diff --git a/policycoreutils/.tx/config b/policycoreutils/.tx/config index 07643e9..daff18c 100644 --- a/policycoreutils/.tx/config +++ b/policycoreutils/.tx/config @@ -1,5 +1,5 @@ [main] -host = https://www.transifex.net +host = https://www.transifex.com [policycoreutils.policycoreutils] file_filter = po/.po diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile index 3980799..bea9814 100644 --- a/policycoreutils/Makefile +++ b/policycoreutils/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui +SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui semanage/default_encoding INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile index 88635d4..fc290ea 100644 --- a/policycoreutils/audit2allow/Makefile +++ b/policycoreutils/audit2allow/Makefile @@ -5,14 +5,19 @@ LIBDIR ?= $(PREFIX)/lib MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -all: ; +all: audit2why + +audit2why: + ln -sf audit2allow audit2why install: all -mkdir -p $(BINDIR) install -m 755 audit2allow $(BINDIR) + (cd $(BINDIR); ln -sf audit2allow audit2why) install -m 755 sepolgen-ifgen $(BINDIR) -mkdir -p $(MANDIR)/man1 install -m 644 audit2allow.1 $(MANDIR)/man1/ + install -m 644 audit2why.1 $(MANDIR)/man1/ clean: rm -f *~ diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow index 8e0c396..9f5185d 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow @@ -1,7 +1,8 @@ #! /usr/bin/python -Es # Authors: Karl MacMillan +# Authors: Dan Walsh # -# Copyright (C) 2006-2007 Red Hat +# Copyright (C) 2006-2013 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or @@ -18,7 +19,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import sys +import sys, os import sepolgen.audit as audit import sepolgen.policygen as policygen @@ -29,6 +30,8 @@ import sepolgen.defaults as defaults import sepolgen.module as module from sepolgen.sepolgeni18n import _ import selinux.audit2why as audit2why +import locale +locale.setlocale(locale.LC_ALL, '') class AuditToPolicy: VERSION = "%prog .1" @@ -80,8 +83,7 @@ class AuditToPolicy: parser.add_option("--interface-info", dest="interface_info", help="file name of interface information") parser.add_option("--debug", dest="debug", action="store_true", default=False, help="leave generated modules for -M") - - parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False, + parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0])=="audit2why"), help="Translates SELinux audit messages into a description of why the access was denied") options, args = parser.parse_args() @@ -267,12 +269,10 @@ class AuditToPolicy: continue if rc == audit2why.CONSTRAINT: - print "\t\tPolicy constraint violation.\n" - print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n" - print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n" - for reason in data: - print "\t\tNote: Possible cause is the source and target %s differ\n" % reason - continue + print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" + print "#Constraint rule: \n\t" + data[0] + for reason in data[1:]: + print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason if rc == audit2why.RBAC: print "\t\tMissing role allow rule.\n" @@ -329,7 +329,7 @@ class AuditToPolicy: g.set_module_name(self.__options.module) if self.__options.output: - fd = open(self.__options.output, "w") + fd = open(self.__options.output, "a") else: fd = sys.stdout writer.write(g.get_module(), fd) @@ -350,6 +350,9 @@ class AuditToPolicy: except ValueError, e: print e sys.exit(1) + except IOError, e: + print e + sys.exit(1) if __name__ == "__main__": app = AuditToPolicy() diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1 index a854a45..2929b68 100644 --- a/policycoreutils/audit2allow/audit2allow.1 +++ b/policycoreutils/audit2allow/audit2allow.1 @@ -29,7 +29,7 @@ \- generate SELinux policy allow/dontaudit rules from logs of denied operations .BR audit2why -\- translates SELinux audit messages into a description of why the access was denied (audit2allow -w) +\- translates SELinux audit messages into a description of why the access was denied (audit2allow \-w) .SH SYNOPSIS .B audit2allow @@ -37,16 +37,16 @@ .SH OPTIONS .TP .B "\-a" | "\-\-all" -Read input from audit and message log, conflicts with -i +Read input from audit and message log, conflicts with \-i .TP .B "\-b" | "\-\-boot" -Read input from audit messages since last boot conflicts with -i +Read input from audit messages since last boot conflicts with \-i .TP .B "\-d" | "\-\-dmesg" Read input from output of .I /bin/dmesg. Note that all audit messages are not available via dmesg when -auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. +auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead. .TP .B "\-D" | "\-\-dontaudit" Generate dontaudit rules (Default: allow) @@ -65,7 +65,7 @@ read input only after last policy reload Generate module/require output .TP .B "\-M " -Generate loadable module package, conflicts with -o +Generate loadable module package, conflicts with \-o .TP .B "\-p " | "\-\-policy " Policy file to use for analysis @@ -123,7 +123,7 @@ an 'allow' rule. .PP .B Using audit2allow to generate module policy -$ cat /var/log/audit/audit.log | audit2allow -m local > local.te +$ cat /var/log/audit/audit.log | audit2allow \-m local > local.te $ cat local.te module local 1.0; @@ -141,7 +141,7 @@ allow myapp_t etc_t:file { getattr open read }; .B Using audit2allow to generate module policy using reference policy -$ cat /var/log/audit/audit.log | audit2allow -R -m local > local.te +$ cat /var/log/audit/audit.log | audit2allow \-R \-m local > local.te $ cat local.te policy_module(local, 1.0) @@ -155,34 +155,49 @@ files_read_etc_files(myapp_t) .B Building module policy using Makefile -# SELinux provides a policy devel environment under /usr/share/selinux/devel +# SELinux provides a policy devel environment under +# /usr/share/selinux/devel including all of the shipped +# interface files. # You can create a te file and compile it by executing -$ make -f /usr/share/selinux/devel/Makefile -$ semodule -i local.pp + +$ make -f /usr/share/selinux/devel/Makefile local.pp + + +# This make command will compile a local.te file in the current +# directory. If you did not specify a "pp" file, the make file +# will compile all "te" files in the current directory. After +# you compile your te file into a "pp" file, you need to install +# it using the semodule command. + +$ semodule \-i local.pp .B Building module policy manually # Compile the module -$ checkmodule -M -m -o local.mod local.te +$ checkmodule \-M \-m \-o local.mod local.te + # Create the package -$ semodule_package -o local.pp -m local.mod +$ semodule_package \-o local.pp \-m local.mod + # Load the module into the kernel -$ semodule -i local.pp +$ semodule \-i local.pp .B Using audit2allow to generate and build module policy -$ cat /var/log/audit/audit.log | audit2allow -M local -Generating type enforcment file: local.te -Compiling policy: checkmodule -M -m -o local.mod local.te -Building package: semodule_package -o local.pp -m local.mod + +$ cat /var/log/audit/audit.log | audit2allow \-M local +Generating type enforcement file: local.te +Compiling policy: checkmodule \-M \-m \-o local.mod local.te +Building package: semodule_package \-o local.pp \-m local.mod ******************** IMPORTANT *********************** In order to load this newly created policy package into the kernel, you are required to execute -semodule -i local.pp +semodule \-i local.pp + +.B Using audit2allow to generate monolithic (non\-module) policy -.B Using audit2allow to generate monolithic (non-module) policy $ cd /etc/selinux/$SELINUXTYPE/src/policy $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te $ cat domains/misc/local.te diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1 new file mode 100644 index 0000000..a9e8893 --- /dev/null +++ b/policycoreutils/audit2allow/audit2why.1 @@ -0,0 +1 @@ +.so man1/audit2allow.1 diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen index ef4bec3..3967ba5 100644 --- a/policycoreutils/audit2allow/sepolgen-ifgen +++ b/policycoreutils/audit2allow/sepolgen-ifgen @@ -62,6 +62,9 @@ def parse_options(): return options def get_policy(): + p = selinux.selinux_current_policy_path() + if os.path.exists(p): + return p i = selinux.security_policyvers() p = selinux.selinux_binary_policy_path() + "." + str(i) while i > 0 and not os.path.exists(p): diff --git a/policycoreutils/audit2why/Makefile b/policycoreutils/audit2why/Makefile deleted file mode 100644 index 63eb8b3..0000000 --- a/policycoreutils/audit2why/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# Installation directories. -PREFIX ?= $(DESTDIR)/usr -BINDIR ?= $(PREFIX)/bin -MANDIR ?= $(PREFIX)/share/man - -TARGETS=audit2why - -all: $(TARGETS) - -install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) - -mkdir -p $(MANDIR)/man1 - install -m 644 audit2why.1 $(MANDIR)/man1/ - -clean: - -relabel: diff --git a/policycoreutils/audit2why/audit2why b/policycoreutils/audit2why/audit2why deleted file mode 100644 index 21a72aa..0000000 --- a/policycoreutils/audit2why/audit2why +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/bin/audit2allow -w $* diff --git a/policycoreutils/audit2why/audit2why.1 b/policycoreutils/audit2why/audit2why.1 deleted file mode 100644 index a9e8893..0000000 --- a/policycoreutils/audit2why/audit2why.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/audit2allow.1 diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile index b5abbb9..9d9f820 100644 --- a/policycoreutils/gui/Makefile +++ b/policycoreutils/gui/Makefile @@ -1,7 +1,10 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr +SYSCONFDIR ?= ${DESTDIR}/etc BINDIR ?= $(PREFIX)/bin SHAREDIR ?= $(PREFIX)/share/system-config-selinux +DATADIR ?= $(PREFIX)/share +MANDIR ?= $(PREFIX)/share/man TARGETS= \ booleansPage.py \ @@ -16,18 +19,30 @@ portsPage.py \ semanagePage.py \ statusPage.py \ system-config-selinux.glade \ +system-config-selinux.png \ usersPage.py all: $(TARGETS) system-config-selinux.py polgengui.py install: all + -mkdir -p $(MANDIR)/man8 -mkdir -p $(SHAREDIR) -mkdir -p $(BINDIR) + -mkdir -p $(DATADIR)/pixmaps + -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps + -mkdir -p $(SYSCONFDIR) + -mkdir -p $(DATADIR)/polkit-1/actions/ install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 755 system-config-selinux $(BINDIR) install -m 755 polgengui.py $(SHAREDIR) - install -m 755 sepolgen $(BINDIR) install -m 644 $(TARGETS) $(SHAREDIR) - + install -m 644 system-config-selinux.8 $(MANDIR)/man8 + install -m 644 selinux-polgengui.8 $(MANDIR)/man8 + install -m 644 system-config-selinux.png $(DATADIR)/pixmaps + install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps + install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux + install -m 644 *.desktop $(DATADIR)/system-config-selinux + install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/ clean: indent: diff --git a/policycoreutils/gui/org.selinux.config.policy b/policycoreutils/gui/org.selinux.config.policy new file mode 100644 index 0000000..fb2adf6 --- /dev/null +++ b/policycoreutils/gui/org.selinux.config.policy @@ -0,0 +1,22 @@ + + + + + System Config SELinux + http://fedorahosted.org/system-config-selinux + + + Run System Config SELinux + Authentication is required to run system-config-selinux + system-selinux + + no + no + auth_admin + + /usr/share/system-config-selinux/system-config-selinux.py + true + + diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py index 1c16f7b..8b6f902 100644 --- a/policycoreutils/gui/polgengui.py +++ b/policycoreutils/gui/polgengui.py @@ -4,7 +4,7 @@ # # Dan Walsh # -# Copyright (C) 2007-2012 Red Hat +# Copyright (C) 2007-2013 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,7 +28,12 @@ import os import gobject import gnome import sys -from sepolicy import generate +try: + from sepolicy import generate +except ValueError,e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) + import sepolicy.interface import commands @@ -320,14 +325,16 @@ class childWindow: col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) self.admin_treeview.append_column(col) - - for u in sepolicy.interface.get_user(): - iter = self.transition_store.append() - self.transition_store.set_value(iter, 0, u) - - for a in sepolicy.interface.get_admin(): - iter = self.admin_store.append() - self.admin_store.set_value(iter, 0, a) + try: + for u in sepolicy.interface.get_user(): + iter = self.transition_store.append() + self.transition_store.set_value(iter, 0, u) + + for a in sepolicy.interface.get_admin(): + iter = self.admin_store.append() + self.admin_store.set_value(iter, 0, a) + except ValueError,e: + self.error(e.message) def confine_application(self): return self.get_type() in generate.APPLICATIONS diff --git a/policycoreutils/gui/selinux-polgengui.8 b/policycoreutils/gui/selinux-polgengui.8 new file mode 100644 index 0000000..52bf7dd --- /dev/null +++ b/policycoreutils/gui/selinux-polgengui.8 @@ -0,0 +1,35 @@ +.TH "selinux-polgengui" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual" + +.SH NAME +selinux\-polgengui \- SELinux Policy Generation Tool + +.SH SYNOPSIS +.B selinux-polgengui + +.SH DESCRIPTION +\fBselinux-polgengui\fP is a graphical tool, which can be used to create a framework for building SELinux Policy. +.SH OPTIONS +None + +.SH FILES +\fi/usr/bin/selinux-polgengui\fP + +.SH Examples +To run the program type: + +selinux-polgengui + +.PP +.SH "SEE ALSO" +.TP +selinux(1), sepolicy(8), sepolicy-generate(8) +.PP + +.SH REPORTING BUGS +Report bugs to . + +.SH LICENSE AND AUTHORS +\fBselinux-polgengui\fP is licensed under the GNU Public License and +is copyrighted by Red Hat, Inc. +.br +This man page was written by Daniel Walsh diff --git a/policycoreutils/gui/selinux-polgengui.desktop b/policycoreutils/gui/selinux-polgengui.desktop new file mode 100644 index 0000000..0c2f399 --- /dev/null +++ b/policycoreutils/gui/selinux-polgengui.desktop @@ -0,0 +1,67 @@ +[Desktop Entry] +Name=SELinux Policy Generation Tool +Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী +Name[ca]=Eina de generació de polítiques del SELinux +Name[da]=Regelsætgenereringsværktøj til SELinux +Name[de]=Tool zur Erstellung von SELinux-Richtlinien +Name[es]=Generador de Políticas de SELinux +Name[fi]=SELinux-käytäntöjen generointityökalu +Name[fr]=Outil de génération de stratégies SELinux +Name[gu]=SELinux પોલિસી બનાવટ સાધન +Name[hi]=SELinux पॉलिसी जनन औजार +Name[it]=Tool di generazione della policy di SELinux +Name[ja]=SELinux ポリシー生成ツール +Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ +Name[ko]=SELinux 정책 생성 도구 +Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം +Name[mr]=SELinux करार निर्माण साधन +Name[nl]=SELinux tactiek generatie gereedschap +Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ +Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ +Name[pl]=Narzędzie tworzenia polityki SELinuksa +Name[pt]=Ferramenta de Geração de Políticas SELinux +Name[pt_BR]=Ferramenta de criação de políticas do SELinux +Name[ru]=Средство создания политики SELinux +Name[sv]=Genereringsverktyg för SELinuxpolicy +Name[ta]=SELinux பாலிசி உற்பத்தி கருவி +Name[te]=SELinux నిర్వహణ +Name[uk]=Утиліта генерації правил SELinux +Name[zh_CN]=SELinux 策略生成工具 +Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool) +Comment=Generate SELinux policy modules +Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন +Comment[ca]=Genera els mòduls de les polítiques de SELinux +Comment[da]=Generér SELinux-regelsætmodul +Comment[de]=Tool zur Erstellung von SELinux-Richtlinien +Comment[es]=Generar módulos de política de SELinux +Comment[fi]=Generoi SELinuxin käytäntömoduuleja +Comment[fr]=Génére des modules de stratégie SELinux +Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો +Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें +Comment[it]=Genera moduli della politica di SELinux +Comment[ja]=新しいポリシーモジュールの作成 +Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು +Comment[ko]=SELinux 정책 모듈 생성 +Comment[ml]=SELinux യ പോളിസി ഘങ്ങള്‍ തയ്യാറാക്കുക +Comment[mr]=SELinux करार घटके निर्माण करा +Comment[nl]=Maak een SELinux tactiek module aan +Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ +Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ +Comment[pl]=Tworzenie nowych modułów polityki SELinuksa +Comment[pt]=Gerar módulos de políticas SELinux +Comment[pt_BR]=Gerar módulos de política do SELinux +Comment[ru]=Генерация модулей политики SELinux +Comment[sv]=Generera SELinux-policymoduler +Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும் +Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము +Comment[uk]=Створення модулів контролю доступу SELinux +Comment[zh_CN]=生成 SELinux 策略模块 +Comment[zh_TW]=產生 SELinux 政策模組 +StartupNotify=true +Icon=system-config-selinux +Exec=/usr/bin/selinux-polgengui +Type=Application +Terminal=false +Categories=System;Security; +X-Desktop-File-Install-Version=0.2 +Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux new file mode 100755 index 0000000..5be5ccd --- /dev/null +++ b/policycoreutils/gui/system-config-selinux @@ -0,0 +1,3 @@ +#!/bin/sh + +exec /usr/bin/pkexec /usr/share/system-config-selinux/system-config-selinux.py diff --git a/policycoreutils/gui/system-config-selinux.8 b/policycoreutils/gui/system-config-selinux.8 new file mode 100644 index 0000000..eca2024 --- /dev/null +++ b/policycoreutils/gui/system-config-selinux.8 @@ -0,0 +1,37 @@ +.TH "system-config-selinux" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual" + +.SH NAME +system\-config\-selinux \- SELinux Management tool + +.SH SYNOPSIS +.B system-config-selinux + +.SH DESCRIPTION +\fBsystem-config-selinux\fP provides a graphical interface for managing the +SELinux configuration. + +.SH OPTIONS +None + +.SH FILES +\fi/usr/bin/system-config-selinux\fP + +.SH Examples +To run the program type: + +system-config-selinux + +.PP +.SH "SEE ALSO" +.TP +selinux(1), semanage(8) +.PP + +.SH REPORTING BUGS +Report bugs to . + +.SH LICENSE AND AUTHORS +\fBsystem-config-selinux\fP is licensed under the GNU Public License and +is copyrighted by Red Hat, Inc. +.br +This man page was written by Daniel Walsh diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop new file mode 100644 index 0000000..8822ce2 --- /dev/null +++ b/policycoreutils/gui/system-config-selinux.desktop @@ -0,0 +1,67 @@ +[Desktop Entry] +Name=SELinux Management +Name[bn_IN]=SELinux পরিচালনা +Name[da]=Håndtering af SELinux +Name[de]=SELinux-Management +Name[ca]=Gestió de SELinux +Name[es]=Administración de SELinux +Name[fi]=SELinuxin ylläpito +Name[fr]=Gestion de SELinux +Name[gu]=SELinux સંચાલન +Name[hi]=SELinux प्रबंधन +Name[jp]=SELinux 管理 +Name[it]=Gestione di SELinux +Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ +Name[ko]=SELinux 관리 +Name[ml]=SELinux മാനേജ്മെന്റ് +Name[mr]=SELinux मॅनेजमेंट +Name[nl]=SELinux beheer +Name[or]=SELinux ପରିଚାଳନା +Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ +Name[pl]=Zarządzanie SELinuksem +Name[pt_BR]=Gerenciamento do SELinux +Name[pt]=Gestão de SELinux +Name[ru]=Управление SELinux +Name[sv]=SELinux-hantering +Name[ta]=SELinux மேலாண்மை +Name[te]=SELinux నిర్వహణ +Name[uk]=Керування SELinux +Name[zh_CN]=SELinux 管理 +Name[zh_TW]=SELinux 管理 +Comment=Configure SELinux in a graphical setting +Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন +Comment[ca]=Configura SELinuc an mode de preferències gràfiques +Comment[da]=Konfigurér SELinux i et grafisk miljø +Comment[de]=SELinux in einer grafischen Einstellung konfigurieren +Comment[es]=Defina SELinux en una configuración de interfaz gráfica +Comment[fi]=Tee SELinuxin asetukset graafisesti +Comment[fr]=Configure SELinux dans un environnement graphique +Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો +Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें +Comment[it]=Configura SELinux in una impostazione grafica +Comment[jp]=グラフィカルな設定画面で SELinux を設定する +Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정 +Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ +Comment[ml]=ഒരു ഗ്രാഫിക്കല്‍ സജ്ജീകരണത്തില്‍ SELinux ക്രമീകരിയ്ക്കുക +Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा +Comment[nl]=Configureer SELinux in een grafische omgeving +Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ +Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ +Comment[pl]=Konfiguracja SELinuksa w trybie graficznym +Comment[pt]=Configurar o SELinux num ambiente gráfico +Comment[pt_BR]=Configure o SELinux em uma configuração gráfica +Comment[ru]=Настройка SELinux в графическом режиме +Comment[sv]=Konfigurera SELinux i en grafisk miljö +Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும் +Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము +Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом +Comment[zh_CN]=在图形设置中配置 SELinux +Comment[zh_TW]=在圖形話設定中配置 SELinux +StartupNotify=true +Icon=system-config-selinux +Exec=/usr/bin/system-config-selinux +Type=Application +Terminal=false +Categories=System;Security; +X-Desktop-File-Install-Version=0.2 +Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui/system-config-selinux.png new file mode 100644 index 0000000..68ffcb7 Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8 index f9ca36e..a86073f 