diff --git a/policycoreutils/.tx/config b/policycoreutils/.tx/config index 07643e9..daff18c 100644 --- a/policycoreutils/.tx/config +++ b/policycoreutils/.tx/config @@ -1,5 +1,5 @@ [main] -host = https://www.transifex.net +host = https://www.transifex.com [policycoreutils.policycoreutils] file_filter = po/.po diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile index 3980799..6624804 100644 --- a/policycoreutils/Makefile +++ b/policycoreutils/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui +SUBDIRS = sepolicy setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile index 88635d4..fc290ea 100644 --- a/policycoreutils/audit2allow/Makefile +++ b/policycoreutils/audit2allow/Makefile @@ -5,14 +5,19 @@ LIBDIR ?= $(PREFIX)/lib MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -all: ; +all: audit2why + +audit2why: + ln -sf audit2allow audit2why install: all -mkdir -p $(BINDIR) install -m 755 audit2allow $(BINDIR) + (cd $(BINDIR); ln -sf audit2allow audit2why) install -m 755 sepolgen-ifgen $(BINDIR) -mkdir -p $(MANDIR)/man1 install -m 644 audit2allow.1 $(MANDIR)/man1/ + install -m 644 audit2why.1 $(MANDIR)/man1/ clean: rm -f *~ diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow index 8e0c396..9f5185d 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow @@ -1,7 +1,8 @@ #! /usr/bin/python -Es # Authors: Karl MacMillan +# Authors: Dan Walsh # -# Copyright (C) 2006-2007 Red Hat +# Copyright (C) 2006-2013 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or @@ -18,7 +19,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -import sys +import sys, os import sepolgen.audit as audit import sepolgen.policygen as policygen @@ -29,6 +30,8 @@ import sepolgen.defaults as defaults import sepolgen.module as module from sepolgen.sepolgeni18n import _ import selinux.audit2why as audit2why +import locale +locale.setlocale(locale.LC_ALL, '') class AuditToPolicy: VERSION = "%prog .1" @@ -80,8 +83,7 @@ class AuditToPolicy: parser.add_option("--interface-info", dest="interface_info", help="file name of interface information") parser.add_option("--debug", dest="debug", action="store_true", default=False, help="leave generated modules for -M") - - parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False, + parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0])=="audit2why"), help="Translates SELinux audit messages into a description of why the access was denied") options, args = parser.parse_args() @@ -267,12 +269,10 @@ class AuditToPolicy: continue if rc == audit2why.CONSTRAINT: - print "\t\tPolicy constraint violation.\n" - print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n" - print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n" - for reason in data: - print "\t\tNote: Possible cause is the source and target %s differ\n" % reason - continue + print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" + print "#Constraint rule: \n\t" + data[0] + for reason in data[1:]: + print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason if rc == audit2why.RBAC: print "\t\tMissing role allow rule.\n" @@ -329,7 +329,7 @@ class AuditToPolicy: g.set_module_name(self.__options.module) if self.__options.output: - fd = open(self.__options.output, "w") + fd = open(self.__options.output, "a") else: fd = sys.stdout writer.write(g.get_module(), fd) @@ -350,6 +350,9 @@ class AuditToPolicy: except ValueError, e: print e sys.exit(1) + except IOError, e: + print e + sys.exit(1) if __name__ == "__main__": app = AuditToPolicy() diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1 index a854a45..2929b68 100644 --- a/policycoreutils/audit2allow/audit2allow.1 +++ b/policycoreutils/audit2allow/audit2allow.1 @@ -29,7 +29,7 @@ \- generate SELinux policy allow/dontaudit rules from logs of denied operations .BR audit2why -\- translates SELinux audit messages into a description of why the access was denied (audit2allow -w) +\- translates SELinux audit messages into a description of why the access was denied (audit2allow \-w) .SH SYNOPSIS .B audit2allow @@ -37,16 +37,16 @@ .SH OPTIONS .TP .B "\-a" | "\-\-all" -Read input from audit and message log, conflicts with -i +Read input from audit and message log, conflicts with \-i .TP .B "\-b" | "\-\-boot" -Read input from audit messages since last boot conflicts with -i +Read input from audit messages since last boot conflicts with \-i .TP .B "\-d" | "\-\-dmesg" Read input from output of .I /bin/dmesg. Note that all audit messages are not available via dmesg when -auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. +auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead. .TP .B "\-D" | "\-\-dontaudit" Generate dontaudit rules (Default: allow) @@ -65,7 +65,7 @@ read input only after last policy reload Generate module/require output .TP .B "\-M " -Generate loadable module package, conflicts with -o +Generate loadable module package, conflicts with \-o .TP .B "\-p " | "\-\-policy " Policy file to use for analysis @@ -123,7 +123,7 @@ an 'allow' rule. .PP .B Using audit2allow to generate module policy -$ cat /var/log/audit/audit.log | audit2allow -m local > local.te +$ cat /var/log/audit/audit.log | audit2allow \-m local > local.te $ cat local.te module local 1.0; @@ -141,7 +141,7 @@ allow myapp_t etc_t:file { getattr open read }; .B Using audit2allow to generate module policy using reference policy -$ cat /var/log/audit/audit.log | audit2allow -R -m local > local.te +$ cat /var/log/audit/audit.log | audit2allow \-R \-m local > local.te $ cat local.te policy_module(local, 1.0) @@ -155,34 +155,49 @@ files_read_etc_files(myapp_t) .B Building module policy using Makefile -# SELinux provides a policy devel environment under /usr/share/selinux/devel +# SELinux provides a policy devel environment under +# /usr/share/selinux/devel including all of the shipped +# interface files. # You can create a te file and compile it by executing -$ make -f /usr/share/selinux/devel/Makefile -$ semodule -i local.pp + +$ make -f /usr/share/selinux/devel/Makefile local.pp + + +# This make command will compile a local.te file in the current +# directory. If you did not specify a "pp" file, the make file +# will compile all "te" files in the current directory. After +# you compile your te file into a "pp" file, you need to install +# it using the semodule command. + +$ semodule \-i local.pp .B Building module policy manually # Compile the module -$ checkmodule -M -m -o local.mod local.te +$ checkmodule \-M \-m \-o local.mod local.te + # Create the package -$ semodule_package -o local.pp -m local.mod +$ semodule_package \-o local.pp \-m local.mod + # Load the module into the kernel -$ semodule -i local.pp +$ semodule \-i local.pp .B Using audit2allow to generate and build module policy -$ cat /var/log/audit/audit.log | audit2allow -M local -Generating type enforcment file: local.te -Compiling policy: checkmodule -M -m -o local.mod local.te -Building package: semodule_package -o local.pp -m local.mod + +$ cat /var/log/audit/audit.log | audit2allow \-M local +Generating type enforcement file: local.te +Compiling policy: checkmodule \-M \-m \-o local.mod local.te +Building package: semodule_package \-o local.pp \-m local.mod ******************** IMPORTANT *********************** In order to load this newly created policy package into the kernel, you are required to execute -semodule -i local.pp +semodule \-i local.pp + +.B Using audit2allow to generate monolithic (non\-module) policy -.B Using audit2allow to generate monolithic (non-module) policy $ cd /etc/selinux/$SELINUXTYPE/src/policy $ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te $ cat domains/misc/local.te diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1 new file mode 100644 index 0000000..a9e8893 --- /dev/null +++ b/policycoreutils/audit2allow/audit2why.1 @@ -0,0 +1 @@ +.so man1/audit2allow.1 diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen index ef4bec3..3967ba5 100644 --- a/policycoreutils/audit2allow/sepolgen-ifgen +++ b/policycoreutils/audit2allow/sepolgen-ifgen @@ -62,6 +62,9 @@ def parse_options(): return options def get_policy(): + p = selinux.selinux_current_policy_path() + if os.path.exists(p): + return p i = selinux.security_policyvers() p = selinux.selinux_binary_policy_path() + "." + str(i) while i > 0 and not os.path.exists(p): diff --git a/policycoreutils/audit2why/Makefile b/policycoreutils/audit2why/Makefile deleted file mode 100644 index 63eb8b3..0000000 --- a/policycoreutils/audit2why/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -# Installation directories. -PREFIX ?= $(DESTDIR)/usr -BINDIR ?= $(PREFIX)/bin -MANDIR ?= $(PREFIX)/share/man - -TARGETS=audit2why - -all: $(TARGETS) - -install: all - -mkdir -p $(BINDIR) - install -m 755 $(TARGETS) $(BINDIR) - -mkdir -p $(MANDIR)/man1 - install -m 644 audit2why.1 $(MANDIR)/man1/ - -clean: - -relabel: diff --git a/policycoreutils/audit2why/audit2why b/policycoreutils/audit2why/audit2why deleted file mode 100644 index 21a72aa..0000000 --- a/policycoreutils/audit2why/audit2why +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/usr/bin/audit2allow -w $* diff --git a/policycoreutils/audit2why/audit2why.1 b/policycoreutils/audit2why/audit2why.1 deleted file mode 100644 index a9e8893..0000000 --- a/policycoreutils/audit2why/audit2why.1 +++ /dev/null @@ -1 +0,0 @@ -.so man1/audit2allow.1 diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile index b5abbb9..a8cf71f 100644 --- a/policycoreutils/gui/Makefile +++ b/policycoreutils/gui/Makefile @@ -1,7 +1,10 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr +SYSCONFDIR ?= ${DESTDIR}/etc BINDIR ?= $(PREFIX)/bin SHAREDIR ?= $(PREFIX)/share/system-config-selinux +DATADIR ?= $(PREFIX)/share +MANDIR = $(PREFIX)/share/man TARGETS= \ booleansPage.py \ @@ -16,18 +19,30 @@ portsPage.py \ semanagePage.py \ statusPage.py \ system-config-selinux.glade \ +system-config-selinux.png \ usersPage.py all: $(TARGETS) system-config-selinux.py polgengui.py install: all + -mkdir -p $(MANDIR)/man8 -mkdir -p $(SHAREDIR) -mkdir -p $(BINDIR) + -mkdir -p $(DATADIR)/pixmaps + -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps + -mkdir -p $(SYSCONFDIR) + -mkdir -p $(DATADIR)/polkit-1/actions/ install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 755 system-config-selinux $(BINDIR) install -m 755 polgengui.py $(SHAREDIR) - install -m 755 sepolgen $(BINDIR) install -m 644 $(TARGETS) $(SHAREDIR) - + install -m 644 system-config-selinux.8 $(MANDIR)/man8 + install -m 644 selinux-polgengui.8 $(MANDIR)/man8 + install -m 644 system-config-selinux.png $(DATADIR)/pixmaps + install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps + install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux + install -m 644 *.desktop $(DATADIR)/system-config-selinux + install -m 644 org.fedoraproject.config.selinux.policy $(DATADIR)/polkit-1/actions/ clean: indent: diff --git a/policycoreutils/gui/org.fedoraproject.config.selinux.policy b/policycoreutils/gui/org.fedoraproject.config.selinux.policy new file mode 100644 index 0000000..fcfa81d --- /dev/null +++ b/policycoreutils/gui/org.fedoraproject.config.selinux.policy @@ -0,0 +1,22 @@ + + + + + System Config SELinux + http://fedorahosted.org/system-config-selinux + + + Run System Config SELinux + Authentication is required to run system-config-selinux + system-selinux + + no + no + auth_admin + + /usr/share/system-config-selinux/system-config-selinux.py + true + + diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py index 1c16f7b..8b6f902 100644 --- a/policycoreutils/gui/polgengui.py +++ b/policycoreutils/gui/polgengui.py @@ -4,7 +4,7 @@ # # Dan Walsh # -# Copyright (C) 2007-2012 Red Hat +# Copyright (C) 2007-2013 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,7 +28,12 @@ import os import gobject import gnome import sys -from sepolicy import generate +try: + from sepolicy import generate +except ValueError,e: + sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) + sys.exit(1) + import sepolicy.interface import commands @@ -320,14 +325,16 @@ class childWindow: col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) self.admin_treeview.append_column(col) - - for u in sepolicy.interface.get_user(): - iter = self.transition_store.append() - self.transition_store.set_value(iter, 0, u) - - for a in sepolicy.interface.get_admin(): - iter = self.admin_store.append() - self.admin_store.set_value(iter, 0, a) + try: + for u in sepolicy.interface.get_user(): + iter = self.transition_store.append() + self.transition_store.set_value(iter, 0, u) + + for a in sepolicy.interface.get_admin(): + iter = self.admin_store.append() + self.admin_store.set_value(iter, 0, a) + except ValueError,e: + self.error(e.message) def confine_application(self): return self.get_type() in generate.APPLICATIONS diff --git a/policycoreutils/gui/selinux-polgengui.8 b/policycoreutils/gui/selinux-polgengui.8 new file mode 100644 index 0000000..52bf7dd --- /dev/null +++ b/policycoreutils/gui/selinux-polgengui.8 @@ -0,0 +1,35 @@ +.TH "selinux-polgengui" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual" + +.SH NAME +selinux\-polgengui \- SELinux Policy Generation Tool + +.SH SYNOPSIS +.B selinux-polgengui + +.SH DESCRIPTION +\fBselinux-polgengui\fP is a graphical tool, which can be used to create a framework for building SELinux Policy. +.SH OPTIONS +None + +.SH FILES +\fi/usr/bin/selinux-polgengui\fP + +.SH Examples +To run the program type: + +selinux-polgengui + +.PP +.SH "SEE ALSO" +.TP +selinux(1), sepolicy(8), sepolicy-generate(8) +.PP + +.SH REPORTING BUGS +Report bugs to . + +.SH LICENSE AND AUTHORS +\fBselinux-polgengui\fP is licensed under the GNU Public License and +is copyrighted by Red Hat, Inc. +.br +This man page was written by Daniel Walsh diff --git a/policycoreutils/gui/selinux-polgengui.desktop b/policycoreutils/gui/selinux-polgengui.desktop new file mode 100644 index 0000000..0c2f399 --- /dev/null +++ b/policycoreutils/gui/selinux-polgengui.desktop @@ -0,0 +1,67 @@ +[Desktop Entry] +Name=SELinux Policy Generation Tool +Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী +Name[ca]=Eina de generació de polítiques del SELinux +Name[da]=Regelsætgenereringsværktøj til SELinux +Name[de]=Tool zur Erstellung von SELinux-Richtlinien +Name[es]=Generador de Políticas de SELinux +Name[fi]=SELinux-käytäntöjen generointityökalu +Name[fr]=Outil de génération de stratégies SELinux +Name[gu]=SELinux પોલિસી બનાવટ સાધન +Name[hi]=SELinux पॉलिसी जनन औजार +Name[it]=Tool di generazione della policy di SELinux +Name[ja]=SELinux ポリシー生成ツール +Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ +Name[ko]=SELinux 정책 생성 도구 +Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം +Name[mr]=SELinux करार निर्माण साधन +Name[nl]=SELinux tactiek generatie gereedschap +Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ +Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ +Name[pl]=Narzędzie tworzenia polityki SELinuksa +Name[pt]=Ferramenta de Geração de Políticas SELinux +Name[pt_BR]=Ferramenta de criação de políticas do SELinux +Name[ru]=Средство создания политики SELinux +Name[sv]=Genereringsverktyg för SELinuxpolicy +Name[ta]=SELinux பாலிசி உற்பத்தி கருவி +Name[te]=SELinux నిర్వహణ +Name[uk]=Утиліта генерації правил SELinux +Name[zh_CN]=SELinux 策略生成工具 +Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool) +Comment=Generate SELinux policy modules +Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন +Comment[ca]=Genera els mòduls de les polítiques de SELinux +Comment[da]=Generér SELinux-regelsætmodul +Comment[de]=Tool zur Erstellung von SELinux-Richtlinien +Comment[es]=Generar módulos de política de SELinux +Comment[fi]=Generoi SELinuxin käytäntömoduuleja +Comment[fr]=Génére des modules de stratégie SELinux +Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો +Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें +Comment[it]=Genera moduli della politica di SELinux +Comment[ja]=新しいポリシーモジュールの作成 +Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು +Comment[ko]=SELinux 정책 모듈 생성 +Comment[ml]=SELinux യ പോളിസി ഘങ്ങള്‍ തയ്യാറാക്കുക +Comment[mr]=SELinux करार घटके निर्माण करा +Comment[nl]=Maak een SELinux tactiek module aan +Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ +Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ +Comment[pl]=Tworzenie nowych modułów polityki SELinuksa +Comment[pt]=Gerar módulos de políticas SELinux +Comment[pt_BR]=Gerar módulos de política do SELinux +Comment[ru]=Генерация модулей политики SELinux +Comment[sv]=Generera SELinux-policymoduler +Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும் +Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము +Comment[uk]=Створення модулів контролю доступу SELinux +Comment[zh_CN]=生成 SELinux 策略模块 +Comment[zh_TW]=產生 SELinux 政策模組 +StartupNotify=true +Icon=system-config-selinux +Exec=/usr/bin/selinux-polgengui +Type=Application +Terminal=false +Categories=System;Security; +X-Desktop-File-Install-Version=0.2 +Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux new file mode 100755 index 0000000..5be5ccd --- /dev/null +++ b/policycoreutils/gui/system-config-selinux @@ -0,0 +1,3 @@ +#!