgid "Allow tor to act as a relay" msgstr "" -#: booleans.py:200 +#: booleans.py:211 msgid "" "allow unconfined users to transition to the chrome sandbox domains when " "running chrome-sandbox" msgstr "" -#: booleans.py:201 +#: booleans.py:212 msgid "Allow a user to login as an unconfined domain" msgstr "" -#: booleans.py:202 +#: booleans.py:213 msgid "" "Allow unconfined users to transition to the Mozilla plugin domain when " "running xulrunner plugin-container." msgstr "" -#: booleans.py:203 +#: booleans.py:214 msgid "Allow video playing tools to run unconfined" msgstr "" -#: booleans.py:204 +#: booleans.py:215 msgid "Allow unprivledged user to create and transition to svirt domains." msgstr "" -#: booleans.py:205 +#: booleans.py:216 msgid "Support ecryptfs home directories" msgstr "" -#: booleans.py:206 +#: booleans.py:217 msgid "Support fusefs home directories" msgstr "" -#: booleans.py:207 -msgid "Use lpd server instead of cups" +#: booleans.py:218 +msgid "Determine whether to support lpd server." msgstr "" -#: booleans.py:208 +#: booleans.py:219 msgid "Support NFS home directories" msgstr "" -#: booleans.py:209 +#: booleans.py:220 msgid "Support SAMBA home directories" msgstr "" -#: booleans.py:210 +#: booleans.py:221 msgid "Allow user to exec content" msgstr "" -#: booleans.py:211 -msgid "Allow varnishd to connect to all ports, not just HTTP." +#: booleans.py:222 +msgid "Determine whether varnishd can use the full TCP network." msgstr "" -#: booleans.py:212 -msgid "Ignore vbetool mmap_zero errors." +#: booleans.py:223 +msgid "" +"Determine whether attempts by vbetool to mmap low regions should be silently " +"blocked." msgstr "" -#: booleans.py:213 +#: booleans.py:224 msgid "" "Allow confined virtual guests to use serial/parallel communication ports" msgstr "" -#: booleans.py:214 +#: booleans.py:225 msgid "" "Allow confined virtual guests to use executable memory and executable stack" msgstr "" -#: booleans.py:215 +#: booleans.py:226 msgid "Allow confined virtual guests to read fuse files" msgstr "" -#: booleans.py:216 +#: booleans.py:227 msgid "Allow confined virtual guests to manage nfs files" msgstr "" -#: booleans.py:217 +#: booleans.py:228 msgid "Allow confined virtual guests to interact with rawip sockets" msgstr "" -#: booleans.py:218 +#: booleans.py:229 msgid "Allow confined virtual guests to manage cifs files" msgstr "" -#: booleans.py:219 +#: booleans.py:230 msgid "Allow confined virtual guests to interact with the sanlock" msgstr "" -#: booleans.py:220 -msgid "Allow confined virtual guests to manage device configuration, (pci)" -msgstr "" - -#: booleans.py:221 +#: booleans.py:231 msgid "Allow confined virtual guests to use usb devices" msgstr "" -#: booleans.py:222 +#: booleans.py:232 msgid "Allow confined virtual guests to interact with the xserver" msgstr "" -#: booleans.py:223 -msgid "Allow webadm to manage files in users home directories" +#: booleans.py:233 +msgid "Determine whether webadm can manage generic user files." msgstr "" -#: booleans.py:224 -msgid "Allow webadm to read files in users home directories" +#: booleans.py:234 +msgid "Determine whether webadm can read generic user files." msgstr "" -#: booleans.py:225 -msgid "Ignore wine mmap_zero errors." +#: booleans.py:235 +msgid "" +"Determine whether attempts by wine to mmap low regions should be silently " +"blocked." msgstr "" -#: booleans.py:226 +#: booleans.py:236 msgid "Allow the graphical login program to execute bootloader" msgstr "" -#: booleans.py:227 +#: booleans.py:237 msgid "" "Allow the graphical login program to login directly as sysadm_r:sysadm_t" msgstr "" -#: booleans.py:228 +#: booleans.py:238 msgid "Allow xen to manage nfs files" msgstr "" -#: booleans.py:229 +#: booleans.py:239 msgid "" "Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " "logical volumes for disk images." msgstr "" -#: booleans.py:230 +#: booleans.py:240 msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." msgstr "" -#: booleans.py:231 +#: booleans.py:241 msgid "" "Allow xguest users to configure Network Manager and connect to apache ports" msgstr "" -#: booleans.py:232 +#: booleans.py:242 msgid "Allow xguest to exec content" msgstr "" -#: booleans.py:233 +#: booleans.py:243 msgid "Allow xguest users to mount removable media" msgstr "" -#: booleans.py:234 +#: booleans.py:244 msgid "Allow xguest to use blue tooth devices" msgstr "" -#: booleans.py:235 +#: booleans.py:245 msgid "Allows clients to write to the X server shared memory segments." msgstr "" -#: booleans.py:236 +#: booleans.py:246 msgid "Allows XServer to execute writable memory" msgstr "" -#: booleans.py:237 +#: booleans.py:247 msgid "Support X userspace object manager" msgstr "" -#: booleans.py:238 -msgid "Allow zabbix to connect to unreserved ports" +#: booleans.py:248 +msgid "Determine whether zabbix can connect to all TCP ports" msgstr "" -#: booleans.py:239 +#: booleans.py:249 msgid "Allow zebra daemon to write it configuration files" msgstr "" -#: booleans.py:240 +#: booleans.py:250 msgid "" "Allow ZoneMinder to modify public files used for public file transfer " "services." diff --git a/policycoreutils/po/am.po b/policycoreutils/po/am.po index 961d921..5ee0bdc 100644 --- a/policycoreutils/po/am.po +++ b/policycoreutils/po/am.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-01-04 12:01-0500\n" +"POT-Creation-Date: 2013-05-07 11:12-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -24,7 +24,7 @@ msgid "" " are the arguments to that script." msgstr "" -#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 +#: ../run_init/run_init.c:126 ../newrole/newrole.c:1128 #, c-format msgid "failed to initialize PAM\n" msgstr "" @@ -73,16 +73,16 @@ msgstr "" msgid "authentication failed.\n" msgstr "" -#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 +#: ../run_init/run_init.c:405 ../newrole/newrole.c:1270 #, c-format msgid "Could not set exec context to %s.\n" msgstr "" -#: ../audit2allow/audit2allow:232 +#: ../audit2allow/audit2allow:231 msgid "******************** IMPORTANT ***********************\n" msgstr "" -#: ../audit2allow/audit2allow:233 +#: ../audit2allow/audit2allow:232 msgid "To make this policy package active, execute:" msgstr "" @@ -169,786 +169,799 @@ msgstr "" msgid "Customized Permissive Types" msgstr "" -#: ../semanage/seobject.py:412 +#: ../semanage/seobject.py:379 +msgid "" +"The sepolgen python module is required to setup permissive domains.\n" +"In some distributions it is included in the policycoreutils-devel package.\n" +"# yum install policycoreutils-devel\n" +"Or similar for your distro." +msgstr "" + +#: ../semanage/seobject.py:416 #, python-format msgid "Could not set permissive domain %s (module installation failed)" msgstr "" -#: ../semanage/seobject.py:418 +#: ../semanage/seobject.py:422 #, python-format msgid "Could not remove permissive domain %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:453 ../semanage/seobject.py:527 -#: ../semanage/seobject.py:573 ../semanage/seobject.py:695 -#: ../semanage/seobject.py:725 ../semanage/seobject.py:792 -#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104 -#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883 -#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025 -#: ../semanage/seobject.py:2076 +#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 +#: ../semanage/seobject.py:577 ../semanage/seobject.py:699 +#: ../semanage/seobject.py:729 ../semanage/seobject.py:796 +#: ../semanage/seobject.py:853 ../semanage/seobject.py:1111 +#: ../semanage/seobject.py:1834 ../semanage/seobject.py:1897 +#: ../semanage/seobject.py:1916 ../semanage/seobject.py:2042 +#: ../semanage/seobject.py:2093 #, python-format msgid "Could not create a key for %s" msgstr "" -#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 -#: ../semanage/seobject.py:577 ../semanage/seobject.py:583 +#: ../semanage/seobject.py:461 ../semanage/seobject.py:535 +#: ../semanage/seobject.py:581 ../semanage/seobject.py:587 #, python-format msgid "Could not check if login mapping for %s is defined" msgstr "" -#: ../semanage/seobject.py:466 +#: ../semanage/seobject.py:470 #, python-format msgid "Linux Group %s does not exist" msgstr "" -#: ../semanage/seobject.py:471 +#: ../semanage/seobject.py:475 #, python-format msgid "Linux User %s does not exist" msgstr "" -#: ../semanage/seobject.py:475 +#: ../semanage/seobject.py:479 #, python-format msgid "Could not create login mapping for %s" msgstr "" -#: ../semanage/seobject.py:479 ../semanage/seobject.py:740 +#: ../semanage/seobject.py:483 ../semanage/seobject.py:744 #, python-format msgid "Could not set name for %s" msgstr "" -#: ../semanage/seobject.py:484 ../semanage/seobject.py:750 +#: ../semanage/seobject.py:488 ../semanage/seobject.py:754 #, python-format msgid "Could not set MLS range for %s" msgstr "" -#: ../semanage/seobject.py:488 +#: ../semanage/seobject.py:492 #, python-format msgid "Could not set SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:492 +#: ../semanage/seobject.py:496 #, python-format msgid "Could not add login mapping for %s" msgstr "" -#: ../semanage/seobject.py:510 +#: ../semanage/seobject.py:514 msgid "Requires seuser or serange" msgstr "" -#: ../semanage/seobject.py:533 ../semanage/seobject.py:579 +#: ../semanage/seobject.py:537 ../semanage/seobject.py:583 #, python-format msgid "Login mapping for %s is not defined" msgstr "" -#: ../semanage/seobject.py:537 +#: ../semanage/seobject.py:541 #, python-format msgid "Could not query seuser for %s" msgstr "" -#: ../semanage/seobject.py:551 +#: ../semanage/seobject.py:555 #, python-format msgid "Could not modify login mapping for %s" msgstr "" -#: ../semanage/seobject.py:585 +#: ../semanage/seobject.py:589 #, python-format msgid "Login mapping for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:589 +#: ../semanage/seobject.py:593 #, python-format msgid "Could not delete login mapping for %s" msgstr "" -#: ../semanage/seobject.py:611 ../semanage/seobject.py:644 -#: ../semanage/seobject.py:892 +#: ../semanage/seobject.py:615 ../semanage/seobject.py:648 +#: ../semanage/seobject.py:896 msgid "Could not list login mappings" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 +#: ../semanage/seobject.py:676 ../semanage/seobject.py:688 #: ../gui/system-config-selinux.glade:100 msgid "Login Name" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:676 ../semanage/seobject.py:688 +#: ../semanage/seobject.py:946 ../semanage/seobject.py:951 #: ../gui/system-config-selinux.glade:128 #: ../gui/system-config-selinux.glade:915 #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 msgid "SELinux User" msgstr "" -#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156 +#: ../semanage/seobject.py:676 ../gui/system-config-selinux.glade:156 #: ../gui/system-config-selinux.glade:943 msgid "MLS/MCS Range" msgstr "" -#: ../semanage/seobject.py:672 +#: ../semanage/seobject.py:676 msgid "Service" msgstr "" -#: ../semanage/seobject.py:698 ../semanage/seobject.py:729 -#: ../semanage/seobject.py:796 ../semanage/seobject.py:853 -#: ../semanage/seobject.py:859 +#: ../semanage/seobject.py:702 ../semanage/seobject.py:733 +#: ../semanage/seobject.py:800 ../semanage/seobject.py:857 +#: ../semanage/seobject.py:863 #, python-format msgid "Could not check if SELinux user %s is defined" msgstr "" -#: ../semanage/seobject.py:701 ../semanage/seobject.py:802 -#: ../semanage/seobject.py:865 +#: ../semanage/seobject.py:705 ../semanage/seobject.py:806 +#: ../semanage/seobject.py:869 #, python-format msgid "Could not query user for %s" msgstr "" -#: ../semanage/seobject.py:721 +#: ../semanage/seobject.py:725 #, python-format msgid "You must add at least one role for %s" msgstr "" -#: ../semanage/seobject.py:736 +#: ../semanage/seobject.py:740 #, python-format msgid "Could not create SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:745 +#: ../semanage/seobject.py:749 #, python-format msgid "Could not add role %s for %s" msgstr "" -#: ../semanage/seobject.py:754 +#: ../semanage/seobject.py:758 #, python-format msgid "Could not set MLS level for %s" msgstr "" -#: ../semanage/seobject.py:757 +#: ../semanage/seobject.py:761 #, python-format msgid "Could not add prefix %s for %s" msgstr "" -#: ../semanage/seobject.py:760 +#: ../semanage/seobject.py:764 #, python-format msgid "Could not extract key for %s" msgstr "" -#: ../semanage/seobject.py:764 +#: ../semanage/seobject.py:768 #, python-format msgid "Could not add SELinux user %s" msgstr "" -#: ../semanage/seobject.py:786 +#: ../semanage/seobject.py:790 msgid "Requires prefix, roles, level or range" msgstr "" -#: ../semanage/seobject.py:788 +#: ../semanage/seobject.py:792 msgid "Requires prefix or roles" msgstr "" -#: ../semanage/seobject.py:798 ../semanage/seobject.py:855 +#: ../semanage/seobject.py:802 ../semanage/seobject.py:859 #, python-format msgid "SELinux user %s is not defined" msgstr "" -#: ../semanage/seobject.py:827 +#: ../semanage/seobject.py:831 #, python-format msgid "Could not modify SELinux user %s" msgstr "" -#: ../semanage/seobject.py:861 +#: ../semanage/seobject.py:865 #, python-format msgid "SELinux user %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:872 +#: ../semanage/seobject.py:876 #, python-format msgid "Could not delete SELinux user %s" msgstr "" -#: ../semanage/seobject.py:910 +#: ../semanage/seobject.py:914 msgid "Could not list SELinux users" msgstr "" -#: ../semanage/seobject.py:916 +#: ../semanage/seobject.py:920 #, python-format msgid "Could not list roles for user %s" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:945 msgid "Labeling" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:945 msgid "MLS/" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:946 msgid "Prefix" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:946 msgid "MCS Level" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:946 msgid "MCS Range" msgstr "" -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:946 ../semanage/seobject.py:951 #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 msgid "SELinux Roles" msgstr "" -#: ../semanage/seobject.py:964 +#: ../semanage/seobject.py:971 msgid "Protocol udp or tcp is required" msgstr "" -#: ../semanage/seobject.py:966 +#: ../semanage/seobject.py:973 msgid "Port is required" msgstr "" -#: ../semanage/seobject.py:976 +#: ../semanage/seobject.py:983 msgid "Invalid Port" msgstr "" -#: ../semanage/seobject.py:980 +#: ../semanage/seobject.py:987 #, python-format msgid "Could not create a key for %s/%s" msgstr "" -#: ../semanage/seobject.py:991 +#: ../semanage/seobject.py:998 msgid "Type is required" msgstr "" -#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056 -#: ../semanage/seobject.py:1814 +#: ../semanage/seobject.py:1001 ../semanage/seobject.py:1063 +#: ../semanage/seobject.py:1828 #, python-format msgid "Type %s is invalid, must be a port type" msgstr "" -#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062 -#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123 +#: ../semanage/seobject.py:1007 ../semanage/seobject.py:1069 +#: ../semanage/seobject.py:1124 ../semanage/seobject.py:1130 #, python-format msgid "Could not check if port %s/%s is defined" msgstr "" -#: ../semanage/seobject.py:1002 +#: ../semanage/seobject.py:1009 #, python-format msgid "Port %s/%s already defined" msgstr "" -#: ../semanage/seobject.py:1006 +#: ../semanage/seobject.py:1013 #, python-format msgid "Could not create port for %s/%s" msgstr "" -#: ../semanage/seobject.py:1012 +#: ../semanage/seobject.py:1019 #, python-format msgid "Could not create context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1016 +#: ../semanage/seobject.py:1023 #, python-format msgid "Could not set user in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1020 +#: ../semanage/seobject.py:1027 #, python-format msgid "Could not set role in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1024 +#: ../semanage/seobject.py:1031 #, python-format msgid "Could not set type in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1029 +#: ../semanage/seobject.py:1036 #, python-format msgid "Could not set mls fields in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1033 +#: ../semanage/seobject.py:1040 #, python-format msgid "Could not set port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1037 +#: ../semanage/seobject.py:1044 #, python-format msgid "Could not add port %s/%s" msgstr "" -#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324 -#: ../semanage/seobject.py:1523 +#: ../semanage/seobject.py:1058 ../semanage/seobject.py:1334 +#: ../semanage/seobject.py:1533 msgid "Requires setype or serange" msgstr "" -#: ../semanage/seobject.py:1053 +#: ../semanage/seobject.py:1060 msgid "Requires setype" msgstr "" -#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119 +#: ../semanage/seobject.py:1071 ../semanage/seobject.py:1126 #, python-format msgid "Port %s/%s is not defined" msgstr "" -#: ../semanage/seobject.py:1068 +#: ../semanage/seobject.py:1075 #, python-format msgid "Could not query port %s/%s" msgstr "" -#: ../semanage/seobject.py:1079 +#: ../semanage/seobject.py:1086 #, python-format msgid "Could not modify port %s/%s" msgstr "" -#: ../semanage/seobject.py:1092 +#: ../semanage/seobject.py:1099 msgid "Could not list the ports" msgstr "" -#: ../semanage/seobject.py:1108 +#: ../semanage/seobject.py:1115 #, python-format msgid "Could not delete the port %s" msgstr "" -#: ../semanage/seobject.py:1125 +#: ../semanage/seobject.py:1132 #, python-format msgid "Port %s/%s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1129 +#: ../semanage/seobject.py:1136 #, python-format msgid "Could not delete port %s/%s" msgstr "" -#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167 +#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1174 msgid "Could not list ports" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1213 msgid "SELinux Port Type" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1213 msgid "Proto" msgstr "" -#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335 +#: ../semanage/seobject.py:1213 ../gui/system-config-selinux.glade:335 msgid "Port Number" msgstr "" -#: ../semanage/seobject.py:1227 +#: ../semanage/seobject.py:1237 msgid "Node Address is required" msgstr "" -#: ../semanage/seobject.py:1242 +#: ../semanage/seobject.py:1252 msgid "Unknown or missing protocol" msgstr "" -#: ../semanage/seobject.py:1256 +#: ../semanage/seobject.py:1266 msgid "SELinux node type is required" msgstr "" -#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327 +#: ../semanage/seobject.py:1269 ../semanage/seobject.py:1337 #, python-format msgid "Type %s is invalid, must be a node type" msgstr "" -#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331 -#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465 -#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561 -#: ../semanage/seobject.py:1759 +#: ../semanage/seobject.py:1273 ../semanage/seobject.py:1341 +#: ../semanage/seobject.py:1377 ../semanage/seobject.py:1475 +#: ../semanage/seobject.py:1537 ../semanage/seobject.py:1571 +#: ../semanage/seobject.py:1773 #, python-format msgid "Could not create key for %s" msgstr "" -#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335 -#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377 +#: ../semanage/seobject.py:1275 ../semanage/seobject.py:1345 +#: ../semanage/seobject.py:1381 ../semanage/seobject.py:1387 #, python-format msgid "Could not check if addr %s is defined" msgstr "" -#: ../semanage/seobject.py:1274 +#: ../semanage/seobject.py:1284 #, python-format msgid "Could not create addr for %s" msgstr "" -#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481 -#: ../semanage/seobject.py:1714 +#: ../semanage/seobject.py:1290 ../semanage/seobject.py:1491 +#: ../semanage/seobject.py:1728 #, python-format msgid "Could not create context for %s" msgstr "" -#: ../semanage/seobject.py:1284 +#: ../semanage/seobject.py:1294 #, python-format msgid "Could not set mask for %s" msgstr "" -#: ../semanage/seobject.py:1288 +#: ../semanage/seobject.py:1298 #, python-format msgid "Could not set user in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1292 +#: ../semanage/seobject.py:1302 #, python-format msgid "Could not set role in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1296 +#: ../semanage/seobject.py:1306 #, python-format msgid "Could not set type in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1301 +#: ../semanage/seobject.py:1311 #, python-format msgid "Could not set mls fields in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1305 +#: ../semanage/seobject.py:1315 #, python-format msgid "Could not set addr context for %s" msgstr "" -#: ../semanage/seobject.py:1309 +#: ../semanage/seobject.py:1319 #, python-format msgid "Could not add addr %s" msgstr "" -#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373 +#: ../semanage/seobject.py:1347 ../semanage/seobject.py:1383 #, python-format msgid "Addr %s is not defined" msgstr "" -#: ../semanage/seobject.py:1341 +#: ../semanage/seobject.py:1351 #, python-format msgid "Could not query addr %s" msgstr "" -#: ../semanage/seobject.py:1351 +#: ../semanage/seobject.py:1361 #, python-format msgid "Could not modify addr %s" msgstr "" -#: ../semanage/seobject.py:1379 +#: ../semanage/seobject.py:1389 #, python-format msgid "Addr %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1383 +#: ../semanage/seobject.py:1393 #, python-format msgid "Could not delete addr %s" msgstr "" -#: ../semanage/seobject.py:1395 +#: ../semanage/seobject.py:1405 msgid "Could not deleteall node mappings" msgstr "" -#: ../semanage/seobject.py:1409 +#: ../semanage/seobject.py:1419 msgid "Could not list addrs" msgstr "" -#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752 +#: ../semanage/seobject.py:1471 ../semanage/seobject.py:1766 msgid "SELinux Type is required" msgstr "" -#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531 -#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571 +#: ../semanage/seobject.py:1479 ../semanage/seobject.py:1541 +#: ../semanage/seobject.py:1575 ../semanage/seobject.py:1581 #, python-format msgid "Could not check if interface %s is defined" msgstr "" -#: ../semanage/seobject.py:1476 +#: ../semanage/seobject.py:1486 #, python-format msgid "Could not create interface for %s" msgstr "" -#: ../semanage/seobject.py:1485 +#: ../semanage/seobject.py:1495 #, python-format msgid "Could not set user in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1489 +#: ../semanage/seobject.py:1499 #, python-format msgid "Could not set role in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1493 +#: ../semanage/seobject.py:1503 #, python-format msgid "Could not set type in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1498 +#: ../semanage/seobject.py:1508 #, python-format msgid "Could not set mls fields in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1502 +#: ../semanage/seobject.py:1512 #, python-format msgid "Could not set interface context for %s" msgstr "" -#: ../semanage/seobject.py:1506 +#: ../semanage/seobject.py:1516 #, python-format msgid "Could not set message context for %s" msgstr "" -#: ../semanage/seobject.py:1510 +#: ../semanage/seobject.py:1520 #, python-format msgid "Could not add interface %s" msgstr "" -#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567 +#: ../semanage/seobject.py:1543 ../semanage/seobject.py:1577 #, python-format msgid "Interface %s is not defined" msgstr "" -#: ../semanage/seobject.py:1537 +#: ../semanage/seobject.py:1547 #, python-format msgid "Could not query interface %s" msgstr "" -#: ../semanage/seobject.py:1548 +#: ../semanage/seobject.py:1558 #, python-format msgid "Could not modify interface %s" msgstr "" -#: ../semanage/seobject.py:1573 +#: ../semanage/seobject.py:1583 #, python-format msgid "Interface %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1577 +#: ../semanage/seobject.py:1587 #, python-format msgid "Could not delete interface %s" msgstr "" -#: ../semanage/seobject.py:1589 +#: ../semanage/seobject.py:1599 msgid "Could not delete all interface mappings" msgstr "" -#: ../semanage/seobject.py:1603 +#: ../semanage/seobject.py:1613 msgid "Could not list interfaces" msgstr "" -#: ../semanage/seobject.py:1628 +#: ../semanage/seobject.py:1638 msgid "SELinux Interface" msgstr "" -#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1638 ../semanage/seobject.py:1988 msgid "Context" msgstr "" -#: ../semanage/seobject.py:1691 +#: ../semanage/seobject.py:1705 #, python-format msgid "Equivalence class for %s already exists" msgstr "" -#: ../semanage/seobject.py:1697 +#: ../semanage/seobject.py:1711 #, python-format msgid "File spec %s conflicts with equivalency rule '%s %s'" msgstr "" -#: ../semanage/seobject.py:1706 +#: ../semanage/seobject.py:1720 #, python-format msgid "Equivalence class for %s does not exists" msgstr "" -#: ../semanage/seobject.py:1720 +#: ../semanage/seobject.py:1734 #, python-format msgid "Could not set user in file context for %s" msgstr "" -#: ../semanage/seobject.py:1724 +#: ../semanage/seobject.py:1738 #, python-format msgid "Could not set role in file context for %s" msgstr "" -#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789 +#: ../semanage/seobject.py:1743 ../semanage/seobject.py:1803 #, python-format msgid "Could not set mls fields in file context for %s" msgstr "" -#: ../semanage/seobject.py:1735 +#: ../semanage/seobject.py:1749 msgid "Invalid file specification" msgstr "" -#: ../semanage/seobject.py:1737 +#: ../semanage/seobject.py:1751 msgid "File specification can not include spaces" msgstr "" -#: ../semanage/seobject.py:1742 +#: ../semanage/seobject.py:1756 #, python-format msgid "" "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" msgstr "" -#: ../semanage/seobject.py:1755 +#: ../semanage/seobject.py:1769 #, python-format msgid "Type %s is invalid, must be a file or device type" msgstr "" -#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768 -#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906 -#: ../semanage/seobject.py:1910 +#: ../semanage/seobject.py:1777 ../semanage/seobject.py:1782 +#: ../semanage/seobject.py:1838 ../semanage/seobject.py:1920 +#: ../semanage/seobject.py:1924 #, python-format msgid "Could not check if file context for %s is defined" msgstr "" -#: ../semanage/seobject.py:1776 +#: ../semanage/seobject.py:1790 #, python-format msgid "Could not create file context for %s" msgstr "" -#: ../semanage/seobject.py:1784 +#: ../semanage/seobject.py:1798 #, python-format msgid "Could not set type in file context for %s" msgstr "" -#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852 -#: ../semanage/seobject.py:1856 +#: ../semanage/seobject.py:1806 ../semanage/seobject.py:1866 +#: ../semanage/seobject.py:1870 #, python-format msgid "Could not set file context for %s" msgstr "" -#: ../semanage/seobject.py:1798 +#: ../semanage/seobject.py:1812 #, python-format msgid "Could not add file context for %s" msgstr "" -#: ../semanage/seobject.py:1812 +#: ../semanage/seobject.py:1826 msgid "Requires setype, serange or seuser" msgstr "" -#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914 +#: ../semanage/seobject.py:1842 ../semanage/seobject.py:1928 #, python-format msgid "File context for %s is not defined" msgstr "" -#: ../semanage/seobject.py:1834 +#: ../semanage/seobject.py:1848 #, python-format msgid "Could not query file context for %s" msgstr "" -#: ../semanage/seobject.py:1860 +#: ../semanage/seobject.py:1874 #, python-format msgid "Could not modify file context for %s" msgstr "" -#: ../semanage/seobject.py:1873 +#: ../semanage/seobject.py:1887 msgid "Could not list the file contexts" msgstr "" -#: ../semanage/seobject.py:1887 +#: ../semanage/seobject.py:1901 #, python-format msgid "Could not delete the file context %s" msgstr "" -#: ../semanage/seobject.py:1912 +#: ../semanage/seobject.py:1926 #, python-format msgid "File context for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1918 +#: ../semanage/seobject.py:1932 #, python-format msgid "Could not delete file context for %s" msgstr "" -#: ../semanage/seobject.py:1933 +#: ../semanage/seobject.py:1947 msgid "Could not list file contexts" msgstr "" -#: ../semanage/seobject.py:1937 +#: ../semanage/seobject.py:1951 msgid "Could not list local file contexts" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1988 msgid "SELinux fcontext" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1988 msgid "type" msgstr "" -#: ../semanage/seobject.py:1987 +#: ../semanage/seobject.py:2001 msgid "" "\n" "SELinux Distribution fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1992 +#: ../semanage/seobject.py:2006 msgid "" "\n" "SELinux Local fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079 -#: ../semanage/seobject.py:2085 +#: ../semanage/seobject.py:2036 +#, python-format +msgid "Value Required for %s" +msgstr "" + +#: ../semanage/seobject.py:2045 ../semanage/seobject.py:2096 +#: ../semanage/seobject.py:2102 #, python-format msgid "Could not check if boolean %s is defined" msgstr "" -#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081 +#: ../semanage/seobject.py:2047 ../semanage/seobject.py:2098 #, python-format msgid "Boolean %s is not defined" msgstr "" -#: ../semanage/seobject.py:2034 +#: ../semanage/seobject.py:2051 #, python-format msgid "Could not query file context %s" msgstr "" -#: ../semanage/seobject.py:2039 +#: ../semanage/seobject.py:2056 #, python-format msgid "You must specify one of the following values: %s" msgstr "" -#: ../semanage/seobject.py:2044 +#: ../semanage/seobject.py:2061 #, python-format msgid "Could not set active value of boolean %s" msgstr "" -#: ../semanage/seobject.py:2047 +#: ../semanage/seobject.py:2064 #, python-format msgid "Could not modify boolean %s" msgstr "" -#: ../semanage/seobject.py:2063 +#: ../semanage/seobject.py:2080 #, python-format msgid "Bad format %s: Record %s" msgstr "" -#: ../semanage/seobject.py:2087 +#: ../semanage/seobject.py:2104 #, python-format msgid "Boolean %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:2091 +#: ../semanage/seobject.py:2108 #, python-format msgid "Could not delete boolean %s" msgstr "" -#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120 +#: ../semanage/seobject.py:2120 ../semanage/seobject.py:2137 msgid "Could not list booleans" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2172 msgid "off" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2172 msgid "on" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2186 msgid "SELinux boolean" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2186 msgid "State" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2186 msgid "Default" msgstr "" -#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113 +#: ../semanage/seobject.py:2186 ../gui/polgen.glade:113 #: ../gui/polgengui.py:269 msgid "Description" msgstr "" @@ -988,206 +1001,226 @@ msgstr "" msgid "Unable to clear environment\n" msgstr "" -#: ../newrole/newrole.c:556 ../newrole/newrole.c:587 ../newrole/newrole.c:617 +#: ../newrole/newrole.c:554 ../newrole/newrole.c:585 ../newrole/newrole.c:616 #, c-format msgid "Error changing uid, aborting.