100644 --- a/policycoreutils/load_policy/load_policy.8 +++ b/policycoreutils/load_policy/load_policy.8 @@ -19,7 +19,7 @@ values in the policy file. suppress warning messages. .TP .B \-i -inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs). +initial policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs). .SH "EXIT STATUS" .TP diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5 index 4963cdc..dbfec55 100644 --- a/policycoreutils/man/man5/selinux_config.5 +++ b/policycoreutils/man/man5/selinux_config.5 @@ -92,7 +92,7 @@ The binary policy name has by convention the SELinux policy version that it supp .RS This entry is deprecated and should be removed or set to \fI0\fR. .sp -If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customisation for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)). +If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)). .RE .sp .B REQUIRESEUSERS @@ -122,7 +122,7 @@ This is an optional entry that allows the file system to be relabeled. .sp If set to \fI0\fR and there is a file called \fI.autorelabel\fR in the root directory, then on a reboot, the loader will drop to a shell where a root login is required. An administrator can then manually relabel the file system. .sp -If set to \fI1\fR or no entry present (the default) and there is a \fI.autorelabel\fR file in the root directory, then the file system will be automatically relabeled using \fBfixfiles -F restore\fR +If set to \fI1\fR or no entry present (the default) and there is a \fI.autorelabel\fR file in the root directory, then the file system will be automatically relabeled using \fBfixfiles \-F restore\fR .sp In both cases the \fI/.autorelabel\fR file will be removed so that relabeling is not done again. .RE diff --git a/policycoreutils/mcstrans/man/man8/mcs.8 b/policycoreutils/mcstrans/man/man8/mcs.8 index 44126bf..aeaf22e 100644 --- a/policycoreutils/mcstrans/man/man8/mcs.8 +++ b/policycoreutils/mcstrans/man/man8/mcs.8 @@ -20,7 +20,7 @@ readable form. Administrators can define any labels they want in this file. Certain applications like printing and auditing will use these labels to identify the files. By setting a category on a file you will prevent other applications/services from having access to the files. -.p +.P Examples of file labels would be PatientRecord, CompanyConfidential etc. .SH "SEE ALSO" diff --git a/policycoreutils/newrole/newrole.1 b/policycoreutils/newrole/newrole.1 index 376c458..c47bc52 100644 --- a/policycoreutils/newrole/newrole.1 +++ b/policycoreutils/newrole/newrole.1 @@ -44,7 +44,7 @@ Additional arguments .I ARGS may be provided after a -- option, in which case they are supplied to the new shell. -In particular, an argument of -- -c will cause the next argument to be +In particular, an argument of \-\- \-c will cause the next argument to be treated as a command by most command interpreters. .PP If a command argument is specified to newrole and the command name is found @@ -66,31 +66,31 @@ shows the current version of newrole .SH EXAMPLE .br Changing role: - # id -Z + # id \-Z staff_u:staff_r:staff_t:SystemLow-SystemHigh - # newrole -r sysadm_r - # id -Z + # newrole \-r sysadm_r + # id \-Z staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh Changing sensitivity only: - # id -Z + # id \-Z staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh - # newrole -l Secret - # id -Z + # newrole \-l Secret + # id \-Z staff_u:sysadm_r:sysadm_t:Secret-SystemHigh .PP Changing sensitivity and clearance: - # id -Z + # id \-Z staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh - # newrole -l Secret-Secret - # id -Z + # newrole \-l Secret-Secret + # id \-Z staff_u:sysadm_r:sysadm_t:Secret .PP Running a program in a given role or level: - # newrole -r sysadm_r -- -c "/path/to/app arg1 arg2..." - # newrole -l Secret -- -c "/path/to/app arg1 arg2..." + # newrole \-r sysadm_r \-\- \-c "/path/to/app arg1 arg2..." + # newrole \-l Secret \-\- \-c "/path/to/app arg1 arg2..." .SH FILES /etc/passwd - user account information diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index 8fbf2d0..4e59a06 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -547,9 +547,7 @@ static int drop_capabilities(int full) if (!uid) return 0; capng_setpid(getpid()); - capng_clear(CAPNG_SELECT_BOTH); - if (capng_lock() < 0) - return -1; + capng_clear(CAPNG_SELECT_CAPS); /* Change uid */ if (setresuid(uid, uid, uid)) { @@ -558,7 +556,7 @@ static int drop_capabilities(int full) } if (! full) capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE); - return capng_apply(CAPNG_SELECT_BOTH); + return capng_apply(CAPNG_SELECT_CAPS); } #elif defined(NAMESPACE_PRIV) /** @@ -576,20 +574,21 @@ static int drop_capabilities(int full) */ static int drop_capabilities(int full) { + uid_t uid = getuid(); + if (!uid) return 0; + capng_setpid(getpid()); - capng_clear(CAPNG_SELECT_BOTH); - if (capng_lock() < 0) - return -1; + capng_clear(CAPNG_SELECT_CAPS); - uid_t uid = getuid(); /* Change uid */ if (setresuid(uid, uid, uid)) { fprintf(stderr, _("Error changing uid, aborting.\n")); return -1; } if (! full) - capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1); - return capng_apply(CAPNG_SELECT_BOTH); + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_AUDIT_WRITE, -1); + + return capng_apply(CAPNG_SELECT_CAPS); } #else @@ -680,7 +679,7 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, security_context_t * tty_context, security_context_t * new_tty_context) { - int fd; + int fd, rc; int enforcing = security_getenforce(); security_context_t tty_con = NULL; security_context_t new_tty_con = NULL; @@ -699,7 +698,13 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, fprintf(stderr, _("Error! Could not open %s.\n"), ttyn); return fd; } - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + /* this craziness is to make sure we cann't block on open and deadlock */ + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) { + fprintf(stderr, _("Error! Could not clear O_NONBLOCK on %s\n"), ttyn); + close(fd); + return rc; + } if (fgetfilecon(fd, &tty_con) < 0) { fprintf(stderr, _("%s! Could not get current context " @@ -1010,9 +1015,9 @@ int main(int argc, char *argv[]) int fd; pid_t childPid = 0; char *shell_argv0 = NULL; + int rc; #ifdef USE_PAM - int rc; int pam_status; /* pam return code */ pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ @@ -1226,15 +1231,23 @@ int main(int argc, char *argv[]) fd = open(ttyn, O_RDONLY | O_NONBLOCK); if (fd != 0) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; + fd = open(ttyn, O_RDWR | O_NONBLOCK); if (fd != 1) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; + fd = open(ttyn, O_RDWR | O_NONBLOCK); if (fd != 2) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; } /* @@ -1268,19 +1281,24 @@ int main(int argc, char *argv[]) } #endif - if (send_audit_message(1, old_context, new_context, ttyn)) + if (send_audit_message(1, old_context, new_context, ttyn)) { + fprintf(stderr, _("Failed to send audit message")); goto err_close_pam_session; + } freecon(old_context); old_context=NULL; freecon(new_context); new_context=NULL; #ifdef NAMESPACE_PRIV - if (transition_to_caller_uid()) + if (transition_to_caller_uid()) { + fprintf(stderr, _("Failed to transition to namespace\n")); goto err_close_pam_session; + } #endif - if (drop_capabilities(TRUE)) + if (drop_capabilities(TRUE)) { + fprintf(stderr, _("Failed to drop capabilities %m\n")); goto err_close_pam_session; - + } /* Handle environment changes */ if (restore_environment(preserve_environment, old_environ, &pw)) { fprintf(stderr, _("Unable to restore the environment, " diff --git a/policycoreutils/newrole/newrole.pamd b/policycoreutils/newrole/newrole.pamd index d1b435c..de3582f 100644 --- a/policycoreutils/newrole/newrole.pamd +++ b/policycoreutils/newrole/newrole.pamd @@ -1,4 +1,6 @@ #%PAM-1.0 +# Uncomment the next line if you do not want to enter your passwd everytime +# auth sufficient pam_rootok.so auth include system-auth account include system-auth password include system-auth diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile index a377996..a693823 100644 --- a/policycoreutils/po/Makefile +++ b/policycoreutils/po/Makefile @@ -60,6 +60,7 @@ POTFILES = \ ../gui/system-config-selinux.py \ ../gui/usersPage.py \ ../secon/secon.c \ + booleans.py \ ../sepolicy/info.c \ ../sepolicy/search.c \ ../sepolicy/sepolicy.py \ @@ -67,6 +68,8 @@ POTFILES = \ ../sepolicy/sepolicy/__init__.py \ ../sepolicy/sepolicy/network.py \ ../sepolicy/sepolicy/generate.py \ + ../sepolicy/sepolicy/sepolicy.glade \ + ../sepolicy/sepolicy/gui.py \ ../sepolicy/sepolicy/manpage.py \ ../sepolicy/sepolicy/transition.py \ ../sepolicy/sepolicy/templates/executable.py \ @@ -80,13 +83,16 @@ POTFILES = \ ../sepolicy/sepolicy/templates/var_lib.py \ ../sepolicy/sepolicy/templates/var_log.py \ ../sepolicy/sepolicy/templates/var_run.py \ - ../sepolicy/sepolicy/templates/var_spool.py \ + ../sepolicy/sepolicy/templates/var_spool.py #default:: clean all:: $(MOFILES) -$(POTFILE): $(POTFILES) +booleans.py: + sepolicy booleans -a > booleans.py + +$(POTFILE): $(POTFILES) booleans.py $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ rm -f $(NLSPACKAGE).po; \ @@ -95,6 +101,7 @@ $(POTFILE): $(POTFILES) fi; \ update-po: Makefile $(POTFILE) refresh-po + @rm -f booleans.py refresh-po: Makefile for cat in $(POFILES); do \ diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES index 667e394..bcb9e99 100644 --- a/policycoreutils/po/POTFILES +++ b/policycoreutils/po/POTFILES @@ -47,4 +47,26 @@ ../gui/templates/var_log.py ../gui/templates/var_run.py ../gui/templates/var_spool.py - ../secon/secon.c + ../sepolicy/info.c + ../sepolicy/search.c + ../sepolicy/sepolicy.py + ../sepolicy/sepolicy/communicate.py + ../sepolicy/sepolicy/__init__.py + ../sepolicy/sepolicy/network.py + ../sepolicy/sepolicy/generate.py + ../sepolicy/sepolicy/sepolicy.glade + ../sepolicy/sepolicy/gui.py + ../sepolicy/sepolicy/manpage.py + ../sepolicy/sepolicy/transition.py + ../sepolicy/sepolicy/templates/executable.py + ../sepolicy/sepolicy/templates/__init__.py + ../sepolicy/sepolicy/templates/network.py + ../sepolicy/sepolicy/templates/rw.py + ../sepolicy/sepolicy/templates/script.py + ../sepolicy/sepolicy/templates/semodule.py + ../sepolicy/sepolicy/templates/tmp.py + ../sepolicy/sepolicy/templates/user.py + ../sepolicy/sepolicy/templates/var_lib.py + ../sepolicy/sepolicy/templates/var_log.py + ../sepolicy/sepolicy/templates/var_run.py + ../sepolicy/sepolicy/templates/var_spool.py diff --git a/policycoreutils/po/POTFILES.in b/policycoreutils/po/POTFILES.in index 75117f4..aca0474 100644 --- a/policycoreutils/po/POTFILES.in +++ b/policycoreutils/po/POTFILES.in @@ -42,6 +42,8 @@ sepolicy/sepolicy/communicate.py sepolicy/sepolicy/__init__.py sepolicy/sepolicy/network.py sepolicy/sepolicy/generate.py +sepolicy/sepolicy/sepolicy.glade +sepolicy/sepolicy/gui.py sepolicy/sepolicy/manpage.py sepolicy/sepolicy/transition.py sepolicy/sepolicy/templates/executable.py diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po index 961d921..e4a6e09 100644 --- a/policycoreutils/po/af.po +++ b/policycoreutils/po/af.po @@ -1,21 +1,22 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. # -#, fuzzy +# Translators: msgid "" msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" +"Project-Id-Version: Policycoreutils\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-01-04 12:01-0500\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"POT-Creation-Date: 2013-10-10 16:04-0400\n" +"PO-Revision-Date: 2012-03-30 18:14+0000\n" "Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" +"Language-Team: Afrikaans (http://www.transifex.com/projects/p/fedora/" +"language/af/)\n" +"Language: af\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../run_init/run_init.c:67 msgid "" @@ -24,7 +25,7 @@ msgid "" " are the arguments to that script." msgstr "" -#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 +#: ../run_init/run_init.c:126 ../newrole/newrole.c:1128 #, c-format msgid "failed to initialize PAM\n" msgstr "" @@ -73,7 +74,7 @@ msgstr "" msgid "authentication failed.\n" msgstr "" -#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 +#: ../run_init/run_init.c:405 ../newrole/newrole.c:1270 #, c-format msgid "Could not set exec context to %s.\n" msgstr "" @@ -86,870 +87,907 @@ msgstr "" msgid "To make this policy package active, execute:" msgstr "" -#: ../semanage/seobject.py:194 +#: ../semanage/seobject.py:210 msgid "Could not create semanage handle" msgstr "" -#: ../semanage/seobject.py:202 +#: ../semanage/seobject.py:218 msgid "SELinux policy is not managed or store cannot be accessed." msgstr "" -#: ../semanage/seobject.py:207 +#: ../semanage/seobject.py:223 msgid "Cannot read policy store." msgstr "" -#: ../semanage/seobject.py:212 +#: ../semanage/seobject.py:228 msgid "Could not establish semanage connection" msgstr "" -#: ../semanage/seobject.py:217 +#: ../semanage/seobject.py:233 msgid "Could not test MLS enabled status" msgstr "" -#: ../semanage/seobject.py:223 ../semanage/seobject.py:238 +#: ../semanage/seobject.py:239 ../semanage/seobject.py:254 msgid "Not yet implemented" msgstr "" -#: ../semanage/seobject.py:227 +#: ../semanage/seobject.py:243 msgid "Semanage transaction already in progress" msgstr "" -#: ../semanage/seobject.py:236 +#: ../semanage/seobject.py:252 msgid "Could not start semanage transaction" msgstr "" -#: ../semanage/seobject.py:248 +#: ../semanage/seobject.py:264 msgid "Could not commit semanage transaction" msgstr "" -#: ../semanage/seobject.py:253 +#: ../semanage/seobject.py:269 msgid "Semanage transaction not in progress" msgstr "" -#: ../semanage/seobject.py:265 ../semanage/seobject.py:345 +#: ../semanage/seobject.py:281 ../semanage/seobject.py:376 msgid "Could not list SELinux modules" msgstr "" -#: ../semanage/seobject.py:278 +#: ../semanage/seobject.py:300 msgid "Modules Name" msgstr "" -#: ../semanage/seobject.py:278 ../gui/modulesPage.py:63 +#: ../semanage/seobject.py:300 ../gui/modulesPage.py:63 msgid "Version" msgstr "" -#: ../semanage/seobject.py:281 ../gui/statusPage.py:75 +#: ../semanage/seobject.py:303 ../gui/statusPage.py:75 +#: ../sepolicy/sepolicy/sepolicy.glade:3430 msgid "Disabled" msgstr "" -#: ../semanage/seobject.py:296 +#: ../semanage/seobject.py:312 +#, python-format +msgid "Module does not exists %s " +msgstr "" + +#: ../semanage/seobject.py:322 #, python-format msgid "Could not disable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:307 +#: ../semanage/seobject.py:333 #, python-format msgid "Could not enable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:322 +#: ../semanage/seobject.py:348 #, python-format msgid "Could not remove module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:332 +#: ../semanage/seobject.py:363 msgid "dontaudit requires either 'on' or 'off'" msgstr "" -#: ../semanage/seobject.py:360 +#: ../semanage/seobject.py:391 msgid "Builtin Permissive Types" msgstr "" -#: ../semanage/seobject.py:370 +#: ../semanage/seobject.py:401 msgid "Customized Permissive Types" msgstr "" -#: ../semanage/seobject.py:412 +#: ../semanage/seobject.py:410 +msgid "" +"The sepolgen python module is required to setup permissive domains.\n" +"In some distributions it is included in the policycoreutils-devel patckage.\n" +"# yum install policycoreutils-devel\n" +"Or similar for your distro." +msgstr "" + +#: ../semanage/seobject.py:447 #, python-format msgid "Could not set permissive domain %s (module installation failed)" msgstr "" -#: ../semanage/seobject.py:418 +#: ../semanage/seobject.py:453 #, python-format msgid "Could not remove permissive domain %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:453 ../semanage/seobject.py:527 -#: ../semanage/seobject.py:573 ../semanage/seobject.py:695 -#: ../semanage/seobject.py:725 ../semanage/seobject.py:792 -#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104 -#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883 -#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025 -#: ../semanage/seobject.py:2076 +#: ../semanage/seobject.py:488 ../semanage/seobject.py:562 +#: ../semanage/seobject.py:608 ../semanage/seobject.py:730 +#: ../semanage/seobject.py:760 ../semanage/seobject.py:827 +#: ../semanage/seobject.py:884 ../semanage/seobject.py:1144 +#: ../semanage/seobject.py:1879 ../semanage/seobject.py:1942 +#: ../semanage/seobject.py:1961 ../semanage/seobject.py:2084 +#: ../semanage/seobject.py:2135 #, python-format msgid "Could not create a key for %s" msgstr "" -#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 -#: ../semanage/seobject.py:577 ../semanage/seobject.py:583 +#: ../semanage/seobject.py:492 ../semanage/seobject.py:566 +#: ../semanage/seobject.py:612 ../semanage/seobject.py:618 #, python-format msgid "Could not check if login mapping for %s is defined" msgstr "" -#: ../semanage/seobject.py:466 +#: ../semanage/seobject.py:501 #, python-format msgid "Linux Group %s does not exist" msgstr "" -#: ../semanage/seobject.py:471 +#: ../semanage/seobject.py:506 #, python-format msgid "Linux User %s does not exist" msgstr "" -#: ../semanage/seobject.py:475 +#: ../semanage/seobject.py:510 #, python-format msgid "Could not create login mapping for %s" msgstr "" -#: ../semanage/seobject.py:479 ../semanage/seobject.py:740 +#: ../semanage/seobject.py:514 ../semanage/seobject.py:775 #, python-format msgid "Could not set name for %s" msgstr "" -#: ../semanage/seobject.py:484 ../semanage/seobject.py:750 +#: ../semanage/seobject.py:519 ../semanage/seobject.py:785 #, python-format msgid "Could not set MLS range for %s" msgstr "" -#: ../semanage/seobject.py:488 +#: ../semanage/seobject.py:523 #, python-format msgid "Could not set SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:492 +#: ../semanage/seobject.py:527 #, python-format msgid "Could not add login mapping for %s" msgstr "" -#: ../semanage/seobject.py:510 +#: ../semanage/seobject.py:545 msgid "Requires seuser or serange" msgstr "" -#: ../semanage/seobject.py:533 ../semanage/seobject.py:579 +#: ../semanage/seobject.py:568 ../semanage/seobject.py:614 #, python-format msgid "Login mapping for %s is not defined" msgstr "" -#: ../semanage/seobject.py:537 +#: ../semanage/seobject.py:572 #, python-format msgid "Could not query seuser for %s" msgstr "" -#: ../semanage/seobject.py:551 +#: ../semanage/seobject.py:586 #, python-format msgid "Could not modify login mapping for %s" msgstr "" -#: ../semanage/seobject.py:585 +#: ../semanage/seobject.py:620 #, python-format msgid "Login mapping for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:589 +#: ../semanage/seobject.py:624 #, python-format msgid "Could not delete login mapping for %s" msgstr "" -#: ../semanage/seobject.py:611 ../semanage/seobject.py:644 -#: ../semanage/seobject.py:892 +#: ../semanage/seobject.py:646 ../semanage/seobject.py:679 +#: ../semanage/seobject.py:927 msgid "Could not list login mappings" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 +#: ../semanage/seobject.py:707 ../semanage/seobject.py:719 #: ../gui/system-config-selinux.glade:100 +#: ../sepolicy/sepolicy/sepolicy.glade:1166 +#: ../sepolicy/sepolicy/sepolicy.glade:3155 msgid "Login Name" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:707 ../semanage/seobject.py:719 +#: ../semanage/seobject.py:977 ../semanage/seobject.py:982 #: ../gui/system-config-selinux.glade:128 #: ../gui/system-config-selinux.glade:915 #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 +#: ../sepolicy/sepolicy/sepolicy.glade:1192 +#: ../sepolicy/sepolicy/sepolicy.glade:3173 +#: ../sepolicy/sepolicy/sepolicy.glade:3259 msgid "SELinux User" msgstr "" -#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156 +#: ../semanage/seobject.py:707 ../gui/system-config-selinux.glade:156 #: ../gui/system-config-selinux.glade:943 msgid "MLS/MCS Range" msgstr "" -#: ../semanage/seobject.py:672 +#: ../semanage/seobject.py:707 msgid "Service" msgstr "" -#: ../semanage/seobject.py:698 ../semanage/seobject.py:729 -#: ../semanage/seobject.py:796 ../semanage/seobject.py:853 -#: ../semanage/seobject.py:859 +#: ../semanage/seobject.py:733 ../semanage/seobject.py:764 +#: ../semanage/seobject.py:831 ../semanage/seobject.py:888 +#: ../semanage/seobject.py:894 #, python-format msgid "Could not check if SELinux user %s is defined" msgstr "" -#: ../semanage/seobject.py:701 ../semanage/seobject.py:802 -#: ../semanage/seobject.py:865 +#: ../semanage/seobject.py:736 ../semanage/seobject.py:837 +#: ../semanage/seobject.py:900 #, python-format msgid "Could not query user for %s" msgstr "" -#: ../semanage/seobject.py:721 +#: ../semanage/seobject.py:756 #, python-format msgid "You must add at least one role for %s" msgstr "" -#: ../semanage/seobject.py:736 +#: ../semanage/seobject.py:771 #, python-format msgid "Could not create SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:745 +#: ../semanage/seobject.py:780 #, python-format msgid "Could not add role %s for %s" msgstr "" -#: ../semanage/seobject.py:754 +#: ../semanage/seobject.py:789 #, python-format msgid "Could not set MLS level for %s" msgstr "" -#: ../semanage/seobject.py:757 +#: ../semanage/seobject.py:792 #, python-format msgid "Could not add prefix %s for %s" msgstr "" -#: ../semanage/seobject.py:760 +#: ../semanage/seobject.py:795 #, python-format msgid "Could not extract key for %s" msgstr "" -#: ../semanage/seobject.py:764 +#: ../semanage/seobject.py:799 #, python-format msgid "Could not add SELinux user %s" msgstr "" -#: ../semanage/seobject.py:786 +#: ../semanage/seobject.py:821 msgid "Requires prefix, roles, level or range" msgstr "" -#: ../semanage/seobject.py:788 +#: ../semanage/seobject.py:823 msgid "Requires prefix or roles" msgstr "" -#: ../semanage/seobject.py:798 ../semanage/seobject.py:855 +#: ../semanage/seobject.py:833 ../semanage/seobject.py:890 #, python-format msgid "SELinux user %s is not defined" msgstr "" -#: ../semanage/seobject.py:827 +#: ../semanage/seobject.py:862 #, python-format msgid "Could not modify SELinux user %s" msgstr "" -#: ../semanage/seobject.py:861 +#: ../semanage/seobject.py:896 #, python-format msgid "SELinux user %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:872 +#: ../semanage/seobject.py:907 #, python-format msgid "Could not delete SELinux user %s" msgstr "" -#: ../semanage/seobject.py:910 +#: ../semanage/seobject.py:945 msgid "Could not list SELinux users" msgstr "" -#: ../semanage/seobject.py:916 +#: ../semanage/seobject.py:951 #, python-format msgid "Could not list roles for user %s" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:976 msgid "Labeling" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:976 msgid "MLS/" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:977 msgid "Prefix" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:977 msgid "MCS Level" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:977 msgid "MCS Range" msgstr "" -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:977 ../semanage/seobject.py:982 #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 +#: ../sepolicy/sepolicy/sepolicy.glade:3279 +#: ../sepolicy/sepolicy/sepolicy.glade:5170 +#: ../sepolicy/sepolicy/sepolicy.glade:5411 msgid "SELinux Roles" msgstr "" -#: ../semanage/seobject.py:964 +#: ../semanage/seobject.py:1002 msgid "Protocol udp or tcp is required" msgstr "" -#: ../semanage/seobject.py:966 +#: ../semanage/seobject.py:1004 msgid "Port is required" msgstr "" -#: ../semanage/seobject.py:976 +#: ../semanage/seobject.py:1014 msgid "Invalid Port" msgstr "" -#: ../semanage/seobject.py:980 +#: ../semanage/seobject.py:1018 #, python-format msgid "Could not create a key for %s/%s" msgstr "" -#: ../semanage/seobject.py:991 +#: ../semanage/seobject.py:1029 msgid "Type is required" msgstr "" -#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056 -#: ../semanage/seobject.py:1814 +#: ../semanage/seobject.py:1032 ../semanage/seobject.py:1096 +#: ../semanage/seobject.py:1873 #, python-format msgid "Type %s is invalid, must be a port type" msgstr "" -#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062 -#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123 +#: ../semanage/seobject.py:1040 ../semanage/seobject.py:1102 +#: ../semanage/seobject.py:1157 ../semanage/seobject.py:1163 #, python-format msgid "Could not check if port %s/%s is defined" msgstr "" -#: ../semanage/seobject.py:1002 +#: ../semanage/seobject.py:1042 #, python-format msgid "Port %s/%s already defined" msgstr "" -#: ../semanage/seobject.py:1006 +#: ../semanage/seobject.py:1046 #, python-format msgid "Could not create port for %s/%s" msgstr "" -#: ../semanage/seobject.py:1012 +#: ../semanage/seobject.py:1052 #, python-format msgid "Could not create context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1016 +#: ../semanage/seobject.py:1056 #, python-format msgid "Could not set user in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1020 +#: ../semanage/seobject.py:1060 #, python-format msgid "Could not set role in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1024 +#: ../semanage/seobject.py:1064 #, python-format msgid "Could not set type in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1029 +#: ../semanage/seobject.py:1069 #, python-format msgid "Could not set mls fields in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1033 +#: ../semanage/seobject.py:1073 #, python-format msgid "Could not set port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1037 +#: ../semanage/seobject.py:1077 #, python-format msgid "Could not add port %s/%s" msgstr "" -#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324 -#: ../semanage/seobject.py:1523 +#: ../semanage/seobject.py:1091 ../semanage/seobject.py:1367 +#: ../semanage/seobject.py:1566 msgid "Requires setype or serange" msgstr "" -#: ../semanage/seobject.py:1053 +#: ../semanage/seobject.py:1093 msgid "Requires setype" msgstr "" -#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119 +#: ../semanage/seobject.py:1104 ../semanage/seobject.py:1159 #, python-format msgid "Port %s/%s is not defined" msgstr "" -#: ../semanage/seobject.py:1068 +#: ../semanage/seobject.py:1108 #, python-format msgid "Could not query port %s/%s" msgstr "" -#: ../semanage/seobject.py:1079 +#: ../semanage/seobject.py:1119 #, python-format msgid "Could not modify port %s/%s" msgstr "" -#: ../semanage/seobject.py:1092 +#: ../semanage/seobject.py:1132 msgid "Could not list the ports" msgstr "" -#: ../semanage/seobject.py:1108 +#: ../semanage/seobject.py:1148 #, python-format msgid "Could not delete the port %s" msgstr "" -#: ../semanage/seobject.py:1125 +#: ../semanage/seobject.py:1165 #, python-format msgid "Port %s/%s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1129 +#: ../semanage/seobject.py:1169 #, python-format msgid "Could not delete port %s/%s" msgstr "" -#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167 +#: ../semanage/seobject.py:1185 ../semanage/seobject.py:1207 msgid "Could not list ports" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1246 ../sepolicy/sepolicy/sepolicy.glade:2675 +#: ../sepolicy/sepolicy/sepolicy.glade:2773 +#: ../sepolicy/sepolicy/sepolicy.glade:4687 msgid "SELinux Port Type" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1246 msgid "Proto" msgstr "" -#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335 +#: ../semanage/seobject.py:1246 ../gui/system-config-selinux.glade:335 +#: ../sepolicy/sepolicy/sepolicy.glade:1417 msgid "Port Number" msgstr "" -#: ../semanage/seobject.py:1227 +#: ../semanage/seobject.py:1270 msgid "Node Address is required" msgstr "" -#: ../semanage/seobject.py:1242 +#: ../semanage/seobject.py:1285 msgid "Unknown or missing protocol" msgstr "" -#: ../semanage/seobject.py:1256 +#: ../semanage/seobject.py:1299 msgid "SELinux node type is required" msgstr "" -#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327 +#: ../semanage/seobject.py:1302 ../semanage/seobject.py:1370 #, python-format msgid "Type %s is invalid, must be a node type" msgstr "" -#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331 -#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465 -#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561 -#: ../semanage/seobject.py:1759 +#: ../semanage/seobject.py:1306 ../semanage/seobject.py:1374 +#: ../semanage/seobject.py:1410 ../semanage/seobject.py:1508 +#: ../semanage/seobject.py:1570 ../semanage/seobject.py:1604 +#: ../semanage/seobject.py:1818 #, python-format msgid "Could not create key for %s" msgstr "" -#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335 -#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377 +#: ../semanage/seobject.py:1308 ../semanage/seobject.py:1378 +#: ../semanage/seobject.py:1414 ../semanage/seobject.py:1420 #, python-format msgid "Could not check if addr %s is defined" msgstr "" -#: ../semanage/seobject.py:1274 +#: ../semanage/seobject.py:1317 #, python-format msgid "Could not create addr for %s" msgstr "" -#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481 -#: ../semanage/seobject.py:1714 +#: ../semanage/seobject.py:1323 ../semanage/seobject.py:1524 +#: ../semanage/seobject.py:1767 #, python-format msgid "Could not create context for %s" msgstr "" -#: ../semanage/seobject.py:1284 +#: ../semanage/seobject.py:1327 #, python-format msgid "Could not set mask for %s" msgstr "" -#: ../semanage/seobject.py:1288 +#: ../semanage/seobject.py:1331 #, python-format msgid "Could not set user in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1292 +#: ../semanage/seobject.py:1335 #, python-format msgid "Could not set role in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1296 +#: ../semanage/seobject.py:1339 #, python-format msgid "Could not set type in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1301 +#: ../semanage/seobject.py:1344 #, python-format msgid "Could not set mls fields in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1305 +#: ../semanage/seobject.py:1348 #, python-format msgid "Could not set addr context for %s" msgstr "" -#: ../semanage/seobject.py:1309 +#: ../semanage/seobject.py:1352 #, python-format msgid "Could not add addr %s" msgstr "" -#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373 +#: ../semanage/seobject.py:1380 ../semanage/seobject.py:1416 #, python-format msgid "Addr %s is not defined" msgstr "" -#: ../semanage/seobject.py:1341 +#: ../semanage/seobject.py:1384 #, python-format msgid "Could not query addr %s" msgstr "" -#: ../semanage/seobject.py:1351 +#: ../semanage/seobject.py:1394 #, python-format msgid "Could not modify addr %s" msgstr "" -#: ../semanage/seobject.py:1379 +#: ../semanage/seobject.py:1422 #, python-format msgid "Addr %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1383 +#: ../semanage/seobject.py:1426 #, python-format msgid "Could not delete addr %s" msgstr "" -#: ../semanage/seobject.py:1395 +#: ../semanage/seobject.py:1438 msgid "Could not deleteall node mappings" msgstr "" -#: ../semanage/seobject.py:1409 +#: ../semanage/seobject.py:1452 msgid "Could not list addrs" msgstr "" -#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752 +#: ../semanage/seobject.py:1504 ../semanage/seobject.py:1811 msgid "SELinux Type is required" msgstr "" -#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531 -#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571 +#: ../semanage/seobject.py:1512 ../semanage/seobject.py:1574 +#: ../semanage/seobject.py:1608 ../semanage/seobject.py:1614 #, python-format msgid "Could not check if interface %s is defined" msgstr "" -#: ../semanage/seobject.py:1476 +#: ../semanage/seobject.py:1519 #, python-format msgid "Could not create interface for %s" msgstr "" -#: ../semanage/seobject.py:1485 +#: ../semanage/seobject.py:1528 #, python-format msgid "Could not set user in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1489 +#: ../semanage/seobject.py:1532 #, python-format msgid "Could not set role in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1493 +#: ../semanage/seobject.py:1536 #, python-format msgid "Could not set type in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1498 +#: ../semanage/seobject.py:1541 #, python-format msgid "Could not set mls fields in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1502 +#: ../semanage/seobject.py:1545 #, python-format msgid "Could not set interface context for %s" msgstr "" -#: ../semanage/seobject.py:1506 +#: ../semanage/seobject.py:1549 #, python-format msgid "Could not set message context for %s" msgstr "" -#: ../semanage/seobject.py:1510 +#: ../semanage/seobject.py:1553 #, python-format msgid "Could not add interface %s" msgstr "" -#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567 +#: ../semanage/seobject.py:1576 ../semanage/seobject.py:1610 #, python-format msgid "Interface %s is not defined" msgstr "" -#: ../semanage/seobject.py:1537 +#: ../semanage/seobject.py:1580 #, python-format msgid "Could not query interface %s" msgstr "" -#: ../semanage/seobject.py:1548 +#: ../semanage/seobject.py:1591 #, python-format msgid "Could not modify interface %s" msgstr "" -#: ../semanage/seobject.py:1573 +#: ../semanage/seobject.py:1616 #, python-format msgid "Interface %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1577 +#: ../semanage/seobject.py:1620 #, python-format msgid "Could not delete interface %s" msgstr "" -#: ../semanage/seobject.py:1589 +#: ../semanage/seobject.py:1632 msgid "Could not delete all interface mappings" msgstr "" -#: ../semanage/seobject.py:1603 +#: ../semanage/seobject.py:1646 msgid "Could not list interfaces" msgstr "" -#: ../semanage/seobject.py:1628 +#: ../semanage/seobject.py:1671 msgid "SELinux Interface" msgstr "" -#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1671 ../semanage/seobject.py:2033 msgid "Context" msgstr "" -#: ../semanage/seobject.py:1691 +#: ../semanage/seobject.py:1738 +#, python-format +msgid "Target %s is not valid. Target is not allowed to end with '/'" +msgstr "" + +#: ../semanage/seobject.py:1741 +#, python-format +msgid "Substiture %s is not valid. Substitute is not allowed to end with '/'" +msgstr "" + +#: ../semanage/seobject.py:1744 #, python-format msgid "Equivalence class for %s already exists" msgstr "" -#: ../semanage/seobject.py:1697 +#: ../semanage/seobject.py:1750 #, python-format msgid "File spec %s conflicts with equivalency rule '%s %s'" msgstr "" -#: ../semanage/seobject.py:1706 +#: ../semanage/seobject.py:1759 #, python-format msgid "Equivalence class for %s does not exists" msgstr "" -#: ../semanage/seobject.py:1720 +#: ../semanage/seobject.py:1773 #, python-format msgid "Could not set user in file context for %s" msgstr "" -#: ../semanage/seobject.py:1724 +#: ../semanage/seobject.py:1777 #, python-format msgid "Could not set role in file context for %s" msgstr "" -#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789 +#: ../semanage/seobject.py:1782 ../semanage/seobject.py:1848 #, python-format msgid "Could not set mls fields in file context for %s" msgstr "" -#: ../semanage/seobject.py:1735 +#: ../semanage/seobject.py:1788 msgid "Invalid file specification" msgstr "" -#: ../semanage/seobject.py:1737 +#: ../semanage/seobject.py:1790 msgid "File specification can not include spaces" msgstr "" -#: ../semanage/seobject.py:1742 +#: ../semanage/seobject.py:1795 #, python-format msgid "" "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" msgstr "" -#: ../semanage/seobject.py:1755 +#: ../semanage/seobject.py:1814 #, python-format msgid "Type %s is invalid, must be a file or device type" msgstr "" -#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768 -#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906 -#: ../semanage/seobject.py:1910 +#: ../semanage/seobject.py:1822 ../semanage/seobject.py:1827 +#: ../semanage/seobject.py:1883 ../semanage/seobject.py:1965 +#: ../semanage/seobject.py:1969 #, python-format msgid "Could not check if file context for %s is defined" msgstr "" -#: ../semanage/seobject.py:1776 +#: ../semanage/seobject.py:1835 #, python-format msgid "Could not create file context for %s" msgstr "" -#: ../semanage/seobject.py:1784 +#: ../semanage/seobject.py:1843 #, python-format msgid "Could not set type in file context for %s" msgstr "" -#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852 -#: ../semanage/seobject.py:1856 +#: ../semanage/seobject.py:1851 ../semanage/seobject.py:1911 +#: ../semanage/seobject.py:1915 #, python-format msgid "Could not set file context for %s" msgstr "" -#: ../semanage/seobject.py:1798 +#: ../semanage/seobject.py:1857 #, python-format msgid "Could not add file context for %s" msgstr "" -#: ../semanage/seobject.py:1812 +#: ../semanage/seobject.py:1871 msgid "Requires setype, serange or seuser" msgstr "" -#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914 +#: ../semanage/seobject.py:1887 ../semanage/seobject.py:1973 #, python-format msgid "File context for %s is not defined" msgstr "" -#: ../semanage/seobject.py:1834 +#: ../semanage/seobject.py:1893 #, python-format msgid "Could not query file context for %s" msgstr "" -#: ../semanage/seobject.py:1860 +#: ../semanage/seobject.py:1919 #, python-format msgid "Could not modify file context for %s" msgstr "" -#: ../semanage/seobject.py:1873 +#: ../semanage/seobject.py:1932 msgid "Could not list the file contexts" msgstr "" -#: ../semanage/seobject.py:1887 +#: ../semanage/seobject.py:1946 #, python-format msgid "Could not delete the file context %s" msgstr "" -#: ../semanage/seobject.py:1912 +#: ../semanage/seobject.py:1971 #, python-format msgid "File context for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1918 +#: ../semanage/seobject.py:1977 #, python-format msgid "Could not delete file context for %s" msgstr "" -#: ../semanage/seobject.py:1933 +#: ../semanage/seobject.py:1992 msgid "Could not list file contexts" msgstr "" -#: ../semanage/seobject.py:1937 +#: ../semanage/seobject.py:1996 msgid "Could not list local file contexts" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:2033 msgid "SELinux fcontext" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:2033 msgid "type" msgstr "" -#: ../semanage/seobject.py:1987 +#: ../semanage/seobject.py:2046 msgid "" "\n" "SELinux Distribution fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1992 +#: ../semanage/seobject.py:2051 msgid "" "\n" "SELinux Local fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079 -#: ../semanage/seobject.py:2085 +#: ../semanage/seobject.py:2087 ../semanage/seobject.py:2138 +#: ../semanage/seobject.py:2144 #, python-format msgid "Could not check if boolean %s is defined" msgstr "" -#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081 +#: ../semanage/seobject.py:2089 ../semanage/seobject.py:2140 #, python-format msgid "Boolean %s is not defined" msgstr "" -#: ../semanage/seobject.py:2034 +#: ../semanage/seobject.py:2093 #, python-format msgid "Could not query file context %s" msgstr "" -#: ../semanage/seobject.py:2039 +#: ../semanage/seobject.py:2098 #, python-format msgid "You must specify one of the following values: %s" msgstr "" -#: ../semanage/seobject.py:2044 +#: ../semanage/seobject.py:2103 #, python-format msgid "Could not set active value of boolean %s" msgstr "" -#: ../semanage/seobject.py:2047 +#: ../semanage/seobject.py:2106 #, python-format msgid "Could not modify boolean %s" msgstr "" -#: ../semanage/seobject.py:2063 +#: ../semanage/seobject.py:2122 #, python-format msgid "Bad format %s: Record %s" msgstr "" -#: ../semanage/seobject.py:2087 +#: ../semanage/seobject.py:2146 #, python-format msgid "Boolean %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:2091 +#: ../semanage/seobject.py:2150 #, python-format msgid "Could not delete boolean %s" msgstr "" -#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120 +#: ../semanage/seobject.py:2162 ../semanage/seobject.py:2179 msgid "Could not list booleans" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2214 msgid "off" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2214 msgid "on" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2228 msgid "SELinux boolean" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2228 msgid "State" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2228 msgid "Default" msgstr "" -#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113 -#: ../gui/polgengui.py:269 +#: ../semanage/seobject.py:2228 ../gui/polgen.glade:113 +#: ../gui/polgengui.py:274 ../sepolicy/sepolicy/sepolicy.glade:2147 +#: ../sepolicy/sepolicy/sepolicy.glade:2517 +#: ../sepolicy/sepolicy/sepolicy.glade:5021 msgid "Description" msgstr "" @@ -988,206 +1026,226 @@ msgstr "" msgid "Unable to clear environment\n" msgstr "" -#: ../newrole/newrole.c:556 ../newrole/newrole.c:587 ../newrole/newrole.c:617 +#: ../newrole/newrole.c:554 ../newrole/newrole.c:585 ../newrole/newrole.c:616 #, c-format msgid "Error changing uid, aborting.\n" msgstr "" -#: ../newrole/newrole.c:612 +#: ../newrole/newrole.c:611 #, c-format msgid "Error resetting KEEPCAPS, aborting\n" msgstr "" -#: ../newrole/newrole.c:635 +#: ../newrole/newrole.c:634 #, c-format msgid "Error connecting to audit system.\n" msgstr "" -#: ../newrole/newrole.c:641 +#: ../newrole/newrole.c:640 #, c-format msgid "Error allocating memory.\n" msgstr "" -#: ../newrole/newrole.c:648 +#: ../newrole/newrole.c:647 #, c-format msgid "Error sending audit message.\n" msgstr "" -#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 +#: ../newrole/newrole.c:691 ../newrole/newrole.c:1063 #, c-format msgid "Could not determine enforcing mode.\n" msgstr "" -#: ../newrole/newrole.c:699 +#: ../newrole/newrole.c:698 #, c-format msgid "Error! Could not open %s.\n" msgstr "" -#: ../newrole/newrole.c:705 +#: ../newrole/newrole.c:704 +#, c-format +msgid "Error! Could not clear O_NONBLOCK on %s\n" +msgstr "" + +#: ../newrole/newrole.c:710 #, c-format msgid "%s! Could not get current context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:715 +#: ../newrole/newrole.c:720 #, c-format msgid "%s! Could not get new context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:725 +#: ../newrole/newrole.c:730 #, c-format msgid "%s! Could not set new context for %s\n" msgstr "" -#: ../newrole/newrole.c:772 +#: ../newrole/newrole.c:777 #, c-format msgid "%s changed labels.