/bin/sh + +exec /usr/bin/pkexec /usr/share/system-config-selinux/system-config-selinux.py diff --git a/policycoreutils/gui/system-config-selinux.8 b/policycoreutils/gui/system-config-selinux.8 new file mode 100644 index 0000000..eca2024 --- /dev/null +++ b/policycoreutils/gui/system-config-selinux.8 @@ -0,0 +1,37 @@ +.TH "system-config-selinux" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual" + +.SH NAME +system\-config\-selinux \- SELinux Management tool + +.SH SYNOPSIS +.B system-config-selinux + +.SH DESCRIPTION +\fBsystem-config-selinux\fP provides a graphical interface for managing the +SELinux configuration. + +.SH OPTIONS +None + +.SH FILES +\fi/usr/bin/system-config-selinux\fP + +.SH Examples +To run the program type: + +system-config-selinux + +.PP +.SH "SEE ALSO" +.TP +selinux(1), semanage(8) +.PP + +.SH REPORTING BUGS +Report bugs to . + +.SH LICENSE AND AUTHORS +\fBsystem-config-selinux\fP is licensed under the GNU Public License and +is copyrighted by Red Hat, Inc. +.br +This man page was written by Daniel Walsh diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop new file mode 100644 index 0000000..8822ce2 --- /dev/null +++ b/policycoreutils/gui/system-config-selinux.desktop @@ -0,0 +1,67 @@ +[Desktop Entry] +Name=SELinux Management +Name[bn_IN]=SELinux পরিচালনা +Name[da]=Håndtering af SELinux +Name[de]=SELinux-Management +Name[ca]=Gestió de SELinux +Name[es]=Administración de SELinux +Name[fi]=SELinuxin ylläpito +Name[fr]=Gestion de SELinux +Name[gu]=SELinux સંચાલન +Name[hi]=SELinux प्रबंधन +Name[jp]=SELinux 管理 +Name[it]=Gestione di SELinux +Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ +Name[ko]=SELinux 관리 +Name[ml]=SELinux മാനേജ്മെന്റ് +Name[mr]=SELinux मॅनेजमेंट +Name[nl]=SELinux beheer +Name[or]=SELinux ପରିଚାଳନା +Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ +Name[pl]=Zarządzanie SELinuksem +Name[pt_BR]=Gerenciamento do SELinux +Name[pt]=Gestão de SELinux +Name[ru]=Управление SELinux +Name[sv]=SELinux-hantering +Name[ta]=SELinux மேலாண்மை +Name[te]=SELinux నిర్వహణ +Name[uk]=Керування SELinux +Name[zh_CN]=SELinux 管理 +Name[zh_TW]=SELinux 管理 +Comment=Configure SELinux in a graphical setting +Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন +Comment[ca]=Configura SELinuc an mode de preferències gràfiques +Comment[da]=Konfigurér SELinux i et grafisk miljø +Comment[de]=SELinux in einer grafischen Einstellung konfigurieren +Comment[es]=Defina SELinux en una configuración de interfaz gráfica +Comment[fi]=Tee SELinuxin asetukset graafisesti +Comment[fr]=Configure SELinux dans un environnement graphique +Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો +Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें +Comment[it]=Configura SELinux in una impostazione grafica +Comment[jp]=グラフィカルな設定画面で SELinux を設定する +Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정 +Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ +Comment[ml]=ഒരു ഗ്രാഫിക്കല്‍ സജ്ജീകരണത്തില്‍ SELinux ക്രമീകരിയ്ക്കുക +Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा +Comment[nl]=Configureer SELinux in een grafische omgeving +Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ +Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ +Comment[pl]=Konfiguracja SELinuksa w trybie graficznym +Comment[pt]=Configurar o SELinux num ambiente gráfico +Comment[pt_BR]=Configure o SELinux em uma configuração gráfica +Comment[ru]=Настройка SELinux в графическом режиме +Comment[sv]=Konfigurera SELinux i en grafisk miljö +Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும் +Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము +Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом +Comment[zh_CN]=在图形设置中配置 SELinux +Comment[zh_TW]=在圖形話設定中配置 SELinux +StartupNotify=true +Icon=system-config-selinux +Exec=/usr/bin/system-config-selinux +Type=Application +Terminal=false +Categories=System;Security; +X-Desktop-File-Install-Version=0.2 +Keywords=policy;security;selinux;avc;permission;mac; diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui/system-config-selinux.png new file mode 100644 index 0000000..68ffcb7 Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8 index f9ca36e..a86073f 100644 --- a/policycoreutils/load_policy/load_policy.8 +++ b/policycoreutils/load_policy/load_policy.8 @@ -19,7 +19,7 @@ values in the policy file. suppress warning messages. .TP .B \-i -inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs). +initial policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs). .SH "EXIT STATUS" .TP diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5 index 4963cdc..dbfec55 100644 --- a/policycoreutils/man/man5/selinux_config.5 +++ b/policycoreutils/man/man5/selinux_config.5 @@ -92,7 +92,7 @@ The binary policy name has by convention the SELinux policy version that it supp .RS This entry is deprecated and should be removed or set to \fI0\fR. .sp -If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customisation for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)). +If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)). .RE .sp .B REQUIRESEUSERS @@ -122,7 +122,7 @@ This is an optional entry that allows the file system to be relabeled. .sp If set to \fI0\fR and there is a file called \fI.autorelabel\fR in the root directory, then on a reboot, the loader will drop to a shell where a root login is required. An administrator can then manually relabel the file system. .sp -If set to \fI1\fR or no entry present (the default) and there is a \fI.autorelabel\fR file in the root directory, then the file system will be automatically relabeled using \fBfixfiles -F restore\fR +If set to \fI1\fR or no entry present (the default) and there is a \fI.autorelabel\fR file in the root directory, then the file system will be automatically relabeled using \fBfixfiles \-F restore\fR .sp In both cases the \fI/.autorelabel\fR file will be removed so that relabeling is not done again. .RE diff --git a/policycoreutils/mcstrans/man/man8/mcs.8 b/policycoreutils/mcstrans/man/man8/mcs.8 index 44126bf..aeaf22e 100644 --- a/policycoreutils/mcstrans/man/man8/mcs.8 +++ b/policycoreutils/mcstrans/man/man8/mcs.8 @@ -20,7 +20,7 @@ readable form. Administrators can define any labels they want in this file. Certain applications like printing and auditing will use these labels to identify the files. By setting a category on a file you will prevent other applications/services from having access to the files. -.p +.P Examples of file labels would be PatientRecord, CompanyConfidential etc. .SH "SEE ALSO" diff --git a/policycoreutils/newrole/newrole.1 b/policycoreutils/newrole/newrole.1 index 376c458..c47bc52 100644 --- a/policycoreutils/newrole/newrole.1 +++ b/policycoreutils/newrole/newrole.1 @@ -44,7 +44,7 @@ Additional arguments .I ARGS may be provided after a -- option, in which case they are supplied to the new shell. -In particular, an argument of -- -c will cause the next argument to be +In particular, an argument of \-\- \-c will cause the next argument to be treated as a command by most command interpreters. .PP If a command argument is specified to newrole and the command name is found @@ -66,31 +66,31 @@ shows the current version of newrole .SH EXAMPLE .br Changing role: - # id -Z + # id \-Z staff_u:staff_r:staff_t:SystemLow-SystemHigh - # newrole -r sysadm_r - # id -Z + # newrole \-r sysadm_r + # id \-Z staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh Changing sensitivity only: - # id -Z + # id \-Z staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh - # newrole -l Secret - # id -Z + # newrole \-l Secret + # id \-Z staff_u:sysadm_r:sysadm_t:Secret-SystemHigh .PP Changing sensitivity and clearance: - # id -Z + # id \-Z staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh - # newrole -l Secret-Secret - # id -Z + # newrole \-l Secret-Secret + # id \-Z staff_u:sysadm_r:sysadm_t:Secret .PP Running a program in a given role or level: - # newrole -r sysadm_r -- -c "/path/to/app arg1 arg2..." - # newrole -l Secret -- -c "/path/to/app arg1 arg2..." + # newrole \-r sysadm_r \-\- \-c "/path/to/app arg1 arg2..." + # newrole \-l Secret \-\- \-c "/path/to/app arg1 arg2..." .SH FILES /etc/passwd - user account information diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index 8fbf2d0..4e59a06 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -547,9 +547,7 @@ static int drop_capabilities(int full) if (!uid) return 0; capng_setpid(getpid()); - capng_clear(CAPNG_SELECT_BOTH); - if (capng_lock() < 0) - return -1; + capng_clear(CAPNG_SELECT_CAPS); /* Change uid */ if (setresuid(uid, uid, uid)) { @@ -558,7 +556,7 @@ static int drop_capabilities(int full) } if (! full) capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE); - return capng_apply(CAPNG_SELECT_BOTH); + return capng_apply(CAPNG_SELECT_CAPS); } #elif defined(NAMESPACE_PRIV) /** @@ -576,20 +574,21 @@ static int drop_capabilities(int full) */ static int drop_capabilities(int full) { + uid_t uid = getuid(); + if (!uid) return 0; + capng_setpid(getpid()); - capng_clear(CAPNG_SELECT_BOTH); - if (capng_lock() < 0) - return -1; + capng_clear(CAPNG_SELECT_CAPS); - uid_t uid = getuid(); /* Change uid */ if (setresuid(uid, uid, uid)) { fprintf(stderr, _("Error changing uid, aborting.\n")); return -1; } if (! full) - capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1); - return capng_apply(CAPNG_SELECT_BOTH); + capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_AUDIT_WRITE, -1); + + return capng_apply(CAPNG_SELECT_CAPS); } #else @@ -680,7 +679,7 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, security_context_t * tty_context, security_context_t * new_tty_context) { - int fd; + int fd, rc; int enforcing = security_getenforce(); security_context_t tty_con = NULL; security_context_t new_tty_con = NULL; @@ -699,7 +698,13 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, fprintf(stderr, _("Error! Could not open %s.\n"), ttyn); return fd; } - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + /* this craziness is to make sure we cann't block on open and deadlock */ + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) { + fprintf(stderr, _("Error! Could not clear O_NONBLOCK on %s\n"), ttyn); + close(fd); + return rc; + } if (fgetfilecon(fd, &tty_con) < 0) { fprintf(stderr, _("%s! Could not get current context " @@ -1010,9 +1015,9 @@ int main(int argc, char *argv[]) int fd; pid_t childPid = 0; char *shell_argv0 = NULL; + int rc; #ifdef USE_PAM - int rc; int pam_status; /* pam return code */ pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ @@ -1226,15 +1231,23 @@ int main(int argc, char *argv[]) fd = open(ttyn, O_RDONLY | O_NONBLOCK); if (fd != 0) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; + fd = open(ttyn, O_RDWR | O_NONBLOCK); if (fd != 1) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; + fd = open(ttyn, O_RDWR | O_NONBLOCK); if (fd != 2) goto err_close_pam; - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); + if (rc) + goto err_close_pam; } /* @@ -1268,19 +1281,24 @@ int main(int argc, char *argv[]) } #endif - if (send_audit_message(1, old_context, new_context, ttyn)) + if (send_audit_message(1, old_context, new_context, ttyn)) { + fprintf(stderr, _("Failed to send audit message")); goto err_close_pam_session; + } freecon(old_context); old_context=NULL; freecon(new_context); new_context=NULL; #ifdef NAMESPACE_PRIV - if (transition_to_caller_uid()) + if (transition_to_caller_uid()) { + fprintf(stderr, _("Failed to transition to namespace\n")); goto err_close_pam_session; + } #endif - if (drop_capabilities(TRUE)) + if (drop_capabilities(TRUE)) { + fprintf(stderr, _("Failed to drop capabilities %m\n")); goto err_close_pam_session; - + } /* Handle environment changes */ if (restore_environment(preserve_environment, old_environ, &pw)) { fprintf(stderr, _("Unable to restore the environment, " diff --git a/policycoreutils/newrole/newrole.pamd b/policycoreutils/newrole/newrole.pamd index d1b435c..de3582f 100644 --- a/policycoreutils/newrole/newrole.pamd +++ b/policycoreutils/newrole/newrole.pamd @@ -1,4 +1,6 @@ #%PAM-1.0 +# Uncomment the next line if you do not want to enter your passwd everytime +# auth sufficient pam_rootok.so auth include system-auth account include system-auth password include system-auth diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile index a377996..a693823 100644 --- a/policycoreutils/po/Makefile +++ b/policycoreutils/po/Makefile @@ -60,6 +60,7 @@ POTFILES = \ ../gui/system-config-selinux.py \ ../gui/usersPage.py \ ../secon/secon.c \ + booleans.py \ ../sepolicy/info.c \ ../sepolicy/search.c \ ../sepolicy/sepolicy.py \ @@ -67,6 +68,8 @@ POTFILES = \ ../sepolicy/sepolicy/__init__.py \ ../sepolicy/sepolicy/network.py \ ../sepolicy/sepolicy/generate.py \ + ../sepolicy/sepolicy/sepolicy.glade \ + ../sepolicy/sepolicy/gui.py \ ../sepolicy/sepolicy/manpage.py \ ../sepolicy/sepolicy/transition.py \ ../sepolicy/sepolicy/templates/executable.py \ @@ -80,13 +83,16 @@ POTFILES = \ ../sepolicy/sepolicy/templates/var_lib.py \ ../sepolicy/sepolicy/templates/var_log.py \ ../sepolicy/sepolicy/templates/var_run.py \ - ../sepolicy/sepolicy/templates/var_spool.py \ + ../sepolicy/sepolicy/templates/var_spool.py #default:: clean all:: $(MOFILES) -$(POTFILE): $(POTFILES) +booleans.py: + sepolicy booleans -a > booleans.py + +$(POTFILE): $(POTFILES) booleans.py $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ rm -f $(NLSPACKAGE).po; \ @@ -95,6 +101,7 @@ $(POTFILE): $(POTFILES) fi; \ update-po: Makefile $(POTFILE) refresh-po + @rm -f booleans.py refresh-po: Makefile for cat in $(POFILES); do \ diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES index 667e394..bcb9e99 100644 --- a/policycoreutils/po/POTFILES +++ b/policycoreutils/po/POTFILES @@ -47,4 +47,26 @@ ../gui/templates/var_log.py ../gui/templates/var_run.py ../gui/templates/var_spool.py - ../secon/secon.c + ../sepolicy/info.c + ../sepolicy/search.c + ../sepolicy/sepolicy.py + ../sepolicy/sepolicy/communicate.py + ../sepolicy/sepolicy/__init__.py + ../sepolicy/sepolicy/network.py + ../sepolicy/sepolicy/generate.py + ../sepolicy/sepolicy/sepolicy.glade + ../sepolicy/sepolicy/gui.py + ../sepolicy/sepolicy/manpage.py + ../sepolicy/sepolicy/transition.py + ../sepolicy/sepolicy/templates/executable.py + ../sepolicy/sepolicy/templates/__init__.py + ../sepolicy/sepolicy/templates/network.py + ../sepolicy/sepolicy/templates/rw.py + ../sepolicy/sepolicy/templates/script.py + ../sepolicy/sepolicy/templates/semodule.py + ../sepolicy/sepolicy/templates/tmp.py + ../sepolicy/sepolicy/templates/user.py + ../sepolicy/sepolicy/templates/var_lib.py + ../sepolicy/sepolicy/templates/var_log.py + ../sepolicy/sepolicy/templates/var_run.py + ../sepolicy/sepolicy/templates/var_spool.py diff --git a/policycoreutils/po/POTFILES.in b/policycoreutils/po/POTFILES.in index 75117f4..aca0474 100644 --- a/policycoreutils/po/POTFILES.in +++ b/policycoreutils/po/POTFILES.in @@ -42,6 +42,8 @@ sepolicy/sepolicy/communicate.py sepolicy/sepolicy/__init__.py sepolicy/sepolicy/network.py sepolicy/sepolicy/generate.py +sepolicy/sepolicy/sepolicy.glade +sepolicy/sepolicy/gui.py sepolicy/sepolicy/manpage.py sepolicy/sepolicy/transition.py sepolicy/sepolicy/templates/executable.py diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po index 961d921..c1e038c 100644 --- a/policycoreutils/po/af.po +++ b/policycoreutils/po/af.po @@ -1,21 +1,21 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. -# -#, fuzzy +# +# Translators: msgid "" msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" +"Project-Id-Version: Policycoreutils\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-01-04 12:01-0500\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"POT-Creation-Date: 2013-07-10 16:36-0400\n" +"PO-Revision-Date: 2012-03-30 18:14+0000\n" "Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" +"Language-Team: Afrikaans (http://www.transifex.com/projects/p/fedora/language/af/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +"Language: af\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" #: ../run_init/run_init.c:67 msgid "" @@ -24,7 +24,7 @@ msgid "" " are the arguments to that script." msgstr "" -#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 +#: ../run_init/run_init.c:126 ../newrole/newrole.c:1128 #, c-format msgid "failed to initialize PAM\n" msgstr "" @@ -73,7 +73,7 @@ msgstr "" msgid "authentication failed.\n" msgstr "" -#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 +#: ../run_init/run_init.c:405 ../newrole/newrole.c:1270 #, c-format msgid "Could not set exec context to %s.\n" msgstr "" @@ -126,7 +126,7 @@ msgstr "" msgid "Semanage transaction not in progress" msgstr "" -#: ../semanage/seobject.py:265 ../semanage/seobject.py:345 +#: ../semanage/seobject.py:265 ../semanage/seobject.py:347 msgid "Could not list SELinux modules" msgstr "" @@ -142,814 +142,830 @@ msgstr "" msgid "Disabled" msgstr "" -#: ../semanage/seobject.py:296 +#: ../semanage/seobject.py:288 +#, python-format +msgid "Module does not exists %s " +msgstr "" + +#: ../semanage/seobject.py:298 #, python-format msgid "Could not disable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:307 +#: ../semanage/seobject.py:309 #, python-format msgid "Could not enable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:322 +#: ../semanage/seobject.py:324 #, python-format msgid "Could not remove module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:332 +#: ../semanage/seobject.py:334 msgid "dontaudit requires either 'on' or 'off'" msgstr "" -#: ../semanage/seobject.py:360 +#: ../semanage/seobject.py:362 msgid "Builtin Permissive Types" msgstr "" -#: ../semanage/seobject.py:370 +#: ../semanage/seobject.py:372 msgid "Customized Permissive Types" msgstr "" -#: ../semanage/seobject.py:412 +#: ../semanage/seobject.py:381 +msgid "" +"The sepolgen python module is required to setup permissive domains.\n" +"In some distributions it is included in the policycoreutils-devel patckage.