\n" msgstr "" -#: ../newrole/newrole.c:612 +#: ../newrole/newrole.c:611 #, c-format msgid "Error resetting KEEPCAPS, aborting\n" msgstr "" -#: ../newrole/newrole.c:635 +#: ../newrole/newrole.c:634 #, c-format msgid "Error connecting to audit system.\n" msgstr "" -#: ../newrole/newrole.c:641 +#: ../newrole/newrole.c:640 #, c-format msgid "Error allocating memory.\n" msgstr "" -#: ../newrole/newrole.c:648 +#: ../newrole/newrole.c:647 #, c-format msgid "Error sending audit message.\n" msgstr "" -#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 +#: ../newrole/newrole.c:691 ../newrole/newrole.c:1063 #, c-format msgid "Could not determine enforcing mode.\n" msgstr "" -#: ../newrole/newrole.c:699 +#: ../newrole/newrole.c:698 #, c-format msgid "Error! Could not open %s.\n" msgstr "" -#: ../newrole/newrole.c:705 +#: ../newrole/newrole.c:704 +#, c-format +msgid "Error! Could not clear O_NONBLOCK on %s\n" +msgstr "" + +#: ../newrole/newrole.c:710 #, c-format msgid "%s! Could not get current context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:715 +#: ../newrole/newrole.c:720 #, c-format msgid "%s! Could not get new context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:725 +#: ../newrole/newrole.c:730 #, c-format msgid "%s! Could not set new context for %s\n" msgstr "" -#: ../newrole/newrole.c:772 +#: ../newrole/newrole.c:777 #, c-format msgid "%s changed labels.\n" msgstr "" -#: ../newrole/newrole.c:778 +#: ../newrole/newrole.c:783 #, c-format msgid "Warning! Could not restore context for %s\n" msgstr "" -#: ../newrole/newrole.c:835 +#: ../newrole/newrole.c:840 #, c-format msgid "Error: multiple roles specified\n" msgstr "" -#: ../newrole/newrole.c:843 +#: ../newrole/newrole.c:848 #, c-format msgid "Error: multiple types specified\n" msgstr "" -#: ../newrole/newrole.c:850 +#: ../newrole/newrole.c:855 #, c-format msgid "Sorry, -l may be used with SELinux MLS support.\n" msgstr "" -#: ../newrole/newrole.c:855 +#: ../newrole/newrole.c:860 #, c-format msgid "Error: multiple levels specified\n" msgstr "" -#: ../newrole/newrole.c:865 +#: ../newrole/newrole.c:870 #, c-format msgid "Error: you are not allowed to change levels on a non secure terminal \n" msgstr "" -#: ../newrole/newrole.c:891 +#: ../newrole/newrole.c:896 #, c-format msgid "Couldn't get default type.\n" msgstr "" -#: ../newrole/newrole.c:901 +#: ../newrole/newrole.c:906 #, c-format msgid "failed to get new context.\n" msgstr "" -#: ../newrole/newrole.c:908 +#: ../newrole/newrole.c:913 #, c-format msgid "failed to set new role %s\n" msgstr "" -#: ../newrole/newrole.c:915 +#: ../newrole/newrole.c:920 #, c-format msgid "failed to set new type %s\n" msgstr "" -#: ../newrole/newrole.c:925 +#: ../newrole/newrole.c:930 #, c-format msgid "failed to build new range with level %s\n" msgstr "" -#: ../newrole/newrole.c:930 +#: ../newrole/newrole.c:935 #, c-format msgid "failed to set new range %s\n" msgstr "" -#: ../newrole/newrole.c:938 +#: ../newrole/newrole.c:943 #, c-format msgid "failed to convert new context to string\n" msgstr "" -#: ../newrole/newrole.c:943 +#: ../newrole/newrole.c:948 #, c-format msgid "%s is not a valid context\n" msgstr "" -#: ../newrole/newrole.c:950 +#: ../newrole/newrole.c:955 #, c-format msgid "Unable to allocate memory for new_context" msgstr "" -#: ../newrole/newrole.c:976 +#: ../newrole/newrole.c:981 #, c-format msgid "Unable to obtain empty signal set\n" msgstr "" -#: ../newrole/newrole.c:984 +#: ../newrole/newrole.c:989 #, c-format msgid "Unable to set SIGHUP handler\n" msgstr "" -#: ../newrole/newrole.c:1036 +#: ../newrole/newrole.c:1041 msgid "Sorry, newrole failed to drop capabilities\n" msgstr "" -#: ../newrole/newrole.c:1052 +#: ../newrole/newrole.c:1057 #, c-format msgid "Sorry, newrole may be used only on a SELinux kernel.\n" msgstr "" -#: ../newrole/newrole.c:1069 +#: ../newrole/newrole.c:1074 #, c-format msgid "failed to get old_context.\n" msgstr "" -#: ../newrole/newrole.c:1076 +#: ../newrole/newrole.c:1081 #, c-format msgid "Warning! Could not retrieve tty information.\n" msgstr "" -#: ../newrole/newrole.c:1097 +#: ../newrole/newrole.c:1102 #, c-format msgid "error on reading PAM service configuration.\n" msgstr "" -#: ../newrole/newrole.c:1132 +#: ../newrole/newrole.c:1137 #, c-format msgid "newrole: incorrect password for %s\n" msgstr "" -#: ../newrole/newrole.c:1159 +#: ../newrole/newrole.c:1164 #, c-format msgid "newrole: failure forking: %s" msgstr "" -#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 +#: ../newrole/newrole.c:1167 ../newrole/newrole.c:1190 #, c-format msgid "Unable to restore tty label...\n" msgstr "" -#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 +#: ../newrole/newrole.c:1169 ../newrole/newrole.c:1196 #, c-format msgid "Failed to close tty properly\n" msgstr "" -#: ../newrole/newrole.c:1223 +#: ../newrole/newrole.c:1228 #, c-format msgid "Could not close descriptors.\n" msgstr "" -#: ../newrole/newrole.c:1250 +#: ../newrole/newrole.c:1263 #, c-format msgid "Error allocating shell's argv0.\n" msgstr "" -#: ../newrole/newrole.c:1286 +#: ../newrole/newrole.c:1285 +#, c-format +msgid "Failed to send audit message" +msgstr "" + +#: ../newrole/newrole.c:1293 +#, c-format +msgid "Failed to transition to namespace\n" +msgstr "" + +#: ../newrole/newrole.c:1299 +#, c-format +msgid "Failed to drop capabilities %m\n" +msgstr "" + +#: ../newrole/newrole.c:1304 #, c-format msgid "Unable to restore the environment, aborting\n" msgstr "" -#: ../newrole/newrole.c:1297 +#: ../newrole/newrole.c:1315 msgid "failed to exec shell\n" msgstr "" @@ -1414,7 +1447,7 @@ msgstr "" msgid "Applications" msgstr "" -#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171 +#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:130 msgid "Standard Init Daemon" msgstr "" @@ -1424,7 +1457,7 @@ msgid "" "requires a script in /etc/rc.d/init.d" msgstr "" -#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172 +#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:131 msgid "DBUS System Daemon" msgstr "" @@ -1436,7 +1469,7 @@ msgstr "" msgid "Internet Services Daemon are daemons started by xinetd" msgstr "" -#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174 +#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:133 msgid "Web Application/Script (CGI)" msgstr "" @@ -1445,7 +1478,7 @@ msgid "" "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" msgstr "" -#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176 +#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:135 msgid "User Application" msgstr "" @@ -1455,7 +1488,7 @@ msgid "" "started by a user" msgstr "" -#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175 +#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:134 msgid "Sandbox" msgstr "" @@ -2159,261 +2192,322 @@ msgstr "" msgid "SELinux user '%s' is required" msgstr "" -#: ../sepolicy/sepolicy.py:202 +#: ../sepolicy/sepolicy.py:183 +#, python-format +msgid "Interface %s does not exist." +msgstr "" + +#: ../sepolicy/sepolicy.py:267 msgid "Generate SELinux man pages" msgstr "" -#: ../sepolicy/sepolicy.py:205 +#: ../sepolicy/sepolicy.py:270 msgid "path in which the generated SELinux man pages will be stored" msgstr "" -#: ../sepolicy/sepolicy.py:207 +#: ../sepolicy/sepolicy.py:272 msgid "name of the OS for man pages" msgstr "" -#: ../sepolicy/sepolicy.py:209 +#: ../sepolicy/sepolicy.py:274 msgid "Generate HTML man pages structure for selected SELinux man page" msgstr "" -#: ../sepolicy/sepolicy.py:213 +#: ../sepolicy/sepolicy.py:276 +msgid "Alternate root directory, defaults to /" +msgstr "" + +#: ../sepolicy/sepolicy.py:280 msgid "All domains" msgstr "" -#: ../sepolicy/sepolicy.py:216 +#: ../sepolicy/sepolicy.py:283 msgid "Domain name(s) of man pages to be created" msgstr "" -#: ../sepolicy/sepolicy.py:221 +#: ../sepolicy/sepolicy.py:288 msgid "Query SELinux policy network information" msgstr "" -#: ../sepolicy/sepolicy.py:226 +#: ../sepolicy/sepolicy.py:293 msgid "list all SELinux port types" msgstr "" -#: ../sepolicy/sepolicy.py:229 +#: ../sepolicy/sepolicy.py:296 msgid "show SELinux type related to the port" msgstr "" -#: ../sepolicy/sepolicy.py:232 +#: ../sepolicy/sepolicy.py:299 msgid "Show ports defined for this SELinux type" msgstr "" -#: ../sepolicy/sepolicy.py:235 +#: ../sepolicy/sepolicy.py:302 msgid "show ports to which this domain can bind and/or connect" msgstr "" -#: ../sepolicy/sepolicy.py:250 +#: ../sepolicy/sepolicy.py:317 msgid "query SELinux policy to see if domains can communicate with each other" msgstr "" -#: ../sepolicy/sepolicy.py:253 +#: ../sepolicy/sepolicy.py:320 msgid "Source Domain" msgstr "" -#: ../sepolicy/sepolicy.py:256 +#: ../sepolicy/sepolicy.py:323 msgid "Target Domain" msgstr "" -#: ../sepolicy/sepolicy.py:276 +#: ../sepolicy/sepolicy.py:342 msgid "query SELinux Policy to see description of booleans" msgstr "" -#: ../sepolicy/sepolicy.py:280 +#: ../sepolicy/sepolicy.py:346 msgid "get all booleans descriptions" msgstr "" -#: ../sepolicy/sepolicy.py:282 +#: ../sepolicy/sepolicy.py:349 msgid "boolean to get description" msgstr "" -#: ../sepolicy/sepolicy.py:301 +#: ../sepolicy/sepolicy.py:359 msgid "" "query SELinux Policy to see how a source process domain can transition to " "the target process domain" msgstr "" -#: ../sepolicy/sepolicy.py:304 +#: ../sepolicy/sepolicy.py:362 msgid "source process domain" msgstr "" -#: ../sepolicy/sepolicy.py:307 +#: ../sepolicy/sepolicy.py:365 msgid "target process domain" msgstr "" -#: ../sepolicy/sepolicy.py:327 +#: ../sepolicy/sepolicy.py:408 +#, python-format +msgid "sepolicy generate: error: one of the arguments %s is required" +msgstr "" + +#: ../sepolicy/sepolicy.py:413 msgid "Command required for this type of policy" msgstr "" -#: ../sepolicy/sepolicy.py:347 +#: ../sepolicy/sepolicy.py:424 +msgid "" +"-t option can not be used with this option. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:429 +msgid "" +"-d option can not be used with this option. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:433 +msgid "" +"-a option can not be used with this option. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:452 msgid "List SELinux Policy interfaces" msgstr "" -#: ../sepolicy/sepolicy.py:362 +#: ../sepolicy/sepolicy.py:470 +msgid "Enter interface names, you wish to query" +msgstr "" + +#: ../sepolicy/sepolicy.py:479 msgid "Generate SELinux Policy module template" msgstr "" -#: ../sepolicy/sepolicy.py:365 +#: ../sepolicy/sepolicy.py:482 msgid "Enter domain type which you will be extending" msgstr "" -#: ../sepolicy/sepolicy.py:368 +#: ../sepolicy/sepolicy.py:485 msgid "Enter SELinux user(s) which will transition to this domain" msgstr "" -#: ../sepolicy/sepolicy.py:371 +#: ../sepolicy/sepolicy.py:488 msgid "Enter domain(s) that this confined admin will administrate" msgstr "" -#: ../sepolicy/sepolicy.py:374 +#: ../sepolicy/sepolicy.py:491 msgid "name of policy to generate" msgstr "" -#: ../sepolicy/sepolicy.py:378 +#: ../sepolicy/sepolicy.py:498 msgid "path in which the generated policy files will be stored" msgstr "" -#: ../sepolicy/sepolicy.py:380 -msgid "executable to confine" +#: ../sepolicy/sepolicy.py:500 +msgid "path to which the confined processes will need to write" +msgstr "" + +#: ../sepolicy/sepolicy.py:501 +msgid "Policy types which require a command" msgstr "" -#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387 -#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393 -#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399 -#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405 -#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411 -#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417 +#: ../sepolicy/sepolicy.py:505 ../sepolicy/sepolicy.py:508 +#: ../sepolicy/sepolicy.py:511 ../sepolicy/sepolicy.py:514 +#: ../sepolicy/sepolicy.py:517 ../sepolicy/sepolicy.py:523 +#: ../sepolicy/sepolicy.py:526 ../sepolicy/sepolicy.py:529 +#: ../sepolicy/sepolicy.py:535 ../sepolicy/sepolicy.py:538 +#: ../sepolicy/sepolicy.py:541 ../sepolicy/sepolicy.py:544 #, python-format -msgid "Generate Policy for %s" +msgid "Generate '%s' policy" msgstr "" -#: ../sepolicy/sepolicy.py:422 +#: ../sepolicy/sepolicy.py:532 +#, python-format +msgid "Generate '%s' policy " +msgstr "" + +#: ../sepolicy/sepolicy.py:546 +msgid "executable to confine" +msgstr "" + +#: ../sepolicy/sepolicy.py:551 msgid "commands" msgstr "" -#: ../sepolicy/sepolicy.py:425 +#: ../sepolicy/sepolicy.py:554 msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:48 +#: ../sepolicy/sepolicy/__init__.py:72 msgid "No SELinux Policy installed" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:54 +#: ../sepolicy/sepolicy/__init__.py:243 #, python-format msgid "Failed to read %s policy file" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:127 +#: ../sepolicy/sepolicy/__init__.py:302 msgid "unknown" msgstr "" -#: ../sepolicy/sepolicy/generate.py:173 +#: ../sepolicy/sepolicy/generate.py:132 msgid "Internet Services Daemon" msgstr "" -#: ../sepolicy/sepolicy/generate.py:177 +#: ../sepolicy/sepolicy/generate.py:136 msgid "Existing Domain Type" msgstr "" -#: ../sepolicy/sepolicy/generate.py:178 +#: ../sepolicy/sepolicy/generate.py:137 msgid "Minimal Terminal Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:179 +#: ../sepolicy/sepolicy/generate.py:138 msgid "Minimal X Windows Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:180 +#: ../sepolicy/sepolicy/generate.py:139 msgid "Desktop Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:181 +#: ../sepolicy/sepolicy/generate.py:140 msgid "Administrator Login User Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:182 +#: ../sepolicy/sepolicy/generate.py:141 msgid "Confined Root Administrator Role" msgstr "" -#: ../sepolicy/sepolicy/generate.py:187 +#: ../sepolicy/sepolicy/generate.py:142 +msgid "Module information for a new type" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:147 msgid "Valid Types:\n" msgstr "" -#: ../sepolicy/sepolicy/generate.py:221 +#: ../sepolicy/sepolicy/generate.py:181 #, python-format msgid "Ports must be numbers or ranges of numbers from 1 to %d " msgstr "" -#: ../sepolicy/sepolicy/generate.py:231 +#: ../sepolicy/sepolicy/generate.py:192 msgid "You must enter a valid policy type" msgstr "" -#: ../sepolicy/sepolicy/generate.py:234 +#: ../sepolicy/sepolicy/generate.py:195 #, python-format msgid "You must enter a name for your policy module for your %s." msgstr "" -#: ../sepolicy/sepolicy/generate.py:355 +#: ../sepolicy/sepolicy/generate.py:327 msgid "" "Name must be alpha numberic with no spaces. Consider using option \"-n " "MODULENAME\"" msgstr "" -#: ../sepolicy/sepolicy/generate.py:447 +#: ../sepolicy/sepolicy/generate.py:419 msgid "User Role types can not be assigned executables." msgstr "" -#: ../sepolicy/sepolicy/generate.py:453 +#: ../sepolicy/sepolicy/generate.py:425 msgid "Only Daemon apps can use an init script.." msgstr "" -#: ../sepolicy/sepolicy/generate.py:471 +#: ../sepolicy/sepolicy/generate.py:443 msgid "use_resolve must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:477 +#: ../sepolicy/sepolicy/generate.py:449 msgid "use_syslog must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:483 +#: ../sepolicy/sepolicy/generate.py:455 msgid "use_kerberos must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:489 +#: ../sepolicy/sepolicy/generate.py:461 msgid "manage_krb5_rcache must be a boolean value " msgstr "" -#: ../sepolicy/sepolicy/generate.py:519 +#: ../sepolicy/sepolicy/generate.py:491 msgid "USER Types automatically get a tmp type" msgstr "" -#: ../sepolicy/sepolicy/generate.py:857 +#: ../sepolicy/sepolicy/generate.py:832 #, python-format msgid "%s policy modules require existing domains" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1059 +#: ../sepolicy/sepolicy/generate.py:857 +msgid "Type field required" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:869 +#, python-format +msgid "" +"You need to define a new type which ends with: \n" +" %s" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:1088 msgid "You must enter the executable path for your confined process" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1321 +#: ../sepolicy/sepolicy/generate.py:1351 msgid "Type Enforcement file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1322 +#: ../sepolicy/sepolicy/generate.py:1352 msgid "Interface file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1323 +#: ../sepolicy/sepolicy/generate.py:1353 msgid "File Contexts file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1324 +#: ../sepolicy/sepolicy/generate.py:1354 msgid "Spec file" msgstr "" -#: ../sepolicy/sepolicy/generate.py:1325 +#: ../sepolicy/sepolicy/generate.py:1355 msgid "Setup Script" msgstr "" @@ -2428,11 +2522,11 @@ msgid "" msgstr "" #: booleans.py:3 -msgid "Allow amavis to use JIT compiler" +msgid "Allow antivirus programs to read non security files on a system" msgstr "" #: booleans.py:4 -msgid "Allow antivirus programs to read non security files on a system" +msgid "Determine whether can antivirus programs use JIT compiler." msgstr "" #: booleans.py:5 @@ -2454,50 +2548,54 @@ msgid "Allow users to login using a yubikey server" msgstr "" #: booleans.py:9 -msgid "Allow awstats to purge Apache logs" +msgid "Determine whether awstats can purge httpd log files." msgstr "" #: booleans.py:10 msgid "" -"Allow cdrecord to read various content. nfs, samba, removable devices, user " -"temp and untrusted content files" +"Determine whether cdrecord can read various content. nfs, samba, removable " +"devices, user temp and untrusted content files" msgstr "" #: booleans.py:11 -msgid "Allow clamd to use JIT compiler" +msgid "" +"Allow cluster administrative domains to connect to the network using TCP." msgstr "" #: booleans.py:12 -msgid "Allow clamscan to non security files on a system" +msgid "Allow cluster administrative domains to manage all files on a system." msgstr "" #: booleans.py:13 -msgid "Allow clamscan to read user content" +msgid "" +"Allow cluster administrative cluster domains memcheck-amd64- to use " +"executable memory" msgstr "" #: booleans.py:14 msgid "" -"Allow Cobbler to modify public files used for public file transfer services." +"Determine whether Cobbler can modify public files used for public file " +"transfer services." msgstr "" #: booleans.py:15 -msgid "Allow Cobbler to connect to the network using TCP." +msgid "Determine whether Cobbler can connect to the network using TCP." msgstr "" #: booleans.py:16 -msgid "Allow Cobbler to access cifs file systems." +msgid "Determine whether Cobbler can access cifs file systems." msgstr "" #: booleans.py:17 -msgid "Allow Cobbler to access nfs file systems." +msgid "Determine whether Cobbler can access nfs file systems." msgstr "" #: booleans.py:18 -msgid "Allow collectd to connect to the network using TCP." +msgid "Determine whether collectd can connect to the network using TCP." msgstr "" #: booleans.py:19 -msgid "Allow codnor domain to connect to the network using TCP." +msgid "Determine whether Condor can connect to the network using TCP." msgstr "" #: booleans.py:20 @@ -2506,7 +2604,7 @@ msgid "" msgstr "" #: booleans.py:21 -msgid "Allow cvs daemon to read shadow" +msgid "Determine whether cvs can read shadow password files." msgstr "" #: booleans.py:22 @@ -2522,951 +2620,1000 @@ msgid "Allow all daemons the ability to read/write terminals" msgstr "" #: booleans.py:25 -msgid "Allow dan to manage user files" +msgid "Determine whether dbadm can manage generic user files." msgstr "" #: booleans.py:26 -msgid "Allow dan to read user files" +msgid "Determine whether dbadm can read generic user files." msgstr "" #: booleans.py:27 -msgid "Allow dbadm to manage files in users home directories" +msgid "" +"Deny user domains applications to map a memory region as both executable and " +"writable, this is dangerous and the executable should be reported in bugzilla" msgstr "" #: booleans.py:28 -msgid "Allow dbadm to read files in users home directories" +msgid "Deny any process from ptracing or debugging any other processes." msgstr "" #: booleans.py:29 -msgid "" -"Deny user domains applications to map a memory region as both executable and " -"writable, this is dangerous and the executable should be reported in bugzilla" +msgid "Allow dhcpc client applications to execute iptables commands" msgstr "" #: booleans.py:30 -msgid "Allow sysadm to debug or ptrace all processes." +msgid "Determine whether DHCP daemon can use LDAP backends." msgstr "" #: booleans.py:31 -msgid "Allow dhcpc client applications to execute iptables commands" +msgid "Allow all domains to use other domains file descriptors" msgstr "" #: booleans.py:32 -msgid "Allow DHCP daemon to use LDAP backends" +msgid "Allow all domains to have the kernel load modules" msgstr "" #: booleans.py:33 -msgid "Allow all domains to use other domains file descriptors" +msgid "" +"Determine whether entropyd can use audio devices as the source for the " +"entropy feeds." msgstr "" #: booleans.py:34 -msgid "Allow all domains to have the kernel load modules" +msgid "Determine whether exim can connect to databases." msgstr "" #: booleans.py:35 -msgid "Allow the use of the audio devices as the source for the entropy feeds" +msgid "" +"Determine whether exim can create, read, write, and delete generic user " +"content files." msgstr "" #: booleans.py:36 -msgid "Allow exim to connect to databases (postgres, mysql)" +msgid "Determine whether exim can read generic user content files." msgstr "" #: booleans.py:37 -msgid "Allow exim to create, read, write, and delete unprivileged user files." +msgid "Enable extra rules in the cron domain to support fcron." msgstr "" #: booleans.py:38 -msgid "Allow exim to read unprivileged user files." +msgid "Determine whether fenced can connect to the TCP network." msgstr "" #: booleans.py:39 -msgid "Enable extra rules in the cron domain to support fcron." +msgid "Determine whether fenced can use ssh." msgstr "" #: booleans.py:40 -msgid "Allow fenced domain to connect to the network using TCP." +msgid "Allow all domains to execute in fips_mode" msgstr "" #: booleans.py:41 -msgid "Allow fenced domain to execute ssh." +msgid "" +"Determine whether ftpd can read and write files in user home directories." msgstr "" #: booleans.py:42 -msgid "Allow all domains to execute in fips_mode" +msgid "" +"Determine whether ftpd can modify public files used for public file transfer " +"services. Directories/Files must be labeled public_content_rw_t." msgstr "" #: booleans.py:43 -msgid "Allow ftp to read and write files in the user home directories" +msgid "Determine whether ftpd can connect to all unreserved ports." msgstr "" #: booleans.py:44 -msgid "" -"Allow ftp servers to upload files, used for public file transfer services. " -"Directories must be labeled public_content_rw_t." +msgid "Determine whether ftpd can connect to databases over the TCP network." msgstr "" #: booleans.py:45 -msgid "Allow ftp servers to connect to all ports > 1023" +msgid "" +"Determine whether ftpd can login to local users and can read and write all " +"files on the system, governed by DAC." msgstr "" #: booleans.py:46 -msgid "Allow ftp servers to connect to mysql database ports" +msgid "" +"Determine whether ftpd can use CIFS used for public file transfer services." msgstr "" -#: booleans.py:47 -msgid "" -"Allow ftp servers to login to local users and read/write all files on the " -"system, governed by DAC." +#: booleans.py:47 booleans.py:166 +msgid "Allow samba to export ntfs/fusefs volumes." msgstr "" #: booleans.py:48 -msgid "Allow ftp servers to use cifs used for public file transfer services." +msgid "" +"Determine whether ftpd can use NFS used for public file transfer services." msgstr "" #: booleans.py:49 -msgid "Allow ftp servers to use nfs used for public file transfer services." +msgid "" +"Determine whether ftpd can bind to all unreserved ports for passive mode." msgstr "" #: booleans.py:50 -msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" -msgstr "" - -#: booleans.py:51 msgid "Determine whether Git CGI can search home directories." msgstr "" -#: booleans.py:52 +#: booleans.py:51 msgid "Determine whether Git CGI can access cifs file systems." msgstr "" -#: booleans.py:53 +#: booleans.py:52 msgid "Determine whether Git CGI can access nfs file systems." msgstr "" -#: booleans.py:54 +#: booleans.py:53 msgid "" "Determine whether Git session daemon can bind TCP sockets to all unreserved " "ports." msgstr "" -#: booleans.py:55 +#: booleans.py:54 msgid "" "Determine whether calling user domains can execute Git daemon in the " "git_session_t domain." msgstr "" -#: booleans.py:56 +#: booleans.py:55 msgid "Determine whether Git system daemon can search home directories." msgstr "" -#: booleans.py:57 +#: booleans.py:56 msgid "Determine whether Git system daemon can access cifs file systems." msgstr "" -#: booleans.py:58 +#: booleans.py:57 msgid "Determine whether Git system daemon can access nfs file systems." msgstr "" +#: booleans.py:58 +msgid "Determine whether Gitosis can send mail." +msgstr "" + #: booleans.py:59 -msgid "Allow gitisis daemon to send mail" +msgid "Enable reading of urandom for all domains." msgstr "" #: booleans.py:60 -msgid "Enable reading of urandom for all domains." +msgid "" +"Allow glusterfsd to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." msgstr "" #: booleans.py:61 +msgid "Allow glusterfsd to share any file/directory read only." +msgstr "" + +#: booleans.py:62 +msgid "Allow glusterfsd to share any file/directory read/write." +msgstr "" + +#: booleans.py:63 msgid "" "Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" "agent to manage user files." msgstr "" -#: booleans.py:62 +#: booleans.py:64 msgid "" "Allow gpg web domain to modify public files used for public file transfer " "services." msgstr "" -#: booleans.py:63 +#: booleans.py:65 msgid "Allow gssd to read temp directory. For access to kerberos tgt." msgstr "" -#: booleans.py:64 +#: booleans.py:66 msgid "Allow guest to exec content" msgstr "" -#: booleans.py:65 +#: booleans.py:67 msgid "" "Allow Apache to modify public files used for public file transfer services. " "Directories/Files must be labeled public_content_rw_t." msgstr "" -#: booleans.py:66 +#: booleans.py:68 msgid "Allow httpd to use built in scripting (usually php)" msgstr "" -#: booleans.py:67 +#: booleans.py:69 msgid "Allow http daemon to check spam" msgstr "" -#: booleans.py:68 +#: booleans.py:70 msgid "" "Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " "ports" msgstr "" -#: booleans.py:69 +#: booleans.py:71 msgid "Allow httpd to connect to the ldap port" msgstr "" -#: booleans.py:70 +#: booleans.py:72 msgid "Allow http daemon to connect to zabbix" msgstr "" -#: booleans.py:71 +#: booleans.py:73 msgid "Allow HTTPD scripts and modules to connect to the network using TCP." msgstr "" -#: booleans.py:72 +#: booleans.py:74 msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." msgstr "" -#: booleans.py:73 +#: booleans.py:75 msgid "" "Allow HTTPD scripts and modules to connect to databases over the network." msgstr "" -#: booleans.py:74 +#: booleans.py:76 msgid "Allow httpd to connect to memcache server" msgstr "" -#: booleans.py:75 +#: booleans.py:77 msgid "Allow httpd to act as a relay" msgstr "" -#: booleans.py:76 +#: booleans.py:78 msgid "Allow http daemon to send mail" msgstr "" -#: booleans.py:77 +#: booleans.py:79 msgid "Allow Apache to communicate with avahi service via dbus" msgstr "" -#: booleans.py:78 +#: booleans.py:80 msgid "Allow httpd cgi support" msgstr "" -#: booleans.py:79 +#: booleans.py:81 msgid "Allow httpd to act as a FTP server by listening on the ftp port." msgstr "" -#: booleans.py:80 +#: booleans.py:82 msgid "Allow httpd to read home directories" msgstr "" -#: booleans.py:81 +#: booleans.py:83 msgid "Allow httpd scripts and modules execmem/execstack" msgstr "" -#: booleans.py:82 +#: booleans.py:84 msgid "Allow HTTPD to connect to port 80 for graceful shutdown" msgstr "" -#: booleans.py:83 +#: booleans.py:85 msgid "Allow httpd processes to manage IPA content" msgstr "" -#: booleans.py:84 +#: booleans.py:86 msgid "Allow Apache to use mod_auth_ntlm_winbind" msgstr "" -#: booleans.py:85 +#: booleans.py:87 msgid "Allow Apache to use mod_auth_pam" msgstr "" -#: booleans.py:86 +#: booleans.py:88 msgid "Allow httpd to read user content" msgstr "" -#: booleans.py:87 +#: booleans.py:89 msgid "Allow Apache to run in stickshift mode, not transition to passenger" msgstr "" -#: booleans.py:88 +#: booleans.py:90 +msgid "Allow HTTPD scripts and modules to server cobbler files." +msgstr "" + +#: booleans.py:91 msgid "Allow httpd daemon to change its resource limits" msgstr "" -#: booleans.py:89 +#: booleans.py:92 msgid "" "Allow HTTPD to run SSI executables in the same domain as system CGI scripts." msgstr "" -#: booleans.py:90 +#: booleans.py:93 msgid "" "Allow apache scripts to write to public content, directories/files must be " "labeled public_rw_content_t." msgstr "" -#: booleans.py:91 +#: booleans.py:94 msgid "Allow Apache to execute tmp content." msgstr "" -#: booleans.py:92 +#: booleans.py:95 msgid "" "Unify HTTPD to communicate with the terminal. Needed for entering the " "passphrase for certificates at the terminal." msgstr "" -#: booleans.py:93 +#: booleans.py:96 msgid "Unify HTTPD handling of all content files." msgstr "" -#: booleans.py:94 +#: booleans.py:97 msgid "Allow httpd to access cifs file systems" msgstr "" -#: booleans.py:95 +#: booleans.py:98 msgid "Allow httpd to access FUSE file systems" msgstr "" -#: booleans.py:96 +#: booleans.py:99 msgid "Allow httpd to run gpg" msgstr "" -#: booleans.py:97 +#: booleans.py:100 msgid "Allow httpd to access nfs file systems" msgstr "" -#: booleans.py:98 +#: booleans.py:101 msgid "Allow httpd to communicate with oddjob to start up a service" msgstr "" -#: booleans.py:99 +#: booleans.py:102 msgid "Allow httpd to access openstack ports" msgstr "" -#: booleans.py:100 +#: booleans.py:103 msgid "Allow Apache to query NS records" msgstr "" -#: booleans.py:101 -msgid "Allow icecast to connect to all