\n" msgstr "" -#: ../newrole/newrole.c:778 +#: ../newrole/newrole.c:783 #, c-format msgid "Warning! Could not restore context for %s\n" msgstr "" -#: ../newrole/newrole.c:835 +#: ../newrole/newrole.c:840 #, c-format msgid "Error: multiple roles specified\n" msgstr "" -#: ../newrole/newrole.c:843 +#: ../newrole/newrole.c:848 #, c-format msgid "Error: multiple types specified\n" msgstr "" -#: ../newrole/newrole.c:850 +#: ../newrole/newrole.c:855 #, c-format msgid "Sorry, -l may be used with SELinux MLS support.\n" msgstr "" -#: ../newrole/newrole.c:855 +#: ../newrole/newrole.c:860 #, c-format msgid "Error: multiple levels specified\n" msgstr "" -#: ../newrole/newrole.c:865 +#: ../newrole/newrole.c:870 #, c-format msgid "Error: you are not allowed to change levels on a non secure terminal \n" msgstr "" -#: ../newrole/newrole.c:891 +#: ../newrole/newrole.c:896 #, c-format msgid "Couldn't get default type.\n" msgstr "" -#: ../newrole/newrole.c:901 +#: ../newrole/newrole.c:906 #, c-format msgid "failed to get new context.\n" msgstr "" -#: ../newrole/newrole.c:908 +#: ../newrole/newrole.c:913 #, c-format msgid "failed to set new role %s\n" msgstr "" -#: ../newrole/newrole.c:915 +#: ../newrole/newrole.c:920 #, c-format msgid "failed to set new type %s\n" msgstr "" -#: ../newrole/newrole.c:925 +#: ../newrole/newrole.c:930 #, c-format msgid "failed to build new range with level %s\n" msgstr "" -#: ../newrole/newrole.c:930 +#: ../newrole/newrole.c:935 #, c-format msgid "failed to set new range %s\n" msgstr "" -#: ../newrole/newrole.c:938 +#: ../newrole/newrole.c:943 #, c-format msgid "failed to convert new context to string\n" msgstr "" -#: ../newrole/newrole.c:943 +#: ../newrole/newrole.c:948 #, c-format msgid "%s is not a valid context\n" msgstr "" -#: ../newrole/newrole.c:950 +#: ../newrole/newrole.c:955 #, c-format msgid "Unable to allocate memory for new_context" msgstr "" -#: ../newrole/newrole.c:976 +#: ../newrole/newrole.c:981 #, c-format msgid "Unable to obtain empty signal set\n" msgstr "" -#: ../newrole/newrole.c:984 +#: ../newrole/newrole.c:989 #, c-format msgid "Unable to set SIGHUP handler\n" msgstr "" -#: ../newrole/newrole.c:1036 +#: ../newrole/newrole.c:1041 msgid "Sorry, newrole failed to drop capabilities\n" msgstr "" -#: ../newrole/newrole.c:1052 +#: ../newrole/newrole.c:1057 #, c-format msgid "Sorry, newrole may be used only on a SELinux kernel.\n" msgstr "" -#: ../newrole/newrole.c:1069 +#: ../newrole/newrole.c:1074 #, c-format msgid "failed to get old_context.\n" msgstr "" -#: ../newrole/newrole.c:1076 +#: ../newrole/newrole.c:1081 #, c-format msgid "Warning! Could not retrieve tty information.\n" msgstr "" -#: ../newrole/newrole.c:1097 +#: ../newrole/newrole.c:1102 #, c-format msgid "error on reading PAM service configuration.\n" msgstr "" -#: ../newrole/newrole.c:1132 +#: ../newrole/newrole.c:1137 #, c-format msgid "newrole: incorrect password for %s\n" msgstr "" -#: ../newrole/newrole.c:1159 +#: ../newrole/newrole.c:1164 #, c-format msgid "newrole: failure forking: %s" msgstr "" -#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 +#: ../newrole/newrole.c:1167 ../newrole/newrole.c:1190 #, c-format msgid "Unable to restore tty label...\n" msgstr "" -#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 +#: ../newrole/newrole.c:1169 ../newrole/newrole.c:1196 #, c-format msgid "Failed to close tty properly\n" msgstr "" -#: ../newrole/newrole.c:1223 +#: ../newrole/newrole.c:1228 #, c-format msgid "Could not close descriptors.\n" msgstr "" -#: ../newrole/newrole.c:1250 +#: ../newrole/newrole.c:1263 #, c-format msgid "Error allocating shell's argv0.\n" msgstr "" -#: ../newrole/newrole.c:1286 +#: ../newrole/newrole.c:1285 +#, c-format +msgid "Failed to send audit message" +msgstr "" + +#: ../newrole/newrole.c:1293 +#, c-format +msgid "Failed to transition to namespace\n" +msgstr "" + +#: ../newrole/newrole.c:1299 +#, c-format +msgid "Failed to drop capabilities %m\n" +msgstr "" + +#: ../newrole/newrole.c:1304 #, c-format msgid "Unable to restore the environment, aborting\n" msgstr "" -#: ../newrole/newrole.c:1297 +#: ../newrole/newrole.c:1315 msgid "failed to exec shell\n" msgstr "" @@ -1414,7 +1472,7 @@ msgstr "" msgid "Applications" msgstr "" -#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171 +#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:130 msgid "Standard Init Daemon" msgstr "" @@ -1424,7 +1482,7 @@ msgid "" "requires a script in /etc/rc.d/init.d" msgstr "" -#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172 +#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:131 msgid "DBUS System Daemon" msgstr "" @@ -1436,7 +1494,7 @@ msgstr "" msgid "Internet Services Daemon are daemons started by xinetd" msgstr "" -#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174 +#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:133 msgid "Web Application/Script (CGI)" msgstr "" @@ -1445,7 +1503,7 @@ msgid "" "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" msgstr "" -#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176 +#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:135 msgid "User Application" msgstr "" @@ -1455,7 +1513,7 @@ msgid "" "started by a user" msgstr "" -#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175 +#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:134 msgid "Sandbox" msgstr "" @@ -1530,7 +1588,8 @@ msgstr "" msgid "Enter name of application or user role:" msgstr "" -#: ../gui/polgen.glade:728 ../gui/polgengui.py:267 +#: ../gui/polgen.glade:728 ../gui/polgengui.py:272 +#: ../sepolicy/sepolicy/sepolicy.glade:2182 msgid "Name" msgstr "" @@ -1614,7 +1673,7 @@ msgid "TCP Ports" msgstr "" #: ../gui/polgen.glade:1223 ../gui/polgen.glade:1390 ../gui/polgen.glade:1589 -#: ../gui/polgen.glade:1698 +#: ../gui/polgen.glade:1698 ../sepolicy/sepolicy/sepolicy.glade:4314 msgid "All" msgstr "" @@ -1745,75 +1804,75 @@ msgstr "" msgid "Policy Directory" msgstr "" -#: ../gui/polgengui.py:277 +#: ../gui/polgengui.py:282 msgid "Role" msgstr "" -#: ../gui/polgengui.py:284 +#: ../gui/polgengui.py:289 msgid "Existing_User" msgstr "" -#: ../gui/polgengui.py:298 ../gui/polgengui.py:306 ../gui/polgengui.py:320 +#: ../gui/polgengui.py:303 ../gui/polgengui.py:311 ../gui/polgengui.py:325 msgid "Application" msgstr "" -#: ../gui/polgengui.py:363 +#: ../gui/polgengui.py:370 #, python-format msgid "%s must be a directory" msgstr "" -#: ../gui/polgengui.py:423 ../gui/polgengui.py:704 +#: ../gui/polgengui.py:430 ../gui/polgengui.py:711 msgid "You must select a user" msgstr "" -#: ../gui/polgengui.py:553 +#: ../gui/polgengui.py:560 msgid "Select executable file to be confined." msgstr "" -#: ../gui/polgengui.py:564 +#: ../gui/polgengui.py:571 msgid "Select init script file to be confined." msgstr "" -#: ../gui/polgengui.py:574 +#: ../gui/polgengui.py:581 msgid "Select file(s) that confined application creates or writes" msgstr "" -#: ../gui/polgengui.py:581 +#: ../gui/polgengui.py:588 msgid "Select directory(s) that the confined application owns and writes into" msgstr "" -#: ../gui/polgengui.py:643 +#: ../gui/polgengui.py:650 msgid "Select directory to generate policy files in" msgstr "" -#: ../gui/polgengui.py:660 +#: ../gui/polgengui.py:667 #, python-format msgid "" "Type %s_t already defined in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:660 ../gui/polgengui.py:664 +#: ../gui/polgengui.py:667 ../gui/polgengui.py:671 msgid "Verify Name" msgstr "" -#: ../gui/polgengui.py:664 +#: ../gui/polgengui.py:671 #, python-format msgid "" "Module %s.pp already loaded in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:710 +#: ../gui/polgengui.py:717 msgid "" "You must add a name made up of letters and numbers and containing no spaces." msgstr "" -#: ../gui/polgengui.py:724 +#: ../gui/polgengui.py:731 msgid "You must enter a executable" msgstr "" -#: ../gui/polgengui.py:749 ../gui/system-config-selinux.py:180 +#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180 msgid "Configue SELinux" msgstr "" @@ -1828,6 +1887,10 @@ msgid "" msgstr "" #: ../gui/portsPage.py:91 ../gui/system-config-selinux.glade:363 +#: ../sepolicy/sepolicy/sepolicy.glade:1443 +#: ../sepolicy/sepolicy/sepolicy.glade:2657 +#: ../sepolicy/sepolicy/sepolicy.glade:2755 +#: ../sepolicy/sepolicy/sepolicy.glade:4672 msgid "Protocol" msgstr "" @@ -1837,7 +1900,9 @@ msgid "" "Level" msgstr "" -#: ../gui/portsPage.py:101 +#: ../gui/portsPage.py:101 ../sepolicy/sepolicy/sepolicy.glade:2638 +#: ../sepolicy/sepolicy/sepolicy.glade:2737 +#: ../sepolicy/sepolicy/sepolicy.glade:4658 msgid "Port" msgstr "" @@ -1875,10 +1940,14 @@ msgid "Modify %s" msgstr "" #: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 +#: ../sepolicy/sepolicy/sepolicy.glade:3413 +#: ../sepolicy/sepolicy/sepolicy.glade:3486 msgid "Permissive" msgstr "" #: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 +#: ../sepolicy/sepolicy/sepolicy.glade:3394 +#: ../sepolicy/sepolicy/sepolicy.glade:3468 msgid "Enforcing" msgstr "" @@ -1886,7 +1955,7 @@ msgstr "" msgid "Status" msgstr "" -#: ../gui/statusPage.py:133 +#: ../gui/statusPage.py:133 ../sepolicy/sepolicy/gui.py:2619 msgid "" "Changing the policy type will cause a relabel of the entire file system on " "the next boot. Relabeling takes a long time depending on the size of the " @@ -1903,7 +1972,7 @@ msgid "" "wish to continue?" msgstr "" -#: ../gui/statusPage.py:152 +#: ../gui/statusPage.py:152 ../sepolicy/sepolicy/gui.py:2753 msgid "" "Changing to SELinux enabled will cause a relabel of the entire file system " "on the next boot. Relabeling takes a long time depending on the size of the " @@ -1955,6 +2024,8 @@ msgid "" msgstr "" #: ../gui/system-config-selinux.glade:773 +#: ../sepolicy/sepolicy/sepolicy.glade:729 +#: ../sepolicy/sepolicy/sepolicy.glade:1489 msgid "MLS" msgstr "" @@ -1967,6 +2038,7 @@ msgid "SELinux Administration" msgstr "" #: ../gui/system-config-selinux.glade:1122 +#: ../sepolicy/sepolicy/sepolicy.glade:4162 msgid "Add" msgstr "" @@ -2036,6 +2108,7 @@ msgstr "" #: ../gui/system-config-selinux.glade:2467 #: ../gui/system-config-selinux.glade:2692 #: ../gui/system-config-selinux.glade:2867 +#: ../sepolicy/sepolicy/sepolicy.glade:1992 msgid "Filter" msgstr "" @@ -2159,1315 +2232,2868 @@ msgstr "" msgid "SELinux user '%s' is required" msgstr "" -#: ../sepolicy/sepolicy.py:202 -msgid "Generate SELinux man pages" +#: booleans.py:1 +msgid "" +"Allow ABRT to modify public files used for public file transfer services." msgstr "" -#: ../sepolicy/sepolicy.py:205 -msgid "path in which the generated SELinux man pages will be stored" +#: booleans.py:2 +msgid "" +"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" msgstr "" -#: ../sepolicy/sepolicy.py:207 -msgid "name of the OS for man pages" +#: booleans.py:3 +msgid "" +"Allow abrt-handle-upload to modify public files used for public file " +"transfer services in /var/spool/abrt-upload/." msgstr "" -#: ../sepolicy/sepolicy.py:209 -msgid "Generate HTML man pages structure for selected SELinux man page" +#: booleans.py:4 +msgid "Allow antivirus programs to read non security files on a system" msgstr "" -#: ../sepolicy/sepolicy.py:213 -msgid "All domains" +#: booleans.py:5 +msgid "Determine whether can antivirus programs use JIT compiler." msgstr "" -#: ../sepolicy/sepolicy.py:216 -msgid "Domain name(s) of man pages to be created" +#: booleans.py:6 +msgid "Allow auditadm to exec content" msgstr "" -#: ../sepolicy/sepolicy.py:221 -msgid "Query SELinux policy network information" +#: booleans.py:7 +msgid "" +"Allow users to resolve user passwd entries directly from ldap rather then " +"using a sssd server" msgstr "" -#: ../sepolicy/sepolicy.py:226 -msgid "list all SELinux port types" +#: booleans.py:8 +msgid "Allow users to login using a radius server" msgstr "" -#: ../sepolicy/sepolicy.py:229 -msgid "show SELinux type related to the port" +#: booleans.py:9 +msgid "Allow users to login using a yubikey server" msgstr "" -#: ../sepolicy/sepolicy.py:232 -msgid "Show ports defined for this SELinux type" +#: booleans.py:10 +msgid "Determine whether awstats can purge httpd log files." msgstr "" -#: ../sepolicy/sepolicy.py:235 -msgid "show ports to which this domain can bind and/or connect" +#: booleans.py:11 +msgid "Allow boinc_domain execmem/execstack." msgstr "" -#: ../sepolicy/sepolicy.py:250 -msgid "query SELinux policy to see if domains can communicate with each other" +#: booleans.py:12 +msgid "" +"Determine whether cdrecord can read various content. nfs, samba, removable " +"devices, user temp and untrusted content files" msgstr "" -#: ../sepolicy/sepolicy.py:253 -msgid "Source Domain" +#: booleans.py:13 +msgid "" +"Allow cluster administrative domains to connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:256 -msgid "Target Domain" +#: booleans.py:14 +msgid "Allow cluster administrative domains to manage all files on a system." msgstr "" -#: ../sepolicy/sepolicy.py:276 -msgid "query SELinux Policy to see description of booleans" +#: booleans.py:15 +msgid "" +"Allow cluster administrative cluster domains memcheck-amd64- to use " +"executable memory" msgstr "" -#: ../sepolicy/sepolicy.py:280 -msgid "get all booleans descriptions" +#: booleans.py:16 +msgid "" +"Determine whether Cobbler can modify public files used for public file " +"transfer services." msgstr "" -#: ../sepolicy/sepolicy.py:282 -msgid "boolean to get description" +#: booleans.py:17 +msgid "Determine whether Cobbler can connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:301 -msgid "" -"query SELinux Policy to see how a source process domain can transition to " -"the target process domain" +#: booleans.py:18 +msgid "Determine whether Cobbler can access cifs file systems." msgstr "" -#: ../sepolicy/sepolicy.py:304 -msgid "source process domain" +#: booleans.py:19 +msgid "Determine whether Cobbler can access nfs file systems." msgstr "" -#: ../sepolicy/sepolicy.py:307 -msgid "target process domain" +#: booleans.py:20 +msgid "Determine whether collectd can connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:327 -msgid "Command required for this type of policy" +#: booleans.py:21 +msgid "Determine whether Condor can connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:347 -msgid "List SELinux Policy interfaces" +#: booleans.py:22 +msgid "" +"Allow system cron jobs to relabel filesystem for restoring file contexts." msgstr "" -#: ../sepolicy/sepolicy.py:362 -msgid "Generate SELinux Policy module template" +#: booleans.py:23 +msgid "Determine whether cvs can read shadow password files." msgstr "" -#: ../sepolicy/sepolicy.py:365 -msgid "Enter domain type which you will be extending" +#: booleans.py:24 +msgid "Allow all daemons to write corefiles to /" msgstr "" -#: ../sepolicy/sepolicy.py:368 -msgid "Enter SELinux user(s) which will transition to this domain" +#: booleans.py:25 +msgid "Allow all daemons to use tcp wrappers." msgstr "" -#: ../sepolicy/sepolicy.py:371 -msgid "Enter domain(s) that this confined admin will administrate" +#: booleans.py:26 +msgid "Allow all daemons the ability to read/write terminals" msgstr "" -#: ../sepolicy/sepolicy.py:374 -msgid "name of policy to generate" +#: booleans.py:27 +msgid "Determine whether dbadm can manage generic user files." msgstr "" -#: ../sepolicy/sepolicy.py:378 -msgid "path in which the generated policy files will be stored" +#: booleans.py:28 +msgid "Determine whether dbadm can read generic user files." msgstr "" -#: ../sepolicy/sepolicy.py:380 -msgid "executable to confine" +#: booleans.py:29 +msgid "" +"Deny user domains applications to map a memory region as both executable and " +"writable, this is dangerous and the executable should be reported in bugzilla" msgstr "" -#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387 -#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393 -#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399 -#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405 -#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411 -#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417 -#, python-format -msgid "Generate Policy for %s" +#: booleans.py:30 +msgid "Deny any process from ptracing or debugging any other processes." msgstr "" -#: ../sepolicy/sepolicy.py:422 -msgid "commands" +#: booleans.py:31 +msgid "Allow dhcpc client applications to execute iptables commands" msgstr "" -#: ../sepolicy/sepolicy.py:425 -msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" +#: booleans.py:32 +msgid "Determine whether DHCP daemon can use LDAP backends." msgstr "" -#: ../sepolicy/sepolicy/__init__.py:48 -msgid "No SELinux Policy installed" +#: booleans.py:33 +msgid "Allow all domains to use other domains file descriptors" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:54 -#, python-format -msgid "Failed to read %s policy file" +#: booleans.py:34 +msgid "Allow all domains to have the kernel load modules" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:127 -msgid "unknown" +#: booleans.py:35 +msgid "" +"Determine whether entropyd can use audio devices as the source for the " +"entropy feeds." msgstr "" -#: ../sepolicy/sepolicy/generate.py:173 -msgid "Internet Services Daemon" +#: booleans.py:36 +msgid "Determine whether exim can connect to databases." msgstr "" -#: ../sepolicy/sepolicy/generate.py:177 -msgid "Existing Domain Type" +#: booleans.py:37 +msgid "" +"Determine whether exim can create, read, write, and delete generic user " +"content files." msgstr "" -#: ../sepolicy/sepolicy/generate.py:178 -msgid "Minimal Terminal Login User Role" +#: booleans.py:38 +msgid "Determine whether exim can read generic user content files." msgstr "" -#: ../sepolicy/sepolicy/generate.py:179 -msgid "Minimal X Windows Login User Role" +#: booleans.py:39 +msgid "Enable extra rules in the cron domain to support fcron." msgstr "" -#: ../sepolicy/sepolicy/generate.py:180 -msgid "Desktop Login User Role" +#: booleans.py:40 +msgid "Determine whether fenced can connect to the TCP network." msgstr "" -#: ../sepolicy/sepolicy/generate.py:181 -msgid "Administrator Login User Role" +#: booleans.py:41 +msgid "Determine whether fenced can use ssh." msgstr "" -#: ../sepolicy/sepolicy/generate.py:182 -msgid "Confined Root Administrator Role" +#: booleans.py:42 +msgid "Allow all domains to execute in fips_mode" msgstr "" -#: ../sepolicy/sepolicy/generate.py:187 -msgid "Valid Types:\n" +#: booleans.py:43 +msgid "" +"Determine whether ftpd can read and write files in user home directories." msgstr "" -#: ../sepolicy/sepolicy/generate.py:221 -#, python-format -msgid "Ports must be numbers or ranges of numbers from 1 to %d " +#: booleans.py:44 +msgid "" +"Determine whether ftpd can modify public files used for public file transfer " +"services. Directories/Files must be labeled public_content_rw_t." msgstr "" -#: ../sepolicy/sepolicy/generate.py:231 -msgid "You must enter a valid policy type" +#: booleans.py:45 +msgid "Determine whether ftpd can connect to all unreserved ports." msgstr "" -#: ../sepolicy/sepolicy/generate.py:234 -#, python-format -msgid "You must enter a name for your policy module for your %s." +#: booleans.py:46 +msgid "Determine whether ftpd can connect to databases over the TCP network." msgstr "" -#: ../sepolicy/sepolicy/generate.py:355 +#: booleans.py:47 msgid "" -"Name must be alpha numberic with no spaces. Consider using option \"-n " -"MODULENAME\"" +"Determine whether ftpd can login to local users and can read and write all " +"files on the system, governed by DAC." msgstr "" -#: ../sepolicy/sepolicy/generate.py:447 -msgid "User Role types can not be assigned executables." +#: booleans.py:48 +msgid "" +"Determine whether ftpd can use CIFS used for public file transfer services." msgstr "" -#: ../sepolicy/sepolicy/generate.py:453 -msgid "Only Daemon apps can use an init script.." +#: booleans.py:49 +msgid "Allow ftpd to use ntfs/fusefs volumes." msgstr "" -#: ../sepolicy/sepolicy/generate.py:471 -msgid "use_resolve must be a boolean value " +#: booleans.py:50 +msgid "" +"Determine whether ftpd can use NFS used for public file transfer services." msgstr "" -#: ../sepolicy/sepolicy/generate.py:477 -msgid "use_syslog must be a boolean value " +#: booleans.py:51 +msgid "" +"Determine whether ftpd can bind to all unreserved ports for passive mode." msgstr "" -#: ../sepolicy/sepolicy/generate.py:483 -msgid "use_kerberos must be a boolean value " +#: booleans.py:52 +msgid "Determine whether Git CGI can search home directories." msgstr "" -#: ../sepolicy/sepolicy/generate.py:489 -msgid "manage_krb5_rcache must be a boolean value " +#: booleans.py:53 +msgid "Determine whether Git CGI can access cifs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:519 -msgid "USER Types automatically get a tmp type" +#: booleans.py:54 +msgid "Determine whether Git CGI can access nfs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:857 -#, python-format -msgid "%s policy modules require existing domains" +#: booleans.py:55 +msgid "" +"Determine whether Git session daemon can bind TCP sockets to all unreserved " +"ports." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1059 -msgid "You must enter the executable path for your confined process" +#: booleans.py:56 +msgid "" +"Determine whether calling user domains can execute Git daemon in the " +"git_session_t domain." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1321 -msgid "Type Enforcement file" +#: booleans.py:57 +msgid "Determine whether Git system daemon can search home directories." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1322 -msgid "Interface file" +#: booleans.py:58 +msgid "Determine whether Git system daemon can access cifs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1323 -msgid "File Contexts file" +#: booleans.py:59 +msgid "Determine whether Git system daemon can access nfs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1324 -msgid "Spec file" +#: booleans.py:60 +msgid "Determine whether Gitosis can send mail." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1325 -msgid "Setup Script" +#: booleans.py:61 +msgid "Enable reading of urandom for all domains." msgstr "" -#: booleans.py:1 +#: booleans.py:62 msgid "" -"Allow ABRT to modify public files used for public file transfer services." +"Allow glusterfsd to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:2 -msgid "" -"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" +#: booleans.py:63 +msgid "Allow glusterfsd to share any file/directory read only." msgstr "" -#: booleans.py:3 -msgid "Allow amavis to use JIT compiler" +#: booleans.py:64 +msgid "Allow glusterfsd to share any file/directory read/write." msgstr "" -#: booleans.py:4 -msgid "Allow antivirus programs to read non security files on a system" +#: booleans.py:65 +msgid "" +"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" +"agent to manage user files." msgstr "" -#: booleans.py:5 -msgid "Allow auditadm to exec content" +#: booleans.py:66 +msgid "" +"Allow gpg web domain to modify public files used for public file transfer " +"services." msgstr "" -#: booleans.py:6 +#: booleans.py:67 msgid "" -"Allow users to resolve user passwd entries directly from ldap rather then " -"using a sssd server" +"Allow gssd to list tmp directories and read the kerberos credential cache." msgstr "" -#: booleans.py:7 -msgid "Allow users to login using a radius server" +#: booleans.py:68 +msgid "Allow guest to exec content" +msgstr "" + +#: booleans.py:69 +msgid "" +"Allow Apache to modify public files used for public file transfer services. " +"Directories/Files must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:70 +msgid "Allow httpd to use built in scripting (usually php)" +msgstr "" + +#: booleans.py:71 +msgid "Allow http daemon to check spam" +msgstr "" + +#: booleans.py:72 +msgid "" +"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " +"ports" +msgstr "" + +#: booleans.py:73 +msgid "Allow httpd to connect to the ldap port" +msgstr "" + +#: booleans.py:74 +msgid "Allow http daemon to connect to mythtv" +msgstr "" + +#: booleans.py:75 +msgid "Allow http daemon to connect to zabbix" +msgstr "" + +#: booleans.py:76 +msgid "Allow HTTPD scripts and modules to connect to the network using TCP." +msgstr "" + +#: booleans.py:77 +msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." +msgstr "" + +#: booleans.py:78 +msgid "" +"Allow HTTPD scripts and modules to connect to databases over the network." +msgstr "" + +#: booleans.py:79 +msgid "Allow httpd to connect to memcache server" +msgstr "" + +#: booleans.py:80 +msgid "Allow httpd to act as a relay" +msgstr "" + +#: booleans.py:81 +msgid "Allow http daemon to send mail" +msgstr "" + +#: booleans.py:82 +msgid "Allow Apache to communicate with avahi service via dbus" +msgstr "" + +#: booleans.py:83 +msgid "Allow httpd cgi support" +msgstr "" + +#: booleans.py:84 +msgid "Allow httpd to act as a FTP server by listening on the ftp port." +msgstr "" + +#: booleans.py:85 +msgid "Allow httpd to read home directories" +msgstr "" + +#: booleans.py:86 +msgid "Allow httpd scripts and modules execmem/execstack" +msgstr "" + +#: booleans.py:87 +msgid "Allow HTTPD to connect to port 80 for graceful shutdown" +msgstr "" + +#: booleans.py:88 +msgid "Allow httpd processes to manage IPA content" +msgstr "" + +#: booleans.py:89 +msgid "Allow Apache to use mod_auth_ntlm_winbind" +msgstr "" + +#: booleans.py:90 +msgid "Allow Apache to use mod_auth_pam" +msgstr "" + +#: booleans.py:91 +msgid "Allow httpd to read user content" +msgstr "" + +#: booleans.py:92 +msgid "Allow Apache to run in stickshift mode, not transition to passenger" +msgstr "" + +#: booleans.py:93 +msgid "Allow HTTPD scripts and modules to server cobbler files." +msgstr "" + +#: booleans.py:94 +msgid "Allow httpd daemon to change its resource limits" +msgstr "" + +#: booleans.py:95 +msgid "" +"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." +msgstr "" + +#: booleans.py:96 +msgid "" +"Allow apache scripts to write to public content, directories/files must be " +"labeled public_rw_content_t." +msgstr "" + +#: booleans.py:97 +msgid "Allow Apache to execute tmp content." +msgstr "" + +#: booleans.py:98 +msgid "" +"Unify HTTPD to communicate with the terminal. Needed for entering the " +"passphrase for certificates at the terminal." +msgstr "" + +#: booleans.py:99 +msgid "Unify HTTPD handling of all content files." +msgstr "" + +#: booleans.py:100 +msgid "Allow httpd to access cifs file systems" +msgstr "" + +#: booleans.py:101 +msgid "Allow httpd to access FUSE file systems" +msgstr "" + +#: booleans.py:102 +msgid "Allow httpd to run gpg" +msgstr "" + +#: booleans.py:103 +msgid "Allow httpd to access nfs file systems" +msgstr "" + +#: booleans.py:104 +msgid "Allow httpd to access openstack ports" +msgstr "" + +#: booleans.py:105 +msgid "Allow httpd to connect to sasl" +msgstr "" + +#: booleans.py:106 +msgid "Allow Apache to query NS records" +msgstr "" + +#: booleans.py:107 +msgid "Determine whether icecast can listen on and connect to any TCP port." +msgstr "" + +#: booleans.py:108 +msgid "" +"Determine whether irc clients can listen on and connect to any unreserved " +"TCP ports." +msgstr "" + +#: booleans.py:109 +msgid "" +"Allow the Irssi IRC Client to connect to any port, and to bind to any " +"unreserved port." +msgstr "" + +#: booleans.py:110 +msgid "Allow confined applications to run with kerberos." +msgstr "" + +#: booleans.py:111 +msgid "Allow ksmtuned to use cifs/Samba file systems" +msgstr "" + +#: booleans.py:112 +msgid "Allow ksmtuned to use nfs file systems" +msgstr "" + +#: booleans.py:113 +msgid "Allow syslogd daemon to send mail" +msgstr "" + +#: booleans.py:114 +msgid "Allow syslogd the ability to read/write terminals" +msgstr "" + +#: booleans.py:115 +msgid "Allow logging in and using the system from /dev/console." +msgstr "" + +#: booleans.py:116 +msgid "Allow epylog to send mail" +msgstr "" + +#: booleans.py:117 +msgid "Allow mailman to access FUSE file systems" +msgstr "" + +#: booleans.py:118 +msgid "Determine whether mcelog supports client mode." +msgstr "" + +#: booleans.py:119 +msgid "Determine whether mcelog can execute scripts." +msgstr "" + +#: booleans.py:120 +msgid "Determine whether mcelog can use all the user ttys." +msgstr "" + +#: booleans.py:121 +msgid "Determine whether mcelog supports server mode." +msgstr "" + +#: booleans.py:122 +msgid "" +"Control the ability to mmap a low area of the address space, as configured " +"by /proc/sys/kernel/mmap_min_addr." +msgstr "" + +#: booleans.py:123 +msgid "Allow mock to read files in home directories." +msgstr "" + +#: booleans.py:124 +msgid "Allow the mount commands to mount any directory or file." +msgstr "" + +#: booleans.py:125 +msgid "Allow mozilla plugin domain to connect to the network using TCP." +msgstr "" + +#: booleans.py:126 +msgid "Allow mozilla plugin to support GPS." +msgstr "" + +#: booleans.py:127 +msgid "Allow mozilla plugin to support spice protocols." +msgstr "" + +#: booleans.py:128 +msgid "Allow confined web browsers to read home directory content" +msgstr "" + +#: booleans.py:129 +msgid "Determine whether mpd can traverse user home directories." +msgstr "" + +#: booleans.py:130 +msgid "Determine whether mpd can use cifs file systems." +msgstr "" + +#: booleans.py:131 +msgid "Determine whether mpd can use nfs file systems." +msgstr "" + +#: booleans.py:132 +msgid "Determine whether mplayer can make its stack executable." +msgstr "" + +#: booleans.py:133 +msgid "Allow mysqld to connect to all ports" +msgstr "" + +#: booleans.py:134 +msgid "Determine whether Bind can bind tcp socket to http ports." +msgstr "" + +#: booleans.py:135 +msgid "" +"Determine whether Bind can write to master zone files. Generally this is " +"used for dynamic DNS or zone transfers." +msgstr "" + +#: booleans.py:136 +msgid "Allow any files/directories to be exported read/only via NFS." +msgstr "" + +#: booleans.py:137 +msgid "Allow any files/directories to be exported read/write via NFS." +msgstr "" + +#: booleans.py:138 +msgid "" +"Allow nfs servers to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:139 +msgid "Allow system to run with NIS" +msgstr "" + +#: booleans.py:140 +msgid "Allow confined applications to use nscd shared memory." +msgstr "" + +#: booleans.py:141 +msgid "Allow openshift to lockdown app" +msgstr "" + +#: booleans.py:142 +msgid "Determine whether openvpn can connect to the TCP network." +msgstr "" + +#: booleans.py:143 +msgid "Determine whether openvpn can read generic user home content files." +msgstr "" + +#: booleans.py:144 +msgid "Allow openvpn to run unconfined scripts" +msgstr "" + +#: booleans.py:145 +msgid "Allow piranha-lvs domain to connect to the network using TCP." +msgstr "" + +#: booleans.py:146 +msgid "Allow polipo to connect to all ports > 1023" +msgstr "" + +#: booleans.py:147 +msgid "" +"Determine whether Polipo session daemon can bind tcp sockets to all " +"unreserved ports." +msgstr "" + +#: booleans.py:148 +msgid "" +"Determine whether calling user domains can execute Polipo daemon in the " +"polipo_session_t domain." +msgstr "" + +#: booleans.py:149 +msgid "Determine whether polipo can access cifs file systems." +msgstr "" + +#: booleans.py:150 +msgid "Determine whether Polipo can access nfs file systems." +msgstr "" + +#: booleans.py:151 +msgid "Enable polyinstantiated directory support." +msgstr "" + +#: booleans.py:152 +msgid "Allow postfix_local domain full write access to mail_spool directories" +msgstr "" + +#: booleans.py:153 +msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" +msgstr "" + +#: booleans.py:154 +msgid "Allow transmit client label to foreign database" +msgstr "" + +#: booleans.py:155 +msgid "Allow database admins to execute DML statement" +msgstr "" + +#: booleans.py:156 +msgid "Allow unprivileged users to execute DDL statement" +msgstr "" + +#: booleans.py:157 +msgid "Allow pppd to load kernel modules for certain modems" +msgstr "" + +#: booleans.py:158 +msgid "Allow pppd to be run for a regular user" +msgstr "" + +#: booleans.py:159 +msgid "Determine whether privoxy can connect to all tcp ports." +msgstr "" + +#: booleans.py:160 +msgid "" +"Permit to prosody to bind apache port. Need to be activated to use BOSH." +msgstr "" + +#: booleans.py:161 +msgid "Allow Puppet client to manage all file types." +msgstr "" + +#: booleans.py:162 +msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" +msgstr "" + +#: booleans.py:163 +msgid "Allow racoon to read shadow" +msgstr "" + +#: booleans.py:164 +msgid "" +"Allow rsync to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:165 +msgid "Allow rsync to run as a client" +msgstr "" + +#: booleans.py:166 +msgid "Allow rsync to export any files/directories read only." +msgstr "" + +#: booleans.py:167 +msgid "Allow rsync server to manage all files/directories on the system." +msgstr "" + +#: booleans.py:168 +msgid "Allow samba to create new home directories (e.g. via PAM)" +msgstr "" + +#: booleans.py:169 +msgid "" +"Allow samba to act as the domain controller, add users, groups and change " +"passwords." +msgstr "" + +#: booleans.py:170 +msgid "Allow samba to share users home directories." +msgstr "" + +#: booleans.py:171 +msgid "Allow samba to share any file/directory read only." +msgstr "" + +#: booleans.py:172 +msgid "Allow samba to share any file/directory read/write." +msgstr "" + +#: booleans.py:173 +msgid "Allow samba to act as a portmapper" +msgstr "" + +#: booleans.py:174 +msgid "Allow samba to run unconfined scripts" +msgstr "" + +#: booleans.py:175 +msgid "Allow samba to export ntfs/fusefs volumes." +msgstr "" + +#: booleans.py:176 +msgid "Allow samba to export NFS volumes." +msgstr "" + +#: booleans.py:177 +msgid "Allow sanlock to read/write fuse files" +msgstr "" + +#: booleans.py:178 +msgid "Allow sanlock to manage nfs files" +msgstr "" + +#: booleans.py:179 +msgid "Allow sanlock to manage cifs files" +msgstr "" + +#: booleans.py:180 +msgid "Allow sasl to read shadow" +msgstr "" + +#: booleans.py:181 +msgid "Allow secadm to exec content" +msgstr "" + +#: booleans.py:182 +msgid "" +"disallow programs, such as newrole, from transitioning to administrative " +"user domains." +msgstr "" + +#: booleans.py:183 +msgid "Disable kernel module loading." +msgstr "" + +#: booleans.py:184 +msgid "" +"Boolean to determine whether the system permits loading policy, setting " +"enforcing mode, and changing boolean values. Set this to true and you have " +"to reboot to set it back." +msgstr "" + +#: booleans.py:185 +msgid "Allow regular users direct dri device access" +msgstr "" + +#: booleans.py:186 +msgid "" +"Allow unconfined executables to make their heap memory executable. Doing " +"this is a really bad idea. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" +msgstr "" + +#: booleans.py:187 +msgid "" +"Allow all unconfined executables to use libraries requiring text relocation " +"that are not labeled textrel_shlib_t" +msgstr "" + +#: booleans.py:188 +msgid "" +"Allow unconfined executables to make their stack executable. This should " +"never, ever be necessary. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" +msgstr "" + +#: booleans.py:189 +msgid "Allow users to connect to the local mysql server" +msgstr "" + +#: booleans.py:190 +msgid "" +"Allow confined users the ability to execute the ping and traceroute commands." +msgstr "" + +#: booleans.py:191 +msgid "Allow users to connect to PostgreSQL" +msgstr "" + +#: booleans.py:192 +msgid "" +"Allow user to r/w files on filesystems that do not have extended attributes " +"(FAT, CDROM, FLOPPY)" +msgstr "" + +#: booleans.py:193 +msgid "Allow user music sharing" +msgstr "" + +#: booleans.py:194 +msgid "" +"Allow users to run TCP servers (bind to ports and accept connection from the " +"same domain and outside users) disabling this forces FTP passive mode and " +"may change other protocols." +msgstr "" + +#: booleans.py:195 +msgid "Allow user to use ssh chroot environment." +msgstr "" + +#: booleans.py:196 +msgid "" +"Determine whether sftpd can modify public files used for public file " +"transfer services. Directories/Files must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:197 +msgid "" +"Determine whether sftpd-can read and write files in user home directories." +msgstr "" + +#: booleans.py:198 +msgid "" +"Determine whether sftpd-can login to local users and read and write all " +"files on the system, governed by DAC." +msgstr "" + +#: booleans.py:199 +msgid "" +"Determine whether sftpd can read and write files in user ssh home " +"directories." +msgstr "" + +#: booleans.py:200 +msgid "Allow sge to connect to the network using any TCP port" +msgstr "" + +#: booleans.py:201 +msgid "Allow sge to access nfs file systems." +msgstr "" + +#: booleans.py:202 +msgid "Determine whether smartmon can support devices on 3ware controllers." +msgstr "" + +#: booleans.py:203 +msgid "" +"Allow samba to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:204 +msgid "Allow user spamassassin clients to use the network." +msgstr "" + +#: booleans.py:205 +msgid "Allow spamd to read/write user home directories." +msgstr "" + +#: booleans.py:206 +msgid "Determine whether squid can connect to all TCP ports." +msgstr "" + +#: booleans.py:207 +msgid "Determine whether squid can run as a transparent proxy." +msgstr "" + +#: booleans.py:208 +msgid "" +"Allow ssh with chroot env to read and write files in the user home " +"directories" +msgstr "" + +#: booleans.py:209 +msgid "allow host key based authentication" +msgstr "" + +#: booleans.py:210 +msgid "Allow ssh logins as sysadm_r:sysadm_t" +msgstr "" + +#: booleans.py:211 +msgid "Allow staff to exec content" +msgstr "" + +#: booleans.py:212 +msgid "allow staff user to create and transition to svirt domains." +msgstr "" + +#: booleans.py:213 +msgid "Allow sysadm to exec content" +msgstr "" + +#: booleans.py:214 +msgid "Allow the Telepathy connection managers to connect to any network port." +msgstr "" + +#: booleans.py:215 +msgid "" +"Allow the Telepathy connection managers to connect to any generic TCP port." +msgstr "" + +#: booleans.py:216 +msgid "Allow testpolicy to exec content" +msgstr "" + +#: booleans.py:217 +msgid "" +"Allow tftp to modify public files used for public file transfer services." +msgstr "" + +#: booleans.py:218 +msgid "Allow tftp to read and write files in the user home directories" +msgstr "" + +#: booleans.py:219 +msgid "Determine whether tor can bind tcp sockets to all unreserved ports." +msgstr "" + +#: booleans.py:220 +msgid "Allow tor to act as a relay" +msgstr "" + +#: booleans.py:221 +msgid "" +"allow unconfined users to transition to the chrome sandbox domains when " +"running chrome-sandbox" +msgstr "" + +#: booleans.py:222 +msgid "Allow a user to login as an unconfined domain" +msgstr "" + +#: booleans.py:223 +msgid "" +"Allow unconfined users to transition to the Mozilla plugin domain when " +"running xulrunner plugin-container." +msgstr "" + +#: booleans.py:224 +msgid "Allow unprivledged user to create and transition to svirt domains." +msgstr "" + +#: booleans.py:225 +msgid "Support ecryptfs home directories" +msgstr "" + +#: booleans.py:226 +msgid "Support fusefs home directories" +msgstr "" + +#: booleans.py:227 +msgid "Determine whether to support lpd server." +msgstr "" + +#: booleans.py:228 +msgid "Support NFS home directories" +msgstr "" + +#: booleans.py:229 +msgid "Support SAMBA home directories" +msgstr "" + +#: booleans.py:230 +msgid "Allow user to exec content" +msgstr "" + +#: booleans.py:231 +msgid "Determine whether varnishd can use the full TCP network." +msgstr "" + +#: booleans.py:232 +msgid "" +"Determine whether attempts by vbetool to mmap low regions should be silently " +"blocked." +msgstr "" + +#: booleans.py:233 +msgid "Allow virtual processes to run as userdomains" +msgstr "" + +#: booleans.py:234 +msgid "" +"Allow confined virtual guests to use serial/parallel communication ports" +msgstr "" + +#: booleans.py:235 +msgid "" +"Allow confined virtual guests to use executable memory and executable stack" +msgstr "" + +#: booleans.py:236 +msgid "Allow confined virtual guests to read fuse files" +msgstr "" + +#: booleans.py:237 +msgid "Allow confined virtual guests to manage nfs files" +msgstr "" + +#: booleans.py:238 +msgid "Allow confined virtual guests to interact with rawip sockets" +msgstr "" + +#: booleans.py:239 +msgid "Allow confined virtual guests to manage cifs files" +msgstr "" + +#: booleans.py:240 +msgid "Allow confined virtual guests to interact with the sanlock" +msgstr "" + +#: booleans.py:241 +msgid "Allow confined virtual guests to use usb devices" +msgstr "" + +#: booleans.py:242 +msgid "Allow confined virtual guests to interact with the xserver" +msgstr "" + +#: booleans.py:243 +msgid "Determine whether webadm can manage generic user files." +msgstr "" + +#: booleans.py:244 +msgid "Determine whether webadm can read generic user files." +msgstr "" + +#: booleans.py:245 +msgid "" +"Determine whether attempts by wine to mmap low regions should be silently " +"blocked." +msgstr "" + +#: booleans.py:246 +msgid "Allow the graphical login program to execute bootloader" +msgstr "" + +#: booleans.py:247 +msgid "" +"Allow the graphical login program to login directly as sysadm_r:sysadm_t" +msgstr "" + +#: booleans.py:248 +msgid "" +"Allow the graphical login program to create files in HOME dirs as xdm_home_t." +msgstr "" + +#: booleans.py:249 +msgid "Allow xen to manage nfs files" +msgstr "" + +#: booleans.py:250 +msgid "" +"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " +"logical volumes for disk images." +msgstr "" + +#: booleans.py:251 +msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." +msgstr "" + +#: booleans.py:252 +msgid "" +"Allow xguest users to configure Network Manager and connect to apache ports" +msgstr "" + +#: booleans.py:253 +msgid "Allow xguest to exec content" +msgstr "" + +#: booleans.py:254 +msgid "Allow xguest users to mount removable media" +msgstr "" + +#: booleans.py:255 +msgid "Allow xguest to use blue tooth devices" +msgstr "" + +#: booleans.py:256 +msgid "Allows clients to write to the X server shared memory segments." +msgstr "" + +#: booleans.py:257 +msgid "Allows XServer to execute writable memory" +msgstr "" + +#: booleans.py:258 +msgid "Support X userspace object manager" +msgstr "" + +#: booleans.py:259 +msgid "Determine whether zabbix can connect to all TCP ports" +msgstr "" + +#: booleans.py:260 +msgid "Allow zarafa domains to setrlimit/sys_rouserce." +msgstr "" + +#: booleans.py:261 +msgid "Allow zebra daemon to write it configuration files" +msgstr "" + +#: booleans.py:262 +msgid "" +"Allow ZoneMinder to modify public files used for public file transfer " +"services." +msgstr "" + +#: booleans.py:263 +msgid "Allow ZoneMinder to run su/sudo." +msgstr "" + +#: ../sepolicy/sepolicy.py:194 +#, python-format +msgid "Interface %s does not exist." +msgstr "" + +#: ../sepolicy/sepolicy.py:292 +msgid "You need to install policycoreutils-gui package to use the gui option" +msgstr "" + +#: ../sepolicy/sepolicy.py:296 +msgid "Graphical User Interface for SELinux Policy" +msgstr "" + +#: ../sepolicy/sepolicy.py:299 ../sepolicy/sepolicy.py:345 +msgid "Domain name(s) of man pages to be created" +msgstr "" + +#: ../sepolicy/sepolicy.py:311 +msgid "Alternative root needs to be setup" +msgstr "" + +#: ../sepolicy/sepolicy.py:327 +msgid "Generate SELinux man pages" +msgstr "" + +#: ../sepolicy/sepolicy.py:330 +msgid "path in which the generated SELinux man pages will be stored" +msgstr "" + +#: ../sepolicy/sepolicy.py:332 +msgid "name of the OS for man pages" +msgstr "" + +#: ../sepolicy/sepolicy.py:334 +msgid "Generate HTML man pages structure for selected SELinux man page" +msgstr "" + +#: ../sepolicy/sepolicy.py:336 +msgid "Alternate root directory, defaults to /" +msgstr "" + +#: ../sepolicy/sepolicy.py:338 +msgid "" +"With this flag, alternative root path needs to include file context files " +"and policy.xml file" +msgstr "" + +#: ../sepolicy/sepolicy.py:342 +msgid "All domains" +msgstr "" + +#: ../sepolicy/sepolicy.py:350 +msgid "Query SELinux policy network information" +msgstr "" + +#: ../sepolicy/sepolicy.py:355 +msgid "list all SELinux port types" +msgstr "" + +#: ../sepolicy/sepolicy.py:358 +msgid "show SELinux type related to the port" +msgstr "" + +#: ../sepolicy/sepolicy.py:361 +msgid "Show ports defined for this SELinux type" +msgstr "" + +#: ../sepolicy/sepolicy.py:364 +msgid "show ports to which this domain can bind and/or connect" +msgstr "" + +#: ../sepolicy/sepolicy.py:367 +msgid "show ports to which this application can bind and/or connect" +msgstr "" + +#: ../sepolicy/sepolicy.py:382 +msgid "query SELinux policy to see if domains can communicate with each other" +msgstr "" + +#: ../sepolicy/sepolicy.py:385 +msgid "Source Domain" +msgstr "" + +#: ../sepolicy/sepolicy.py:388 +msgid "Target Domain" +msgstr "" + +#: ../sepolicy/sepolicy.py:407 +msgid "query SELinux Policy to see description of booleans" +msgstr "" + +#: ../sepolicy/sepolicy.py:411 +msgid "get all booleans descriptions" +msgstr "" + +#: ../sepolicy/sepolicy.py:414 +msgid "boolean to get description" +msgstr "" + +#: ../sepolicy/sepolicy.py:424 +msgid "" +"query SELinux Policy to see how a source process domain can transition to " +"the target process domain" +msgstr "" + +#: ../sepolicy/sepolicy.py:427 +msgid "source process domain" +msgstr "" + +#: ../sepolicy/sepolicy.py:430 +msgid "target process domain" +msgstr "" + +#: ../sepolicy/sepolicy.py:472 +#, python-format +msgid "sepolicy generate: error: one of the arguments %s is required" +msgstr "" + +#: ../sepolicy/sepolicy.py:477 +msgid "Command required for this type of policy" +msgstr "" + +#: ../sepolicy/sepolicy.py:488 +#, python-format +msgid "" +"-t option can not be used with '%s' domains. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:493 +#, python-format +msgid "" +"-d option can not be used with '%s' domains. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:497 +#, python-format +msgid "" +"-a option can not be used with '%s' domains. Read usage for more details." +msgstr "" + +#: ../sepolicy/sepolicy.py:501 +msgid "-w option can not be used with the --newtype option" +msgstr "" + +#: ../sepolicy/sepolicy.py:521 +msgid "List SELinux Policy interfaces" +msgstr "" + +#: ../sepolicy/sepolicy.py:541 +msgid "Enter interface names, you wish to query" +msgstr "" + +#: ../sepolicy/sepolicy.py:550 +msgid "Generate SELinux Policy module template" +msgstr "" + +#: ../sepolicy/sepolicy.py:553 +msgid "Enter domain type which you will be extending" +msgstr "" + +#: ../sepolicy/sepolicy.py:556 +msgid "Enter SELinux user(s) which will transition to this domain" +msgstr "" + +#: ../sepolicy/sepolicy.py:559 +msgid "Enter SELinux role(s) to which the administror domain will transition" +msgstr "" + +#: ../sepolicy/sepolicy.py:562 +msgid "Enter domain(s) which this confined admin will administrate" +msgstr "" + +#: ../sepolicy/sepolicy.py:565 +msgid "name of policy to generate" msgstr "" -#: booleans.py:8 -msgid "Allow users to login using a yubikey server" +#: ../sepolicy/sepolicy.py:572 +msgid "path in which the generated policy files will be stored" msgstr "" -#: booleans.py:9 -msgid "Allow awstats to purge Apache logs" +#: ../sepolicy/sepolicy.py:574 +msgid "path to which the confined processes will need to write" msgstr "" -#: booleans.py:10 +#: ../sepolicy/sepolicy.py:575 +msgid "Policy types which require a command" +msgstr "" + +#: ../sepolicy/sepolicy.py:579 ../sepolicy/sepolicy.py:582 +#: ../sepolicy/sepolicy.py:585 ../sepolicy/sepolicy.py:588 +#: ../sepolicy/sepolicy.py:591 ../sepolicy/sepolicy.py:597 +#: ../sepolicy/sepolicy.py:600 ../sepolicy/sepolicy.py:603 +#: ../sepolicy/sepolicy.py:609 ../sepolicy/sepolicy.py:612 +#: ../sepolicy/sepolicy.py:615 ../sepolicy/sepolicy.py:618 +#, python-format +msgid "Generate '%s' policy" +msgstr "" + +#: ../sepolicy/sepolicy.py:606 +#, python-format +msgid "Generate '%s' policy " +msgstr "" + +#: ../sepolicy/sepolicy.py:620 +msgid "executable to confine" +msgstr "" + +#: ../sepolicy/sepolicy.py:625 +msgid "commands" +msgstr "" + +#: ../sepolicy/sepolicy.py:628 +msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:89 +#, python-format +msgid "-- Allowed %s [ %s ]" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:95 ../sepolicy/sepolicy/gui.py:1135 +msgid "all files" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:96 +msgid "regular file" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:97 +msgid "directory" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:98 +msgid "character device" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:99 +msgid "block device" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:100 +msgid "socket file" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:101 +msgid "symbolic link" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:102 +msgid "named pipe" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:398 +msgid "No SELinux Policy installed" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:478 +msgid "You must regenerate interface info by running /usr/bin/sepolgen-ifgen" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:724 +#, python-format +msgid "Failed to read %s policy file" +msgstr "" + +#: ../sepolicy/sepolicy/__init__.py:829 +msgid "unknown" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:132 +msgid "Internet Services Daemon" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:136 +msgid "Existing Domain Type" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:137 +msgid "Minimal Terminal Login User Role" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:138 +msgid "Minimal X Windows Login User Role" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:139 +msgid "Desktop Login User Role" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:140 +msgid "Administrator Login User Role" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:141 +msgid "Confined Root Administrator Role" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:142 +msgid "Module information for a new type" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:147 +msgid "Valid Types:\n" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:181 +#, python-format +msgid "Ports must be numbers or ranges of numbers from 1 to %d " +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:192 +msgid "You must enter a valid policy type" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:195 +#, python-format +msgid "You must enter a name for your policy module for your '%s'." +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:333 msgid "" -"Allow cdrecord to read various content. nfs, samba, removable devices, user " -"temp and untrusted content files" +"Name must be alpha numberic with no spaces. Consider using option \"-n " +"MODULENAME\"" msgstr "" -#: booleans.py:11 -msgid "Allow clamd to use JIT compiler" +#: ../sepolicy/sepolicy/generate.py:425 +msgid "User Role types can not be assigned executables." msgstr "" -#: booleans.py:12 -msgid "Allow clamscan to non security files on a system" +#: ../sepolicy/sepolicy/generate.py:431 +msgid "Only Daemon apps can use an init script.." msgstr "" -#: booleans.py:13 -msgid "Allow clamscan to read user content" +#: ../sepolicy/sepolicy/generate.py:449 +msgid "use_resolve must be a boolean value " msgstr "" -#: booleans.py:14 +#: ../sepolicy/sepolicy/generate.py:455 +msgid "use_syslog must be a boolean value " +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:461 +msgid "use_kerberos must be a boolean value " +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:467 +msgid "manage_krb5_rcache must be a boolean value " +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:497 +msgid "USER Types automatically get a tmp type" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:838 +#, python-format +msgid "'%s' policy modules require existing domains" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:863 +msgid "Type field required" +msgstr "" + +#: ../sepolicy/sepolicy/generate.py:876 +#, python-format msgid "" -"Allow Cobbler to modify public files used for public file transfer services." +"You need to define a new type which ends with: \n" +" %s" msgstr "" -#: booleans.py:15 -msgid "Allow Cobbler to connect to the network using TCP." +#: ../sepolicy/sepolicy/generate.py:1104 +msgid "You must enter the executable path for your confined process" msgstr "" -#: booleans.py:16 -msgid "Allow Cobbler to access cifs file systems." +#: ../sepolicy/sepolicy/generate.py:1363 +msgid "Type Enforcement file" msgstr "" -#: booleans.py:17 -msgid "Allow Cobbler to access nfs file systems." +#: ../sepolicy/sepolicy/generate.py:1364 +msgid "Interface file" msgstr "" -#: booleans.py:18 -msgid "Allow collectd to connect to the network using TCP." +#: ../sepolicy/sepolicy/generate.py:1365 +msgid "File Contexts file" msgstr "" -#: booleans.py:19 -msgid "Allow codnor domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/generate.py:1367 +msgid "Spec file" msgstr "" -#: booleans.py:20 +#: ../sepolicy/sepolicy/generate.py:1368 +msgid "Setup Script" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:25 +#: ../sepolicy/sepolicy/sepolicy.glade:4369 +msgid "Applications" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:52 +msgid "Select domain" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:80 ../sepolicy/sepolicy/gui.py:67 +msgid "Advanced Search >>" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:95 ../sepolicy/sepolicy/gui.py:2306 +msgid "File Equivalence" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:112 ../sepolicy/sepolicy/gui.py:2316 +msgid "Users" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:129 +#: ../sepolicy/sepolicy/sepolicy.glade:1897 +#: ../sepolicy/sepolicy/sepolicy.glade:3802 ../sepolicy/sepolicy/gui.py:2297 +msgid "System" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:189 +#: ../sepolicy/sepolicy/sepolicy.glade:4406 +#: ../sepolicy/sepolicy/sepolicy.glade:4499 +#: ../sepolicy/sepolicy/sepolicy.glade:4645 +#: ../sepolicy/sepolicy/sepolicy.glade:4793 +#: ../sepolicy/sepolicy/sepolicy.glade:4934 +#: ../sepolicy/sepolicy/sepolicy.glade:5007 +msgid "Select" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:204 +#: ../sepolicy/sepolicy/sepolicy.glade:557 +#: ../sepolicy/sepolicy/sepolicy.glade:702 +#: ../sepolicy/sepolicy/sepolicy.glade:1243 +#: ../sepolicy/sepolicy/sepolicy.glade:1539 +#: ../sepolicy/sepolicy/sepolicy.glade:4579 +#: ../sepolicy/sepolicy/sepolicy.glade:4729 +#: ../sepolicy/sepolicy/sepolicy.glade:4859 +#: ../sepolicy/sepolicy/sepolicy.glade:5077 +#: ../sepolicy/sepolicy/sepolicy.glade:5233 +#: ../sepolicy/sepolicy/sepolicy.glade:5474 +msgid "Cancel" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:350 msgid "" -"Allow system cron jobs to relabel filesystem for restoring file contexts." +"The entry that was entered is incorrect. Please try again in the " +"ex:/.../... format." msgstr "" -#: booleans.py:21 -msgid "Allow cvs daemon to read shadow" +#: ../sepolicy/sepolicy/sepolicy.glade:376 +msgid "Retry" msgstr "" -#: booleans.py:22 -msgid "Allow all daemons to write corefiles to /" +#: ../sepolicy/sepolicy/sepolicy.glade:460 +#: ../sepolicy/sepolicy/sepolicy.glade:1124 +#: ../sepolicy/sepolicy/sepolicy.glade:1372 +#: ../sepolicy/sepolicy/sepolicy.glade:5102 +#: ../sepolicy/sepolicy/sepolicy.glade:5343 +msgid "Network Port Definitions" msgstr "" -#: booleans.py:23 -msgid "Allow all daemons to use tcp wrappers." +#: ../sepolicy/sepolicy/sepolicy.glade:476 +msgid "" +"Add file Equivilence Mapping. Mapping will be created when Update is " +"applied." msgstr "" -#: booleans.py:24 -msgid "Allow all daemons the ability to read/write terminals" +#: ../sepolicy/sepolicy/sepolicy.glade:501 +#: ../sepolicy/sepolicy/sepolicy.glade:4045 +msgid "Path" msgstr "" -#: booleans.py:25 -msgid "Allow dan to manage user files" +#: ../sepolicy/sepolicy/sepolicy.glade:511 +#: ../sepolicy/sepolicy/sepolicy.glade:5154 +#: ../sepolicy/sepolicy/sepolicy.glade:5395 +msgid "" +"Specify a new SELinux user name. By convention SELinux User names usually " +"end in an _u." msgstr "" -#: booleans.py:26 -msgid "Allow dan to read user files" +#: ../sepolicy/sepolicy/sepolicy.glade:515 +msgid "Enter the path to which you want to setup an equivalence label." msgstr "" -#: booleans.py:27 -msgid "Allow dbadm to manage files in users home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:528 +#: ../sepolicy/sepolicy/sepolicy.glade:4062 +#: ../sepolicy/sepolicy/sepolicy.glade:4819 +msgid "Equivalence Path" msgstr "" -#: booleans.py:28 -msgid "Allow dbadm to read files in users home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:542 +#: ../sepolicy/sepolicy/sepolicy.glade:687 +#: ../sepolicy/sepolicy/sepolicy.glade:1228 +#: ../sepolicy/sepolicy/sepolicy.glade:1524 +#: ../sepolicy/sepolicy/sepolicy.glade:5218 +#: ../sepolicy/sepolicy/sepolicy.glade:5459 +msgid "Save to update" msgstr "" -#: booleans.py:29 +#: ../sepolicy/sepolicy/sepolicy.glade:582 msgid "" -"Deny user domains applications to map a memory region as both executable and " -"writable, this is dangerous and the executable should be reported in bugzilla" +"Specify the mapping between the new path and the equivalence path. " +"Everything under this new path will be labeled as if they were under the " +"equivalence path." msgstr "" -#: booleans.py:30 -msgid "Allow sysadm to debug or ptrace all processes." +#: ../sepolicy/sepolicy/sepolicy.glade:639 +msgid "Add a file" msgstr "" -#: booleans.py:31 -msgid "Allow dhcpc client applications to execute iptables commands" +#: ../sepolicy/sepolicy/sepolicy.glade:656 +msgid "" +" File Labeling for . File labels will be created " +"when update is applied." msgstr "" -#: booleans.py:32 -msgid "Allow DHCP daemon to use LDAP backends" +#: ../sepolicy/sepolicy/sepolicy.glade:744 +#: ../sepolicy/sepolicy/sepolicy.glade:1471 +#: ../sepolicy/sepolicy/sepolicy.glade:3510 ../sepolicy/sepolicy/gui.py:66 +msgid "Advanced >>" msgstr "" -#: booleans.py:33 -msgid "Allow all domains to use other domains file descriptors" +#: ../sepolicy/sepolicy/sepolicy.glade:765 +#: ../sepolicy/sepolicy/sepolicy.glade:2305 +#: ../sepolicy/sepolicy/sepolicy.glade:2417 +#: ../sepolicy/sepolicy/sepolicy.glade:2539 +#: ../sepolicy/sepolicy/sepolicy.glade:4539 +msgid "Class" msgstr "" -#: booleans.py:34 -msgid "Allow all domains to have the kernel load modules" +#: ../sepolicy/sepolicy/sepolicy.glade:781 +msgid "Type" msgstr "" -#: booleans.py:35 -msgid "Allow the use of the audio devices as the source for the entropy feeds" +#: ../sepolicy/sepolicy/sepolicy.glade:795 +msgid "" +"Select the file class to which this label will be applied. Defaults to all " +"classes." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:822 +msgid "Make Path Recursive" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:826 +msgid "" +"Select Make Path Recursive iff you want to apply this label to all children " +"of the specified directory path. objects under the directory to have this " +"label." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:839 +msgid "Browse" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:843 +msgid "Browse to select the file/directory for labeling." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:887 +msgid "Path " +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:898 +msgid "" +"Specify the path using regular expressions that you would like to modify the " +"labeling." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:920 +msgid "Select the SELinux file type to assign to this path." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:947 +msgid "Enter the MLS Label to assign to this file path." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:951 +msgid "SELinux MLS Label you wish to assign to this path." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1088 +msgid "Analyzing Policy..." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1141 +msgid "" +"Add Login Mapping. Login Mapping will be created when update is applied." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1176 +msgid "" +"Enter the login user name of the user to which you wish to add SELinux User " +"confinement." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1205 +msgid "" +"Select the SELinux User to assign to this login user. Login users by " +"default get assigned by the __default__ user." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1268 +msgid "" +"Enter MLS/MCS Range for this login User. Defaults to the range for the " +"Selected SELinux User." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1271 +#: ../sepolicy/sepolicy/sepolicy.glade:3191 +#: ../sepolicy/sepolicy/sepolicy.glade:3312 +#: ../sepolicy/sepolicy/sepolicy.glade:5184 +#: ../sepolicy/sepolicy/sepolicy.glade:5425 +msgid "MLS Range" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1283 +msgid "" +"Specify the MLS Range for this user to login in with. Defaults to the " +"selected SELinux Users MLS Range." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1389 +msgid "" +" Network Port for . Ports will be created when " +"update is applied." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1427 +msgid "Enter the port number or range to which you want to add a port type." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1457 +msgid "Port Type" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1502 +msgid "Select the port type you want to assign to the specified port number." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1566 +msgid "tcp" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1570 +msgid "" +"Select tcp if the port type should be assigned to tcp port numbers." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1583 +msgid "udp" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1587 +msgid "" +"Select udp if the port type should be assigned to udp port numbers." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1609 +msgid "Enter the MLS Label to assign to this port." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1706 +msgid "SELinux Configuration" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1742 +msgid "Select..." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1791 +#: ../sepolicy/sepolicy/sepolicy.glade:2211 +msgid "Booleans" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1795 +msgid "" +"Display boolean information that can be used to modify the policy for the " +"'selected domain'." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1809 +#: ../sepolicy/sepolicy/sepolicy.glade:2596 +msgid "Files" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1813 +msgid "" +"Display file type information that can be used by the 'selected domain'." +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1827 +#: ../sepolicy/sepolicy/sepolicy.glade:2829 +msgid "Network" +msgstr "" + +#: ../sepolicy/sepolicy/sepolicy.glade:1831 +msgid "" +"Display network ports to which the 'selected domain' can connect or listen " +"to." msgstr "" -#: booleans.py:36 -msgid "Allow exim to connect to databases (postgres, mysql)" +#: ../sepolicy/sepolicy/sepolicy.glade:1845 +#: ../sepolicy/sepolicy/sepolicy.glade:3120 +msgid "Transitions" msgstr "" -#: booleans.py:37 -msgid "Allow exim to create, read, write, and delete unprivileged user files." +#: ../sepolicy/sepolicy/sepolicy.glade:1849 +msgid "" +"Display applications that can transition into or out of the 'selected " +"domain'." msgstr "" -#: booleans.py:38 -msgid "Allow exim to read unprivileged user files." +#: ../sepolicy/sepolicy/sepolicy.glade:1863 +#: ../sepolicy/sepolicy/sepolicy.glade:3221 +msgid "Login Mapping" msgstr "" -#: booleans.py:39 -msgid "Enable extra rules in the cron domain to support fcron." +#: ../sepolicy/sepolicy/sepolicy.glade:1866 +#: ../sepolicy/sepolicy/sepolicy.glade:1883 +#: ../sepolicy/sepolicy/sepolicy.glade:1900 +msgid "Manage the SELinux configuration" msgstr "" -#: booleans.py:40 -msgid "Allow fenced domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/sepolicy.glade:1880 +#: ../sepolicy/sepolicy/sepolicy.glade:3343 +msgid "SELinux Users" msgstr "" -#: booleans.py:41 -msgid "Allow fenced domain to execute ssh." +#: ../sepolicy/sepolicy/sepolicy.glade:1914 +#: ../sepolicy/sepolicy/sepolicy.glade:4015 +msgid "Lockdown" msgstr "" -#: booleans.py:42 -msgid "Allow all domains to execute in fips_mode" +#: ../sepolicy/sepolicy/sepolicy.glade:1917 +msgid "" +"Lockdown the SELinux System.