\n" +"# yum install policycoreutils-devel\n" +"Or similar for your distro." +msgstr "" + +#: ../semanage/seobject.py:418 #, python-format msgid "Could not set permissive domain %s (module installation failed)" msgstr "" -#: ../semanage/seobject.py:418 +#: ../semanage/seobject.py:424 #, python-format msgid "Could not remove permissive domain %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:453 ../semanage/seobject.py:527 -#: ../semanage/seobject.py:573 ../semanage/seobject.py:695 -#: ../semanage/seobject.py:725 ../semanage/seobject.py:792 -#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104 -#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883 -#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025 -#: ../semanage/seobject.py:2076 +#: ../semanage/seobject.py:459 ../semanage/seobject.py:533 +#: ../semanage/seobject.py:579 ../semanage/seobject.py:701 +#: ../semanage/seobject.py:731 ../semanage/seobject.py:798 +#: ../semanage/seobject.py:855 ../semanage/seobject.py:1113 +#: ../semanage/seobject.py:1836 ../semanage/seobject.py:1899 +#: ../semanage/seobject.py:1918 ../semanage/seobject.py:2041 +#: ../semanage/seobject.py:2092 #, python-format msgid "Could not create a key for %s" msgstr "" -#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 -#: ../semanage/seobject.py:577 ../semanage/seobject.py:583 +#: ../semanage/seobject.py:463 ../semanage/seobject.py:537 +#: ../semanage/seobject.py:583 ../semanage/seobject.py:589 #, python-format msgid "Could not check if login mapping for %s is defined" msgstr "" -#: ../semanage/seobject.py:466 +#: ../semanage/seobject.py:472 #, python-format msgid "Linux Group %s does not exist" msgstr "" -#: ../semanage/seobject.py:471 +#: ../semanage/seobject.py:477 #, python-format msgid "Linux User %s does not exist" msgstr "" -#: ../semanage/seobject.py:475 +#: ../semanage/seobject.py:481 #, python-format msgid "Could not create login mapping for %s" msgstr "" -#: ../semanage/seobject.py:479 ../semanage/seobject.py:740 +#: ../semanage/seobject.py:485 ../semanage/seobject.py:746 #, python-format msgid "Could not set name for %s" msgstr "" -#: ../semanage/seobject.py:484 ../semanage/seobject.py:750 +#: ../semanage/seobject.py:490 ../semanage/seobject.py:756 #, python-format msgid "Could not set MLS range for %s" msgstr "" -#: ../semanage/seobject.py:488 +#: ../semanage/seobject.py:494 #, python-format msgid "Could not set SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:492 +#: ../semanage/seobject.py:498 #, python-format msgid "Could not add login mapping for %s" msgstr "" -#: ../semanage/seobject.py:510 +#: ../semanage/seobject.py:516 msgid "Requires seuser or serange" msgstr "" -#: ../semanage/seobject.py:533 ../semanage/seobject.py:579 +#: ../semanage/seobject.py:539 ../semanage/seobject.py:585 #, python-format msgid "Login mapping for %s is not defined" msgstr "" -#: ../semanage/seobject.py:537 +#: ../semanage/seobject.py:543 #, python-format msgid "Could not query seuser for %s" msgstr "" -#: ../semanage/seobject.py:551 +#: ../semanage/seobject.py:557 #, python-format msgid "Could not modify login mapping for %s" msgstr "" -#: ../semanage/seobject.py:585 +#: ../semanage/seobject.py:591 #, python-format msgid "Login mapping for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:589 +#: ../semanage/seobject.py:595 #, python-format msgid "Could not delete login mapping for %s" msgstr "" -#: ../semanage/seobject.py:611 ../semanage/seobject.py:644 -#: ../semanage/seobject.py:892 +#: ../semanage/seobject.py:617 ../semanage/seobject.py:650 +#: ../semanage/seobject.py:898 msgid "Could not list login mappings" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 +#: ../semanage/seobject.py:678 ../semanage/seobject.py:690 #: ../gui/system-config-selinux.glade:100 msgid "Login Name" msgstr "" -#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:678 ../semanage/seobject.py:690 +#: ../semanage/seobject.py:948 ../semanage/seobject.py:953 #: ../gui/system-config-selinux.glade:128 #: ../gui/system-config-selinux.glade:915 #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 msgid "SELinux User" msgstr "" -#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156 +#: ../semanage/seobject.py:678 ../gui/system-config-selinux.glade:156 #: ../gui/system-config-selinux.glade:943 msgid "MLS/MCS Range" msgstr "" -#: ../semanage/seobject.py:672 +#: ../semanage/seobject.py:678 msgid "Service" msgstr "" -#: ../semanage/seobject.py:698 ../semanage/seobject.py:729 -#: ../semanage/seobject.py:796 ../semanage/seobject.py:853 -#: ../semanage/seobject.py:859 +#: ../semanage/seobject.py:704 ../semanage/seobject.py:735 +#: ../semanage/seobject.py:802 ../semanage/seobject.py:859 +#: ../semanage/seobject.py:865 #, python-format msgid "Could not check if SELinux user %s is defined" msgstr "" -#: ../semanage/seobject.py:701 ../semanage/seobject.py:802 -#: ../semanage/seobject.py:865 +#: ../semanage/seobject.py:707 ../semanage/seobject.py:808 +#: ../semanage/seobject.py:871 #, python-format msgid "Could not query user for %s" msgstr "" -#: ../semanage/seobject.py:721 +#: ../semanage/seobject.py:727 #, python-format msgid "You must add at least one role for %s" msgstr "" -#: ../semanage/seobject.py:736 +#: ../semanage/seobject.py:742 #, python-format msgid "Could not create SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:745 +#: ../semanage/seobject.py:751 #, python-format msgid "Could not add role %s for %s" msgstr "" -#: ../semanage/seobject.py:754 +#: ../semanage/seobject.py:760 #, python-format msgid "Could not set MLS level for %s" msgstr "" -#: ../semanage/seobject.py:757 +#: ../semanage/seobject.py:763 #, python-format msgid "Could not add prefix %s for %s" msgstr "" -#: ../semanage/seobject.py:760 +#: ../semanage/seobject.py:766 #, python-format msgid "Could not extract key for %s" msgstr "" -#: ../semanage/seobject.py:764 +#: ../semanage/seobject.py:770 #, python-format msgid "Could not add SELinux user %s" msgstr "" -#: ../semanage/seobject.py:786 +#: ../semanage/seobject.py:792 msgid "Requires prefix, roles, level or range" msgstr "" -#: ../semanage/seobject.py:788 +#: ../semanage/seobject.py:794 msgid "Requires prefix or roles" msgstr "" -#: ../semanage/seobject.py:798 ../semanage/seobject.py:855 +#: ../semanage/seobject.py:804 ../semanage/seobject.py:861 #, python-format msgid "SELinux user %s is not defined" msgstr "" -#: ../semanage/seobject.py:827 +#: ../semanage/seobject.py:833 #, python-format msgid "Could not modify SELinux user %s" msgstr "" -#: ../semanage/seobject.py:861 +#: ../semanage/seobject.py:867 #, python-format msgid "SELinux user %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:872 +#: ../semanage/seobject.py:878 #, python-format msgid "Could not delete SELinux user %s" msgstr "" -#: ../semanage/seobject.py:910 +#: ../semanage/seobject.py:916 msgid "Could not list SELinux users" msgstr "" -#: ../semanage/seobject.py:916 +#: ../semanage/seobject.py:922 #, python-format msgid "Could not list roles for user %s" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:947 msgid "Labeling" msgstr "" -#: ../semanage/seobject.py:941 +#: ../semanage/seobject.py:947 msgid "MLS/" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:948 msgid "Prefix" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:948 msgid "MCS Level" msgstr "" -#: ../semanage/seobject.py:942 +#: ../semanage/seobject.py:948 msgid "MCS Range" msgstr "" -#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 +#: ../semanage/seobject.py:948 ../semanage/seobject.py:953 #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 msgid "SELinux Roles" msgstr "" -#: ../semanage/seobject.py:964 +#: ../semanage/seobject.py:973 msgid "Protocol udp or tcp is required" msgstr "" -#: ../semanage/seobject.py:966 +#: ../semanage/seobject.py:975 msgid "Port is required" msgstr "" -#: ../semanage/seobject.py:976 +#: ../semanage/seobject.py:985 msgid "Invalid Port" msgstr "" -#: ../semanage/seobject.py:980 +#: ../semanage/seobject.py:989 #, python-format msgid "Could not create a key for %s/%s" msgstr "" -#: ../semanage/seobject.py:991 +#: ../semanage/seobject.py:1000 msgid "Type is required" msgstr "" -#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056 -#: ../semanage/seobject.py:1814 +#: ../semanage/seobject.py:1003 ../semanage/seobject.py:1065 +#: ../semanage/seobject.py:1830 #, python-format msgid "Type %s is invalid, must be a port type" msgstr "" -#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062 -#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123 +#: ../semanage/seobject.py:1009 ../semanage/seobject.py:1071 +#: ../semanage/seobject.py:1126 ../semanage/seobject.py:1132 #, python-format msgid "Could not check if port %s/%s is defined" msgstr "" -#: ../semanage/seobject.py:1002 +#: ../semanage/seobject.py:1011 #, python-format msgid "Port %s/%s already defined" msgstr "" -#: ../semanage/seobject.py:1006 +#: ../semanage/seobject.py:1015 #, python-format msgid "Could not create port for %s/%s" msgstr "" -#: ../semanage/seobject.py:1012 +#: ../semanage/seobject.py:1021 #, python-format msgid "Could not create context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1016 +#: ../semanage/seobject.py:1025 #, python-format msgid "Could not set user in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1020 +#: ../semanage/seobject.py:1029 #, python-format msgid "Could not set role in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1024 +#: ../semanage/seobject.py:1033 #, python-format msgid "Could not set type in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1029 +#: ../semanage/seobject.py:1038 #, python-format msgid "Could not set mls fields in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1033 +#: ../semanage/seobject.py:1042 #, python-format msgid "Could not set port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1037 +#: ../semanage/seobject.py:1046 #, python-format msgid "Could not add port %s/%s" msgstr "" -#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324 -#: ../semanage/seobject.py:1523 +#: ../semanage/seobject.py:1060 ../semanage/seobject.py:1336 +#: ../semanage/seobject.py:1535 msgid "Requires setype or serange" msgstr "" -#: ../semanage/seobject.py:1053 +#: ../semanage/seobject.py:1062 msgid "Requires setype" msgstr "" -#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119 +#: ../semanage/seobject.py:1073 ../semanage/seobject.py:1128 #, python-format msgid "Port %s/%s is not defined" msgstr "" -#: ../semanage/seobject.py:1068 +#: ../semanage/seobject.py:1077 #, python-format msgid "Could not query port %s/%s" msgstr "" -#: ../semanage/seobject.py:1079 +#: ../semanage/seobject.py:1088 #, python-format msgid "Could not modify port %s/%s" msgstr "" -#: ../semanage/seobject.py:1092 +#: ../semanage/seobject.py:1101 msgid "Could not list the ports" msgstr "" -#: ../semanage/seobject.py:1108 +#: ../semanage/seobject.py:1117 #, python-format msgid "Could not delete the port %s" msgstr "" -#: ../semanage/seobject.py:1125 +#: ../semanage/seobject.py:1134 #, python-format msgid "Port %s/%s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1129 +#: ../semanage/seobject.py:1138 #, python-format msgid "Could not delete port %s/%s" msgstr "" -#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167 +#: ../semanage/seobject.py:1154 ../semanage/seobject.py:1176 msgid "Could not list ports" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1215 ../sepolicy/sepolicy/sepolicy.glade:915 +#: ../sepolicy/sepolicy/sepolicy.glade:1014 msgid "SELinux Port Type" msgstr "" -#: ../semanage/seobject.py:1206 +#: ../semanage/seobject.py:1215 msgid "Proto" msgstr "" -#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335 +#: ../semanage/seobject.py:1215 ../gui/system-config-selinux.glade:335 msgid "Port Number" msgstr "" -#: ../semanage/seobject.py:1227 +#: ../semanage/seobject.py:1239 msgid "Node Address is required" msgstr "" -#: ../semanage/seobject.py:1242 +#: ../semanage/seobject.py:1254 msgid "Unknown or missing protocol" msgstr "" -#: ../semanage/seobject.py:1256 +#: ../semanage/seobject.py:1268 msgid "SELinux node type is required" msgstr "" -#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327 +#: ../semanage/seobject.py:1271 ../semanage/seobject.py:1339 #, python-format msgid "Type %s is invalid, must be a node type" msgstr "" -#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331 -#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465 -#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561 -#: ../semanage/seobject.py:1759 +#: ../semanage/seobject.py:1275 ../semanage/seobject.py:1343 +#: ../semanage/seobject.py:1379 ../semanage/seobject.py:1477 +#: ../semanage/seobject.py:1539 ../semanage/seobject.py:1573 +#: ../semanage/seobject.py:1775 #, python-format msgid "Could not create key for %s" msgstr "" -#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335 -#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377 +#: ../semanage/seobject.py:1277 ../semanage/seobject.py:1347 +#: ../semanage/seobject.py:1383 ../semanage/seobject.py:1389 #, python-format msgid "Could not check if addr %s is defined" msgstr "" -#: ../semanage/seobject.py:1274 +#: ../semanage/seobject.py:1286 #, python-format msgid "Could not create addr for %s" msgstr "" -#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481 -#: ../semanage/seobject.py:1714 +#: ../semanage/seobject.py:1292 ../semanage/seobject.py:1493 +#: ../semanage/seobject.py:1730 #, python-format msgid "Could not create context for %s" msgstr "" -#: ../semanage/seobject.py:1284 +#: ../semanage/seobject.py:1296 #, python-format msgid "Could not set mask for %s" msgstr "" -#: ../semanage/seobject.py:1288 +#: ../semanage/seobject.py:1300 #, python-format msgid "Could not set user in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1292 +#: ../semanage/seobject.py:1304 #, python-format msgid "Could not set role in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1296 +#: ../semanage/seobject.py:1308 #, python-format msgid "Could not set type in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1301 +#: ../semanage/seobject.py:1313 #, python-format msgid "Could not set mls fields in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1305 +#: ../semanage/seobject.py:1317 #, python-format msgid "Could not set addr context for %s" msgstr "" -#: ../semanage/seobject.py:1309 +#: ../semanage/seobject.py:1321 #, python-format msgid "Could not add addr %s" msgstr "" -#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373 +#: ../semanage/seobject.py:1349 ../semanage/seobject.py:1385 #, python-format msgid "Addr %s is not defined" msgstr "" -#: ../semanage/seobject.py:1341 +#: ../semanage/seobject.py:1353 #, python-format msgid "Could not query addr %s" msgstr "" -#: ../semanage/seobject.py:1351 +#: ../semanage/seobject.py:1363 #, python-format msgid "Could not modify addr %s" msgstr "" -#: ../semanage/seobject.py:1379 +#: ../semanage/seobject.py:1391 #, python-format msgid "Addr %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1383 +#: ../semanage/seobject.py:1395 #, python-format msgid "Could not delete addr %s" msgstr "" -#: ../semanage/seobject.py:1395 +#: ../semanage/seobject.py:1407 msgid "Could not deleteall node mappings" msgstr "" -#: ../semanage/seobject.py:1409 +#: ../semanage/seobject.py:1421 msgid "Could not list addrs" msgstr "" -#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752 +#: ../semanage/seobject.py:1473 ../semanage/seobject.py:1768 msgid "SELinux Type is required" msgstr "" -#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531 -#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571 +#: ../semanage/seobject.py:1481 ../semanage/seobject.py:1543 +#: ../semanage/seobject.py:1577 ../semanage/seobject.py:1583 #, python-format msgid "Could not check if interface %s is defined" msgstr "" -#: ../semanage/seobject.py:1476 +#: ../semanage/seobject.py:1488 #, python-format msgid "Could not create interface for %s" msgstr "" -#: ../semanage/seobject.py:1485 +#: ../semanage/seobject.py:1497 #, python-format msgid "Could not set user in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1489 +#: ../semanage/seobject.py:1501 #, python-format msgid "Could not set role in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1493 +#: ../semanage/seobject.py:1505 #, python-format msgid "Could not set type in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1498 +#: ../semanage/seobject.py:1510 #, python-format msgid "Could not set mls fields in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1502 +#: ../semanage/seobject.py:1514 #, python-format msgid "Could not set interface context for %s" msgstr "" -#: ../semanage/seobject.py:1506 +#: ../semanage/seobject.py:1518 #, python-format msgid "Could not set message context for %s" msgstr "" -#: ../semanage/seobject.py:1510 +#: ../semanage/seobject.py:1522 #, python-format msgid "Could not add interface %s" msgstr "" -#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567 +#: ../semanage/seobject.py:1545 ../semanage/seobject.py:1579 #, python-format msgid "Interface %s is not defined" msgstr "" -#: ../semanage/seobject.py:1537 +#: ../semanage/seobject.py:1549 #, python-format msgid "Could not query interface %s" msgstr "" -#: ../semanage/seobject.py:1548 +#: ../semanage/seobject.py:1560 #, python-format msgid "Could not modify interface %s" msgstr "" -#: ../semanage/seobject.py:1573 +#: ../semanage/seobject.py:1585 #, python-format msgid "Interface %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1577 +#: ../semanage/seobject.py:1589 #, python-format msgid "Could not delete interface %s" msgstr "" -#: ../semanage/seobject.py:1589 +#: ../semanage/seobject.py:1601 msgid "Could not delete all interface mappings" msgstr "" -#: ../semanage/seobject.py:1603 +#: ../semanage/seobject.py:1615 msgid "Could not list interfaces" msgstr "" -#: ../semanage/seobject.py:1628 +#: ../semanage/seobject.py:1640 msgid "SELinux Interface" msgstr "" -#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1640 ../semanage/seobject.py:1990 msgid "Context" msgstr "" -#: ../semanage/seobject.py:1691 +#: ../semanage/seobject.py:1707 #, python-format msgid "Equivalence class for %s already exists" msgstr "" -#: ../semanage/seobject.py:1697 +#: ../semanage/seobject.py:1713 #, python-format msgid "File spec %s conflicts with equivalency rule '%s %s'" msgstr "" -#: ../semanage/seobject.py:1706 +#: ../semanage/seobject.py:1722 #, python-format msgid "Equivalence class for %s does not exists" msgstr "" -#: ../semanage/seobject.py:1720 +#: ../semanage/seobject.py:1736 #, python-format msgid "Could not set user in file context for %s" msgstr "" -#: ../semanage/seobject.py:1724 +#: ../semanage/seobject.py:1740 #, python-format msgid "Could not set role in file context for %s" msgstr "" -#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789 +#: ../semanage/seobject.py:1745 ../semanage/seobject.py:1805 #, python-format msgid "Could not set mls fields in file context for %s" msgstr "" -#: ../semanage/seobject.py:1735 +#: ../semanage/seobject.py:1751 msgid "Invalid file specification" msgstr "" -#: ../semanage/seobject.py:1737 +#: ../semanage/seobject.py:1753 msgid "File specification can not include spaces" msgstr "" -#: ../semanage/seobject.py:1742 +#: ../semanage/seobject.py:1758 #, python-format msgid "" -"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" +"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' " +"instead" msgstr "" -#: ../semanage/seobject.py:1755 +#: ../semanage/seobject.py:1771 #, python-format msgid "Type %s is invalid, must be a file or device type" msgstr "" -#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768 -#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906 -#: ../semanage/seobject.py:1910 +#: ../semanage/seobject.py:1779 ../semanage/seobject.py:1784 +#: ../semanage/seobject.py:1840 ../semanage/seobject.py:1922 +#: ../semanage/seobject.py:1926 #, python-format msgid "Could not check if file context for %s is defined" msgstr "" -#: ../semanage/seobject.py:1776 +#: ../semanage/seobject.py:1792 #, python-format msgid "Could not create file context for %s" msgstr "" -#: ../semanage/seobject.py:1784 +#: ../semanage/seobject.py:1800 #, python-format msgid "Could not set type in file context for %s" msgstr "" -#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852 -#: ../semanage/seobject.py:1856 +#: ../semanage/seobject.py:1808 ../semanage/seobject.py:1868 +#: ../semanage/seobject.py:1872 #, python-format msgid "Could not set file context for %s" msgstr "" -#: ../semanage/seobject.py:1798 +#: ../semanage/seobject.py:1814 #, python-format msgid "Could not add file context for %s" msgstr "" -#: ../semanage/seobject.py:1812 +#: ../semanage/seobject.py:1828 msgid "Requires setype, serange or seuser" msgstr "" -#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914 +#: ../semanage/seobject.py:1844 ../semanage/seobject.py:1930 #, python-format msgid "File context for %s is not defined" msgstr "" -#: ../semanage/seobject.py:1834 +#: ../semanage/seobject.py:1850 #, python-format msgid "Could not query file context for %s" msgstr "" -#: ../semanage/seobject.py:1860 +#: ../semanage/seobject.py:1876 #, python-format msgid "Could not modify file context for %s" msgstr "" -#: ../semanage/seobject.py:1873 +#: ../semanage/seobject.py:1889 msgid "Could not list the file contexts" msgstr "" -#: ../semanage/seobject.py:1887 +#: ../semanage/seobject.py:1903 #, python-format msgid "Could not delete the file context %s" msgstr "" -#: ../semanage/seobject.py:1912 +#: ../semanage/seobject.py:1928 #, python-format msgid "File context for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1918 +#: ../semanage/seobject.py:1934 #, python-format msgid "Could not delete file context for %s" msgstr "" -#: ../semanage/seobject.py:1933 +#: ../semanage/seobject.py:1949 msgid "Could not list file contexts" msgstr "" -#: ../semanage/seobject.py:1937 +#: ../semanage/seobject.py:1953 msgid "Could not list local file contexts" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1990 msgid "SELinux fcontext" msgstr "" -#: ../semanage/seobject.py:1974 +#: ../semanage/seobject.py:1990 msgid "type" msgstr "" -#: ../semanage/seobject.py:1987 +#: ../semanage/seobject.py:2003 msgid "" "\n" "SELinux Distribution fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1992 +#: ../semanage/seobject.py:2008 msgid "" "\n" "SELinux Local fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079 -#: ../semanage/seobject.py:2085 +#: ../semanage/seobject.py:2044 ../semanage/seobject.py:2095 +#: ../semanage/seobject.py:2101 #, python-format msgid "Could not check if boolean %s is defined" msgstr "" -#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081 +#: ../semanage/seobject.py:2046 ../semanage/seobject.py:2097 #, python-format msgid "Boolean %s is not defined" msgstr "" -#: ../semanage/seobject.py:2034 +#: ../semanage/seobject.py:2050 #, python-format msgid "Could not query file context %s" msgstr "" -#: ../semanage/seobject.py:2039 +#: ../semanage/seobject.py:2055 #, python-format msgid "You must specify one of the following values: %s" msgstr "" -#: ../semanage/seobject.py:2044 +#: ../semanage/seobject.py:2060 #, python-format msgid "Could not set active value of boolean %s" msgstr "" -#: ../semanage/seobject.py:2047 +#: ../semanage/seobject.py:2063 #, python-format msgid "Could not modify boolean %s" msgstr "" -#: ../semanage/seobject.py:2063 +#: ../semanage/seobject.py:2079 #, python-format msgid "Bad format %s: Record %s" msgstr "" -#: ../semanage/seobject.py:2087 +#: ../semanage/seobject.py:2103 #, python-format msgid "Boolean %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:2091 +#: ../semanage/seobject.py:2107 #, python-format msgid "Could not delete boolean %s" msgstr "" -#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120 +#: ../semanage/seobject.py:2119 ../semanage/seobject.py:2136 msgid "Could not list booleans" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2171 msgid "off" msgstr "" -#: ../semanage/seobject.py:2155 +#: ../semanage/seobject.py:2171 msgid "on" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2185 msgid "SELinux boolean" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2185 msgid "State" msgstr "" -#: ../semanage/seobject.py:2169 +#: ../semanage/seobject.py:2185 msgid "Default" msgstr "" -#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113 -#: ../gui/polgengui.py:269 +#: ../semanage/seobject.py:2185 ../gui/polgen.glade:113 +#: ../gui/polgengui.py:274 ../sepolicy/sepolicy/sepolicy.glade:242 +#: ../sepolicy/sepolicy/sepolicy.glade:638 msgid "Description" msgstr "" @@ -988,206 +1004,226 @@ msgstr "" msgid "Unable to clear environment\n" msgstr "" -#: ../newrole/newrole.c:556 ../newrole/newrole.c:587 ../newrole/newrole.c:617 +#: ../newrole/newrole.c:554 ../newrole/newrole.c:585 ../newrole/newrole.c:616 #, c-format msgid "Error changing uid, aborting.\n" msgstr "" -#: ../newrole/newrole.c:612 +#: ../newrole/newrole.c:611 #, c-format msgid "Error resetting KEEPCAPS, aborting\n" msgstr "" -#: ../newrole/newrole.c:635 +#: ../newrole/newrole.c:634 #, c-format msgid "Error connecting to audit system.\n" msgstr "" -#: ../newrole/newrole.c:641 +#: ../newrole/newrole.c:640 #, c-format msgid "Error allocating memory.\n" msgstr "" -#: ../newrole/newrole.c:648 +#: ../newrole/newrole.c:647 #, c-format msgid "Error sending audit message.\n" msgstr "" -#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 +#: ../newrole/newrole.c:691 ../newrole/newrole.c:1063 #, c-format msgid "Could not determine enforcing mode.\n" msgstr "" -#: ../newrole/newrole.c:699 +#: ../newrole/newrole.c:698 #, c-format msgid "Error! Could not open %s.\n" msgstr "" -#: ../newrole/newrole.c:705 +#: ../newrole/newrole.c:704 +#, c-format +msgid "Error! Could not clear O_NONBLOCK on %s\n" +msgstr "" + +#: ../newrole/newrole.c:710 #, c-format msgid "%s! Could not get current context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:715 +#: ../newrole/newrole.c:720 #, c-format msgid "%s! Could not get new context for %s, not relabeling tty.\n" msgstr "" -#: ../newrole/newrole.c:725 +#: ../newrole/newrole.c:730 #, c-format msgid "%s! Could not set new context for %s\n" msgstr "" -#: ../newrole/newrole.c:772 +#: ../newrole/newrole.c:777 #, c-format msgid "%s changed labels.\n" msgstr "" -#: ../newrole/newrole.c:778 +#: ../newrole/newrole.c:783 #, c-format msgid "Warning! Could not restore context for %s\n" msgstr "" -#: ../newrole/newrole.c:835 +#: ../newrole/newrole.c:840 #, c-format msgid "Error: multiple roles specified\n" msgstr "" -#: ../newrole/newrole.c:843 +#: ../newrole/newrole.c:848 #, c-format msgid "Error: multiple types specified\n" msgstr "" -#: ../newrole/newrole.c:850 +#: ../newrole/newrole.c:855 #, c-format msgid "Sorry, -l may be used with SELinux MLS support.\n" msgstr "" -#: ../newrole/newrole.c:855 +#: ../newrole/newrole.c:860 #, c-format msgid "Error: multiple levels specified\n" msgstr "" -#: ../newrole/newrole.c:865 +#: ../newrole/newrole.c:870 #, c-format msgid "Error: you are not allowed to change levels on a non secure terminal \n" msgstr "" -#: ../newrole/newrole.c:891 +#: ../newrole/newrole.c:896 #, c-format msgid "Couldn't get default type.\n" msgstr "" -#: ../newrole/newrole.c:901 +#: ../newrole/newrole.c:906 #, c-format msgid "failed to get new context.\n" msgstr "" -#: ../newrole/newrole.c:908 +#: ../newrole/newrole.c:913 #, c-format msgid "failed to set new role %s\n" msgstr "" -#: ../newrole/newrole.c:915 +#: ../newrole/newrole.c:920 #, c-format msgid "failed to set new type %s\n" msgstr "" -#: ../newrole/newrole.c:925 +#: ../newrole/newrole.c:930 #, c-format msgid "failed to build new range with level %s\n" msgstr "" -#: ../newrole/newrole.c:930 +#: ../newrole/newrole.c:935 #, c-format msgid "failed to set new range %s\n" msgstr "" -#: ../newrole/newrole.c:938 +#: ../newrole/newrole.c:943 #, c-format msgid "failed to convert new context to string\n" msgstr "" -#: ../newrole/newrole.c:943 +#: ../newrole/newrole.c:948 #, c-format msgid "%s is not a valid context\n" msgstr "" -#: ../newrole/newrole.c:950 +#: ../newrole/newrole.c:955 #, c-format msgid "Unable to allocate memory for new_context" msgstr "" -#: ../newrole/newrole.c:976 +#: ../newrole/newrole.c:981 #, c-format msgid "Unable to obtain empty signal set\n" msgstr "" -#: ../newrole/newrole.c:984 +#: ../newrole/newrole.c:989 #, c-format msgid "Unable to set SIGHUP handler\n" msgstr "" -#: ../newrole/newrole.c:1036 +#: ../newrole/newrole.c:1041 msgid "Sorry, newrole failed to drop capabilities\n" msgstr "" -#: ../newrole/newrole.c:1052 +#: ../newrole/newrole.c:1057 #, c-format msgid "Sorry, newrole may be used only on a SELinux kernel.\n" msgstr "" -#: ../newrole/newrole.c:1069 +#: ../newrole/newrole.c:1074 #, c-format msgid "failed to get old_context.\n" msgstr "" -#: ../newrole/newrole.c:1076 +#: ../newrole/newrole.c:1081 #, c-format msgid "Warning! Could not retrieve tty information.\n" msgstr "" -#: ../newrole/newrole.c:1097 +#: ../newrole/newrole.c:1102 #, c-format msgid "error on reading PAM service configuration.\n" msgstr "" -#: ../newrole/newrole.c:1132 +#: ../newrole/newrole.c:1137 #, c-format msgid "newrole: incorrect password for %s\n" msgstr "" -#: ../newrole/newrole.c:1159 +#: ../newrole/newrole.c:1164 #, c-format msgid "newrole: failure forking: %s" msgstr "" -#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 +#: ../newrole/newrole.c:1167 ../newrole/newrole.c:1190 #, c-format msgid "Unable to restore tty label...\n" msgstr "" -#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 +#: ../newrole/newrole.c:1169 ../newrole/newrole.c:1196 #, c-format msgid "Failed to close tty properly\n" msgstr "" -#: ../newrole/newrole.c:1223 +#: ../newrole/newrole.c:1228 #, c-format msgid "Could not close descriptors.\n" msgstr "" -#: ../newrole/newrole.c:1250 +#: ../newrole/newrole.c:1263 #, c-format msgid "Error allocating shell's argv0.\n" msgstr "" -#: ../newrole/newrole.c:1286 +#: ../newrole/newrole.c:1285 +#, c-format +msgid "Failed to send audit message" +msgstr "" + +#: ../newrole/newrole.c:1293 +#, c-format +msgid "Failed to transition to namespace\n" +msgstr "" + +#: ../newrole/newrole.c:1299 +#, c-format +msgid "Failed to drop capabilities %m\n" +msgstr "" + +#: ../newrole/newrole.c:1304 #, c-format msgid "Unable to restore the environment, aborting\n" msgstr "" -#: ../newrole/newrole.c:1297 +#: ../newrole/newrole.c:1315 msgid "failed to exec shell\n" msgstr "" @@ -1414,7 +1450,7 @@ msgstr "" msgid "Applications" msgstr "" -#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171 +#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:130 msgid "Standard Init Daemon" msgstr "" @@ -1424,7 +1460,7 @@ msgid "" "requires a script in /etc/rc.d/init.d" msgstr "" -#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172 +#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:131 msgid "DBUS System Daemon" msgstr "" @@ -1436,7 +1472,7 @@ msgstr "" msgid "Internet Services Daemon are daemons started by xinetd" msgstr "" -#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174 +#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:133 msgid "Web Application/Script (CGI)" msgstr "" @@ -1445,7 +1481,7 @@ msgid "" "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" msgstr "" -#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176 +#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:135 msgid "User Application" msgstr "" @@ -1455,7 +1491,7 @@ msgid "" "started by a user" msgstr "" -#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175 +#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:134 msgid "Sandbox" msgstr "" @@ -1507,8 +1543,8 @@ msgstr "" #: ../gui/polgen.glade:550 msgid "" -"User with full networking, no setuid applications without transition, no su, " -"can sudo to Root Administration Roles" +"User with full networking, no setuid applications without transition, no su," +" can sudo to Root Administration Roles" msgstr "" #: ../gui/polgen.glade:592 @@ -1521,8 +1557,8 @@ msgstr "" #: ../gui/polgen.glade:627 msgid "" -"Select Root Administrator User Role, if this user will be used to administer " -"the machine while running as root. This user will not be able to login to " +"Select Root Administrator User Role, if this user will be used to administer" +" the machine while running as root. This user will not be able to login to " "the system directly." msgstr "" @@ -1530,7 +1566,8 @@ msgstr "" msgid "Enter name of application or user role:" msgstr "" -#: ../gui/polgen.glade:728 ../gui/polgengui.py:267 +#: ../gui/polgen.glade:728 ../gui/polgengui.py:272 +#: ../sepolicy/sepolicy/sepolicy.glade:279 msgid "Name" msgstr "" @@ -1590,7 +1627,8 @@ msgid "Select the user_roles that will transition to %s:" msgstr "" #: ../gui/polgen.glade:1019 -msgid "Select the user roles that will transiton to this applications domains." +msgid "" +"Select the user roles that will transiton to this applications domains." msgstr "" #: ../gui/polgen.glade:1056 @@ -1745,75 +1783,75 @@ msgstr "" msgid "Policy Directory" msgstr "" -#: ../gui/polgengui.py:277 +#: ../gui/polgengui.py:282 msgid "Role" msgstr "" -#: ../gui/polgengui.py:284 +#: ../gui/polgengui.py:289 msgid "Existing_User" msgstr "" -#: ../gui/polgengui.py:298 ../gui/polgengui.py:306 ../gui/polgengui.py:320 +#: ../gui/polgengui.py:303 ../gui/polgengui.py:311 ../gui/polgengui.py:325 msgid "Application" msgstr "" -#: ../gui/polgengui.py:363 +#: ../gui/polgengui.py:370 #, python-format msgid "%s must be a directory" msgstr "" -#: ../gui/polgengui.py:423 ../gui/polgengui.py:704 +#: ../gui/polgengui.py:430 ../gui/polgengui.py:711 msgid "You must select a user" msgstr "" -#: ../gui/polgengui.py:553 +#: ../gui/polgengui.py:560 msgid "Select executable file to be confined." msgstr "" -#: ../gui/polgengui.py:564 +#: ../gui/polgengui.py:571 msgid "Select init script file to be confined." msgstr "" -#: ../gui/polgengui.py:574 +#: ../gui/polgengui.py:581 msgid "Select file(s) that confined application creates or writes" msgstr "" -#: ../gui/polgengui.py:581 +#: ../gui/polgengui.py:588 msgid "Select directory(s) that the confined application owns and writes into" msgstr "" -#: ../gui/polgengui.py:643 +#: ../gui/polgengui.py:650 msgid "Select directory to generate policy files in" msgstr "" -#: ../gui/polgengui.py:660 +#: ../gui/polgengui.py:667 #, python-format msgid "" "Type %s_t already defined in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:660 ../gui/polgengui.py:664 +#: ../gui/polgengui.py:667 ../gui/polgengui.py:671 msgid "Verify Name" msgstr "" -#: ../gui/polgengui.py:664 +#: ../gui/polgengui.py:671 #, python-format msgid "" "Module %s.pp already loaded in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:710 +#: ../gui/polgengui.py:717 msgid "" "You must add a name made up of letters and numbers and containing no spaces." msgstr "" -#: ../gui/polgengui.py:724 +#: ../gui/polgengui.py:731 msgid "You must enter a executable" msgstr "" -#: ../gui/polgengui.py:749 ../gui/system-config-selinux.py:180 +#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180 msgid "Configue SELinux" msgstr "" @@ -1828,6 +1866,8 @@ msgid "" msgstr "" #: ../gui/portsPage.py:91 ../gui/system-config-selinux.glade:363 +#: ../sepolicy/sepolicy/sepolicy.glade:881 +#: ../sepolicy/sepolicy/sepolicy.glade:980 msgid "Protocol" msgstr "" @@ -1837,7 +1877,8 @@ msgid "" "Level" msgstr "" -#: ../gui/portsPage.py:101 +#: ../gui/portsPage.py:101 ../sepolicy/sepolicy/sepolicy.glade:864 +#: ../sepolicy/sepolicy/sepolicy.glade:963 msgid "Port" msgstr "" @@ -1899,8 +1940,8 @@ msgid "" "you later decide to turn SELinux back on, the system will be required to " "relabel. If you just want to see if SELinux is causing a problem on your " "system, you can go to permissive mode which will only log errors and not " -"enforce SELinux policy. Permissive mode does not require a reboot Do you " -"wish to continue?" +"enforce SELinux