ports, not just sound ports." +#: booleans.py:104 +msgid "Determine whether icecast can listen on and connect to any TCP port." msgstr "" -#: booleans.py:102 +#: booleans.py:105 +msgid "" +"Determine whether irc clients can listen on and connect to any unreserved " +"TCP ports." +msgstr "" + +#: booleans.py:106 msgid "" "Allow the Irssi IRC Client to connect to any port, and to bind to any " "unreserved port." msgstr "" -#: booleans.py:103 +#: booleans.py:107 msgid "Allow confined applications to run with kerberos." msgstr "" -#: booleans.py:104 -msgid "Allow syslogd daemon to send mail" +#: booleans.py:108 +msgid "Allow ksmtuned to use cifs/Samba file systems" msgstr "" -#: booleans.py:105 -msgid "Allow syslogd the ability to read/write terminals" +#: booleans.py:109 +msgid "Allow ksmtuned to use nfs file systems" msgstr "" -#: booleans.py:106 +#: booleans.py:110 +msgid "Allow syslogd daemon to send mail" +msgstr "" + +#: booleans.py:111 +msgid "Allow syslogd the ability to read/write terminals" +msgstr "" + +#: booleans.py:112 msgid "Allow logging in and using the system from /dev/console." msgstr "" -#: booleans.py:107 +#: booleans.py:113 +msgid "Allow mailman to access FUSE file systems" +msgstr "" + +#: booleans.py:114 +msgid "Determine whether mcelog supports client mode." +msgstr "" + +#: booleans.py:115 +msgid "Determine whether mcelog can execute scripts." +msgstr "" + +#: booleans.py:116 +msgid "Determine whether mcelog can use all the user ttys." +msgstr "" + +#: booleans.py:117 +msgid "Determine whether mcelog supports server mode." +msgstr "" + +#: booleans.py:118 msgid "" "Control the ability to mmap a low area of the address space, as configured " "by /proc/sys/kernel/mmap_min_addr." msgstr "" -#: booleans.py:108 +#: booleans.py:119 msgid "Allow mock to read files in home directories." msgstr "" -#: booleans.py:109 +#: booleans.py:120 msgid "Allow the mount command to mount any directory or file." msgstr "" -#: booleans.py:110 +#: booleans.py:121 msgid "Allow mozilla plugin domain to connect to the network using TCP." msgstr "" -#: booleans.py:111 -msgid "" -"Allow mozilla_plugins to create random content in the users home directory" +#: booleans.py:122 +msgid "Allow confined web browsers to read home directory content" msgstr "" -#: booleans.py:112 -msgid "Allow confined web browsers to read home directory content" +#: booleans.py:123 +msgid "Determine whether mpd can traverse user home directories." msgstr "" -#: booleans.py:113 -msgid "Allow mplayer executable stack" +#: booleans.py:124 +msgid "Determine whether mpd can use cifs file systems." msgstr "" -#: booleans.py:114 +#: booleans.py:125 +msgid "Determine whether mpd can use nfs file systems." +msgstr "" + +#: booleans.py:126 +msgid "Determine whether mplayer can make its stack executable." +msgstr "" + +#: booleans.py:127 msgid "Allow mysqld to connect to all ports" msgstr "" -#: booleans.py:115 -msgid "Allow BIND to bind apache port." +#: booleans.py:128 +msgid "Determine whether Bind can bind tcp socket to http ports." msgstr "" -#: booleans.py:116 +#: booleans.py:129 msgid "" -"Allow BIND to write the master zone files. Generally this is used for " -"dynamic DNS or zone transfers." +"Determine whether Bind can write to master zone files. Generally this is " +"used for dynamic DNS or zone transfers." msgstr "" -#: booleans.py:117 +#: booleans.py:130 msgid "Allow any files/directories to be exported read/only via NFS." msgstr "" -#: booleans.py:118 +#: booleans.py:131 msgid "Allow any files/directories to be exported read/write via NFS." msgstr "" -#: booleans.py:119 +#: booleans.py:132 msgid "" "Allow nfs servers to modify public files used for public file transfer " "services. Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:120 +#: booleans.py:133 msgid "Allow system to run with NIS" msgstr "" -#: booleans.py:121 +#: booleans.py:134 msgid "Allow confined applications to use nscd shared memory." msgstr "" -#: booleans.py:122 +#: booleans.py:135 msgid "Allow openshift to lockdown app" msgstr "" -#: booleans.py:123 -msgid "Allow openvpn to read home directories" +#: booleans.py:136 +msgid "Determine whether openvpn can read generic user home content files." msgstr "" -#: booleans.py:124 +#: booleans.py:137 msgid "Allow piranha-lvs domain to connect to the network using TCP." msgstr "" -#: booleans.py:125 +#: booleans.py:138 msgid "Allow polipo to connect to all ports > 1023" msgstr "" -#: booleans.py:126 +#: booleans.py:139 msgid "" "Determine whether Polipo session daemon can bind tcp sockets to all " "unreserved ports." msgstr "" -#: booleans.py:127 +#: booleans.py:140 msgid "" "Determine whether calling user domains can execute Polipo daemon in the " "polipo_session_t domain." msgstr "" -#: booleans.py:128 +#: booleans.py:141 msgid "Determine whether polipo can access cifs file systems." msgstr "" -#: booleans.py:129 +#: booleans.py:142 msgid "Determine whether Polipo can access nfs file systems." msgstr "" -#: booleans.py:130 +#: booleans.py:143 msgid "Enable polyinstantiated directory support." msgstr "" -#: booleans.py:131 +#: booleans.py:144 msgid "Allow postfix_local domain full write access to mail_spool directories" msgstr "" -#: booleans.py:132 +#: booleans.py:145 msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" msgstr "" -#: booleans.py:133 +#: booleans.py:146 msgid "Allow transmit client label to foreign database" msgstr "" -#: booleans.py:134 +#: booleans.py:147 msgid "Allow database admins to execute DML statement" msgstr "" -#: booleans.py:135 +#: booleans.py:148 msgid "Allow unprivileged users to execute DDL statement" msgstr "" -#: booleans.py:136 +#: booleans.py:149 msgid "Allow pppd to load kernel modules for certain modems" msgstr "" -#: booleans.py:137 +#: booleans.py:150 msgid "Allow pppd to be run for a regular user" msgstr "" -#: booleans.py:138 -msgid "" -"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: booleans.py:151 +msgid "Determine whether privoxy can connect to all tcp ports." msgstr "" -#: booleans.py:139 +#: booleans.py:152 msgid "Allow Puppet client to manage all file types." msgstr "" -#: booleans.py:140 +#: booleans.py:153 msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" msgstr "" -#: booleans.py:141 +#: booleans.py:154 msgid "Allow racoon to read shadow" msgstr "" -#: booleans.py:142 -msgid "Allow rgmanager domain to connect to the network using TCP." -msgstr "" - -#: booleans.py:143 +#: booleans.py:155 msgid "" "Allow rsync to modify public files used for public file transfer services. " "Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:144 +#: booleans.py:156 msgid "Allow rsync to run as a client" msgstr "" -#: booleans.py:145 +#: booleans.py:157 msgid "Allow rsync to export any files/directories read only." msgstr "" -#: booleans.py:146 -msgid "Allow rsync servers to share cifs files systems" -msgstr "" - -#: booleans.py:147 -msgid "Allow rsync servers to share nfs files systems" +#: booleans.py:158 +msgid "Allow rsync server to manage all files/directories on the system." msgstr "" -#: booleans.py:148 +#: booleans.py:159 msgid "Allow samba to create new home directories (e.g. via PAM)" msgstr "" -#: booleans.py:149 +#: booleans.py:160 msgid "" "Allow samba to act as the domain controller, add users, groups and change " "passwords." msgstr "" -#: booleans.py:150 +#: booleans.py:161 msgid "Allow samba to share users home directories." msgstr "" -#: booleans.py:151 +#: booleans.py:162 msgid "Allow samba to share any file/directory read only." msgstr "" -#: booleans.py:152 +#: booleans.py:163 msgid "Allow samba to share any file/directory read/write." msgstr "" -#: booleans.py:153 +#: booleans.py:164 msgid "Allow samba to act as a portmapper" msgstr "" -#: booleans.py:154 +#: booleans.py:165 msgid "Allow samba to run unconfined scripts" msgstr "" -#: booleans.py:155 -msgid "Allow samba to export ntfs/fusefs volumes." -msgstr "" - -#: booleans.py:156 +#: booleans.py:167 msgid "Allow samba to export NFS volumes." msgstr "" -#: booleans.py:157 +#: booleans.py:168 msgid "Allow sanlock to read/write fuse files" msgstr "" -#: booleans.py:158 +#: booleans.py:169 msgid "Allow sanlock to manage nfs files" msgstr "" -#: booleans.py:159 +#: booleans.py:170 msgid "Allow sanlock to manage cifs files" msgstr "" -#: booleans.py:160 +#: booleans.py:171 msgid "Allow sasl to read shadow" msgstr "" -#: booleans.py:161 +#: booleans.py:172 msgid "Allow secadm to exec content" msgstr "" -#: booleans.py:162 +#: booleans.py:173 msgid "" "disallow programs, such as newrole, from transitioning to administrative " "user domains." msgstr "" -#: booleans.py:163 +#: booleans.py:174 msgid "Disable kernel module loading." msgstr "" -#: booleans.py:164 +#: booleans.py:175 msgid "" "Boolean to determine whether the system permits loading policy, setting " "enforcing mode, and changing boolean values. Set this to true and you have " "to reboot to set it back." msgstr "" -#: booleans.py:165 +#: booleans.py:176 msgid "Allow regular users direct dri device access" msgstr "" -#: booleans.py:166 +#: booleans.py:177 msgid "" "Allow unconfined executables to make their heap memory executable. Doing " "this is a really bad idea. Probably indicates a badly coded executable, but " "could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: booleans.py:167 +#: booleans.py:178 msgid "" "Allow all unconfined executables to use libraries requiring text relocation " "that are not labeled textrel_shlib_t" msgstr "" -#: booleans.py:168 +#: booleans.py:179 msgid "" "Allow unconfined executables to make their stack executable. This should " "never, ever be necessary. Probably indicates a badly coded executable, but " "could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: booleans.py:169 +#: booleans.py:180 msgid "Allow users to connect to the local mysql server" msgstr "" -#: booleans.py:170 +#: booleans.py:181 msgid "" "Allow confined users the ability to execute the ping and traceroute commands." msgstr "" -#: booleans.py:171 +#: booleans.py:182 msgid "Allow users to connect to PostgreSQL" msgstr "" -#: booleans.py:172 +#: booleans.py:183 msgid "" "Allow user to r/w files on filesystems that do not have