\n" +"This screen can be used to turn up the SELinux Protections." msgstr "" -#: booleans.py:43 -msgid "Allow ftp to read and write files in the user home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:1932 +msgid "radiobutton" msgstr "" -#: booleans.py:44 -msgid "" -"Allow ftp servers to upload files, used for public file transfer services. " -"Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/sepolicy.glade:2020 +msgid "Show Modified Only" msgstr "" -#: booleans.py:45 -msgid "Allow ftp servers to connect to all ports > 1023" +#: ../sepolicy/sepolicy/sepolicy.glade:2059 +msgid "Mislabeled files exist" msgstr "" -#: booleans.py:46 -msgid "Allow ftp servers to connect to mysql database ports" +#: ../sepolicy/sepolicy/sepolicy.glade:2079 +msgid "Show mislabeled files only" msgstr "" -#: booleans.py:47 +#: ../sepolicy/sepolicy/sepolicy.glade:2119 +#: ../sepolicy/sepolicy/sepolicy.glade:3243 msgid "" -"Allow ftp servers to login to local users and read/write all files on the " -"system, governed by DAC." +"If-Then-Else rules written in policy that can \n" +"allow alternative access control." msgstr "" -#: booleans.py:48 -msgid "Allow ftp servers to use cifs used for public file transfer services." +#: ../sepolicy/sepolicy/sepolicy.glade:2131 +msgid "Enabled" msgstr "" -#: booleans.py:49 -msgid "Allow ftp servers to use nfs used for public file transfer services." +#: ../sepolicy/sepolicy/sepolicy.glade:2251 +#: ../sepolicy/sepolicy/sepolicy.glade:2363 +#: ../sepolicy/sepolicy/sepolicy.glade:2481 +#: ../sepolicy/sepolicy/sepolicy.glade:4512 +#: ../sepolicy/sepolicy/sepolicy.glade:4806 +msgid "File Path" msgstr "" -#: booleans.py:50 -msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" +#: ../sepolicy/sepolicy/sepolicy.glade:2287 +#: ../sepolicy/sepolicy/sepolicy.glade:2398 +msgid "SELinux File Type" msgstr "" -#: booleans.py:51 -msgid "Determine whether Git CGI can search home directories." +#: ../sepolicy/sepolicy/sepolicy.glade:2331 +msgid "File path used to enter the 'selected domain'." msgstr "" -#: booleans.py:52 -msgid "Determine whether Git CGI can access cifs file systems." +#: ../sepolicy/sepolicy/sepolicy.glade:2332 +msgid "Executable Files" msgstr "" -#: booleans.py:53 -msgid "Determine whether Git CGI can access nfs file systems." +#: ../sepolicy/sepolicy/sepolicy.glade:2447 +msgid "Files to which the 'selected domain' can write." msgstr "" -#: booleans.py:54 -msgid "" -"Determine whether Git session daemon can bind TCP sockets to all unreserved " -"ports." +#: ../sepolicy/sepolicy/sepolicy.glade:2448 +msgid "Writable files" msgstr "" -#: booleans.py:55 -msgid "" -"Determine whether calling user domains can execute Git daemon in the " -"git_session_t domain." +#: ../sepolicy/sepolicy/sepolicy.glade:2570 +msgid "File Types defined for the 'selected domain'." msgstr "" -#: booleans.py:56 -msgid "Determine whether Git system daemon can search home directories." +#: ../sepolicy/sepolicy/sepolicy.glade:2571 +msgid "Application File Types" msgstr "" -#: booleans.py:57 -msgid "Determine whether Git system daemon can access cifs file systems." +#: ../sepolicy/sepolicy/sepolicy.glade:2703 +msgid "Network Ports to which the 'selected domain' is allowed to connect." msgstr "" -#: booleans.py:58 -msgid "Determine whether Git system daemon can access nfs file systems." +#: ../sepolicy/sepolicy/sepolicy.glade:2704 +msgid "Outbound" msgstr "" -#: booleans.py:59 -msgid "Allow gitisis daemon to send mail" +#: ../sepolicy/sepolicy/sepolicy.glade:2803 +msgid "Network Ports to which the 'selected domain' is allowed to listen." msgstr "" -#: booleans.py:60 -msgid "Enable reading of urandom for all domains." +#: ../sepolicy/sepolicy/sepolicy.glade:2804 +msgid "Inbound" msgstr "" -#: booleans.py:61 +#: ../sepolicy/sepolicy/sepolicy.glade:2865 msgid "" -"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" -"agent to manage user files." +"Boolean \n" +"Enabled" msgstr "" -#: booleans.py:62 -msgid "" -"Allow gpg web domain to modify public files used for public file transfer " -"services." +#: ../sepolicy/sepolicy/sepolicy.glade:2891 +msgid "Boolean name" msgstr "" -#: booleans.py:63 -msgid "Allow gssd to read temp directory. For access to kerberos tgt." +#: ../sepolicy/sepolicy/sepolicy.glade:2908 +msgid "SELinux Application Type" msgstr "" -#: booleans.py:64 -msgid "Allow guest to exec content" +#: ../sepolicy/sepolicy/sepolicy.glade:2929 +msgid "" +"Executables which will transition to a different domain, when the 'selected " +"domain' executes them." msgstr "" -#: booleans.py:65 -msgid "" -"Allow Apache to modify public files used for public file transfer services. " -"Directories/Files must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/sepolicy.glade:2932 +msgid "Applicaton Transitions From 'select domain'" msgstr "" -#: booleans.py:66 -msgid "Allow httpd to use built in scripting (usually php)" +#: ../sepolicy/sepolicy/sepolicy.glade:2955 +msgid "" +"Boolean\n" +"Enabled" msgstr "" -#: booleans.py:67 -msgid "Allow http daemon to check spam" +#: ../sepolicy/sepolicy/sepolicy.glade:2971 +msgid "Calling Process Domain" msgstr "" -#: booleans.py:68 -msgid "" -"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " -"ports" +#: ../sepolicy/sepolicy/sepolicy.glade:2987 +msgid "Executable File" msgstr "" -#: booleans.py:69 -msgid "Allow httpd to connect to the ldap port" +#: ../sepolicy/sepolicy/sepolicy.glade:3011 +msgid "" +"Executables which will transition to the 'selected domain', when executing a " +"selected domains entrypoint." msgstr "" -#: booleans.py:70 -msgid "Allow http daemon to connect to zabbix" +#: ../sepolicy/sepolicy/sepolicy.glade:3012 +msgid "Application Transitions Into 'select domain'" msgstr "" -#: booleans.py:71 -msgid "Allow HTTPD scripts and modules to connect to the network using TCP." +#: ../sepolicy/sepolicy/sepolicy.glade:3027 +msgid "" +"File Transitions define what happens when the current domain creates the " +"content of a particular class in a directory of the destination type. " +"Optionally a file name could be specified for the transition." msgstr "" -#: booleans.py:72 -msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." +#: ../sepolicy/sepolicy/sepolicy.glade:3035 +msgid "SELinux Directory Type" msgstr "" -#: booleans.py:73 -msgid "" -"Allow HTTPD scripts and modules to connect to databases over the network." +#: ../sepolicy/sepolicy/sepolicy.glade:3048 +msgid "Destination Class" msgstr "" -#: booleans.py:74 -msgid "Allow httpd to connect to memcache server" +#: ../sepolicy/sepolicy/sepolicy.glade:3062 +msgid "SELinux Destination Type" msgstr "" -#: booleans.py:75 -msgid "Allow httpd to act as a relay" +#: ../sepolicy/sepolicy/sepolicy.glade:3075 +msgid "File Name" msgstr "" -#: booleans.py:76 -msgid "Allow http daemon to send mail" +#: ../sepolicy/sepolicy/sepolicy.glade:3097 +msgid "File Transitions From 'select domain'" msgstr "" -#: booleans.py:77 -msgid "Allow Apache to communicate with avahi service via dbus" +#: ../sepolicy/sepolicy/sepolicy.glade:3296 +#: ../sepolicy/sepolicy/sepolicy.glade:5277 +#: ../sepolicy/sepolicy/sepolicy.glade:5518 +msgid "Default Level" msgstr "" -#: booleans.py:78 -msgid "Allow httpd cgi support" +#: ../sepolicy/sepolicy/sepolicy.glade:3382 +msgid "Select the system mode when the system first boots up" msgstr "" -#: booleans.py:79 -msgid "Allow httpd to act as a FTP server by listening on the ftp port." +#: ../sepolicy/sepolicy/sepolicy.glade:3455 +msgid "Select the system mode for the current session" msgstr "" -#: booleans.py:80 -msgid "Allow httpd to read home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:3532 +msgid "System Policy Type:" msgstr "" -#: booleans.py:81 -msgid "Allow httpd scripts and modules execmem/execstack" +#: ../sepolicy/sepolicy/sepolicy.glade:3593 +msgid "System Mode" msgstr "" -#: booleans.py:82 -msgid "Allow HTTPD to connect to port 80 for graceful shutdown" +#: ../sepolicy/sepolicy/sepolicy.glade:3631 +msgid "Import system settings from another machine" msgstr "" -#: booleans.py:83 -msgid "Allow httpd processes to manage IPA content" +#: ../sepolicy/sepolicy/sepolicy.glade:3639 +msgid "Import" msgstr "" -#: booleans.py:84 -msgid "Allow Apache to use mod_auth_ntlm_winbind" +#: ../sepolicy/sepolicy/sepolicy.glade:3658 +msgid "Export system settings to a file" msgstr "" -#: booleans.py:85 -msgid "Allow Apache to use mod_auth_pam" +#: ../sepolicy/sepolicy/sepolicy.glade:3668 +msgid "Export" msgstr "" -#: booleans.py:86 -msgid "Allow httpd to read user content" +#: ../sepolicy/sepolicy/sepolicy.glade:3687 +msgid "Relabel all files back to system defaults on reboot" msgstr "" -#: booleans.py:87 -msgid "Allow Apache to run in stickshift mode, not transition to passenger" +#: ../sepolicy/sepolicy/sepolicy.glade:3724 +#: ../sepolicy/sepolicy/sepolicy.glade:3825 +#: ../sepolicy/sepolicy/sepolicy.glade:3889 +#: ../sepolicy/sepolicy/sepolicy.glade:3952 ../sepolicy/sepolicy/gui.py:60 +msgid "Yes" msgstr "" -#: booleans.py:88 -msgid "Allow httpd daemon to change its resource limits" +#: ../sepolicy/sepolicy/sepolicy.glade:3741 +#: ../sepolicy/sepolicy/sepolicy.glade:3843 +#: ../sepolicy/sepolicy/sepolicy.glade:3906 +#: ../sepolicy/sepolicy/sepolicy.glade:3969 ../sepolicy/sepolicy/gui.py:60 +msgid "No" msgstr "" -#: booleans.py:89 -msgid "" -"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." +#: ../sepolicy/sepolicy/sepolicy.glade:3782 +msgid "System Configuration" msgstr "" -#: booleans.py:90 +#: ../sepolicy/sepolicy/sepolicy.glade:3829 +#: ../sepolicy/sepolicy/sepolicy.glade:3847 msgid "" -"Allow apache scripts to write to public content, directories/files must be " -"labeled public_rw_content_t." +"An unconfined domain is a process label that allows the process to do what " +"it wants, without SELinux interfering. Applications started at boot by the " +"init system that SELinux do not have defined SELinux policy will run as " +"unconfined if this module is enabled. Disabling it means all daemons will " +"now be confined. To disable the unconfined_t user you must first remove " +"unconfined_t from the users/login screens." msgstr "" -#: booleans.py:91 -msgid "Allow Apache to execute tmp content." +#: ../sepolicy/sepolicy/sepolicy.glade:3865 +msgid "Disable ability to run unconfined system processes?" msgstr "" -#: booleans.py:92 +#: ../sepolicy/sepolicy/sepolicy.glade:3893 +#: ../sepolicy/sepolicy/sepolicy.glade:3910 +#: ../sepolicy/sepolicy/sepolicy.glade:3973 msgid "" -"Unify HTTPD to communicate with the terminal. Needed for entering the " -"passphrase for certificates at the terminal." +"An permissive domain is a process label that allows the process to do what " +"it wants, with SELinux only logging the denials, but not enforcing them. " +"Usually permissive domains indicate experimental policy, disabling the " +"module could cause SELinux to deny access to a domain, that should be " +"allowed." msgstr "" -#: booleans.py:93 -msgid "Unify HTTPD handling of all content files." +#: ../sepolicy/sepolicy/sepolicy.glade:3928 +msgid "Disable all permissive processes?" msgstr "" -#: booleans.py:94 -msgid "Allow httpd to access cifs file systems" +#: ../sepolicy/sepolicy/sepolicy.glade:3956 +msgid "" +"A permissive domain is a process label that allows the process to do what it " +"wants, with SELinux only logging the denials, but not enforcing them. " +"Usually permissive domains indicate experimental policy, disabling the " +"module could cause SELinux to deny access to a domain, that should be " +"allowed." msgstr "" -#: booleans.py:95 -msgid "Allow httpd to access FUSE file systems" +#: ../sepolicy/sepolicy/sepolicy.glade:3994 +msgid "Deny all processes from ptracing or debugging other processes?" msgstr "" -#: booleans.py:96 -msgid "Allow httpd to run gpg" +#: ../sepolicy/sepolicy/sepolicy.glade:4031 +msgid "" +"File equivalence cause the system to label content under the new path as if " +"it were under the equivalence path." msgstr "" -#: booleans.py:97 -msgid "Allow httpd to access nfs file systems" +#: ../sepolicy/sepolicy/sepolicy.glade:4087 +msgid "Files Equivalence" msgstr "" -#: booleans.py:98 -msgid "Allow httpd to communicate with oddjob to start up a service" +#: ../sepolicy/sepolicy/sepolicy.glade:4100 +msgid "...SELECT TO VIEW DATA..." msgstr "" -#: booleans.py:99 -msgid "Allow httpd to access openstack ports" +#: ../sepolicy/sepolicy/sepolicy.glade:4131 +msgid "Delete" msgstr "" -#: booleans.py:100 -msgid "Allow Apache to query NS records" +#: ../sepolicy/sepolicy/sepolicy.glade:4147 +msgid "Modify" msgstr "" -#: booleans.py:101 -msgid "Allow icecast to connect to all ports, not just sound ports." +#: ../sepolicy/sepolicy/sepolicy.glade:4208 +msgid "Revert" msgstr "" -#: booleans.py:102 +#: ../sepolicy/sepolicy/sepolicy.glade:4213 msgid "" -"Allow the Irssi IRC Client to connect to any port, and to bind to any " -"unreserved port." -msgstr "" - -#: booleans.py:103 -msgid "Allow confined applications to run with kerberos." +"Revert button will launch a dialog window which allows you to revert changes " +"within the current transaction." msgstr "" -#: booleans.py:104 -msgid "Allow syslogd daemon to send mail" +#: ../sepolicy/sepolicy/sepolicy.glade:4225 ../sepolicy/sepolicy/gui.py:2379 +msgid "Update" msgstr "" -#: booleans.py:105 -msgid "Allow syslogd the ability to read/write terminals" +#: ../sepolicy/sepolicy/sepolicy.glade:4230 +msgid "Commit all changes in your current transaction to the server." msgstr "" -#: booleans.py:106 -msgid "Allow logging in and using the system from /dev/console." +#: ../sepolicy/sepolicy/sepolicy.glade:4278 +msgid "Applications - Advanced Search" msgstr "" -#: booleans.py:107 -msgid "" -"Control the ability to mmap a low area of the address space, as configured " -"by /proc/sys/kernel/mmap_min_addr." +#: ../sepolicy/sepolicy/sepolicy.glade:4331 +msgid "Installed" msgstr "" -#: booleans.py:108 -msgid "Allow mock to read files in home directories." +#: ../sepolicy/sepolicy/sepolicy.glade:4383 +msgid "Process Types" msgstr "" -#: booleans.py:109 -msgid "Allow the mount command to mount any directory or file." +#: ../sepolicy/sepolicy/sepolicy.glade:4424 +msgid "More Details" msgstr "" -#: booleans.py:110 -msgid "Allow mozilla plugin domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/sepolicy.glade:4460 +#: ../sepolicy/sepolicy/sepolicy.glade:4754 +msgid "Delete Modified File Labeling" msgstr "" -#: booleans.py:111 +#: ../sepolicy/sepolicy/sepolicy.glade:4478 msgid "" -"Allow mozilla_plugins to create random content in the users home directory" +"Select file labeling to delete. File labeling will be deleted when update is " +"applied." msgstr "" -#: booleans.py:112 -msgid "Allow confined web browsers to read home directory content" +#: ../sepolicy/sepolicy/sepolicy.glade:4525 +msgid "SELinux File Label" msgstr "" -#: booleans.py:113 -msgid "Allow mplayer executable stack" +#: ../sepolicy/sepolicy/sepolicy.glade:4564 +#: ../sepolicy/sepolicy/sepolicy.glade:4714 +#: ../sepolicy/sepolicy/sepolicy.glade:4844 +msgid "Save to Update" msgstr "" -#: booleans.py:114 -msgid "Allow mysqld to connect to all ports" +#: ../sepolicy/sepolicy/sepolicy.glade:4604 +msgid "Delete Modified Ports" msgstr "" -#: booleans.py:115 -msgid "Allow BIND to bind apache port." +#: ../sepolicy/sepolicy/sepolicy.glade:4622 +msgid "Select ports to delete. Ports will be deleted when update is applied." msgstr "" -#: booleans.py:116 +#: ../sepolicy/sepolicy/sepolicy.glade:4771 msgid "" -"Allow BIND to write the master zone files. Generally this is used for " -"dynamic DNS or zone transfers." +"Select file equivalence labeling to delete.File equivalence labeling will be " +"deleted when update is applied." msgstr "" -#: booleans.py:117 -msgid "Allow any files/directories to be exported read/only via NFS." +#: ../sepolicy/sepolicy/sepolicy.glade:4887 +msgid "More Types" msgstr "" -#: booleans.py:118 -msgid "Allow any files/directories to be exported read/write via NFS." +#: ../sepolicy/sepolicy/sepolicy.glade:4914 +msgid "Types" msgstr "" -#: booleans.py:119 +#: ../sepolicy/sepolicy/sepolicy.glade:4973 msgid "" -"Allow nfs servers to modify public files used for public file transfer " -"services. Files/Directories must be labeled public_content_rw_t." +"Review the updates you have made before committing them to the system. To " +"reset an item, uncheck the checkbox. All items checked will be updated in " +"the system when you select update." msgstr "" -#: booleans.py:120 -msgid "Allow system to run with NIS" +#: ../sepolicy/sepolicy/sepolicy.glade:5036 +msgid "Action" msgstr "" -#: booleans.py:121 -msgid "Allow confined applications to use nscd shared memory." +#: ../sepolicy/sepolicy/sepolicy.glade:5062 +msgid "Apply" msgstr "" -#: booleans.py:122 -msgid "Allow openshift to lockdown app" +#: ../sepolicy/sepolicy/sepolicy.glade:5119 +#: ../sepolicy/sepolicy/sepolicy.glade:5360 +msgid "" +"Add User Roles. SELinux User Roles will be created when Update is applied." msgstr "" -#: booleans.py:123 -msgid "Allow openvpn to read home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:5144 +#: ../sepolicy/sepolicy/sepolicy.glade:5385 +msgid "SELinux User Name" msgstr "" -#: booleans.py:124 -msgid "Allow piranha-lvs domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/sepolicy.glade:5258 +#: ../sepolicy/sepolicy/sepolicy.glade:5499 +msgid "" +"Enter MLS/MCS Range for this SELinux User.