policy. Permissive mode does not require a reboot Do you" +" wish to continue?" msgstr "" #: ../gui/statusPage.py:152 @@ -1967,6 +2008,9 @@ msgid "SELinux Administration" msgstr "" #: ../gui/system-config-selinux.glade:1122 +#: ../sepolicy/sepolicy/sepolicy.glade:405 +#: ../sepolicy/sepolicy/sepolicy.glade:819 +#: ../sepolicy/sepolicy/sepolicy.glade:1156 msgid "Add" msgstr "" @@ -2036,6 +2080,10 @@ msgstr "" #: ../gui/system-config-selinux.glade:2467 #: ../gui/system-config-selinux.glade:2692 #: ../gui/system-config-selinux.glade:2867 +#: ../sepolicy/sepolicy/sepolicy.glade:157 +#: ../sepolicy/sepolicy/sepolicy.glade:326 +#: ../sepolicy/sepolicy/sepolicy.glade:733 +#: ../sepolicy/sepolicy/sepolicy.glade:1081 msgid "Filter" msgstr "" @@ -2130,8 +2178,8 @@ msgstr "" #: ../gui/system-config-selinux.glade:2661 msgid "" -"Enable/Disable additional audit rules, that are normally not reported in the " -"log files." +"Enable/Disable additional audit rules, that are normally not reported in the" +" log files." msgstr "" #: ../gui/system-config-selinux.glade:2781 @@ -2159,1315 +2207,1869 @@ msgstr "" msgid "SELinux user '%s' is required" msgstr "" -#: ../sepolicy/sepolicy.py:202 -msgid "Generate SELinux man pages" +#: booleans.py:1 +msgid "" +"Allow ABRT to modify public files used for public file transfer services." msgstr "" -#: ../sepolicy/sepolicy.py:205 -msgid "path in which the generated SELinux man pages will be stored" +#: booleans.py:2 +msgid "" +"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" msgstr "" -#: ../sepolicy/sepolicy.py:207 -msgid "name of the OS for man pages" +#: booleans.py:3 +msgid "Allow antivirus programs to read non security files on a system" msgstr "" -#: ../sepolicy/sepolicy.py:209 -msgid "Generate HTML man pages structure for selected SELinux man page" +#: booleans.py:4 +msgid "Determine whether can antivirus programs use JIT compiler." msgstr "" -#: ../sepolicy/sepolicy.py:213 -msgid "All domains" +#: booleans.py:5 +msgid "Allow auditadm to exec content" msgstr "" -#: ../sepolicy/sepolicy.py:216 -msgid "Domain name(s) of man pages to be created" +#: booleans.py:6 +msgid "" +"Allow users to resolve user passwd entries directly from ldap rather then " +"using a sssd server" msgstr "" -#: ../sepolicy/sepolicy.py:221 -msgid "Query SELinux policy network information" +#: booleans.py:7 +msgid "Allow users to login using a radius server" msgstr "" -#: ../sepolicy/sepolicy.py:226 -msgid "list all SELinux port types" +#: booleans.py:8 +msgid "Allow users to login using a yubikey server" msgstr "" -#: ../sepolicy/sepolicy.py:229 -msgid "show SELinux type related to the port" +#: booleans.py:9 +msgid "Determine whether awstats can purge httpd log files." msgstr "" -#: ../sepolicy/sepolicy.py:232 -msgid "Show ports defined for this SELinux type" +#: booleans.py:10 +msgid "" +"Determine whether cdrecord can read various content. nfs, samba, removable " +"devices, user temp and untrusted content files" msgstr "" -#: ../sepolicy/sepolicy.py:235 -msgid "show ports to which this domain can bind and/or connect" +#: booleans.py:11 +msgid "" +"Allow cluster administrative domains to connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:250 -msgid "query SELinux policy to see if domains can communicate with each other" +#: booleans.py:12 +msgid "Allow cluster administrative domains to manage all files on a system." msgstr "" -#: ../sepolicy/sepolicy.py:253 -msgid "Source Domain" +#: booleans.py:13 +msgid "" +"Allow cluster administrative cluster domains memcheck-amd64- to use " +"executable memory" msgstr "" -#: ../sepolicy/sepolicy.py:256 -msgid "Target Domain" +#: booleans.py:14 +msgid "" +"Determine whether Cobbler can modify public files used for public file " +"transfer services." msgstr "" -#: ../sepolicy/sepolicy.py:276 -msgid "query SELinux Policy to see description of booleans" +#: booleans.py:15 +msgid "Determine whether Cobbler can connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:280 -msgid "get all booleans descriptions" +#: booleans.py:16 +msgid "Determine whether Cobbler can access cifs file systems." msgstr "" -#: ../sepolicy/sepolicy.py:282 -msgid "boolean to get description" +#: booleans.py:17 +msgid "Determine whether Cobbler can access nfs file systems." msgstr "" -#: ../sepolicy/sepolicy.py:301 -msgid "" -"query SELinux Policy to see how a source process domain can transition to " -"the target process domain" +#: booleans.py:18 +msgid "Determine whether collectd can connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:304 -msgid "source process domain" +#: booleans.py:19 +msgid "Determine whether Condor can connect to the network using TCP." msgstr "" -#: ../sepolicy/sepolicy.py:307 -msgid "target process domain" +#: booleans.py:20 +msgid "" +"Allow system cron jobs to relabel filesystem for restoring file contexts." msgstr "" -#: ../sepolicy/sepolicy.py:327 -msgid "Command required for this type of policy" +#: booleans.py:21 +msgid "Determine whether cvs can read shadow password files." msgstr "" -#: ../sepolicy/sepolicy.py:347 -msgid "List SELinux Policy interfaces" +#: booleans.py:22 +msgid "Allow all daemons to write corefiles to /" msgstr "" -#: ../sepolicy/sepolicy.py:362 -msgid "Generate SELinux Policy module template" +#: booleans.py:23 +msgid "Allow all daemons to use tcp wrappers." msgstr "" -#: ../sepolicy/sepolicy.py:365 -msgid "Enter domain type which you will be extending" +#: booleans.py:24 +msgid "Allow all daemons the ability to read/write terminals" msgstr "" -#: ../sepolicy/sepolicy.py:368 -msgid "Enter SELinux user(s) which will transition to this domain" +#: booleans.py:25 +msgid "Determine whether dbadm can manage generic user files." msgstr "" -#: ../sepolicy/sepolicy.py:371 -msgid "Enter domain(s) that this confined admin will administrate" +#: booleans.py:26 +msgid "Determine whether dbadm can read generic user files." msgstr "" -#: ../sepolicy/sepolicy.py:374 -msgid "name of policy to generate" +#: booleans.py:27 +msgid "" +"Deny user domains applications to map a memory region as both executable and" +" writable, this is dangerous and the executable should be reported in " +"bugzilla" msgstr "" -#: ../sepolicy/sepolicy.py:378 -msgid "path in which the generated policy files will be stored" +#: booleans.py:28 +msgid "Deny any process from ptracing or debugging any other processes." msgstr "" -#: ../sepolicy/sepolicy.py:380 -msgid "executable to confine" +#: booleans.py:29 +msgid "Allow dhcpc client applications to execute iptables commands" msgstr "" -#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387 -#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393 -#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399 -#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405 -#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411 -#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417 -#, python-format -msgid "Generate Policy for %s" +#: booleans.py:30 +msgid "Determine whether DHCP daemon can use LDAP backends." msgstr "" -#: ../sepolicy/sepolicy.py:422 -msgid "commands" +#: booleans.py:31 +msgid "Allow all domains to use other domains file descriptors" msgstr "" -#: ../sepolicy/sepolicy.py:425 -msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" +#: booleans.py:32 +msgid "Allow all domains to have the kernel load modules" msgstr "" -#: ../sepolicy/sepolicy/__init__.py:48 -msgid "No SELinux Policy installed" +#: booleans.py:33 +msgid "" +"Determine whether entropyd can use audio devices as the source for the " +"entropy feeds." msgstr "" -#: ../sepolicy/sepolicy/__init__.py:54 -#, python-format -msgid "Failed to read %s policy file" +#: booleans.py:34 +msgid "Determine whether exim can connect to databases." msgstr "" -#: ../sepolicy/sepolicy/__init__.py:127 -msgid "unknown" +#: booleans.py:35 +msgid "" +"Determine whether exim can create, read, write, and delete generic user " +"content files." msgstr "" -#: ../sepolicy/sepolicy/generate.py:173 -msgid "Internet Services Daemon" +#: booleans.py:36 +msgid "Determine whether exim can read generic user content files." msgstr "" -#: ../sepolicy/sepolicy/generate.py:177 -msgid "Existing Domain Type" +#: booleans.py:37 +msgid "Enable extra rules in the cron domain to support fcron." msgstr "" -#: ../sepolicy/sepolicy/generate.py:178 -msgid "Minimal Terminal Login User Role" +#: booleans.py:38 +msgid "Determine whether fenced can connect to the TCP network." msgstr "" -#: ../sepolicy/sepolicy/generate.py:179 -msgid "Minimal X Windows Login User Role" +#: booleans.py:39 +msgid "Determine whether fenced can use ssh." msgstr "" -#: ../sepolicy/sepolicy/generate.py:180 -msgid "Desktop Login User Role" +#: booleans.py:40 +msgid "Allow all domains to execute in fips_mode" msgstr "" -#: ../sepolicy/sepolicy/generate.py:181 -msgid "Administrator Login User Role" +#: booleans.py:41 +msgid "" +"Determine whether ftpd can read and write files in user home directories." msgstr "" -#: ../sepolicy/sepolicy/generate.py:182 -msgid "Confined Root Administrator Role" +#: booleans.py:42 +msgid "" +"Determine whether ftpd can modify public files used for public file transfer" +" services. Directories/Files must be labeled public_content_rw_t." msgstr "" -#: ../sepolicy/sepolicy/generate.py:187 -msgid "Valid Types:\n" +#: booleans.py:43 +msgid "Determine whether ftpd can connect to all unreserved ports." msgstr "" -#: ../sepolicy/sepolicy/generate.py:221 -#, python-format -msgid "Ports must be numbers or ranges of numbers from 1 to %d " +#: booleans.py:44 +msgid "Determine whether ftpd can connect to databases over the TCP network." msgstr "" -#: ../sepolicy/sepolicy/generate.py:231 -msgid "You must enter a valid policy type" +#: booleans.py:45 +msgid "" +"Determine whether ftpd can login to local users and can read and write all " +"files on the system, governed by DAC." msgstr "" -#: ../sepolicy/sepolicy/generate.py:234 -#, python-format -msgid "You must enter a name for your policy module for your %s." +#: booleans.py:46 +msgid "" +"Determine whether ftpd can use CIFS used for public file transfer services." +msgstr "" + +#: booleans.py:47 booleans.py:170 +msgid "Allow samba to export ntfs/fusefs volumes." msgstr "" -#: ../sepolicy/sepolicy/generate.py:355 +#: booleans.py:48 msgid "" -"Name must be alpha numberic with no spaces. Consider using option \"-n " -"MODULENAME\"" +"Determine whether ftpd can use NFS used for public file transfer services." msgstr "" -#: ../sepolicy/sepolicy/generate.py:447 -msgid "User Role types can not be assigned executables." +#: booleans.py:49 +msgid "" +"Determine whether ftpd can bind to all unreserved ports for passive mode." msgstr "" -#: ../sepolicy/sepolicy/generate.py:453 -msgid "Only Daemon apps can use an init script.." +#: booleans.py:50 +msgid "Determine whether Git CGI can search home directories." msgstr "" -#: ../sepolicy/sepolicy/generate.py:471 -msgid "use_resolve must be a boolean value " +#: booleans.py:51 +msgid "Determine whether Git CGI can access cifs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:477 -msgid "use_syslog must be a boolean value " +#: booleans.py:52 +msgid "Determine whether Git CGI can access nfs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:483 -msgid "use_kerberos must be a boolean value " +#: booleans.py:53 +msgid "" +"Determine whether Git session daemon can bind TCP sockets to all unreserved " +"ports." msgstr "" -#: ../sepolicy/sepolicy/generate.py:489 -msgid "manage_krb5_rcache must be a boolean value " +#: booleans.py:54 +msgid "" +"Determine whether calling user domains can execute Git daemon in the " +"git_session_t domain." msgstr "" -#: ../sepolicy/sepolicy/generate.py:519 -msgid "USER Types automatically get a tmp type" +#: booleans.py:55 +msgid "Determine whether Git system daemon can search home directories." msgstr "" -#: ../sepolicy/sepolicy/generate.py:857 -#, python-format -msgid "%s policy modules require existing domains" +#: booleans.py:56 +msgid "Determine whether Git system daemon can access cifs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1059 -msgid "You must enter the executable path for your confined process" +#: booleans.py:57 +msgid "Determine whether Git system daemon can access nfs file systems." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1321 -msgid "Type Enforcement file" +#: booleans.py:58 +msgid "Determine whether Gitosis can send mail." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1322 -msgid "Interface file" +#: booleans.py:59 +msgid "Enable reading of urandom for all domains." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1323 -msgid "File Contexts file" +#: booleans.py:60 +msgid "" +"Allow glusterfsd to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1324 -msgid "Spec file" +#: booleans.py:61 +msgid "Allow glusterfsd to share any file/directory read only." msgstr "" -#: ../sepolicy/sepolicy/generate.py:1325 -msgid "Setup Script" +#: booleans.py:62 +msgid "Allow glusterfsd to share any file/directory read/write." msgstr "" -#: booleans.py:1 +#: booleans.py:63 msgid "" -"Allow ABRT to modify public files used for public file transfer services." +"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" +"agent to manage user files." msgstr "" -#: booleans.py:2 +#: booleans.py:64 msgid "" -"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" +"Allow gpg web domain to modify public files used for public file transfer " +"services." msgstr "" -#: booleans.py:3 -msgid "Allow amavis to use JIT compiler" +#: booleans.py:65 +msgid "Allow gssd to read temp directory. For access to kerberos tgt." msgstr "" -#: booleans.py:4 -msgid "Allow antivirus programs to read non security files on a system" +#: booleans.py:66 +msgid "Allow guest to exec content" msgstr "" -#: booleans.py:5 -msgid "Allow auditadm to exec content" +#: booleans.py:67 +msgid "" +"Allow Apache to modify public files used for public file transfer services. " +"Directories/Files must be labeled public_content_rw_t." msgstr "" -#: booleans.py:6 +#: booleans.py:68 +msgid "Allow httpd to use built in scripting (usually php)" +msgstr "" + +#: booleans.py:69 +msgid "Allow http daemon to check spam" +msgstr "" + +#: booleans.py:70 +msgid "" +"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " +"ports" +msgstr "" + +#: booleans.py:71 +msgid "Allow httpd to connect to the ldap port" +msgstr "" + +#: booleans.py:72 +msgid "Allow http daemon to connect to mythtv" +msgstr "" + +#: booleans.py:73 +msgid "Allow http daemon to connect to zabbix" +msgstr "" + +#: booleans.py:74 +msgid "Allow HTTPD scripts and modules to connect to the network using TCP." +msgstr "" + +#: booleans.py:75 +msgid "" +"Allow HTTPD scripts and modules to connect to cobbler over the network." +msgstr "" + +#: booleans.py:76 +msgid "" +"Allow HTTPD scripts and modules to connect to databases over the network." +msgstr "" + +#: booleans.py:77 +msgid "Allow httpd to connect to memcache server" +msgstr "" + +#: booleans.py:78 +msgid "Allow httpd to act as a relay" +msgstr "" + +#: booleans.py:79 +msgid "Allow http daemon to send mail" +msgstr "" + +#: booleans.py:80 +msgid "Allow Apache to communicate with avahi service via dbus" +msgstr "" + +#: booleans.py:81 +msgid "Allow httpd cgi support" +msgstr "" + +#: booleans.py:82 +msgid "Allow httpd to act as a FTP server by listening on the ftp port." +msgstr "" + +#: booleans.py:83 +msgid "Allow httpd to read home directories" +msgstr "" + +#: booleans.py:84 +msgid "Allow httpd scripts and modules execmem/execstack" +msgstr "" + +#: booleans.py:85 +msgid "Allow HTTPD to connect to port 80 for graceful shutdown" +msgstr "" + +#: booleans.py:86 +msgid "Allow httpd processes to manage IPA content" +msgstr "" + +#: booleans.py:87 +msgid "Allow Apache to use mod_auth_ntlm_winbind" +msgstr "" + +#: booleans.py:88 +msgid "Allow Apache to use mod_auth_pam" +msgstr "" + +#: booleans.py:89 +msgid "Allow httpd to read user content" +msgstr "" + +#: booleans.py:90 +msgid "Allow Apache to run in stickshift mode, not transition to passenger" +msgstr "" + +#: booleans.py:91 +msgid "Allow HTTPD scripts and modules to server cobbler files." +msgstr "" + +#: booleans.py:92 +msgid "Allow httpd daemon to change its resource limits" +msgstr "" + +#: booleans.py:93 +msgid "" +"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." +msgstr "" + +#: booleans.py:94 +msgid "" +"Allow apache scripts to write to public content, directories/files must be " +"labeled public_rw_content_t." +msgstr "" + +#: booleans.py:95 +msgid "Allow Apache to execute tmp content." +msgstr "" + +#: booleans.py:96 +msgid "" +"Unify HTTPD to communicate with the terminal. Needed for entering the " +"passphrase for certificates at the terminal." +msgstr "" + +#: booleans.py:97 +msgid "Unify HTTPD handling of all content files." +msgstr "" + +#: booleans.py:98 +msgid "Allow httpd to access cifs file systems" +msgstr "" + +#: booleans.py:99 +msgid "Allow httpd to access FUSE file systems" +msgstr "" + +#: booleans.py:100 +msgid "Allow httpd to run gpg" +msgstr "" + +#: booleans.py:101 +msgid "Allow httpd to access nfs file systems" +msgstr "" + +#: booleans.py:102 +msgid "Allow httpd to access openstack ports" +msgstr "" + +#: booleans.py:103 +msgid "Allow httpd to connect to sasl" +msgstr "" + +#: booleans.py:104 +msgid "Allow Apache to query NS records" +msgstr "" + +#: booleans.py:105 +msgid "Determine whether icecast can listen on and connect to any TCP port." +msgstr "" + +#: booleans.py:106 +msgid "" +"Determine whether irc clients can listen on and connect to any unreserved " +"TCP ports." +msgstr "" + +#: booleans.py:107 +msgid "" +"Allow the Irssi IRC Client to connect to any port, and to bind to any " +"unreserved port." +msgstr "" + +#: booleans.py:108 +msgid "Allow confined applications to run with kerberos." +msgstr "" + +#: booleans.py:109 +msgid "Allow ksmtuned to use cifs/Samba file systems" +msgstr "" + +#: booleans.py:110 +msgid "Allow ksmtuned to use nfs file systems" +msgstr "" + +#: booleans.py:111 +msgid "Allow syslogd daemon to send mail" +msgstr "" + +#: booleans.py:112 +msgid "Allow syslogd the ability to read/write terminals" +msgstr "" + +#: booleans.py:113 +msgid "Allow logging in and using the system from /dev/console." +msgstr "" + +#: booleans.py:114 +msgid "Allow mailman to access FUSE file systems" +msgstr "" + +#: booleans.py:115 +msgid "Determine whether mcelog supports client mode." +msgstr "" + +#: booleans.py:116 +msgid "Determine whether mcelog can execute scripts." +msgstr "" + +#: booleans.py:117 +msgid "Determine whether mcelog can use all the user ttys." +msgstr "" + +#: booleans.py:118 +msgid "Determine whether mcelog supports server mode." +msgstr "" + +#: booleans.py:119 +msgid "" +"Control the ability to mmap a low area of the address space, as configured " +"by /proc/sys/kernel/mmap_min_addr." +msgstr "" + +#: booleans.py:120 +msgid "Allow mock to read files in home directories." +msgstr "" + +#: booleans.py:121 +msgid "Allow the mount commands to mount any directory or file." +msgstr "" + +#: booleans.py:122 +msgid "Allow mozilla plugin domain to connect to the network using TCP." +msgstr "" + +#: booleans.py:123 +msgid "Allow mozilla plugin to support GPS." +msgstr "" + +#: booleans.py:124 +msgid "Allow mozilla plugin to support spice protocols." +msgstr "" + +#: booleans.py:125 +msgid "Allow confined web browsers to read home directory content" +msgstr "" + +#: booleans.py:126 +msgid "Determine whether mpd can traverse user home directories." +msgstr "" + +#: booleans.py:127 +msgid "Determine whether mpd can use cifs file systems." +msgstr "" + +#: booleans.py:128 +msgid "Determine whether mpd can use nfs file systems." +msgstr "" + +#: booleans.py:129 +msgid "Determine whether mplayer can make its stack executable." +msgstr "" + +#: booleans.py:130 +msgid "Allow mysqld to connect to all ports" +msgstr "" + +#: booleans.py:131 +msgid "Determine whether Bind can bind tcp socket to http ports." +msgstr "" + +#: booleans.py:132 +msgid "" +"Determine whether Bind can write to master zone files. Generally this is " +"used for dynamic DNS or zone transfers." +msgstr "" + +#: booleans.py:133 +msgid "Allow any files/directories to be exported read/only via NFS." +msgstr "" + +#: booleans.py:134 +msgid "Allow any files/directories to be exported read/write via NFS." +msgstr "" + +#: booleans.py:135 +msgid "" +"Allow nfs servers to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:136 +msgid "Allow system to run with NIS" +msgstr "" + +#: booleans.py:137 +msgid "Allow confined applications to use nscd shared memory." +msgstr "" + +#: booleans.py:138 +msgid "Allow openshift to lockdown app" +msgstr "" + +#: booleans.py:139 +msgid "Determine whether openvpn can read generic user home content files." +msgstr "" + +#: booleans.py:140 +msgid "Allow piranha-lvs domain to connect to the network using TCP." +msgstr "" + +#: booleans.py:141 +msgid "Allow polipo to connect to all ports > 1023" +msgstr "" + +#: booleans.py:142 +msgid "" +"Determine whether Polipo session daemon can bind tcp sockets to all " +"unreserved ports." +msgstr "" + +#: booleans.py:143 +msgid "" +"Determine whether calling user domains can execute Polipo daemon in the " +"polipo_session_t domain." +msgstr "" + +#: booleans.py:144 +msgid "Determine whether polipo can access cifs file systems." +msgstr "" + +#: booleans.py:145 +msgid "Determine whether Polipo can access nfs file systems." +msgstr "" + +#: booleans.py:146 +msgid "Enable polyinstantiated directory support." +msgstr "" + +#: booleans.py:147 +msgid "Allow postfix_local domain full write access to mail_spool directories" +msgstr "" + +#: booleans.py:148 +msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" +msgstr "" + +#: booleans.py:149 +msgid "Allow transmit client label to foreign database" +msgstr "" + +#: booleans.py:150 +msgid "Allow database admins to execute DML statement" +msgstr "" + +#: booleans.py:151 +msgid "Allow unprivileged users to execute DDL statement" +msgstr "" + +#: booleans.py:152 +msgid "Allow pppd to load kernel modules for certain modems" +msgstr "" + +#: booleans.py:153 +msgid "Allow pppd to be run for a regular user" +msgstr "" + +#: booleans.py:154 +msgid "Determine whether privoxy can connect to all tcp ports." +msgstr "" + +#: booleans.py:155 +msgid "" +"Permit to prosody to bind apache port. Need to be activated to use BOSH." +msgstr "" + +#: booleans.py:156 +msgid "Allow Puppet client to manage all file types." +msgstr "" + +#: booleans.py:157 +msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" +msgstr "" + +#: booleans.py:158 +msgid "Allow racoon to read shadow" +msgstr "" + +#: booleans.py:159 +msgid "" +"Allow rsync to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." +msgstr "" + +#: booleans.py:160 +msgid "Allow rsync to run as a client" +msgstr "" + +#: booleans.py:161 +msgid "Allow rsync to export any files/directories read only." +msgstr "" + +#: booleans.py:162 +msgid "Allow rsync server to manage all files/directories on the system." +msgstr "" + +#: booleans.py:163 +msgid "Allow samba to create new home directories (e.g. via PAM)" +msgstr "" + +#: booleans.py:164 +msgid "" +"Allow samba to act as the domain controller, add users, groups and change " +"passwords." +msgstr "" + +#: booleans.py:165 +msgid "Allow samba to share users home directories." +msgstr "" + +#: booleans.py:166 +msgid "Allow samba to share any file/directory read only." +msgstr "" + +#: booleans.py:167 +msgid "Allow samba to share any file/directory read/write." +msgstr "" + +#: booleans.py:168 +msgid "Allow samba to act as a portmapper" +msgstr "" + +#: booleans.py:169 +msgid "Allow samba to run unconfined scripts" +msgstr "" + +#: booleans.py:171 +msgid "Allow samba to export NFS volumes." +msgstr "" + +#: booleans.py:172 +msgid "Allow sanlock to read/write fuse files" +msgstr "" + +#: booleans.py:173 +msgid "Allow sanlock to manage nfs files" +msgstr "" + +#: booleans.py:174 +msgid "Allow sanlock to manage cifs files" +msgstr "" + +#: booleans.py:175 +msgid "Allow sasl to read shadow" +msgstr "" + +#: booleans.py:176 +msgid "Allow secadm to exec content" +msgstr "" + +#: booleans.py:177 msgid "" -"Allow users to resolve user passwd entries directly from ldap rather then " -"using a sssd server" +"disallow programs, such as newrole, from transitioning to administrative " +"user domains." msgstr "" -#: booleans.py:7 -msgid "Allow users to login using a radius server" +#: booleans.py:178 +msgid "Disable kernel module loading." msgstr "" -#: booleans.py:8 -msgid "Allow users to login using a yubikey server" +#: booleans.py:179 +msgid "" +"Boolean to determine whether the system permits loading policy, setting " +"enforcing mode, and changing boolean values. Set this to true and you have " +"to reboot to set it back." msgstr "" -#: booleans.py:9 -msgid "Allow awstats to purge Apache logs" +#: booleans.py:180 +msgid "Allow regular users direct dri device access" msgstr "" -#: booleans.py:10 +#: booleans.py:181 msgid "" -"Allow cdrecord to read various content. nfs, samba, removable devices, user " -"temp and untrusted content files" +"Allow unconfined executables to make their heap memory executable. Doing " +"this is a really bad idea. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: booleans.py:11 -msgid "Allow clamd to use JIT compiler" +#: booleans.py:182 +msgid "" +"Allow all unconfined executables to use libraries requiring text relocation " +"that are not labeled textrel_shlib_t" msgstr "" -#: booleans.py:12 -msgid "Allow clamscan to non security files on a system" +#: booleans.py:183 +msgid "" +"Allow unconfined executables to make their stack executable. This should " +"never, ever be necessary. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: booleans.py:13 -msgid "Allow clamscan to read user content" +#: booleans.py:184 +msgid "Allow users to connect to the local mysql server" msgstr "" -#: booleans.py:14 +#: booleans.py:185 msgid "" -"Allow Cobbler to modify public files used for public file transfer services." +"Allow confined users the ability to execute the ping and traceroute " +"commands." msgstr "" -#: booleans.py:15 -msgid "Allow Cobbler to connect to the network using TCP." +#: booleans.py:186 +msgid "Allow users to connect to PostgreSQL" msgstr "" -#: booleans.py:16 -msgid "Allow Cobbler to access cifs file systems." +#: booleans.py:187 +msgid "" +"Allow user to r/w files on filesystems that do not have extended attributes " +"(FAT, CDROM, FLOPPY)" msgstr "" -#: booleans.py:17 -msgid "Allow Cobbler to access nfs file systems." +#: booleans.py:188 +msgid "Allow user music sharing" msgstr "" -#: booleans.py:18 -msgid "Allow collectd to connect to the network using TCP." +#: booleans.py:189 +msgid "" +"Allow users to run TCP servers (bind to ports and accept connection from the" +" same domain and outside users) disabling this forces FTP passive mode and " +"may change other protocols." msgstr "" -#: booleans.py:19 -msgid "Allow codnor domain to connect to the network using TCP." +#: booleans.py:190 +msgid "Allow user to use ssh chroot environment." msgstr "" -#: booleans.py:20 +#: booleans.py:191 msgid "" -"Allow system cron jobs to relabel filesystem for restoring file contexts." +"Determine whether sftpd can modify public files used for public file " +"transfer services. Directories/Files must be labeled public_content_rw_t." msgstr "" -#: booleans.py:21 -msgid "Allow cvs daemon to read shadow" +#: booleans.py:192 +msgid "" +"Determine whether sftpd-can read and write files in user home directories." msgstr "" -#: booleans.py:22 -msgid "Allow all daemons to write corefiles to /" +#: booleans.py:193 +msgid "" +"Determine whether sftpd-can login to local users and read and write all " +"files on the system, governed by DAC." msgstr "" -#: booleans.py:23 -msgid "Allow all daemons to use tcp wrappers." +#: booleans.py:194 +msgid "" +"Determine whether sftpd can read and write files in user ssh home " +"directories." msgstr "" -#: booleans.py:24 -msgid "Allow all daemons the ability to read/write terminals" +#: booleans.py:195 +msgid "Allow sge to connect to the network using any TCP port" msgstr "" -#: booleans.py:25 -msgid "Allow dan to manage user files" +#: booleans.py:196 +msgid "Allow sge to access nfs file systems." msgstr "" -#: booleans.py:26 -msgid "Allow dan to read user files" +#: booleans.py:197 +msgid "Determine whether smartmon can support devices on 3ware controllers." msgstr "" -#: booleans.py:27 -msgid "Allow dbadm to manage files in users home directories" +#: booleans.py:198 +msgid "" +"Allow samba to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." msgstr "" -#: booleans.py:28 -msgid "Allow dbadm to read files in users home directories" +#: booleans.py:199 +msgid "Allow user spamassassin clients to use the network." msgstr "" -#: booleans.py:29 +#: booleans.py:200 +msgid "Allow spamd to read/write user home directories." +msgstr "" + +#: booleans.py:201 +msgid "Determine whether squid can connect to all TCP ports." +msgstr "" + +#: booleans.py:202 +msgid "Determine whether squid can run as a transparent proxy." +msgstr "" + +#: booleans.py:203 msgid "" -"Deny user domains applications to map a memory region as both executable and " -"writable, this is dangerous and the executable should be reported in bugzilla" +"Allow ssh with chroot env to read and write files in the user home " +"directories" msgstr "" -#: booleans.py:30 -msgid "Allow sysadm to debug or ptrace all processes." +#: booleans.py:204 +msgid "allow host key based authentication" msgstr "" -#: booleans.py:31 -msgid "Allow dhcpc client applications to execute iptables commands" +#: booleans.py:205 +msgid "Allow ssh logins as sysadm_r:sysadm_t" msgstr "" -#: booleans.py:32 -msgid "Allow DHCP daemon to use LDAP backends" +#: booleans.py:206 +msgid "Allow staff to exec content" msgstr "" -#: booleans.py:33 -msgid "Allow all domains to use other domains file descriptors" +#: booleans.py:207 +msgid "allow staff user to create and transition to svirt domains." msgstr "" -#: booleans.py:34 -msgid "Allow all domains to have the kernel load modules" +#: booleans.py:208 +msgid "Allow sysadm to exec content" msgstr "" -#: booleans.py:35 -msgid "Allow the use of the audio devices as the source for the entropy feeds" +#: booleans.py:209 +msgid "" +"Allow the Telepathy connection managers to connect to any network port." msgstr "" -#: booleans.py:36 -msgid "Allow exim to connect to databases (postgres, mysql)" +#: booleans.py:210 +msgid "" +"Allow the Telepathy connection managers to connect to any generic TCP port." msgstr "" -#: booleans.py:37 -msgid "Allow exim to create, read, write, and delete unprivileged user files." +#: booleans.py:211 +msgid "Allow testpolicy to exec content" msgstr "" -#: booleans.py:38 -msgid "Allow exim to read unprivileged user files." +#: booleans.py:212 +msgid "" +"Allow tftp to modify public files used for public file transfer services." msgstr "" -#: booleans.py:39 -msgid "Enable extra rules in the cron domain to support fcron." +#: booleans.py:213 +msgid "Allow tftp to read and write files in the user home directories" msgstr "" -#: booleans.py:40 -msgid "Allow fenced domain to connect to the network using TCP." +#: booleans.py:214 +msgid "Determine whether tor can bind tcp sockets to all unreserved ports." msgstr "" -#: booleans.py:41 -msgid "Allow fenced domain to execute ssh." +#: booleans.py:215 +msgid "Allow tor to act as a relay" msgstr "" -#: booleans.py:42 -msgid "Allow all domains to execute in fips_mode" +#: booleans.py:216 +msgid "" +"allow unconfined users to transition to the chrome sandbox domains when " +"running chrome-sandbox" msgstr "" -#: booleans.py:43 -msgid "Allow ftp to read and write files in the user home directories" +#: booleans.py:217 +msgid "Allow a user to login as an unconfined domain" msgstr "" -#: booleans.py:44 +#: booleans.py:218 msgid "" -"Allow ftp servers to upload files, used for public file transfer services. " -"Directories must be labeled public_content_rw_t." +"Allow unconfined users to transition to the Mozilla plugin domain when " +"running xulrunner plugin-container." msgstr "" -#: booleans.py:45 -msgid "Allow ftp servers to connect to all ports > 1023" +#: booleans.py:219 +msgid "Allow unprivledged user to create and transition to svirt domains." msgstr "" -#: booleans.py:46 -msgid "Allow ftp servers to connect to mysql database ports" +#: booleans.py:220 +msgid "Support ecryptfs home directories" msgstr "" -#: booleans.py:47 -msgid "" -"Allow ftp servers to login to local users and read/write all files on the " -"system, governed by DAC." +#: booleans.py:221 +msgid "Support fusefs home directories" msgstr "" -#: booleans.py:48 -msgid "Allow ftp servers to use cifs used for public file transfer services." +#: booleans.py:222 +msgid "Determine whether to support lpd server." msgstr "" -#: booleans.py:49 -msgid "Allow ftp servers to use nfs used for public file transfer services." +#: booleans.py:223 +msgid "Support NFS home directories" msgstr "" -#: booleans.py:50 -msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" +#: booleans.py:224 +msgid "Support SAMBA home directories" msgstr "" -#: booleans.py:51 -msgid "Determine whether Git CGI can search home directories." +#: booleans.py:225 +msgid "Allow user to exec content" msgstr "" -#: booleans.py:52 -msgid "Determine whether Git CGI can access cifs file systems." +#: booleans.py:226 +msgid "Determine whether varnishd can use the full TCP network." msgstr "" -#: booleans.py:53 -msgid "Determine whether Git CGI can access nfs file systems." +#: booleans.py:227 +msgid "" +"Determine whether attempts by vbetool to mmap low regions should be silently" +" blocked." msgstr "" -#: booleans.py:54 +#: booleans.py:228 msgid "" -"Determine whether Git session daemon can bind TCP sockets to all unreserved " -"ports." +"Allow confined virtual guests to use serial/parallel communication ports" msgstr "" -#: booleans.py:55 +#: booleans.py:229 msgid "" -"Determine whether calling user domains can execute Git daemon in the " -"git_session_t domain." +"Allow confined virtual guests to use executable memory and executable stack" msgstr "" -#: booleans.py:56 -msgid "Determine whether Git system daemon can search home directories." +#: booleans.py:230 +msgid "Allow confined virtual guests to read fuse files" msgstr "" -#: booleans.py:57 -msgid "Determine whether Git system daemon can access cifs file systems." +#: booleans.py:231 +msgid "Allow confined virtual guests to manage nfs files" msgstr "" -#: booleans.py:58 -msgid "Determine whether Git system daemon can access nfs file systems." +#: booleans.py:232 +msgid "Allow confined virtual guests to interact with rawip sockets" msgstr "" -#: booleans.py:59 -msgid "Allow gitisis daemon to send mail" +#: booleans.py:233 +msgid "Allow confined virtual guests to manage cifs files" msgstr "" -#: booleans.py:60 -msgid "Enable reading of urandom for all domains." +#: booleans.py:234 +msgid "Allow confined virtual guests to interact with the sanlock" +msgstr "" + +#: booleans.py:235 +msgid "Allow confined virtual guests to use usb devices" +msgstr "" + +#: booleans.py:236 +msgid "Allow confined virtual guests to interact with the xserver" +msgstr "" + +#: booleans.py:237 +msgid "Determine whether webadm can manage generic user files." +msgstr "" + +#: booleans.py:238 +msgid "Determine whether webadm can read