extended attributes " "(FAT, CDROM, FLOPPY)" msgstr "" -#: booleans.py:173 +#: booleans.py:184 +msgid "Allow user music sharing" +msgstr "" + +#: booleans.py:185 msgid "" "Allow users to run TCP servers (bind to ports and accept connection from the " "same domain and outside users) disabling this forces FTP passive mode and " "may change other protocols." msgstr "" -#: booleans.py:174 +#: booleans.py:186 msgid "Allow user to use ssh chroot environment." msgstr "" -#: booleans.py:175 -msgid "Allow user music sharing" -msgstr "" - -#: booleans.py:176 +#: booleans.py:187 msgid "" -"Allow anon internal-sftp to upload files, used for public file transfer " -"services. Directories must be labeled public_content_rw_t." +"Determine whether sftpd can modify public files used for public file " +"transfer services. Directories/Files must be labeled public_content_rw_t." msgstr "" -#: booleans.py:177 +#: booleans.py:188 msgid "" -"Allow sftp-internal to read and write files in the user home directories" +"Determine whether sftpd-can read and write files in user home directories." msgstr "" -#: booleans.py:178 +#: booleans.py:189 msgid "" -"Allow sftp-internal to login to local users and read/write all files on the " -"system, governed by DAC." +"Determine whether sftpd-can login to local users and read and write all " +"files on the system, governed by DAC." msgstr "" -#: booleans.py:179 +#: booleans.py:190 msgid "" -"Allow internal-sftp to read and write files in the user ssh home directories." +"Determine whether sftpd can read and write files in user ssh home " +"directories." msgstr "" -#: booleans.py:180 +#: booleans.py:191 msgid "Allow sge to connect to the network using any TCP port" msgstr "" -#: booleans.py:181 +#: booleans.py:192 msgid "Allow sge to access nfs file systems." msgstr "" -#: booleans.py:182 -msgid "" -"Enable additional permissions needed to support devices on 3ware controllers." +#: booleans.py:193 +msgid "Determine whether smartmon can support devices on 3ware controllers." msgstr "" -#: booleans.py:183 +#: booleans.py:194 msgid "" "Allow samba to modify public files used for public file transfer services. " "Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:184 +#: booleans.py:195 msgid "Allow user spamassassin clients to use the network." msgstr "" -#: booleans.py:185 +#: booleans.py:196 msgid "Allow spamd to read/write user home directories." msgstr "" -#: booleans.py:186 -msgid "" -"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: booleans.py:197 +msgid "Determine whether squid can connect to all TCP ports." msgstr "" -#: booleans.py:187 -msgid "Allow squid to run as a transparent proxy (TPROXY)" +#: booleans.py:198 +msgid "Determine whether squid can run as a transparent proxy." msgstr "" -#: booleans.py:188 +#: booleans.py:199 msgid "" "Allow ssh with chroot env to read and write files in the user home " "directories" msgstr "" -#: booleans.py:189 +#: booleans.py:200 msgid "allow host key based authentication" msgstr "" -#: booleans.py:190 +#: booleans.py:201 msgid "Allow ssh logins as sysadm_r:sysadm_t" msgstr "" -#: booleans.py:191 +#: booleans.py:202 msgid "Allow staff to exec content" msgstr "" -#: booleans.py:192 +#: booleans.py:203 msgid "allow staff user to create and transition to svirt domains." msgstr "" -#: booleans.py:193 +#: booleans.py:204 msgid "Allow sysadm to exec content" msgstr "" -#: booleans.py:194 +#: booleans.py:205 msgid "Allow the Telepathy connection managers to connect to any network port." msgstr "" -#: booleans.py:195 +#: booleans.py:206 msgid "" "Allow the Telepathy connection managers to connect to any generic TCP port." msgstr "" -#: booleans.py:196 +#: booleans.py:207 msgid "" "Allow tftp to modify public files used for public file transfer services." msgstr "" -#: booleans.py:197 +#: booleans.py:208 msgid "Allow tftp to read and write files in the user home directories" msgstr "" -#: booleans.py:198 -msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." +#: booleans.py:209 +msgid "Determine whether tor can bind tcp sockets to all unreserved ports." msgstr "" -#: booleans.py:199 +#: booleans.py:210 msgid "Allow tor to act as a relay" msgstr "" -#: booleans.py:200 +#: booleans.py:211 msgid "" "allow unconfined users to transition to the chrome sandbox domains when " "running chrome-sandbox" msgstr "" -#: booleans.py:201 +#: booleans.py:212 msgid "Allow a user to login as an unconfined domain" msgstr "" -#: booleans.py:202 +#: booleans.py:213 msgid "" "Allow unconfined users to transition to the Mozilla plugin domain when " "running xulrunner plugin-container." msgstr "" -#: booleans.py:203 +#: booleans.py:214 msgid "Allow video playing tools to run unconfined" msgstr "" -#: booleans.py:204 +#: booleans.py:215 msgid "Allow unprivledged user to create and transition to svirt domains." msgstr "" -#: booleans.py:205 +#: booleans.py:216 msgid "Support ecryptfs home directories" msgstr "" -#: booleans.py:206 +#: booleans.py:217 msgid "Support fusefs home directories" msgstr "" -#: booleans.py:207 -msgid "Use lpd server instead of cups" +#: booleans.py:218 +msgid "Determine whether to support lpd server." msgstr "" -#: booleans.py:208 +#: booleans.py:219 msgid "Support NFS home directories" msgstr "" -#: booleans.py:209 +#: booleans.py:220 msgid "Support SAMBA home directories" msgstr "" -#: booleans.py:210 +#: booleans.py:221 msgid "Allow user to exec content" msgstr "" -#: booleans.py:211 -msgid "Allow varnishd to connect to all ports, not just HTTP." +#: booleans.py:222 +msgid "Determine whether varnishd can use the full TCP network." msgstr "" -#: booleans.py:212 -msgid "Ignore vbetool mmap_zero errors." +#: booleans.py:223 +msgid "" +"Determine whether attempts by vbetool to mmap low regions should be silently " +"blocked." msgstr "" -#: booleans.py:213 +#: booleans.py:224 msgid "" "Allow confined virtual guests to use serial/parallel communication ports" msgstr "" -#: booleans.py:214 +#: booleans.py:225 msgid "" "Allow confined virtual guests to use executable memory and executable stack" msgstr "" -#: booleans.py:215 +#: booleans.py:226 msgid "Allow confined virtual guests to read fuse files" msgstr "" -#: booleans.py:216 +#: booleans.py:227 msgid "Allow confined virtual guests to manage nfs files" msgstr "" -#: booleans.py:217 +#: booleans.py:228 msgid "Allow confined virtual guests to interact with rawip sockets" msgstr "" -#: booleans.py:218 +#: booleans.py:229 msgid "Allow confined virtual guests to manage cifs files" msgstr "" -#: booleans.py:219 +#: booleans.py:230 msgid "Allow confined virtual guests to interact with the sanlock" msgstr "" -#: booleans.py:220 -msgid "Allow confined virtual guests to manage device configuration, (pci)" -msgstr "" - -#: booleans.py:221 +#: booleans.py:231 msgid "Allow confined virtual guests to use usb devices" msgstr "" -#: booleans.py:222 +#: booleans.py:232 msgid "Allow confined virtual guests to interact with the xserver" msgstr "" -#: booleans.py:223 -msgid "Allow webadm to manage files in users home directories" +#: booleans.py:233 +msgid "Determine whether webadm can manage generic user files." msgstr "" -#: booleans.py:224 -msgid "Allow webadm to read files in users home directories" +#: booleans.py:234 +msgid "Determine whether webadm can read generic user files." msgstr "" -#: booleans.py:225 -msgid "Ignore wine mmap_zero errors." +#: booleans.py:235 +msgid "" +"Determine whether attempts by wine to mmap low regions should be silently " +"blocked." msgstr "" -#: booleans.py:226 +#: booleans.py:236 msgid "Allow the graphical login program to execute bootloader" msgstr "" -#: booleans.py:227 +#: booleans.py:237 msgid "" "Allow the graphical login program to login directly as sysadm_r:sysadm_t" msgstr "" -#: booleans.py:228 +#: booleans.py:238 msgid "Allow xen to manage nfs files" msgstr "" -#: booleans.py:229 +#: booleans.py:239 msgid "" "Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " "logical volumes for disk images." msgstr "" -#: booleans.py:230 +#: booleans.py:240 msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." msgstr "" -#: booleans.py:231 +#: booleans.py:241 msgid "" "Allow xguest users to configure Network Manager and connect to apache ports" msgstr "" -#: booleans.py:232 +#: booleans.py:242 msgid "Allow xguest to exec content" msgstr "" -#: booleans.py:233 +#: booleans.py:243 msgid "Allow xguest users to mount removable media" msgstr "" -#: booleans.py:234 +#: booleans.py:244 msgid "Allow xguest to use blue tooth devices" msgstr "" -#: booleans.py:235 +#: booleans.py:245 msgid "Allows clients to write to the X server shared memory segments." msgstr "" -#: booleans.py:236 +#: booleans.py:246 msgid "Allows XServer to execute writable memory" msgstr "" -#: booleans.py:237 +#: booleans.py:247 msgid "Support X userspace object manager" msgstr "" -#: booleans.py:238 -msgid "Allow zabbix to connect to unreserved ports" +#: booleans.py:248 +msgid "Determine whether zabbix can connect to all TCP ports" msgstr "" -#: booleans.py:239 +#: booleans.py:249 msgid "Allow zebra daemon to write it configuration files" msgstr "" -#: booleans.py:240 +#: booleans.py:250 msgid "" "Allow ZoneMinder to modify public files used for public file transfer " "services." diff --git a/policycoreutils/po/ar.po b/policycoreutils/po/ar.po index 151ca6a..6010c78 100644 --- a/policycoreutils/po/ar.po +++ b/policycoreutils/po/ar.po @@ -1,7 +1,7 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. -# +# # Translators: # Ali Al-Ammari , 2010. # Amjad Al-Obaili , 2010. @@ -12,24 +12,28 @@ msgid "" msgstr "" "Project-Id-Version: Policycoreutils\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-01-04 12:01-0500\n" -"PO-Revision-Date: 2013-01-04 17:02+0000\n" +"POT-Creation-Date: 2013-05-07 11:12-0400\n" +"PO-Revision-Date: 2013-04-08 19:09+0000\n" "Last-Translator: dwalsh \n" "Language-Team: Arabic \n" +"Language: ar\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"Language: ar\n" -"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" +"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " +"&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" #: ../run_init/run_init.c:67 msgid "" "USAGE: run_init