\n" +"s0-s0:c1023" msgstr "" -#: booleans.py:125 -msgid "Allow polipo to connect to all ports > 1023" +#: ../sepolicy/sepolicy/sepolicy.glade:5289 +#: ../sepolicy/sepolicy/sepolicy.glade:5530 +msgid "" +"Specify the default level that you would like this SELinux user to login " +"with. Defaults to s0." msgstr "" -#: booleans.py:126 -msgid "" -"Determine whether Polipo session daemon can bind tcp sockets to all " -"unreserved ports." +#: ../sepolicy/sepolicy/sepolicy.glade:5293 +#: ../sepolicy/sepolicy/sepolicy.glade:5534 +msgid "Enter Default Level for SELinux User to login with. Default s0" msgstr "" -#: booleans.py:127 -msgid "" -"Determine whether calling user domains can execute Polipo daemon in the " -"polipo_session_t domain." +#: ../sepolicy/sepolicy/gui.py:61 +msgid "Disable" msgstr "" -#: booleans.py:128 -msgid "Determine whether polipo can access cifs file systems." +#: ../sepolicy/sepolicy/gui.py:61 +msgid "Enable" msgstr "" -#: booleans.py:129 -msgid "Determine whether Polipo can access nfs file systems." +#: ../sepolicy/sepolicy/gui.py:66 +msgid "Advanced <<" msgstr "" -#: booleans.py:130 -msgid "Enable polyinstantiated directory support." +#: ../sepolicy/sepolicy/gui.py:67 +msgid "Advanced Search <<" msgstr "" -#: booleans.py:131 -msgid "Allow postfix_local domain full write access to mail_spool directories" +#: ../sepolicy/sepolicy/gui.py:92 +msgid "" +"\n" +"To change from Disabled to Enforcing mode\n" +"- Change the system mode from Disabled to Permissive\n" +"- Reboot, so that the system can relabel\n" +"- Once the system is working as planned\n" +" * Change the system mode to Enforcing\n" msgstr "" -#: booleans.py:132 -msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" +#: ../sepolicy/sepolicy/gui.py:115 +#, python-format +msgid "%s is not a valid domain" msgstr "" -#: booleans.py:133 -msgid "Allow transmit client label to foreign database" +#: ../sepolicy/sepolicy/gui.py:624 +msgid "System Status: Disabled" msgstr "" -#: booleans.py:134 -msgid "Allow database admins to execute DML statement" +#: ../sepolicy/sepolicy/gui.py:722 +msgid "Help: Start Page" msgstr "" -#: booleans.py:135 -msgid "Allow unprivileged users to execute DDL statement" +#: ../sepolicy/sepolicy/gui.py:726 +msgid "Help: Booleans Page" msgstr "" -#: booleans.py:136 -msgid "Allow pppd to load kernel modules for certain modems" +#: ../sepolicy/sepolicy/gui.py:732 +msgid "Help: Executable Files Page" msgstr "" -#: booleans.py:137 -msgid "Allow pppd to be run for a regular user" +#: ../sepolicy/sepolicy/gui.py:735 +msgid "Help: Writable Files Page" msgstr "" -#: booleans.py:138 -msgid "" -"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: ../sepolicy/sepolicy/gui.py:738 +msgid "Help: Application Types Page" msgstr "" -#: booleans.py:139 -msgid "Allow Puppet client to manage all file types." +#: ../sepolicy/sepolicy/gui.py:743 +msgid "Help: Outbound Network Connections Page" msgstr "" -#: booleans.py:140 -msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" +#: ../sepolicy/sepolicy/gui.py:746 +msgid "Help: Inbound Network Connections Page" msgstr "" -#: booleans.py:141 -msgid "Allow racoon to read shadow" +#: ../sepolicy/sepolicy/gui.py:752 +msgid "Help: Transition from application Page" msgstr "" -#: booleans.py:142 -msgid "Allow rgmanager domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/gui.py:755 +msgid "Help: Transition into application Page" msgstr "" -#: booleans.py:143 -msgid "" -"Allow rsync to modify public files used for public file transfer services. " -"Files/Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/gui.py:758 +msgid "Help: Transition application file Page" msgstr "" -#: booleans.py:144 -msgid "Allow rsync to run as a client" +#: ../sepolicy/sepolicy/gui.py:762 +msgid "Help: Systems Page" msgstr "" -#: booleans.py:145 -msgid "Allow rsync to export any files/directories read only." +#: ../sepolicy/sepolicy/gui.py:766 +msgid "Help: Lockdown Page" msgstr "" -#: booleans.py:146 -msgid "Allow rsync servers to share cifs files systems" +#: ../sepolicy/sepolicy/gui.py:770 +msgid "Help: Login Page" msgstr "" -#: booleans.py:147 -msgid "Allow rsync servers to share nfs files systems" +#: ../sepolicy/sepolicy/gui.py:774 +msgid "Help: SELinux User Page" msgstr "" -#: booleans.py:148 -msgid "Allow samba to create new home directories (e.g. via PAM)" +#: ../sepolicy/sepolicy/gui.py:778 +msgid "Help: File Equivalence Page" msgstr "" -#: booleans.py:149 -msgid "" -"Allow samba to act as the domain controller, add users, groups and change " -"passwords." +#: ../sepolicy/sepolicy/gui.py:922 ../sepolicy/sepolicy/gui.py:1211 +#: ../sepolicy/sepolicy/gui.py:1644 ../sepolicy/sepolicy/gui.py:1885 +#: ../sepolicy/sepolicy/gui.py:2698 +msgid "More..." msgstr "" -#: booleans.py:150 -msgid "Allow samba to share users home directories." +#: ../sepolicy/sepolicy/gui.py:1031 +#, python-format +msgid "File path used to enter the '%s' domain." msgstr "" -#: booleans.py:151 -msgid "Allow samba to share any file/directory read only." +#: ../sepolicy/sepolicy/gui.py:1032 +#, python-format +msgid "Files to which the '%s' domain can write." msgstr "" -#: booleans.py:152 -msgid "Allow samba to share any file/directory read/write." +#: ../sepolicy/sepolicy/gui.py:1033 +#, python-format +msgid "Network Ports to which the '%s' is allowed to connect." msgstr "" -#: booleans.py:153 -msgid "Allow samba to act as a portmapper" +#: ../sepolicy/sepolicy/gui.py:1034 +#, python-format +msgid "Network Ports to which the '%s' is allowed to listen." msgstr "" -#: booleans.py:154 -msgid "Allow samba to run unconfined scripts" +#: ../sepolicy/sepolicy/gui.py:1035 +#, python-format +msgid "File Types defined for the '%s'." msgstr "" -#: booleans.py:155 -msgid "Allow samba to export ntfs/fusefs volumes." +#: ../sepolicy/sepolicy/gui.py:1036 +#, python-format +msgid "" +"Display boolean information that can be used to modify the policy for the " +"'%s'." msgstr "" -#: booleans.py:156 -msgid "Allow samba to export NFS volumes." +#: ../sepolicy/sepolicy/gui.py:1037 +#, python-format +msgid "Display file type information that can be used by the '%s'." msgstr "" -#: booleans.py:157 -msgid "Allow sanlock to read/write fuse files" +#: ../sepolicy/sepolicy/gui.py:1038 +#, python-format +msgid "Display network ports to which the '%s' can connect or listen to." msgstr "" -#: booleans.py:158 -msgid "Allow sanlock to manage nfs files" +#: ../sepolicy/sepolicy/gui.py:1039 +#, python-format +msgid "Application Transitions Into '%s'" msgstr "" -#: booleans.py:159 -msgid "Allow sanlock to manage cifs files" +#: ../sepolicy/sepolicy/gui.py:1040 +#, python-format +msgid "Application Transitions From '%s'" msgstr "" -#: booleans.py:160 -msgid "Allow sasl to read shadow" +#: ../sepolicy/sepolicy/gui.py:1041 +#, python-format +msgid "File Transitions From '%s'" msgstr "" -#: booleans.py:161 -msgid "Allow secadm to exec content" +#: ../sepolicy/sepolicy/gui.py:1042 +#, python-format +msgid "" +"Executables which will transition to the '%s', when executing a selected " +"domains entrypoint." msgstr "" -#: booleans.py:162 +#: ../sepolicy/sepolicy/gui.py:1043 +#, python-format msgid "" -"disallow programs, such as newrole, from transitioning to administrative " -"user domains." +"Executables which will transition to a different domain, when the '%s' " +"executes them." msgstr "" -#: booleans.py:163 -msgid "Disable kernel module loading." +#: ../sepolicy/sepolicy/gui.py:1044 +#, python-format +msgid "Files by '%s' will transitions to a different label." msgstr "" -#: booleans.py:164 -msgid "" -"Boolean to determine whether the system permits loading policy, setting " -"enforcing mode, and changing boolean values. Set this to true and you have " -"to reboot to set it back." +#: ../sepolicy/sepolicy/gui.py:1045 +#, python-format +msgid "Display applications that can transition into or out of the '%s'." msgstr "" -#: booleans.py:165 -msgid "Allow regular users direct dri device access" +#: ../sepolicy/sepolicy/gui.py:1149 +msgid "MISSING FILE PATH" msgstr "" -#: booleans.py:166 -msgid "" -"Allow unconfined executables to make their heap memory executable. Doing " -"this is a really bad idea. Probably indicates a badly coded executable, but " -"could indicate an attack. This executable should be reported in bugzilla" +#: ../sepolicy/sepolicy/gui.py:1265 ../sepolicy/sepolicy/gui.py:1267 +msgid "Boolean section." msgstr "" -#: booleans.py:167 -msgid "" -"Allow all unconfined executables to use libraries requiring text relocation " -"that are not labeled textrel_shlib_t" +#: ../sepolicy/sepolicy/gui.py:1265 +msgid "To disable this transition, go to the " msgstr "" -#: booleans.py:168 -msgid "" -"Allow unconfined executables to make their stack executable. This should " -"never, ever be necessary. Probably indicates a badly coded executable, but " -"could indicate an attack. This executable should be reported in bugzilla" +#: ../sepolicy/sepolicy/gui.py:1267 +msgid "To enable this transition, go to the " msgstr "" -#: booleans.py:169 -msgid "Allow users to connect to the local mysql server" +#: ../sepolicy/sepolicy/gui.py:1324 +msgid "executable" msgstr "" -#: booleans.py:170 -msgid "" -"Allow confined users the ability to execute the ping and traceroute commands." +#: ../sepolicy/sepolicy/gui.py:1327 +msgid "writable" msgstr "" -#: booleans.py:171 -msgid "Allow users to connect to PostgreSQL" +#: ../sepolicy/sepolicy/gui.py:1330 +msgid "application" msgstr "" -#: booleans.py:172 -msgid "" -"Allow user to r/w files on filesystems that do not have extended attributes " -"(FAT, CDROM, FLOPPY)" +#: ../sepolicy/sepolicy/gui.py:1331 +#, python-format +msgid "Add new %s file path for '%s' domains." msgstr "" -#: booleans.py:173 -msgid "" -"Allow users to run TCP servers (bind to ports and accept connection from the " -"same domain and outside users) disabling this forces FTP passive mode and " -"may change other protocols." +#: ../sepolicy/sepolicy/gui.py:1332 +#, python-format +msgid "Delete modified %s file paths for '%s' domain." msgstr "" -#: booleans.py:174 -msgid "Allow user to use ssh chroot environment." +#: ../sepolicy/sepolicy/gui.py:1333 +#, python-format +msgid "" +"Modify selected modified %s file path for '%s' domain. Only bolded items in " +"the list can be selected, this indicates they were modified previously." msgstr "" -#: booleans.py:175 -msgid "Allow user music sharing" +#: ../sepolicy/sepolicy/gui.py:1345 +msgid "connect" msgstr "" -#: booleans.py:176 -msgid "" -"Allow anon internal-sftp to upload files, used for public file transfer " -"services. Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/gui.py:1348 +msgid "listen for inbound connections" msgstr "" -#: booleans.py:177 -msgid "" -"Allow sftp-internal to read and write files in the user home directories" +#: ../sepolicy/sepolicy/gui.py:1350 +#, python-format +msgid "Add new port definition to which the '%s' domains is allowed to %s." msgstr "" -#: booleans.py:178 +#: ../sepolicy/sepolicy/gui.py:1351 +#, python-format msgid "" -"Allow sftp-internal to login to local users and read/write all files on the " -"system, governed by DAC." +"Delete modified port definitions to which the '%s' domain is allowed to %s." msgstr "" -#: booleans.py:179 -msgid "" -"Allow internal-sftp to read and write files in the user ssh home directories." +#: ../sepolicy/sepolicy/gui.py:1352 +#, python-format +msgid "Modify port definitions to which the '%s' domain is allowed to %s." msgstr "" -#: booleans.py:180 -msgid "Allow sge to connect to the network using any TCP port" +#: ../sepolicy/sepolicy/gui.py:1381 +msgid "Add new SELinux User/Role definition." msgstr "" -#: booleans.py:181 -msgid "Allow sge to access nfs file systems." +#: ../sepolicy/sepolicy/gui.py:1382 +msgid "Delete modified SELinux User/Role definitions." msgstr "" -#: booleans.py:182 -msgid "" -"Enable additional permissions needed to support devices on 3ware controllers." +#: ../sepolicy/sepolicy/gui.py:1383 +msgid "Modify selected modified SELinux User/Role definitions." msgstr "" -#: booleans.py:183 -msgid "" -"Allow samba to modify public files used for public file transfer services. " -"Files/Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/gui.py:1390 +msgid "Add new Login Mapping definition." msgstr "" -#: booleans.py:184 -msgid "Allow user spamassassin clients to use the network." +#: ../sepolicy/sepolicy/gui.py:1391 +msgid "Delete modified Login Mapping definitions." msgstr "" -#: booleans.py:185 -msgid "Allow spamd to read/write user home directories." +#: ../sepolicy/sepolicy/gui.py:1392 +msgid "Modify selected modified Login Mapping definitions." msgstr "" -#: booleans.py:186 -msgid "" -"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: ../sepolicy/sepolicy/gui.py:1399 +msgid "Add new File Equivalence definition." msgstr "" -#: booleans.py:187 -msgid "Allow squid to run as a transparent proxy (TPROXY)" +#: ../sepolicy/sepolicy/gui.py:1400 +msgid "Delete modified File Equivalence definitions." msgstr "" -#: booleans.py:188 +#: ../sepolicy/sepolicy/gui.py:1401 msgid "" -"Allow ssh with chroot env to read and write files in the user home " -"directories" +"Modify selected modified File Equivalence definitions. Only bolded items in " +"the list can be selected, this indicates they were modified previously." msgstr "" -#: booleans.py:189 -msgid "allow host key based authentication" +#: ../sepolicy/sepolicy/gui.py:1429 +#, python-format +msgid "Boolean %s Allow Rules" msgstr "" -#: booleans.py:190 -msgid "Allow ssh logins as sysadm_r:sysadm_t" +#: ../sepolicy/sepolicy/gui.py:1442 +#, python-format +msgid "Add Network Port for %s. Ports will be created when update is applied." msgstr "" -#: booleans.py:191 -msgid "Allow staff to exec content" +#: ../sepolicy/sepolicy/gui.py:1443 +#, python-format +msgid "Add Network Port for %s" msgstr "" -#: booleans.py:192 -msgid "allow staff user to create and transition to svirt domains." +#: ../sepolicy/sepolicy/gui.py:1448 +#, python-format +msgid "" +"Add File Labeling for %s. File labels will be created when update is applied." msgstr "" -#: booleans.py:193 -msgid "Allow sysadm to exec content" +#: ../sepolicy/sepolicy/gui.py:1449 ../sepolicy/sepolicy/gui.py:1500 +#, python-format +msgid "Add File Labeling for %s" msgstr "" -#: booleans.py:194 -msgid "Allow the Telepathy connection managers to connect to any network port." +#: ../sepolicy/sepolicy/gui.py:1459 +msgid "Add Login Mapping. User Mapping will be created when Update is applied." msgstr "" -#: booleans.py:195 -msgid "" -"Allow the Telepathy connection managers to connect to any generic TCP port." +#: ../sepolicy/sepolicy/gui.py:1460 +msgid "Add Login Mapping" msgstr "" -#: booleans.py:196 +#: ../sepolicy/sepolicy/gui.py:1465 msgid "" -"Allow tftp to modify public files used for public file transfer services." +"Add SELinux User Role. SELinux user roles will be created when update is " +"applied." msgstr "" -#: booleans.py:197 -msgid "Allow tftp to read and write files in the user home directories" +#: ../sepolicy/sepolicy/gui.py:1466 +msgid "Add SELinux Users" msgstr "" -#: booleans.py:198 -msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." +#: ../sepolicy/sepolicy/gui.py:1473 +msgid "" +"Add File Equivalency Mapping. Mapping will be created when update is applied." msgstr "" -#: booleans.py:199 -msgid "Allow tor to act as a relay" +#: ../sepolicy/sepolicy/gui.py:1474 +msgid "Add SELinux File Equivalency" msgstr "" -#: booleans.py:200 +#: ../sepolicy/sepolicy/gui.py:1499 +#, python-format msgid "" -"allow unconfined users to transition to the chrome sandbox domains when " -"running chrome-sandbox" +"Modify File Labeling for %s. File labels will be created when update is " +"applied." msgstr "" -#: booleans.py:201 -msgid "Allow a user to login as an unconfined domain" +#: ../sepolicy/sepolicy/gui.py:1566 +msgid "" +"Modify File Equivalency Mapping. Mapping will be created when update is " +"applied." msgstr "" -#: booleans.py:202 +#: ../sepolicy/sepolicy/gui.py:1567 +msgid "Modify SELinux File Equivalency" +msgstr "" + +#: ../sepolicy/sepolicy/gui.py:1652 +#, python-format msgid "" -"Allow unconfined users to transition to the Mozilla plugin domain when " -"running xulrunner plugin-container." +"Modify Network Port for %s. Ports will be created when update is applied." msgstr "" -#: booleans.py:203 -msgid "Allow video playing tools to run unconfined" +#: ../sepolicy/sepolicy/gui.py:1653 +#, python-format +msgid "Modify Network Port for %s" msgstr "" -#: booleans.py:204 -msgid "Allow unprivledged user to create and transition to svirt domains." +#: ../sepolicy/sepolicy/gui.py:1866 +#, python-format +msgid "The entry '%s' is not a valid path. Paths must begin with a '/'." msgstr "" -#: booleans.py:205 -msgid "Support ecryptfs home directories" +#: ../sepolicy/sepolicy/gui.py:1879 +msgid "Port number must be between 1 and 65536" msgstr "" -#: booleans.py:206 -msgid "Support fusefs home directories" +#: ../sepolicy/sepolicy/gui.py:2146 +#, python-format +msgid "SELinux name: %s" msgstr "" -#: booleans.py:207 -msgid "Use lpd server instead of cups" +#: ../sepolicy/sepolicy/gui.py:2157 +#, python-format +msgid "Add file labeling for %s" msgstr "" -#: booleans.py:208 -msgid "Support NFS home directories" +#: ../sepolicy/sepolicy/gui.py:2159 +#, python-format +msgid "Delete file labeling for %s" msgstr "" -#: booleans.py:209 -msgid "Support SAMBA home directories" +#: ../sepolicy/sepolicy/gui.py:2161 +#, python-format +msgid "Modify file labeling for %s" msgstr "" -#: booleans.py:210 -msgid "Allow user to exec content" +#: ../sepolicy/sepolicy/gui.py:2165 +#, python-format +msgid "File path: %s" msgstr "" -#: booleans.py:211 -msgid "Allow varnishd to connect to all ports, not just HTTP." +#: ../sepolicy/sepolicy/gui.py:2168 +#, python-format +msgid "File class: %s" msgstr "" -#: booleans.py:212 -msgid "Ignore vbetool mmap_zero errors." +#: ../sepolicy/sepolicy/gui.py:2171 ../sepolicy/sepolicy/gui.py:2195 +#, python-format +msgid "SELinux file type: %s" msgstr "" -#: booleans.py:213 -msgid "" -"Allow confined virtual guests to use serial/parallel communication ports" +#: ../sepolicy/sepolicy/gui.py:2180 +#, python-format +msgid "Add ports for %s" msgstr "" -#: booleans.py:214 -msgid "" -"Allow confined virtual guests to use executable memory and executable stack" +#: ../sepolicy/sepolicy/gui.py:2182 +#, python-format +msgid "Delete ports for %s" msgstr "" -#: booleans.py:215 -msgid "Allow confined virtual guests to read fuse files" +#: ../sepolicy/sepolicy/gui.py:2184 +#, python-format +msgid "Modify ports for %s" msgstr "" -#: booleans.py:216 -msgid "Allow confined virtual guests to manage nfs files" +#: ../sepolicy/sepolicy/gui.py:2187 +#, python-format +msgid "Network ports: %s" msgstr "" -#: booleans.py:217 -msgid "Allow confined virtual guests to interact with rawip sockets" +#: ../sepolicy/sepolicy/gui.py:2190 +#, python-format +msgid "Network protocol: %s" msgstr "" -#: booleans.py:218 -msgid "Allow confined virtual guests to manage cifs files" +#: ../sepolicy/sepolicy/gui.py:2204 +msgid "Add user" msgstr "" -#: booleans.py:219 -msgid "Allow confined virtual guests to interact with the sanlock" +#: ../sepolicy/sepolicy/gui.py:2206 +msgid "Delete user" msgstr "" -#: booleans.py:220 -msgid "Allow confined virtual guests to manage device configuration, (pci)" +#: ../sepolicy/sepolicy/gui.py:2208 +msgid "Modify user" msgstr "" -#: booleans.py:221 -msgid "Allow confined virtual guests to use usb devices" +#: ../sepolicy/sepolicy/gui.py:2211 +#, python-format +msgid "SELinux User : %s" msgstr "" -#: booleans.py:222 -msgid "Allow confined virtual guests to interact with the xserver" +#: ../sepolicy/sepolicy/gui.py:2216 +#, python-format +msgid "Roles: %s" msgstr "" -#: booleans.py:223 -msgid "Allow webadm to manage files in users home directories" +#: ../sepolicy/sepolicy/gui.py:2220 ../sepolicy/sepolicy/gui.py:2245 +#, python-format +msgid "MLS/MCS Range: %s" msgstr "" -#: booleans.py:224 -msgid "Allow webadm to read files in users home directories" +#: ../sepolicy/sepolicy/gui.py:2229 +msgid "Add login mapping" msgstr "" -#: booleans.py:225 -msgid "Ignore wine mmap_zero errors." +#: ../sepolicy/sepolicy/gui.py:2231 +msgid "Delete login mapping" msgstr "" -#: booleans.py:226 -msgid "Allow the graphical login program to execute bootloader" +#: ../sepolicy/sepolicy/gui.py:2233 +msgid "Modify login mapping" msgstr "" -#: booleans.py:227 -msgid "" -"Allow the graphical login program to login directly as sysadm_r:sysadm_t" +#: ../sepolicy/sepolicy/gui.py:2237 +#, python-format +msgid "Linux User : %s" msgstr "" -#: booleans.py:228 -msgid "Allow xen to manage nfs files" +#: ../sepolicy/sepolicy/gui.py:2241 +#, python-format +msgid "SELinux User: %s" msgstr "" -#: booleans.py:229 -msgid "" -"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " -"logical volumes for disk images." +#: ../sepolicy/sepolicy/gui.py:2254 +msgid "Add file equiv labeling." msgstr "" -#: booleans.py:230 -msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." +#: ../sepolicy/sepolicy/gui.py:2256 +msgid "Delete file equiv labeling." msgstr "" -#: booleans.py:231 -msgid "" -"Allow xguest users to configure Network Manager and connect to apache ports" +#: ../sepolicy/sepolicy/gui.py:2258 +msgid "Modify file equiv labeling." msgstr "" -#: booleans.py:232 -msgid "Allow xguest to exec content" +#: ../sepolicy/sepolicy/gui.py:2262 +#, python-format +msgid "File path : %s" msgstr "" -#: booleans.py:233 -msgid "Allow xguest users to mount removable media" +#: ../sepolicy/sepolicy/gui.py:2266 +#, python-format +msgid "Equivalence: %s" msgstr "" -#: booleans.py:234 -msgid "Allow xguest to use blue tooth devices" +#: ../sepolicy/sepolicy/gui.py:2369 +#, python-format +msgid "Run restorecon on %s to change its type from %s to the default %s?" msgstr "" -#: booleans.py:235 -msgid "Allows clients to write to the X server shared memory segments." +#: ../sepolicy/sepolicy/gui.py:2381 +msgid "Update Changes" msgstr "" -#: booleans.py:236 -msgid "Allows XServer to execute writable memory" +#: ../sepolicy/sepolicy/gui.py:2383 +msgid "Revert Changes" msgstr "" -#: booleans.py:237 -msgid "Support X userspace object manager" +#: ../sepolicy/sepolicy/gui.py:2556 +msgid "System Status: Enforcing" msgstr "" -#: booleans.py:238 -msgid "Allow zabbix to connect to unreserved ports" +#: ../sepolicy/sepolicy/gui.py:2558 +msgid "System Status: Permissive" msgstr "" -#: booleans.py:239 -msgid "Allow zebra daemon to write it configuration files" +#: ../sepolicy/sepolicy/gui.py:2749 +msgid "" +"Changing to SELinux disabled requires a reboot. It is not recommended. If " +"you later decide to turn SELinux back on, the system will be required to " +"relabel. If you just want to see if SELinux is causing a problem on your " +"system, you can go to permissive mode which will only log errors and not " +"enforce SELinux policy. Permissive mode does not require a reboot. Do you " +"wish to continue?" msgstr "" -#: booleans.py:240 +#: ../sepolicy/sepolicy/gui.py:2783 msgid "" -"Allow ZoneMinder to modify public files used for public file transfer " -"services." +"You are attempting to close the application without applying your changes.\n" +" * To apply changes you have made during this session, click No and " +"click Update.\n" +" * To leave the application without applying your changes, click Yes. " +"All changes that you have made during this session will be lost." +msgstr "" + +#: ../sepolicy/sepolicy/gui.py:2783 +msgid "Loss of data Dialog" msgstr "" diff --git a/policycoreutils/po/af_ZA.po b/policycoreutils/po/af_ZA.po new file mode 100644 index 0000000..fb0b1d9 --- /dev/null +++ b/policycoreutils/po/af_ZA.po @@ -0,0 +1,5099 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: Policycoreutils\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2013-10-10 16:04-0400\n" +"PO-Revision-Date: 2012-03-30 18:14+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Afrikaans (South Africa) (http://www.transifex.com/projects/p/" +"fedora/language/af_ZA/)\n" +"Language: af_ZA\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../run_init/run_init.c:67 +msgid "" +"USAGE: run_init