generic user files." msgstr "" -#: booleans.py:61 +#: booleans.py:239 msgid "" -"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" -"agent to manage user files." +"Determine whether attempts by wine to mmap low regions should be silently " +"blocked." msgstr "" -#: booleans.py:62 -msgid "" -"Allow gpg web domain to modify public files used for public file transfer " -"services." +#: booleans.py:240 +msgid "Allow the graphical login program to execute bootloader" msgstr "" -#: booleans.py:63 -msgid "Allow gssd to read temp directory. For access to kerberos tgt." +#: booleans.py:241 +msgid "" +"Allow the graphical login program to login directly as sysadm_r:sysadm_t" msgstr "" -#: booleans.py:64 -msgid "Allow guest to exec content" +#: booleans.py:242 +msgid "" +"Allow the graphical login program to create files in HOME dirs as " +"xdm_home_t." msgstr "" -#: booleans.py:65 -msgid "" -"Allow Apache to modify public files used for public file transfer services. " -"Directories/Files must be labeled public_content_rw_t." +#: booleans.py:243 +msgid "Allow xen to manage nfs files" msgstr "" -#: booleans.py:66 -msgid "Allow httpd to use built in scripting (usually php)" +#: booleans.py:244 +msgid "" +"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " +"logical volumes for disk images." msgstr "" -#: booleans.py:67 -msgid "Allow http daemon to check spam" +#: booleans.py:245 +msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." msgstr "" -#: booleans.py:68 +#: booleans.py:246 msgid "" -"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " -"ports" +"Allow xguest users to configure Network Manager and connect to apache ports" msgstr "" -#: booleans.py:69 -msgid "Allow httpd to connect to the ldap port" +#: booleans.py:247 +msgid "Allow xguest to exec content" msgstr "" -#: booleans.py:70 -msgid "Allow http daemon to connect to zabbix" +#: booleans.py:248 +msgid "Allow xguest users to mount removable media" msgstr "" -#: booleans.py:71 -msgid "Allow HTTPD scripts and modules to connect to the network using TCP." +#: booleans.py:249 +msgid "Allow xguest to use blue tooth devices" msgstr "" -#: booleans.py:72 -msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." +#: booleans.py:250 +msgid "Allows clients to write to the X server shared memory segments." msgstr "" -#: booleans.py:73 -msgid "" -"Allow HTTPD scripts and modules to connect to databases over the network." +#: booleans.py:251 +msgid "Allows XServer to execute writable memory" msgstr "" -#: booleans.py:74 -msgid "Allow httpd to connect to memcache server" +#: booleans.py:252 +msgid "Support X userspace object manager" msgstr "" -#: booleans.py:75 -msgid "Allow httpd to act as a relay" +#: booleans.py:253 +msgid "Determine whether zabbix can connect to all TCP ports" msgstr "" -#: booleans.py:76 -msgid "Allow http daemon to send mail" +#: booleans.py:254 +msgid "Allow zebra daemon to write it configuration files" msgstr "" -#: booleans.py:77 -msgid "Allow Apache to communicate with avahi service via dbus" +#: booleans.py:255 +msgid "" +"Allow ZoneMinder to modify public files used for public file transfer " +"services." msgstr "" -#: booleans.py:78 -msgid "Allow httpd cgi support" +#: booleans.py:256 +msgid "Allow ZoneMinder to run su/sudo." msgstr "" -#: booleans.py:79 -msgid "Allow httpd to act as a FTP server by listening on the ftp port." +#: ../sepolicy/sepolicy.py:194 +#, python-format +msgid "Interface %s does not exist." msgstr "" -#: booleans.py:80 -msgid "Allow httpd to read home directories" +#: ../sepolicy/sepolicy.py:281 +msgid "Graphical User Interface for SELinux Policy" msgstr "" -#: booleans.py:81 -msgid "Allow httpd scripts and modules execmem/execstack" +#: ../sepolicy/sepolicy.py:305 +msgid "Generate SELinux man pages" msgstr "" -#: booleans.py:82 -msgid "Allow HTTPD to connect to port 80 for graceful shutdown" +#: ../sepolicy/sepolicy.py:308 +msgid "path in which the generated SELinux man pages will be stored" msgstr "" -#: booleans.py:83 -msgid "Allow httpd processes to manage IPA content" +#: ../sepolicy/sepolicy.py:310 +msgid "name of the OS for man pages" msgstr "" -#: booleans.py:84 -msgid "Allow Apache to use mod_auth_ntlm_winbind" +#: ../sepolicy/sepolicy.py:312 +msgid "Generate HTML man pages structure for selected SELinux man page" msgstr "" -#: booleans.py:85 -msgid "Allow Apache to use mod_auth_pam" +#: ../sepolicy/sepolicy.py:314 +msgid "Alternate root directory, defaults to /" msgstr "" -#: booleans.py:86 -msgid "Allow httpd to read user content" +#: ../sepolicy/sepolicy.py:318 +msgid "All domains" msgstr "" -#: booleans.py:87 -msgid "Allow Apache to run in stickshift mode, not transition to passenger" +#: ../sepolicy/sepolicy.py:321 +msgid "Domain name(s) of man pages to be created" msgstr "" -#: booleans.py:88 -msgid "Allow httpd daemon to change its resource limits" +#: ../sepolicy/sepolicy.py:326 +msgid "Query SELinux policy network information" msgstr "" -#: booleans.py:89 -msgid "" -"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." +#: ../sepolicy/sepolicy.py:331 +msgid "list all SELinux port types" msgstr "" -#: booleans.py:90 -msgid "" -"Allow apache scripts to write to public content, directories/files must be " -"labeled public_rw_content_t." +#: ../sepolicy/sepolicy.py:334 +msgid "show SELinux type related to the port" msgstr "" -#: booleans.py:91 -msgid "Allow Apache to execute tmp content." +#: ../sepolicy/sepolicy.py:337 +msgid "Show ports defined for this SELinux type" msgstr "" -#: booleans.py:92 -msgid "" -"Unify HTTPD to communicate with the terminal. Needed for entering the " -"passphrase for certificates at the terminal." +#: ../sepolicy/sepolicy.py:340 +msgid "show ports to which this domain can bind and/or connect" msgstr "" -#: booleans.py:93 -msgid "Unify HTTPD handling of all content files." +#: ../sepolicy/sepolicy.py:355 +msgid "query SELinux policy to see if domains can communicate with each other" msgstr "" -#: booleans.py:94 -msgid "Allow httpd to access cifs file systems" +#: ../sepolicy/sepolicy.py:358 +msgid "Source Domain" msgstr "" -#: booleans.py:95 -msgid "Allow httpd to access FUSE file systems" +#: ../sepolicy/sepolicy.py:361 +msgid "Target Domain" msgstr "" -#: booleans.py:96 -msgid "Allow httpd to run gpg" +#: ../sepolicy/sepolicy.py:380 +msgid "query SELinux Policy to see description of booleans" msgstr "" -#: booleans.py:97 -msgid "Allow httpd to access nfs file systems" +#: ../sepolicy/sepolicy.py:384 +msgid "get all booleans descriptions" msgstr "" -#: booleans.py:98 -msgid "Allow httpd to communicate with oddjob to start up a service" +#: ../sepolicy/sepolicy.py:387 +msgid "boolean to get description" msgstr "" -#: booleans.py:99 -msgid "Allow httpd to access openstack ports" +#: ../sepolicy/sepolicy.py:397 +msgid "" +"query SELinux Policy to see how a source process domain can transition to " +"the target process domain" msgstr "" -#: booleans.py:100 -msgid "Allow Apache to query NS records" +#: ../sepolicy/sepolicy.py:400 +msgid "source process domain" msgstr "" -#: booleans.py:101 -msgid "Allow icecast to connect to all ports, not just sound ports." +#: ../sepolicy/sepolicy.py:403 +msgid "target process domain" msgstr "" -#: booleans.py:102 -msgid "" -"Allow the Irssi IRC Client to connect to any port, and to bind to any " -"unreserved port." +#: ../sepolicy/sepolicy.py:445 +#, python-format +msgid "sepolicy generate: error: one of the arguments %s is required" msgstr "" -#: booleans.py:103 -msgid "Allow confined applications to run with kerberos." +#: ../sepolicy/sepolicy.py:450 +msgid "Command required for this type of policy" msgstr "" -#: booleans.py:104 -msgid "Allow syslogd daemon to send mail" +#: ../sepolicy/sepolicy.py:461 +msgid "" +"-t option can not be used with this option. Read usage for more details." msgstr "" -#: booleans.py:105 -msgid "Allow syslogd the ability to read/write terminals" +#: ../sepolicy/sepolicy.py:466 +msgid "" +"-d option can not be used with this option. Read usage for more details." msgstr "" -#: booleans.py:106 -msgid "Allow logging in and using the system from /dev/console." +#: ../sepolicy/sepolicy.py:470 +msgid "" +"-a option can not be used with this option. Read usage for more details." msgstr "" -#: booleans.py:107 -msgid "" -"Control the ability to mmap a low area of the address space, as configured " -"by /proc/sys/kernel/mmap_min_addr." +#: ../sepolicy/sepolicy.py:490 +msgid "List SELinux Policy interfaces" msgstr "" -#: booleans.py:108 -msgid "Allow mock to read files in home directories." +#: ../sepolicy/sepolicy.py:510 +msgid "Enter interface names, you wish to query" msgstr "" -#: booleans.py:109 -msgid "Allow the mount command to mount any directory or file." +#: ../sepolicy/sepolicy.py:519 +msgid "Generate SELinux Policy module template" msgstr "" -#: booleans.py:110 -msgid "Allow mozilla plugin domain to connect to the network using TCP." +#: ../sepolicy/sepolicy.py:522 +msgid "Enter domain type which you will be extending" msgstr "" -#: booleans.py:111 -msgid "" -"Allow mozilla_plugins to create random content in the users home directory" +#: ../sepolicy/sepolicy.py:525 +msgid "Enter SELinux user(s) which will transition to this domain" msgstr "" -#: booleans.py:112 -msgid "Allow confined web browsers to read home directory content" +#: ../sepolicy/sepolicy.py:528 +msgid "Enter SELinux role(s) to which the administror domain will transition" msgstr "" -#: booleans.py:113 -msgid "Allow mplayer executable stack" +#: ../sepolicy/sepolicy.py:531 +msgid "Enter domain(s) which this confined admin will administrate" msgstr "" -#: booleans.py:114 -msgid "Allow mysqld to connect to all ports" +#: ../sepolicy/sepolicy.py:534 +msgid "name of policy to generate" msgstr "" -#: booleans.py:115 -msgid "Allow BIND to bind apache port." +#: ../sepolicy/sepolicy.py:541 +msgid "path in which the generated policy files will be stored" msgstr "" -#: booleans.py:116 -msgid "" -"Allow BIND to write the master zone files. Generally this is used for " -"dynamic DNS or zone transfers." +#: ../sepolicy/sepolicy.py:543 +msgid "path to which the confined processes will need to write" msgstr "" -#: booleans.py:117 -msgid "Allow any files/directories to be exported read/only via NFS." +#: ../sepolicy/sepolicy.py:544 +msgid "Policy types which require a command" msgstr "" -#: booleans.py:118 -msgid "Allow any files/directories to be exported read/write via NFS." +#: ../sepolicy/sepolicy.py:548 ../sepolicy/sepolicy.py:551 +#: ../sepolicy/sepolicy.py:554 ../sepolicy/sepolicy.py:557 +#: ../sepolicy/sepolicy.py:560 ../sepolicy/sepolicy.py:566 +#: ../sepolicy/sepolicy.py:569 ../sepolicy/sepolicy.py:572 +#: ../sepolicy/sepolicy.py:578 ../sepolicy/sepolicy.py:581 +#: ../sepolicy/sepolicy.py:584 ../sepolicy/sepolicy.py:587 +#, python-format +msgid "Generate '%s' policy" msgstr "" -#: booleans.py:119 -msgid "" -"Allow nfs servers to modify public files used for public file transfer " -"services. Files/Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy.py:575 +#, python-format +msgid "Generate '%s' policy " msgstr "" -#: booleans.py:120 -msgid "Allow system to run with NIS" +#: ../sepolicy/sepolicy.py:589 +msgid "executable to confine" msgstr "" -#: booleans.py:121 -msgid "Allow confined applications to use nscd shared memory." +#: ../sepolicy/sepolicy.py:594 +msgid "commands" msgstr "" -#: booleans.py:122 -msgid "Allow openshift to lockdown app" +#: ../sepolicy/sepolicy.py:597 +msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" msgstr "" -#: booleans.py:123 -msgid "Allow openvpn to read home directories" +#: ../sepolicy/sepolicy/__init__.py:167 ../sepolicy/sepolicy/gui.py:479 +msgid "all files" msgstr "" -#: booleans.py:124 -msgid "Allow piranha-lvs domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/__init__.py:168 +msgid "regular file" msgstr "" -#: booleans.py:125 -msgid "Allow polipo to connect to all ports > 1023" +#: ../sepolicy/sepolicy/__init__.py:169 +msgid "directory" msgstr "" -#: booleans.py:126 -msgid "" -"Determine whether Polipo session daemon can bind tcp sockets to all " -"unreserved ports." +#: ../sepolicy/sepolicy/__init__.py:170 +msgid "character device" msgstr "" -#: booleans.py:127 -msgid "" -"Determine whether calling user domains can execute Polipo daemon in the " -"polipo_session_t domain." +#: ../sepolicy/sepolicy/__init__.py:171 +msgid "block device" msgstr "" -#: booleans.py:128 -msgid "Determine whether polipo can access cifs file systems." +#: ../sepolicy/sepolicy/__init__.py:172 +msgid "socket file" msgstr "" -#: booleans.py:129 -msgid "Determine whether Polipo can access nfs file systems." +#: ../sepolicy/sepolicy/__init__.py:173 +msgid "symbolic link" msgstr "" -#: booleans.py:130 -msgid "Enable polyinstantiated directory support." +#: ../sepolicy/sepolicy/__init__.py:174 +msgid "named pipe" msgstr "" -#: booleans.py:131 -msgid "Allow postfix_local domain full write access to mail_spool directories" +#: ../sepolicy/sepolicy/__init__.py:306 +msgid "No SELinux Policy installed" msgstr "" -#: booleans.py:132 -msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" +#: ../sepolicy/sepolicy/__init__.py:386 +msgid "You must regenerate interface info by running /usr/bin/sepolgen-ifgen" msgstr "" -#: booleans.py:133 -msgid "Allow transmit client label to foreign database" +#: ../sepolicy/sepolicy/__init__.py:591 +#, python-format +msgid "Failed to read %s policy file" msgstr "" -#: booleans.py:134 -msgid "Allow database admins to execute DML statement" +#: ../sepolicy/sepolicy/__init__.py:695 +msgid "unknown" msgstr "" -#: booleans.py:135 -msgid "Allow unprivileged users to execute DDL statement" +#: ../sepolicy/sepolicy/generate.py:132 +msgid "Internet Services Daemon" msgstr "" -#: booleans.py:136 -msgid "Allow pppd to load kernel modules for certain modems" +#: ../sepolicy/sepolicy/generate.py:136 +msgid "Existing Domain Type" msgstr "" -#: booleans.py:137 -msgid "Allow pppd to be run for a regular user" +#: ../sepolicy/sepolicy/generate.py:137 +msgid "Minimal Terminal Login User Role" msgstr "" -#: booleans.py:138 -msgid "" -"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: ../sepolicy/sepolicy/generate.py:138 +msgid "Minimal X Windows Login User Role" msgstr "" -#: booleans.py:139 -msgid "Allow Puppet client to manage all file types." +#: ../sepolicy/sepolicy/generate.py:139 +msgid "Desktop Login User Role" msgstr "" -#: booleans.py:140 -msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" +#: ../sepolicy/sepolicy/generate.py:140 +msgid "Administrator Login User Role" msgstr "" -#: booleans.py:141 -msgid "Allow racoon to read shadow" +#: ../sepolicy/sepolicy/generate.py:141 +msgid "Confined Root Administrator Role" msgstr "" -#: booleans.py:142 -msgid "Allow rgmanager domain to connect to the network using TCP." +#: ../sepolicy/sepolicy/generate.py:142 +msgid "Module information for a new type" msgstr "" -#: booleans.py:143 -msgid "" -"Allow rsync to modify public files used for public file transfer services. " -"Files/Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/generate.py:147 +msgid "Valid Types:\n" msgstr "" -#: booleans.py:144 -msgid "Allow rsync to run as a client" +#: ../sepolicy/sepolicy/generate.py:181 +#, python-format +msgid "Ports must be numbers or ranges of numbers from 1 to %d " msgstr "" -#: booleans.py:145 -msgid "Allow rsync to export any files/directories read only." +#: ../sepolicy/sepolicy/generate.py:192 +msgid "You must enter a valid policy type" msgstr "" -#: booleans.py:146 -msgid "Allow rsync servers to share cifs files systems" +#: ../sepolicy/sepolicy/generate.py:195 +#, python-format +msgid "You must enter a name for your policy module for your %s." msgstr "" -#: booleans.py:147 -msgid "Allow rsync servers to share nfs files systems" +#: ../sepolicy/sepolicy/generate.py:327 +msgid "" +"Name must be alpha numberic with no spaces. Consider using option \"-n " +"MODULENAME\"" msgstr "" -#: booleans.py:148 -msgid "Allow samba to create new home directories (e.g. via PAM)" +#: ../sepolicy/sepolicy/generate.py:419 +msgid "User Role types can not be assigned executables." msgstr "" -#: booleans.py:149 -msgid "" -"Allow samba to act as the domain controller, add users, groups and change " -"passwords." +#: ../sepolicy/sepolicy/generate.py:425 +msgid "Only Daemon apps can use an init script.." msgstr "" -#: booleans.py:150 -msgid "Allow samba to share users home directories." +#: ../sepolicy/sepolicy/generate.py:443 +msgid "use_resolve must be a boolean value " msgstr "" -#: booleans.py:151 -msgid "Allow samba to share any file/directory read only." +#: ../sepolicy/sepolicy/generate.py:449 +msgid "use_syslog must be a boolean value " msgstr "" -#: booleans.py:152 -msgid "Allow samba to share any file/directory read/write." +#: ../sepolicy/sepolicy/generate.py:455 +msgid "use_kerberos must be a boolean value " msgstr "" -#: booleans.py:153 -msgid "Allow samba to act as a portmapper" +#: ../sepolicy/sepolicy/generate.py:461 +msgid "manage_krb5_rcache must be a boolean value " msgstr "" -#: booleans.py:154 -msgid "Allow samba to run unconfined scripts" +#: ../sepolicy/sepolicy/generate.py:491 +msgid "USER Types automatically get a tmp type" msgstr "" -#: booleans.py:155 -msgid "Allow samba to export ntfs/fusefs volumes." +#: ../sepolicy/sepolicy/generate.py:832 +#, python-format +msgid "%s policy modules require existing domains" msgstr "" -#: booleans.py:156 -msgid "Allow samba to export NFS volumes." +#: ../sepolicy/sepolicy/generate.py:857 +msgid "Type field required" msgstr "" -#: booleans.py:157 -msgid "Allow sanlock to read/write fuse files" +#: ../sepolicy/sepolicy/generate.py:869 +#, python-format +msgid "" +"You need to define a new type which ends with: \n" +" %s" msgstr "" -#: booleans.py:158 -msgid "Allow sanlock to manage nfs files" +#: ../sepolicy/sepolicy/generate.py:1088 +msgid "You must enter the executable path for your confined process" msgstr "" -#: booleans.py:159 -msgid "Allow sanlock to manage cifs files" +#: ../sepolicy/sepolicy/generate.py:1360 +msgid "Type Enforcement file" msgstr "" -#: booleans.py:160 -msgid "Allow sasl to read shadow" +#: ../sepolicy/sepolicy/generate.py:1361 +msgid "Interface file" msgstr "" -#: booleans.py:161 -msgid "Allow secadm to exec content" +#: ../sepolicy/sepolicy/generate.py:1362 +msgid "File Contexts file" msgstr "" -#: booleans.py:162 -msgid "" -"disallow programs, such as newrole, from transitioning to administrative " -"user domains." +#: ../sepolicy/sepolicy/generate.py:1363 +msgid "Spec file" msgstr "" -#: booleans.py:163 -msgid "Disable kernel module loading." +#: ../sepolicy/sepolicy/generate.py:1364 +msgid "Setup Script" msgstr "" -#: booleans.py:164 -msgid "" -"Boolean to determine whether the system permits loading policy, setting " -"enforcing mode, and changing boolean values. Set this to true and you have " -"to reboot to set it back." +#: ../sepolicy/sepolicy/sepolicy.glade:7 +msgid "SELinux Gui" msgstr "" -#: booleans.py:165 -msgid "Allow regular users direct dri device access" +#: ../sepolicy/sepolicy/sepolicy.glade:33 +msgid "Type to search for a process" msgstr "" -#: booleans.py:166 -msgid "" -"Allow unconfined executables to make their heap memory executable. Doing " -"this is a really bad idea. Probably indicates a badly coded executable, but " -"could indicate an attack. This executable should be reported in bugzilla" +#: ../sepolicy/sepolicy/sepolicy.glade:35 +msgid "Select domain" msgstr "" -#: booleans.py:167 -msgid "" -"Allow all unconfined executables to use libraries requiring text relocation " -"that are not labeled textrel_shlib_t" +#: ../sepolicy/sepolicy/sepolicy.glade:70 +#: ../sepolicy/sepolicy/sepolicy.glade:308 +msgid "Booleans" msgstr "" -#: booleans.py:168 +#: ../sepolicy/sepolicy/sepolicy.glade:74 msgid "" -"Allow unconfined executables to make their stack executable. This should " -"never, ever be necessary. Probably indicates a badly coded executable, but " -"could indicate an attack. This executable should be reported in bugzilla" +"Display boolean information that can be used to modify the policy for the " +"'selected domain'." msgstr "" -#: booleans.py:169 -msgid "Allow users to connect to the local mysql server" +#: ../sepolicy/sepolicy/sepolicy.glade:85 +#: ../sepolicy/sepolicy/sepolicy.glade:710 +msgid "Files" msgstr "" -#: booleans.py:170 +#: ../sepolicy/sepolicy/sepolicy.glade:89 msgid "" -"Allow confined users the ability to execute the ping and traceroute commands." +"Display file type information that can be used by the 'selected domain'." msgstr "" -#: booleans.py:171 -msgid "Allow users to connect to PostgreSQL" +#: ../sepolicy/sepolicy/sepolicy.glade:100 +#: ../sepolicy/sepolicy/sepolicy.glade:1062 +msgid "Network" msgstr "" -#: booleans.py:172 +#: ../sepolicy/sepolicy/sepolicy.glade:104 msgid "" -"Allow user to r/w files on filesystems that do not have extended attributes " -"(FAT, CDROM, FLOPPY)" +"Display network ports to which the 'selected domain' can connect or listen " +"to." msgstr "" -#: booleans.py:173 -msgid "" -"Allow users to run TCP servers (bind to ports and accept connection from the " -"same domain and outside users) disabling this forces FTP passive mode and " -"may change other protocols." +#: ../sepolicy/sepolicy/sepolicy.glade:115 +#: ../sepolicy/sepolicy/sepolicy.glade:1361 +msgid "Transitions" msgstr "" -#: booleans.py:174 -msgid "Allow user to use ssh chroot environment." +#: ../sepolicy/sepolicy/sepolicy.glade:119 +msgid "" +"Display applications that can transition into or out of the 'selected " +"domain'." msgstr "" -#: booleans.py:175 -msgid "Allow user music sharing" +#: ../sepolicy/sepolicy/sepolicy.glade:188 +#: ../sepolicy/sepolicy/sepolicy.glade:358 +#: ../sepolicy/sepolicy/sepolicy.glade:765 +#: ../sepolicy/sepolicy/sepolicy.glade:1113 +msgid "Show Modified Only" msgstr "" -#: booleans.py:176 +#: ../sepolicy/sepolicy/sepolicy.glade:219 msgid "" -"Allow anon internal-sftp to upload files, used for public file transfer " -"services. Directories must be labeled public_content_rw_t." +"If-Then-Else rules written in policy that can \n" +"allow alternative access control." msgstr "" -#: booleans.py:177 -msgid "" -"Allow sftp-internal to read and write files in the user home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:373 +#: ../sepolicy/sepolicy/sepolicy.glade:787 +#: ../sepolicy/sepolicy/sepolicy.glade:1128 +msgid "Modify" msgstr "" -#: booleans.py:178 -msgid "" -"Allow sftp-internal to login to local users and read/write all files on the " -"system, governed by DAC." +#: ../sepolicy/sepolicy/sepolicy.glade:377 +#: ../sepolicy/sepolicy/sepolicy.glade:791 +msgid "Modify an existing item" msgstr "" -#: booleans.py:179 -msgid "" -"Allow internal-sftp to read and write files in the user ssh home directories." +#: ../sepolicy/sepolicy/sepolicy.glade:389 +#: ../sepolicy/sepolicy/sepolicy.glade:803 +#: ../sepolicy/sepolicy/sepolicy.glade:1142 +msgid "Delete" msgstr "" -#: booleans.py:180 -msgid "Allow sge to connect to the network using any TCP port" +#: ../sepolicy/sepolicy/sepolicy.glade:393 +#: ../sepolicy/sepolicy/sepolicy.glade:807 +msgid "Delete an existing item" msgstr "" -#: booleans.py:181 -msgid "Allow sge to access nfs file systems." +#: ../sepolicy/sepolicy/sepolicy.glade:409 +#: ../sepolicy/sepolicy/sepolicy.glade:823 +msgid "Add a new item" msgstr "" -#: booleans.py:182 -msgid "" -"Enable additional permissions needed to support devices on 3ware controllers." +#: ../sepolicy/sepolicy/sepolicy.glade:442 +msgid "File path used to enter the above selected process domain." msgstr "" -#: booleans.py:183 -msgid "" -"Allow samba to modify public files used for public file transfer services. " -"Files/Directories must be labeled public_content_rw_t." +#: ../sepolicy/sepolicy/sepolicy.glade:450 +#: ../sepolicy/sepolicy/sepolicy.glade:531 +msgid "File Path" msgstr "" -#: booleans.py:184 -msgid "Allow user spamassassin clients to use the network." +#: ../sepolicy/sepolicy/sepolicy.glade:468 +#: ../sepolicy/sepolicy/sepolicy.glade:549 +msgid "SELinux File Label" msgstr "" -#: booleans.py:185 -msgid "Allow spamd to read/write user home directories." +#: ../sepolicy/sepolicy/sepolicy.glade:485 +#: ../sepolicy/sepolicy/sepolicy.glade:567 +#: ../sepolicy/sepolicy/sepolicy.glade:660 +msgid "Class" msgstr "" -#: booleans.py:186 -msgid "" -"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." +#: ../sepolicy/sepolicy/sepolicy.glade:505 +msgid "File path used to enter the 'selected domain'." msgstr "" -#: booleans.py:187 -msgid "Allow squid to run as a transparent proxy (TPROXY)" +#: ../sepolicy/sepolicy/sepolicy.glade:506 +msgid "Executable Files" msgstr "" -#: booleans.py:188 -msgid "" -"Allow ssh with chroot env to read and write files in the user home " -"directories" +#: ../sepolicy/sepolicy/sepolicy.glade:523 +msgid "Files to which the above selected process domain can write." msgstr "" -#: booleans.py:189 -msgid "allow host key based authentication" +#: ../sepolicy/sepolicy/sepolicy.glade:591 +msgid "Files to which the 'selected domain' can write." msgstr "" -#: booleans.py:190 -msgid "Allow ssh logins as sysadm_r:sysadm_t" +#: ../sepolicy/sepolicy/sepolicy.glade:592 +msgid "Writable Files" msgstr "" -#: booleans.py:191 -msgid "Allow staff to exec content" +#: ../sepolicy/sepolicy/sepolicy.glade:610 +msgid "File Types defined for the selected domain" msgstr "" -#: booleans.py:192 -msgid "allow staff user to create and transition to svirt domains." +#: ../sepolicy/sepolicy/sepolicy.glade:618 +msgid "File path" msgstr "" -#: booleans.py:193 -msgid "Allow sysadm to exec content" +#: ../sepolicy/sepolicy/sepolicy.glade:686 +msgid "File Types defined for the 'selected domain'." msgstr "" -#: booleans.py:194 -msgid "Allow the Telepathy connection managers to connect to any network port." +#: ../sepolicy/sepolicy/sepolicy.glade:687 +msgid "Application File Types" msgstr "" -#: booleans.py:195 -msgid "" -"Allow the Telepathy connection managers to connect to any generic TCP port." +#: ../sepolicy/sepolicy/sepolicy.glade:856 +msgid "Network Ports to which the selected domain is allowed to connect." msgstr "" -#: booleans.py:196 -msgid "" -"Allow tftp to modify public files used for public file transfer services." +#: ../sepolicy/sepolicy/sepolicy.glade:898 +#: ../sepolicy/sepolicy/sepolicy.glade:997 +msgid "Modified" msgstr "" -#: booleans.py:197 -msgid "Allow tftp to read and write files in the user home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:937 +msgid "Network Ports to which the 'selected domain' is allowed to connect." msgstr "" -#: booleans.py:198 -msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." +#: ../sepolicy/sepolicy/sepolicy.glade:938 +msgid "Outbound" msgstr "" -#: booleans.py:199 -msgid "Allow tor to act as a relay" +#: ../sepolicy/sepolicy/sepolicy.glade:955 +msgid "Network Ports to which the selected domain is allowed to listen." msgstr "" -#: booleans.py:200 -msgid "" -"allow unconfined users to transition to the chrome sandbox domains when " -"running chrome-sandbox" +#: ../sepolicy/sepolicy/sepolicy.glade:1038 +msgid "Network Ports to which the 'selected domain' is allowed to listen." msgstr "" -#: booleans.py:201 -msgid "Allow a user to login as an unconfined domain" +#: ../sepolicy/sepolicy/sepolicy.glade:1039 +msgid "Inbound" msgstr "" -#: booleans.py:202 +#: ../sepolicy/sepolicy/sepolicy.glade:1189 +#: ../sepolicy/sepolicy/sepolicy.glade:1260 msgid "" -"Allow unconfined users to transition to the Mozilla plugin domain when " -"running xulrunner plugin-container." +"Executables which will transition to a different domain, when the 'selected " +"domain' executes them." msgstr "" -#: booleans.py:203 -msgid "Allow video playing tools to run unconfined" +#: ../sepolicy/sepolicy/sepolicy.glade:1194 +#: ../sepolicy/sepolicy/sepolicy.glade:1285 +msgid "Enabled" msgstr "" -#: booleans.py:204 -msgid "Allow unprivledged user to create and transition to svirt domains." +#: ../sepolicy/sepolicy/sepolicy.glade:1223 +msgid "Executable File Type" msgstr "" -#: booleans.py:205 -msgid "Support ecryptfs home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:1239 +msgid "Transtype" msgstr "" -#: booleans.py:206 -msgid "Support fusefs home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:1263 +msgid "Transitions From 'select domain'" msgstr "" -#: booleans.py:207 -msgid "Use lpd server instead of cups" +#: ../sepolicy/sepolicy/sepolicy.glade:1280 +#: ../sepolicy/sepolicy/sepolicy.glade:1337 +msgid "" +"Executables which will transition to the 'selected domain', when executing a" +" selected domains entrypoint." msgstr "" -#: booleans.py:208 -msgid "Support NFS home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:1299 +msgid "Calling Process Domain" msgstr "" -#: booleans.py:209 -msgid "Support SAMBA home directories" +#: ../sepolicy/sepolicy/sepolicy.glade:1313 +msgid "Executable File" msgstr "" -#: booleans.py:210 -msgid "Allow user to exec content" +#: ../sepolicy/sepolicy/sepolicy.glade:1338 +msgid "Transitions Into 'select domain'" msgstr "" -#: booleans.py:211 -msgid "Allow varnishd to connect to all ports, not just HTTP." +#: ../sepolicy/sepolicy/sepolicy.glade:1388 +msgid "Reset" msgstr "" -#: booleans.py:212 -msgid "Ignore vbetool mmap_zero errors." +#: ../sepolicy/sepolicy/sepolicy.glade:1392 +msgid "Reset to system default" msgstr "" -#: booleans.py:213 -msgid "" -"Allow confined virtual guests to use serial/parallel communication ports" +#: ../sepolicy/sepolicy/sepolicy.glade:1403 +msgid "Update" msgstr "" -#: booleans.py:214 -msgid "" -"Allow confined virtual guests to use executable memory and executable stack" +#: ../sepolicy/sepolicy/sepolicy.glade:1407 +msgid "Save your changes" msgstr "" -#: booleans.py:215 -msgid "Allow confined virtual guests to read fuse files" +#: ../sepolicy/sepolicy/sepolicy.glade:1454 +#: ../sepolicy/sepolicy/sepolicy.glade:1541 +#: ../sepolicy/sepolicy/sepolicy.glade:1629 +msgid "Add a File" msgstr "" -#: booleans.py:216 -msgid "Allow confined virtual guests to manage nfs files" +#: ../sepolicy/sepolicy/sepolicy.glade:1504 +#: ../sepolicy/sepolicy/sepolicy.glade:1592 +#: ../sepolicy/sepolicy/sepolicy.glade:1680 +msgid "Save changes" msgstr "" -#: booleans.py:217 -msgid "Allow confined virtual guests to interact with rawip sockets" +#: ../sepolicy/sepolicy/sepolicy.glade:1518 +#: ../sepolicy/sepolicy/sepolicy.glade:1606 +#: ../sepolicy/sepolicy/sepolicy.glade:1694 +msgid "Reset Changes" msgstr "" -#: booleans.py:218 -msgid "Allow confined virtual guests to manage cifs files" +#: ../sepolicy/sepolicy/sepolicy.glade:1780 +msgid "Applicaiton more detailed view" msgstr "" -#: booleans.py:219 -msgid "Allow confined virtual guests to interact with the sanlock" +#: ../sepolicy/sepolicy/sepolicy.glade:1874 +msgid "Analyzing Policy..." msgstr "" -#: booleans.py:220 -msgid "Allow confined virtual guests to manage device configuration, (pci)" +#: ../sepolicy/sepolicy/gui.py:49 +msgid "No" msgstr "" -#: booleans.py:221 -msgid "Allow confined virtual guests to use usb devices" +#: ../sepolicy/sepolicy/gui.py:49 +msgid "Yes" msgstr "" -#: booleans.py:222 -msgid "Allow confined virtual guests to interact with the xserver" +#: ../sepolicy/sepolicy/gui.py:61 +msgid "GTK Not Available" msgstr "" -#: booleans.py:223 -msgid "Allow webadm to manage files in users home directories" +#: ../sepolicy/sepolicy/gui.py:195 +msgid "System Status: Enforcing" msgstr "" -#: booleans.py:224 -msgid "Allow webadm to read files in users home directories" +#: ../sepolicy/sepolicy/gui.py:197 +msgid "System Status: Permissive" msgstr "" -#: booleans.py:225 -msgid "Ignore wine mmap_zero errors." +#: ../sepolicy/sepolicy/gui.py:199 +msgid "System Status: Disabled" msgstr "" -#: booleans.py:226 -msgid "Allow the graphical login program to execute bootloader" +#: ../sepolicy/sepolicy/gui.py:413 +#, python-format +msgid "File path used to enter the '%s' domain." msgstr "" -#: booleans.py:227 -msgid "" -"Allow the graphical login program to login directly as sysadm_r:sysadm_t" +#: ../sepolicy/sepolicy/gui.py:414 +#, python-format +msgid "Files to which the '%s' domain can write." msgstr "" -#: booleans.py:228 -msgid "Allow xen to manage nfs files" +#: ../sepolicy/sepolicy/gui.py:415 +#, python-format +msgid "Network Ports to which the '%s' is allowed to connect." msgstr "" -#: booleans.py:229 -msgid "" -"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " -"logical volumes for disk images." +#: ../sepolicy/sepolicy/gui.py:416 +#, python-format +msgid "Network Ports to which the '%s' is allowed to listen." msgstr "" -#: booleans.py:230 -msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." +#: ../sepolicy/sepolicy/gui.py:417 +#, python-format +msgid "File Types defined for the '%s'." msgstr "" -#: booleans.py:231 +#: ../sepolicy/sepolicy/gui.py:418 +#, python-format msgid "" -"Allow xguest users to configure Network Manager and connect to apache ports" -msgstr "" - -#: booleans.py:232 -msgid "Allow xguest to exec content" +"Display boolean information that can be used to modify the policy for the " +"'%s'." msgstr "" -#: booleans.py:233 -msgid "Allow xguest users to mount removable media" +#: ../sepolicy/sepolicy/gui.py:419 +#, python-format +msgid "Display file type information that can be used by the '%s'." msgstr "" -#: booleans.py:234 -msgid "Allow xguest to use blue tooth devices" +#: ../sepolicy/sepolicy/gui.py:420 +#, python-format +msgid "Display network ports to which the '%s' can connect or listen to." msgstr "" -#: booleans.py:235 -msgid "Allows clients to write to the X server shared memory segments." +#: ../sepolicy/sepolicy/gui.py:421 +#, python-format +msgid "Transitions Into '%s'" msgstr "" -#: booleans.py:236 -msgid "Allows XServer to execute writable memory" +#: ../sepolicy/sepolicy/gui.py:422 +#, python-format +msgid "Transitions From '%s'" msgstr "" -#: booleans.py:237 -msgid "Support X userspace object manager" +#: ../sepolicy/sepolicy/gui.py:423 +#, python-format +msgid "" +"Executables which will transition to the '%s', when executing a selected " +"domains entrypoint." msgstr "" -#: booleans.py:238 -msgid "Allow zabbix to connect to unreserved ports" +#: ../sepolicy/sepolicy/gui.py:424 +#, python-format +msgid "" +"Executables which will transition to a different domain, when the '%s' " +"executes them." msgstr "" -#: booleans.py:239 -msgid "Allow zebra daemon to write it configuration files" +#: ../sepolicy/sepolicy/gui.py:425 +#, python-format +msgid "Display applications that can transition into or out of the '%s'." msgstr "" -#: booleans.py:240 -msgid "" -"Allow ZoneMinder to modify public files used for public file transfer " -"services." +#: ../sepolicy/sepolicy/gui.py:604 +#, python-format +msgid "Boolean %s Allow Rules" msgstr "" diff --git a/policycoreutils/po/af_ZA.po b/policycoreutils/po/af_ZA.po new file mode 100644 index 0000000..e85b3cd --- /dev/null +++ b/policycoreutils/po/af_ZA.po @@ -0,0 +1,4075 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: Policycoreutils\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2013-07-10 16:36-0400\n" +"PO-Revision-Date: 2012-03-30 18:14+0000\n" +"Last-Translator: FULL NAME \n" +"Language-Team: Afrikaans (South Africa) (http://www.transifex.com/projects/p/fedora/language/af_ZA/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: af_ZA\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../run_init/run_init.c:67 +msgid "" +"USAGE: run_init